From owner-svn-ports-all@freebsd.org Sat Aug 1 17:08:20 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E5C483A141A; Sat, 1 Aug 2020 17:08:20 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BJrFc5pS3z4VSj; Sat, 1 Aug 2020 17:08:20 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AA73815F26; Sat, 1 Aug 2020 17:08:20 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 071H8KW1034092; Sat, 1 Aug 2020 17:08:20 GMT (envelope-from pi@FreeBSD.org) Received: (from pi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 071H8Jo9034085; Sat, 1 Aug 2020 17:08:19 GMT (envelope-from pi@FreeBSD.org) Message-Id: <202008011708.071H8Jo9034085@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org using -f From: Kurt Jaeger Date: Sat, 1 Aug 2020 17:08:19 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r543916 - in head/dns/dnsdist: . files X-SVN-Group: ports-head X-SVN-Commit-Author: pi X-SVN-Commit-Paths: in head/dns/dnsdist: . files X-SVN-Commit-Revision: 543916 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Aug 2020 17:08:21 -0000 Author: pi Date: Sat Aug 1 17:08:19 2020 New Revision: 543916 URL: https://svnweb.freebsd.org/changeset/ports/543916 Log: dns/dnsdist: update 1.4.0 -> 1.5.0 - Please check the upgrade guide before upgrading: https://dnsdist.org/upgrade_guide.html#to-1-5-x - Reworked the Lua options. You can now choose from Lua, LuaJIT and LuaJIT-openresty - Also added options for CDB and LMDB Key Value stores PR: 248385 Submitted by: Ralf van der Enden (maintainer) Relnotes: https://dnsdist.org/changelog.html Modified: head/dns/dnsdist/Makefile head/dns/dnsdist/distinfo head/dns/dnsdist/files/patch-ext_luawrapper_include_LuaContext.hpp head/dns/dnsdist/pkg-descr Modified: head/dns/dnsdist/Makefile ============================================================================== --- head/dns/dnsdist/Makefile Sat Aug 1 16:38:51 2020 (r543915) +++ head/dns/dnsdist/Makefile Sat Aug 1 17:08:19 2020 (r543916) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= dnsdist -DISTVERSION= 1.4.0 -PORTREVISION= 2 +DISTVERSION= 1.5.0 CATEGORIES= dns net MASTER_SITES= https://downloads.powerdns.com/releases/ @@ -22,8 +21,8 @@ LIB_DEPENDS= libboost_serialization.so:devel/boost-lib libre2.so:devel/re2 \ libsodium.so:security/libsodium -USES= bison:alias compiler:c++14-lang cpe gmake libedit libtool localbase \ - pkgconfig tar:bz2 +USES= bison:alias compiler:c++14-lang cpe gmake libedit libtool \ + localbase pkgconfig tar:bz2 USE_RC_SUBR= dnsdist GNU_CONFIGURE= yes @@ -40,24 +39,45 @@ INSTALL_TARGET= install-strip USERS= _dnsdist GROUPS= _dnsdist -OPTIONS_DEFINE= DNSTAP LUAJIT SNMP -OPTIONS_DEFAULT= GNUTLS OPENSSL +OPTIONS_DEFINE= DNSTAP SNMP +OPTIONS_DEFAULT= CDB GNUTLS LMDB LUA OPENSSL +OPTIONS_GROUP= KSVOPT +OPTIONS_GROUP_KSVOPT= CDB LMDB OPTIONS_MULTI= TLS OPTIONS_MULTI_TLS= GNUTLS OPENSSL +OPTIONS_SINGLE= EXTLUA +OPTIONS_SINGLE_EXTLUA= LUA LUAJIT LUAJITOR +CDB_DESC= CDB backend DNSTAP_DESC= dnstap support (see dnstap.info) -LUAJIT_DESC= Use LuaJIT instead of Lua +KSVOPT_DESC= Key Value Stores +LMDB_DESC= LMDB backend +LUAJITOR_DESC= Use lang/luajit-openresty +LUAJIT_DESC= Use lang/luajit +LUA_DESC= Use lang/lua +CDB_LIB_DEPENDS= libcdb.so:databases/tinycdb +CDB_CONFIGURE_ON= CDB_CFLAGS="-I${LOCALBASE}/include" \ + CDB_LIBS="-L${LOCALBASE}/lib -lcdb" + DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm DNSTAP_CONFIGURE_ENABLE= fstrm GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls GNUTLS_CONFIGURE_ENABLE= gnutls -LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty -LUAJIT_USES_OFF= lua -LUAJIT_CONFIGURE_OFF= --with-lua=lua-${LUA_VER} +LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb +LMDB_CONFIGURE_ON= --with-lmdb=${LOCALBASE} +LMDB_CONFIGURE_OFF= --without-lmdb + +LUAJITOR_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty +LUAJITOR_CONFIGURE_ON= --with-lua=luajit + +LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit LUAJIT_CONFIGURE_ON= --with-lua=luajit + +LUA_USES= lua +LUA_CONFIGURE_ON= --with-lua=lua-${LUA_VER} OPENSSL_USES= ssl OPENSSL_CONFIGURE_ON= LIBSSL_CFLAGS=-I${OPENSSLINC} \ Modified: head/dns/dnsdist/distinfo ============================================================================== --- head/dns/dnsdist/distinfo Sat Aug 1 16:38:51 2020 (r543915) +++ head/dns/dnsdist/distinfo Sat Aug 1 17:08:19 2020 (r543916) @@ -1,3 +1,3 @@ -TIMESTAMP = 1579127277 -SHA256 (dnsdist-1.4.0.tar.bz2) = a336fa2c3eb381c2464d9d9790014fd6d4505029ed2c1b73ee1dc9115a2f1dc0 -SIZE (dnsdist-1.4.0.tar.bz2) = 1044479 +TIMESTAMP = 1596123185 +SHA256 (dnsdist-1.5.0.tar.bz2) = 2c07c4ef0c497f5223909ff181fe3ba7c6016962a2855cffe26b7f3609f27b58 +SIZE (dnsdist-1.5.0.tar.bz2) = 1067645 Modified: head/dns/dnsdist/files/patch-ext_luawrapper_include_LuaContext.hpp ============================================================================== --- head/dns/dnsdist/files/patch-ext_luawrapper_include_LuaContext.hpp Sat Aug 1 16:38:51 2020 (r543915) +++ head/dns/dnsdist/files/patch-ext_luawrapper_include_LuaContext.hpp Sat Aug 1 17:08:19 2020 (r543916) @@ -1,6 +1,6 @@ ---- ext/luawrapper/include/LuaContext.hpp.orig 2018-03-29 15:25:58 UTC +--- ext/luawrapper/include/LuaContext.hpp.orig 2018-11-12 08:33:58 UTC +++ ext/luawrapper/include/LuaContext.hpp -@@ -2635,11 +2635,21 @@ struct LuaContext::Reader +@@ -2649,11 +2649,21 @@ struct LuaContext::Reader static auto read(lua_State* state, int index) -> boost::optional { Modified: head/dns/dnsdist/pkg-descr ============================================================================== --- head/dns/dnsdist/pkg-descr Sat Aug 1 16:38:51 2020 (r543915) +++ head/dns/dnsdist/pkg-descr Sat Aug 1 17:08:19 2020 (r543916) @@ -1,6 +1,29 @@ -dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its -goal in life is to route DNS traffic to the best DNS server, -delivering top performance to legitimate users while shunting or -blocking abusive traffic. +dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life +is to route traffic to the best server, delivering top performance to +legitimate users while shunting or blocking abusive traffic. + +dnsdist is dynamic, its configuration language is Lua and it can be can be +changed at runtime, and its statistics can be queried from a console-like +interface or an HTTP API. + +dnsdist is used to protect and optimize the DNS traffic of hundreds of millions +of internet subscribers. + + * IPv4, UDP/TCP + * IPv6, UDP/TCP, 100% compliant + * Remotely pollable statistics for real time graphing + * High performance + * SNMP statistics bridge (read only) + * Dynamically route queries to backend servers + * Advanced anti-spoofing measures + * Reconfiguration without downtime + * Kernel based filtering of harmful traffic, rejecting packets at 'line speed' + * Internal Lua-based scripted answer generation + * Question interception, answer reconditioning, NXDOMAIN redirection + - Including 'block lists' and security measures + * Built-in memory efficient cache for increased performance + * Ability to continue serving data from cache for non-responsive backends + * Smart rate limiting per user, per subnet, per domain + * Capable of writing dynamic rules to block harmful traffic WWW: https://dnsdist.org/