- "--with-geoip" is used to enable the legacy GeoIP library.
- "--with-geoip2" is used to enable the new GeoIP2 library
(libmaxminddb), and is on by default if the library is found.
- using both "--with-geoip" and "--with-geoip2" at the same time
is an error.
- an attempt is made to determine the default GeoIP2 database path at
compile time if pkg-config is able to report the module prefix. if
this fails, it will be necessary to set the path in named.conf with
geoip-directory
- Makefiles have been updated, and a stub lib/dns/geoip2.c has been
added for the eventual GeoIP2 search implementation.
The ax_check_openssl m4 macro used OPENSSL_INCLUDES. Rename the
subst variable to OPENSSL_CFLAGS and wrap AX_CHECK_OPENSSL() in
action-if-not-found part of PKG_CHECK_MODULE check for libcrypto.
The json-c have previously leaked into the global namespace leading
to forced -I<include_path> for every compilation unit using isc/xml.h
header. This MR fixes the usage making the caller object opaque.
The libxml2 have previously leaked into the global namespace leading
to forced -I<include_path> for every compilation unit using isc/xml.h
header. This MR fixes the usage making the caller object opaque.
Make will choose modified manual from build directory or original from source
directory automagically. Take advantage of install tool feature.
Install all files in single command instead of iterating on each of them.
Clean up the parts of configure.in responsible for handling libidn2
detection and adjust other pieces of the build system to match these
cleanups:
- use pkg-config when --with-libidn2 is used without an explicit path,
- look for idn2_to_ascii_lz() rather than idn2_to_ascii_8z() as the
former is used in BIND while the latter is not,
- do not look for idn2_to_unicode_8zlz() as it is present in all
libidn2 versions which have idn2_to_ascii_lz(),
- check whether the <idn2.h> header is usable,
- set LDFLAGS in the Makefile for dig so that, if specified, the
requested libidn2 path is used when linking with libidn2,
- override CPPFLAGS when looking for libidn2 components so that the
configure script does not produce warnings when libidn2 is not
installed system-wide,
- merge the AS_CASE() call into the AS_IF() call below it to simplify
code,
- indicate the default value of --with-libidn2 in "./configure --help"
output,
- use $with_libidn2 rather than $use_libidn2 to better match the name
of the configure script argument,
- stop differentiating between IDN "in" and "out" support, i.e. make
dig either support libidn2 or not; remove WITH_* Autoconf macros and
use a new one, HAVE_LIBIDN2, to determine whether libidn2 support
should be enabled.
- Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
HAVE_OPENSSL/HAVE_PKCS11
- Don't enforce the crypto provider from platform.h, just from dst_api.c
and configure scripts
Added two new configure options:
--with-libidn2 - to enable IDN using GNU libidn2
idnkit, libidn and libidn2 support can not be used at the same time.
NOTE: libidn2 does not support punycode back to Unicode
characters, so support for this is missing.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Removed iconv, convert directly from locale to ACE
Fix libidn2 and idnkit origin appending
Make IDN options in help less different
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Added new configure option:
--with-libidn - to enable IDN using GNU libidn
Renamed configure option:
--with-idn to --with-idnkit to make the option usage more clear
idnkit and libidn support can not be used at the same time.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier)
are no longer supported. [RT #45186]
4707. [func] The lightweight resolver daemon and library (lwresd
and liblwres) have been removed. [RT #45186]
4706. [func] Code implementing name server query processing has
been moved from bin/named to a new library "libns".
Functions remaining in bin/named are now prefixed
with "named_" rather than "ns_". This will make it
easier to write unit tests for name server code, or
link name server functionality into new tools.
[RT #45186]
4503. [cleanup] "make uninstall" now removes file installed by
BIND. (This currently excludes Python files
due to lack of support in setup.py.) [RT #42912]
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031]
