The NetBSD Project

CVS log for pkgsrc/net/bind9/Attic/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / bind9

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.114, Wed Feb 10 17:30:26 2010 UTC (12 years, 11 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q2-base, pkgsrc-2011Q2, HEAD
Changes since 1.113: +1 -1 lines
FILE REMOVED

Retire bind9.

Revision 1.110.2.2 / (download) - annotate - [select for diffs], Mon Feb 1 15:00:11 2010 UTC (13 years ago) by spz
Branch: pkgsrc-2009Q4
Changes since 1.110.2.1: +2 -2 lines
Diff to previous 1.110.2.1 (colored) to branchpoint 1.110 (colored) next main 1.111 (colored)

Pullup ticket 2983 - requested by joerg
syntax fix

Revisions pulled up:
- pkgsrc/net/bind9/Makefile		1.113

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   joerg
   Date:           Mon Feb  1 12:56:28 UTC 2010

   Modified Files:
           pkgsrc/net/bind9: Makefile

   Log Message:
   Fix version number. Just assume that -P always should be translated to
   pl.


   To generate a diff of this commit:
   cvs rdiff -u -r1.112 -r1.113 pkgsrc/net/bind9/Makefile

Revision 1.113 / (download) - annotate - [select for diffs], Mon Feb 1 12:56:28 2010 UTC (13 years ago) by joerg
Branch: MAIN
Changes since 1.112: +2 -2 lines
Diff to previous 1.112 (colored)

Fix version number. Just assume that -P always should be translated to
pl.

Revision 1.110.2.1 / (download) - annotate - [select for diffs], Thu Jan 21 21:20:16 2010 UTC (13 years ago) by tron
Branch: pkgsrc-2009Q4
Changes since 1.110: +2 -3 lines
Diff to previous 1.110 (colored)

Pullup ticket #2966 - requested by spz
bind9: security update

Revisions pulled up:
- net/bind9/Makefile			1.112 via patch
- net/bind9/distinfo			1.46
---
Module Name:	pkgsrc
Committed By:	spz
Date:		Thu Jan 21 19:54:33 UTC 2010

Modified Files:
	pkgsrc/net/bind9: Makefile distinfo

Log Message:
security update:
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3.  It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.

Changes since 9.4.3-P3:

2772.	[security]	When validating, track whether pending data was from
			the additional section or not and only return it if
			validates as secure. [RT #20438]

BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.4.3-P4:

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]

Revision 1.112 / (download) - annotate - [select for diffs], Thu Jan 21 19:54:33 2010 UTC (13 years ago) by spz
Branch: MAIN
Changes since 1.111: +2 -3 lines
Diff to previous 1.111 (colored)

security update:
BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3.  It addresses a
potential cache poisoning vulnerability, in which data in the additional
section of a response could be cached without proper DNSSEC validation.

Changes since 9.4.3-P3:

2772.	[security]	When validating, track whether pending data was from
			the additional section or not and only return it if
			validates as secure. [RT #20438]

BIND 9.4.3-P5 is a SECURITY PATCH for BIND 9.4.3.  It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.

CVE identifiers: CVE-2009-4022, CVE-2010-0097
CERT advisories: VU#418861, VU#360341

Changes since 9.4.3-P4:

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]

Revision 1.111 / (download) - annotate - [select for diffs], Sun Jan 17 12:02:30 2010 UTC (13 years ago) by wiz
Branch: MAIN
Changes since 1.110: +2 -2 lines
Diff to previous 1.110 (colored)

Recursive PKGREVISION bump for jpeg update to 8.

Revision 1.110 / (download) - annotate - [select for diffs], Fri Dec 11 16:21:21 2009 UTC (13 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base
Branch point for: pkgsrc-2009Q4
Changes since 1.109: +2 -1 lines
Diff to previous 1.109 (colored)

Modify named9.sh to create /dev/random in chrooted environment
as base system's /etc/rc.d/named.

Bump PKGREVISION.

Revision 1.107.2.1 / (download) - annotate - [select for diffs], Wed Jul 29 07:43:16 2009 UTC (13 years, 6 months ago) by spz
Branch: pkgsrc-2009Q2
Changes since 1.107: +3 -3 lines
Diff to previous 1.107 (colored) next main 1.108 (colored)

Pullup ticket 2844 - requested by reed
security update
second part of pullups for PR 41796

Revisions pulled up:
- pkgsrc/net/bind9/Makefile			1.109
- pkgsrc/net/bind9/distinfo			1.44

   Module Name:    pkgsrc
   Committed By:   reed
   Date:           Tue Jul 28 20:39:45 UTC 2009

   Modified Files:
           pkgsrc/net/bind9: Makefile distinfo

   Log Message:
   Updated to 9.4.3-P3 for security issue:
   https://www.isc.org/node/474


   To generate a diff of this commit:
   cvs rdiff -u -r1.108 -r1.109 pkgsrc/net/bind9/Makefile
   cvs rdiff -u -r1.43 -r1.44 pkgsrc/net/bind9/distinfo

Revision 1.109 / (download) - annotate - [select for diffs], Tue Jul 28 20:39:45 2009 UTC (13 years, 6 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3
Changes since 1.108: +3 -3 lines
Diff to previous 1.108 (colored)

Updated to 9.4.3-P3 for security issue:
https://www.isc.org/node/474

Revision 1.108 / (download) - annotate - [select for diffs], Fri Jul 24 12:30:00 2009 UTC (13 years, 6 months ago) by obache
Branch: MAIN
Changes since 1.107: +2 -2 lines
Diff to previous 1.107 (colored)

Update HOMEPAGE url.

Revision 1.107 / (download) - annotate - [select for diffs], Sun Jun 14 22:58:06 2009 UTC (13 years, 7 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.106: +1 -5 lines
Diff to previous 1.106 (colored)

Remove @dirrm related logic.

Revision 1.106 / (download) - annotate - [select for diffs], Mon Mar 23 14:43:13 2009 UTC (13 years, 10 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1
Changes since 1.105: +3 -2 lines
Diff to previous 1.105 (colored)

Add URL for mirror on "ftp.belnet.be" to master site list.

Revision 1.105 / (download) - annotate - [select for diffs], Sun Mar 22 15:31:44 2009 UTC (13 years, 10 months ago) by adrianp
Branch: MAIN
Changes since 1.104: +3 -3 lines
Diff to previous 1.104 (colored)

--- 9.4.3-P2 released ---

2579.	[bug]		DNSSEC lookaside validation failed to handle unknown
			algorithms. [RT #19479]

Revision 1.102.6.1 / (download) - annotate - [select for diffs], Mon Jan 19 11:44:15 2009 UTC (14 years ago) by tron
Branch: pkgsrc-2008Q4
Changes since 1.102: +6 -3 lines
Diff to previous 1.102 (colored) next main 1.103 (colored)

Pullup ticket #2645 - requested by mlelstv
bind9: security update

Revisions pulled up:
- net/bind9/Makefile				1.103-1.104
- net/bind9/PLIST				1.23
- net/bind9/distinfo				1.39-1.40
- net/bind9/patches/patch-ai			1.10
- net/bind9/patches/patch-ap			delete
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Sun Jan	 4 00:16:03 UTC 2009

Modified Files:
	pkgsrc/net/bind9: Makefile PLIST distinfo
	pkgsrc/net/bind9/patches: patch-ai
Removed Files:
	pkgsrc/net/bind9/patches: patch-ap

Log Message:
Update to 9.4.3

Resolver could try unreachable servers multiple times.
Adb's handling of lame addresses was different for IPv4 and IPv6.
Remove NULL pointer dereference in dns_journal_print().
libbind: Out of bounds reference in dns_ho.c:addrsort.
Set initial timeout to 800ms.
TSIG context leak

For all the details see:
 http://oldwww.isc.org/sw/bind/view/?release=9.4.3#RELEASE
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Thu Jan	 8 09:02:19 UTC 2009

Modified Files:
	pkgsrc/net/bind9: Makefile distinfo

Log Message:
Changes since 9.4.3:

2522.	[security]	Handle -1 from DSA_do_verify().

2498.	[bug]		Removed a bogus function argument used with
			ISC_SOCKET_USE_POLLWATCH: it could cause compiler
			warning or crash named with the debug 1 level
			of logging. [RT #18917]


To generate a diff of this commit:
cvs rdiff -r1.103 -r1.104 pkgsrc/net/bind9/Makefile
cvs rdiff -r1.39 -r1.40 pkgsrc/net/bind9/distinfo

Revision 1.104 / (download) - annotate - [select for diffs], Thu Jan 8 09:02:19 2009 UTC (14 years ago) by adrianp
Branch: MAIN
Changes since 1.103: +6 -2 lines
Diff to previous 1.103 (colored)

Changes since 9.4.3:

2522.	[security]	Handle -1 from DSA_do_verify().

2498.	[bug]		Removed a bogus function argument used with
			ISC_SOCKET_USE_POLLWATCH: it could cause compiler
			warning or crash named with the debug 1 level
			of logging. [RT #18917]

Revision 1.103 / (download) - annotate - [select for diffs], Sun Jan 4 00:16:03 2009 UTC (14 years, 1 month ago) by adrianp
Branch: MAIN
Changes since 1.102: +2 -3 lines
Diff to previous 1.102 (colored)

Update to 9.4.3

Resolver could try unreachable servers multiple times.
Adb's handling of lame addresses was different for IPv4 and IPv6.
Remove NULL pointer dereference in dns_journal_print().
libbind: Out of bounds reference in dns_ho.c:addrsort.
Set initial timeout to 800ms.
TSIG context leak

For all the details see:
 http://oldwww.isc.org/sw/bind/view/?release=9.4.3#RELEASE

Revision 1.101.4.1 / (download) - annotate - [select for diffs], Mon Aug 4 08:20:37 2008 UTC (14 years, 6 months ago) by rtr
Branch: pkgsrc-2008Q2
Changes since 1.101: +3 -3 lines
Diff to previous 1.101 (colored) next main 1.102 (colored)

pullup ticket #2470 - requested by adrianp
bind9: update package for fixes

revisions pulled up:
pkgsrc/net/bind9/Makefile	1.102
pkgsrc/net/bind9/distinfo	1.38

Module Name:	pkgsrc
Committed By:	adrianp
Date:		Sun Aug  3 18:41:45 UTC 2008

Modified Files:
	pkgsrc/net/bind9: Makefile distinfo

Log Message:
Changes since 9.4.2-P1:

	--- 9.4.2-P2 released ---

2406.   [bug]           Some operating systems have FD_SETSIZE set to a
			low value by default, which can cause resource
			exhaustion when many simultaneous connections are
			open.  Linux in particular makes it difficult to
			increase this value.  To use more sockets with
			select(), set ISC_SOCKET_FDSETSIZE.  Example:
			STD_CDEFINES="-DISC_SOCKET_FDSETSIZE=4096" ./configure
			(This should not be necessary in most cases, and
			never for an authoritative-only server.) [RT #18328]

2404.	[port]		hpux: files unlimited support.

2403.	[bug]		TSIG context leak. [RT #18341]

2402.	[port]		Support Solaris 2.11 and over. [RT #18362]

2401.	[bug]		Expect to get E[MN]FILE errno internal_accept()
			(from accept() or fcntl() system calls). [RT #18358]

2399.	[bug]		Abort timeout queries to reduce the number of open
			UDP sockets. [RT #18367]

2398.	[bug]           Improve file descriptor management.  New,
			temporary, named.conf option reserved-sockets,
			default 512. [RT #18344]

2396.	[bug]		Don't set SO_REUSEADDR for randomized ports.
			[RT #18336]

2395.	[port]		Avoid warning and no effect from "files unlimited"
			on Linux when running as root. [RT #18335]

2394.	[bug]		Default configuration options set the limit for
			open files to 'unlimited' as described in the
			documentation. [RT #18331]

2392.	[bug]		remove 'grep -q' from acl test script, some platforms
			don't support it. [RT #18253]

2322.	[port]		MacOS: work around the limitation of setrlimit()
			for RLIMIT_NOFILE. [RT #17526]

Revision 1.102 / (download) - annotate - [select for diffs], Sun Aug 3 18:41:45 2008 UTC (14 years, 6 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base, pkgsrc-2008Q3-base, pkgsrc-2008Q3, cube-native-xorg-base, cube-native-xorg
Branch point for: pkgsrc-2008Q4
Changes since 1.101: +3 -3 lines
Diff to previous 1.101 (colored)

Changes since 9.4.2-P1:

	--- 9.4.2-P2 released ---

2406.   [bug]           Some operating systems have FD_SETSIZE set to a
			low value by default, which can cause resource
			exhaustion when many simultaneous connections are
			open.  Linux in particular makes it difficult to
			increase this value.  To use more sockets with
			select(), set ISC_SOCKET_FDSETSIZE.  Example:
			STD_CDEFINES="-DISC_SOCKET_FDSETSIZE=4096" ./configure
			(This should not be necessary in most cases, and
			never for an authoritative-only server.) [RT #18328]

2404.	[port]		hpux: files unlimited support.

2403.	[bug]		TSIG context leak. [RT #18341]

2402.	[port]		Support Solaris 2.11 and over. [RT #18362]

2401.	[bug]		Expect to get E[MN]FILE errno internal_accept()
			(from accept() or fcntl() system calls). [RT #18358]

2399.	[bug]		Abort timeout queries to reduce the number of open
			UDP sockets. [RT #18367]

2398.	[bug]           Improve file descriptor management.  New,
			temporary, named.conf option reserved-sockets,
			default 512. [RT #18344]

2396.	[bug]		Don't set SO_REUSEADDR for randomized ports.
			[RT #18336]

2395.	[port]		Avoid warning and no effect from "files unlimited"
			on Linux when running as root. [RT #18335]

2394.	[bug]		Default configuration options set the limit for
			open files to 'unlimited' as described in the
			documentation. [RT #18331]

2392.	[bug]		remove 'grep -q' from acl test script, some platforms
			don't support it. [RT #18253]

2322.	[port]		MacOS: work around the limitation of setrlimit()
			for RLIMIT_NOFILE. [RT #17526]

Revision 1.95.2.2 / (download) - annotate - [select for diffs], Fri Jul 11 06:14:07 2008 UTC (14 years, 6 months ago) by ghen
Branch: pkgsrc-2008Q1
Changes since 1.95.2.1: +2 -3 lines
Diff to previous 1.95.2.1 (colored) to branchpoint 1.95 (colored) next main 1.96 (colored)

Pullup ticket 2447 - requested by adrianp
security update for bind9

- pkgsrc/net/bind9/Makefile				1.100, 1.101
- pkgsrc/net/bind9/PLIST				1.22
- pkgsrc/net/bind9/distinfo				1.36, 1.37
- pkgsrc/net/bind9/patches/patch-ad			1.7, 1.8
- pkgsrc/net/bind9/patches/patch-ai			1.9

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Sat Jun 21 22:13:22 UTC 2008

   Modified Files:
	   pkgsrc/net/bind9: Makefile distinfo
	   pkgsrc/net/bind9/patches: patch-ad patch-ai

   Log Message:
   Fix two typos: inclue => include
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Thu Jul 10 21:05:30 UTC 2008

   Modified Files:
	   pkgsrc/net/bind9: Makefile PLIST distinfo
	   pkgsrc/net/bind9/patches: patch-ad

   Log Message:
   Update to 9.4.2-P1
   Please see CHANGES for all the details but the driving factor of this update
   is:
   2375.   [security]      Fully randomize UDP query ports to improve
                           forgery resilience. [RT #17949]

Revision 1.101 / (download) - annotate - [select for diffs], Thu Jul 10 21:05:30 2008 UTC (14 years, 6 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base, cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.100: +2 -3 lines
Diff to previous 1.100 (colored)

Update to 9.4.2-P1
Please see CHANGES for all the details but the driving factor of this update
is:
2375.   [security]      Fully randomize UDP query ports to improve
                        forgery resilience. [RT #17949]

Revision 1.100 / (download) - annotate - [select for diffs], Sat Jun 21 22:13:22 2008 UTC (14 years, 7 months ago) by adrianp
Branch: MAIN
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored)

Fix two typos: inclue => include

Revision 1.99 / (download) - annotate - [select for diffs], Fri Jun 20 01:09:29 2008 UTC (14 years, 7 months ago) by joerg
Branch: MAIN
Changes since 1.98: +14 -14 lines
Diff to previous 1.98 (colored)

Add DESTDIR support.

Revision 1.98 / (download) - annotate - [select for diffs], Mon May 26 02:13:22 2008 UTC (14 years, 8 months ago) by joerg
Branch: MAIN
Changes since 1.97: +3 -2 lines
Diff to previous 1.97 (colored)

Second round of explicit pax dependencies. As reminded by tnn@,
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.

Revision 1.95.2.1 / (download) - annotate - [select for diffs], Sun May 11 09:42:39 2008 UTC (14 years, 8 months ago) by ghen
Branch: pkgsrc-2008Q1
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)

Pullup ticket 2370 - requested by tonnerre
security fix for bind 9

- pkgsrc/net/bind9/Makefile				1.97
- pkgsrc/net/bind9/distinfo				1.35
- pkgsrc/net/bind9/patches/patch-ap			1.3

   Module Name:		pkgsrc
   Committed By:	tonnerre
   Date:		Sun May 11 00:00:59 UTC 2008

   Modified Files:
	   pkgsrc/net/bind9: Makefile distinfo
   Added Files:
	   pkgsrc/net/bind9/patches: patch-ap

   Log Message:
   Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced
   boundary check can be abused for implementation specific exploitation:
   depending on the use of libbind, this can result in denial of service
   or even remote code execution.

Revision 1.97 / (download) - annotate - [select for diffs], Sun May 11 00:00:59 2008 UTC (14 years, 8 months ago) by tonnerre
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)

Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced boundary
check can be abused for implementation specific exploitation: depending on
the use of libbind, this can result in denial of service or even remote
code execution.

Revision 1.96 / (download) - annotate - [select for diffs], Sat Apr 12 22:43:08 2008 UTC (14 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.95: +3 -4 lines
Diff to previous 1.95 (colored)

Convert to use PLIST_VARS instead of manually passing "@comment "
through PLIST_SUBST to the plist module.

Revision 1.95 / (download) - annotate - [select for diffs], Fri Jan 18 05:08:40 2008 UTC (15 years ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base
Branch point for: pkgsrc-2008Q1
Changes since 1.94: +2 -2 lines
Diff to previous 1.94 (colored)

Per the process outlined in revbump(1), perform a recursive revbump
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@

Revision 1.94 / (download) - annotate - [select for diffs], Fri Sep 7 22:12:16 2007 UTC (15 years, 5 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3
Changes since 1.93: +6 -7 lines
Diff to previous 1.93 (colored)

Convert packages that test and use USE_INET6 to use the options framework
and to support the "inet6" option instead.

Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files.  Replace:

	BUILD_DEFS+=	USE_INET6
with
	BUILD_DEFS+=	IPV6_READY

and teach the README-generation tools to look for that instead.

This nukes USE_INET6 from pkgsrc proper.  We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.

Revision 1.93 / (download) - annotate - [select for diffs], Wed Aug 8 18:32:46 2007 UTC (15 years, 5 months ago) by reed
Branch: MAIN
Changes since 1.92: +2 -1 lines
Diff to previous 1.92 (colored)

Fix two typos. I didn't test this. Bump PKGREVISION as on
"dragonfly" this may change the build.

Revision 1.89.2.1 / (download) - annotate - [select for diffs], Mon Aug 6 20:51:26 2007 UTC (15 years, 6 months ago) by ghen
Branch: pkgsrc-2007Q2
Changes since 1.89: +3 -3 lines
Diff to previous 1.89 (colored) next main 1.90 (colored)

Pullup ticket 2160 - requested by adrianp
security update for bind9

- pkgsrc/net/bind9/Makefile				1.91, 1.92
- pkgsrc/net/bind9/distinfo				1.33

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Sat Jul 28 11:41:57 UTC 2007

   Modified Files:
	   pkgsrc/net/bind9: Makefile distinfo

   Log Message:
   Update to 9.4.1-P1

   2206.	[security]
   "allow-query-cache" and "allow-recursion" now
   cross inherit from each other.
   If allow-query-cache is not set in named.conf then
   allow-recursion is used if set, otherwise allow-query
   is used if set, otherwise the default (localnets;
   localhost;) is used.
   If allow-recursion is not set in named.conf then
   allow-query-cache is used if set, otherwise allow-query
   is used if set, otherwise the default (localnets;
   localhost;) is used.

   2203.	[security]
   Query id generation was cryptographically weak.

   2202.	[security]
   The default acls for allow-query-cache and
   allow-recursion were not being applied.

   2193.	[port]
   win32: BINDInstall.exe is now linked statically.

   2192.	[port]
   win32: use vcredist_x86.exe to install Visual
   Studio's redistributable dlls if building with
   Visual Stdio 2005 or later.
---
   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Wed Aug  1 21:09:57 UTC 2007

   Modified Files:
	   pkgsrc/net/bind9: Makefile

   Log Message:
   Fix for bind package name pointed out by John Klos on tech-pkg@

Revision 1.92 / (download) - annotate - [select for diffs], Wed Aug 1 21:09:57 2007 UTC (15 years, 6 months ago) by adrianp
Branch: MAIN
Changes since 1.91: +2 -1 lines
Diff to previous 1.91 (colored)

Fix for bind package name pointed out by John Klos on tech-pkg@

Revision 1.91 / (download) - annotate - [select for diffs], Sat Jul 28 11:41:56 2007 UTC (15 years, 6 months ago) by adrianp
Branch: MAIN
Changes since 1.90: +2 -3 lines
Diff to previous 1.90 (colored)

Update to 9.4.1-P1

2206.	[security]
"allow-query-cache" and "allow-recursion" now
cross inherit from each other.
If allow-query-cache is not set in named.conf then
allow-recursion is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
If allow-recursion is not set in named.conf then
allow-query-cache is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.

2203.	[security]
Query id generation was cryptographically weak.

2202.	[security]
The default acls for allow-query-cache and
allow-recursion were not being applied.

2193.	[port]
win32: BINDInstall.exe is now linked statically.

2192.	[port]
win32: use vcredist_x86.exe to install Visual
Studio's redistributable dlls if building with
Visual Stdio 2005 or later.

Revision 1.90 / (download) - annotate - [select for diffs], Wed Jul 4 20:54:48 2007 UTC (15 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.89: +5 -2 lines
Diff to previous 1.89 (colored)

Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.

Revision 1.89 / (download) - annotate - [select for diffs], Tue Jun 12 14:08:37 2007 UTC (15 years, 7 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base
Branch point for: pkgsrc-2007Q2
Changes since 1.88: +3 -1 lines
Diff to previous 1.88 (colored)

Automatically include pthread variables. Bump revision as it might
change some of the binaries.

Revision 1.88 / (download) - annotate - [select for diffs], Wed May 2 08:12:37 2007 UTC (15 years, 9 months ago) by cjs
Branch: MAIN
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (colored)

Update BIND to 9.4.1:
CVE-2007-2241: A sequence of queries can cause a recursive nameserver
to exit. While it is unlikely these will occur in normal operation, an
attack can use them to cause the affected versions to exit. This attack
is a denial of service, and does not allow an attacker to gain control
of affected systems.

Revision 1.87 / (download) - annotate - [select for diffs], Sun Apr 15 18:56:49 2007 UTC (15 years, 9 months ago) by cjs
Branch: MAIN
Changes since 1.86: +2 -3 lines
Diff to previous 1.86 (colored)

Upgrade BIND to 9.4.0.
I won't attempt to summarize 221 lines of changes in README here.

Revision 1.84.2.1 / (download) - annotate - [select for diffs], Thu Feb 1 09:28:52 2007 UTC (16 years ago) by ghen
Branch: pkgsrc-2006Q4
Changes since 1.84: +5 -3 lines
Diff to previous 1.84 (colored) next main 1.85 (colored)

Pullup ticket 2010 - requested by adrianp
security update for bind9

- pkgsrc/net/bind9/Makefile				1.85-1.86
- pkgsrc/net/bind9/distinfo				1.30
- pkgsrc/net/bind9/patches/patch-ao			1.2
- pkgsrc/net/bind9/patches/patch-ap			removed
- pkgsrc/net/bind9/patches/patch-aq			removed

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Sun Jan 28 01:31:52 UTC 2007

   Modified Files:
	   pkgsrc/net/bind9: Makefile distinfo
	   pkgsrc/net/bind9/patches: patch-ao
   Removed Files:
	   pkgsrc/net/bind9/patches: patch-ap patch-aq

   Log Message:
   Update to 9.3.4
   Lots of changes, see http://www.isc.org/sw/bind/view/?release=9.3.4#RELEASE
   for all the details:

   In brief:
   2126.	[security]	Serialise validation of type ANY responses.

   2124.	[security]	It was possible to dereference a freed fetch
   context.

   2089.	[security]	Raise the minimum safe OpenSSL versions to
   OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
   prior to these have known security flaws which
   are (potentially) exploitable in named.

   2088.	[security]	Change the default RSA exponent from 3 to 65537.

   2066.   [security]      Handle SIG queries gracefully.

   1941.   [bug]           ncache_adderesult() should set eresult even if no
   rdataset is passed to it.
---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Tue Jan 30 15:04:34 UTC 2007

   Modified Files:
	   pkgsrc/net/bind9: Makefile

   Log Message:
   Fix permission problems:
   - "share/doc/bind9" shouldn't be group-writable.
   - "share/doc/bind9/arm/Bv9ARM.pdf" shouldn't be executable.

   Bump package revision because of these fixes.

Revision 1.86 / (download) - annotate - [select for diffs], Tue Jan 30 15:04:33 2007 UTC (16 years ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base, pkgsrc-2007Q1
Changes since 1.85: +4 -1 lines
Diff to previous 1.85 (colored)

Fix permission problems:
- "share/doc/bind9" shouldn't be group-writable.
- "share/doc/bind9/arm/Bv9ARM.pdf" shouldn't be executable.

Bump package revision because of these fixes.

Revision 1.85 / (download) - annotate - [select for diffs], Sun Jan 28 01:31:52 2007 UTC (16 years ago) by adrianp
Branch: MAIN
Changes since 1.84: +2 -3 lines
Diff to previous 1.84 (colored)

Update to 9.3.4
Lots of changes, see http://www.isc.org/sw/bind/view/?release=9.3.4#RELEASE
for all the details:

In brief:
2126.	[security]	Serialise validation of type ANY responses.

2124.	[security]	It was possible to dereference a freed fetch
context.

2089.	[security]	Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
prior to these have known security flaws which
are (potentially) exploitable in named.

2088.	[security]	Change the default RSA exponent from 3 to 65537.

2066.   [security]      Handle SIG queries gracefully.

1941.   [bug]           ncache_adderesult() should set eresult even if no
rdataset is passed to it.

Revision 1.84 / (download) - annotate - [select for diffs], Thu Nov 23 22:19:38 2006 UTC (16 years, 2 months ago) by hubertf
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base
Branch point for: pkgsrc-2006Q4
Changes since 1.83: +4 -2 lines
Diff to previous 1.83 (colored)

Disable threading on sparc and sparc64
sparc64 tested successfully by Volkmar Seifert <vs@nifelheim.info>

OK'd by (and sparc included per suggestion of) martin@

Revision 1.83 / (download) - annotate - [select for diffs], Sun Nov 5 15:49:22 2006 UTC (16 years, 3 months ago) by seb
Branch: MAIN
Changes since 1.82: +5 -6 lines
Diff to previous 1.82 (colored)

Don't install doc/*/Makefile{,.in} as theses do not pass the CHECK_WRKREF
check. Also don't install utility perl scripts for building the
docs. Use pax to install all the doc files in one go.

Bump PKGREVISION to 3 for the PLIST changes.

Revision 1.78.2.1 / (download) - annotate - [select for diffs], Thu Sep 7 11:20:43 2006 UTC (16 years, 5 months ago) by ghen
Branch: pkgsrc-2006Q2
Changes since 1.78: +5 -2 lines
Diff to previous 1.78 (colored) next main 1.79 (colored)

Pullup ticket 1816 - requested by adrianp
security update for bind9

Revisions pulled up:
- pkgsrc/net/bind9/Makefile				1.79,1.81-1.82
- pkgsrc/net/bind9/PLIST				1.19
- pkgsrc/net/bind9/distinfo				1.27
- pkgsrc/net/bind9/patches/patch-aa			removed
- pkgsrc/net/bind9/patches/patch-ac			1.6
- pkgsrc/net/bind9/patches/patch-ad			1.6
- pkgsrc/net/bind9/patches/patch-ae			removed
- pkgsrc/net/bind9/patches/patch-af			1.6
- pkgsrc/net/bind9/patches/patch-ah			removed
- pkgsrc/net/bind9/patches/patch-ai			1.7
- pkgsrc/net/bind9/patches/patch-aj			1.4
- pkgsrc/net/bind9/patches/patch-al			1.2
- pkgsrc/net/bind9/patches/patch-am			1.1
- pkgsrc/net/bind9/patches/patch-ao			1.1
- pkgsrc/net/bind9/patches/patch-ap			1.1
- pkgsrc/net/bind9/patches/patch-aq			1.1

   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Aug 17 14:14:18 UTC 2006

   Modified Files:
	pkgsrc/net/bind9: Makefile PLIST distinfo
	pkgsrc/net/bind9/patches: patch-ac patch-ad patch-af patch-ai patch-aj
	    patch-al
   Added Files:
	pkgsrc/net/bind9/patches: patch-am
   Removed Files:
	pkgsrc/net/bind9/patches: patch-aa patch-ae patch-ah

   Log Message:
   Update bind to 9.3.2.

   Changes are huge, so please see http://www.isc.org/sw/bind/bind9.3.php.
---
   Module Name:	pkgsrc
   Committed By:	seb
   Date:		Mon Aug 28 16:00:45 UTC 2006

   Modified Files:
	pkgsrc/net/bind9: Makefile distinfo
   Added Files:
	pkgsrc/net/bind9/patches: patch-an patch-ao

   Log Message:
   Bump PKGREVISION to 1.

   Fix build on NetBSD/sparc64 3.x: sync CPP symbols usage between
   struct addrinfo definition and its usage in getaddrinfo().

   While here define struct addrinfo's pad members the same way as in
   NetBSD's /usr/include/netbsd.h and sync code in
   lib/bind/irs/getaddrinfo.c:getaddrinfo().

   This had been reported to bind9-bugs at isc dot org.
---
   Module Name:	pkgsrc
   Committed By:	rillig
   Date:		Sun Sep  3 22:58:26 UTC 2006

   Modified Files:
	pkgsrc/net/bind9: Makefile

   Log Message:
   Added the relevant variables to BUILD_DEFS.
---
   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Tue Sep  5 20:45:32 UTC 2006

   Modified Files:
	pkgsrc/net/bind9: Makefile distinfo
   Added Files:
	pkgsrc/net/bind9/patches: patch-ap patch-aq

   Log Message:
   Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1

   * Assertion failure in ISC BIND SIG query processing (CVE-2006-4095)

   - Recursive servers
   Queries for SIG records will trigger an assertion failure if more
   than one RRset is returned. However exposure can be minimized by
   restricting which sources can ask for recursion.

   - Authoritative servers
   If a nameserver is serving a RFC 2535 DNSSEC zone and is queried
   for the SIG records where there are multiple RRsets, then the
   named program will trigger an assertion failure when it tries
   to construct the response.

   * INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096)

   It is possible to trigger an INSIST failure by sending enough
   recursive queries such that the response to the query arrives after
   all the clients waiting for the response have left the recursion
   queue. However exposure can be minimized by restricting which sources
   can ask for recursion.

Revision 1.82 / (download) - annotate - [select for diffs], Tue Sep 5 20:45:32 2006 UTC (16 years, 5 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base, pkgsrc-2006Q3
Changes since 1.81: +2 -2 lines
Diff to previous 1.81 (colored)

Fixes for CVE-2006-4095 and CVE-2006-4096 from bind-9.3.2-P1

* Assertion failure in ISC BIND SIG query processing (CVE-2006-4095)

- Recursive servers
Queries for SIG records will trigger an assertion failure if more
than one RRset is returned. However exposure can be minimized by
restricting which sources can ask for recursion.

- Authoritative servers
If a nameserver is serving a RFC 2535 DNSSEC zone and is queried
for the SIG records where there are multiple RRsets, then the
named program will trigger an assertion failure when it tries
to construct the response.

* INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096)

It is possible to trigger an INSIST failure by sending enough
recursive queries such that the response to the query arrives after
all the clients waiting for the response have left the recursion
queue. However exposure can be minimized by restricting which sources
can ask for recursion.

Revision 1.81 / (download) - annotate - [select for diffs], Sun Sep 3 22:58:26 2006 UTC (16 years, 5 months ago) by rillig
Branch: MAIN
Changes since 1.80: +3 -1 lines
Diff to previous 1.80 (colored)

Added the relevant variables to BUILD_DEFS.

Revision 1.80 / (download) - annotate - [select for diffs], Mon Aug 28 16:00:45 2006 UTC (16 years, 5 months ago) by seb
Branch: MAIN
Changes since 1.79: +2 -1 lines
Diff to previous 1.79 (colored)

Bump PKGREVISION to 1.

Fix build on NetBSD/sparc64 3.x: sync CPP symbols usage between
struct addrinfo definition and its usage in getaddrinfo().

While here define struct addrinfo's pad members the same way as in
NetBSD's /usr/include/netbsd.h and sync code in
lib/bind/irs/getaddrinfo.c:getaddrinfo().

This had been reported to bind9-bugs at isc dot org.

Revision 1.79 / (download) - annotate - [select for diffs], Thu Aug 17 14:14:18 2006 UTC (16 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored)

Update bind to 9.3.2.

Changes are huge, so please see http://www.isc.org/sw/bind/bind9.3.php.

Revision 1.78 / (download) - annotate - [select for diffs], Tue Jun 20 13:37:22 2006 UTC (16 years, 7 months ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.77: +5 -1 lines
Diff to previous 1.77 (colored)

The contents of include/bind vary widly between systems as bind9
dutifully installs whatever it thinks might be missing or just
substandard on the current system.
As the Makefile already adds the contents of share/doc/bind9
dynamically to the PLIST, do the same for include/bind.
Fixes the PLIST on RedHat EL 2 & 3, and does not break it on NetBSD/3
No PKGREVISION bump as no change to anything but generated PLIST

Revision 1.77 / (download) - annotate - [select for diffs], Tue Apr 25 16:19:40 2006 UTC (16 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)

Remove as maintainer of this package. I'm no longer using it on any
system I administrate.

Revision 1.76 / (download) - annotate - [select for diffs], Sun Apr 23 00:12:39 2006 UTC (16 years, 9 months ago) by jlam
Branch: MAIN
Changes since 1.75: +5 -2 lines
Diff to previous 1.75 (colored)

Modify packages that set PKG_USERS and PKG_GROUPS to follow the new
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.

Revision 1.75 / (download) - annotate - [select for diffs], Thu Dec 29 06:21:57 2005 UTC (17 years, 1 month ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base, pkgsrc-2006Q1
Changes since 1.74: +1 -2 lines
Diff to previous 1.74 (colored)

Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.

Revision 1.74 / (download) - annotate - [select for diffs], Mon Dec 5 23:55:13 2005 UTC (17 years, 2 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base, pkgsrc-2005Q4
Changes since 1.73: +3 -3 lines
Diff to previous 1.73 (colored)

Ran "pkglint --autofix", which corrected some of the quoting issues in
CONFIGURE_ARGS.

Revision 1.73 / (download) - annotate - [select for diffs], Mon Dec 5 20:50:44 2005 UTC (17 years, 2 months ago) by rillig
Branch: MAIN
Changes since 1.72: +2 -3 lines
Diff to previous 1.72 (colored)

Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html

Revision 1.72 / (download) - annotate - [select for diffs], Tue Aug 23 11:48:50 2005 UTC (17 years, 5 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base, pkgsrc-2005Q3
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)

The real user name in PKG_USERS does not need to be escaped with double
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.

Revision 1.71 / (download) - annotate - [select for diffs], Wed Jun 1 22:23:19 2005 UTC (17 years, 8 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base, pkgsrc-2005Q2
Changes since 1.70: +1 -2 lines
Diff to previous 1.70 (colored)

Don't set "DIST_SUBDIR". BIND 9.x archives include the version number.

Revision 1.70 / (download) - annotate - [select for diffs], Wed Jun 1 22:02:55 2005 UTC (17 years, 8 months ago) by tron
Branch: MAIN
Changes since 1.69: +3 -8 lines
Diff to previous 1.69 (colored)

Update "bind" package to version 9.3.1. Changes since version 9.3.0:
BIND 9.3.1 is a maintenance release, containing fixes for a number of
bugs in 9.3.0.
libbind: corresponds to that from BIND 8.4.6-REL.

Revision 1.69 / (download) - annotate - [select for diffs], Mon Apr 11 21:46:44 2005 UTC (17 years, 9 months ago) by tv
Branch: MAIN
Changes since 1.68: +1 -2 lines
Diff to previous 1.68 (colored)

Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.

Revision 1.68 / (download) - annotate - [select for diffs], Fri Mar 18 01:14:32 2005 UTC (17 years, 10 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base, pkgsrc-2005Q1
Changes since 1.67: +7 -2 lines
Diff to previous 1.67 (colored)

- Incooperate change root non-root support from NetBSD's "/etc/rc.d/named"
  into "named9.sh".
- Create a user and a group "named" for running the name server.
- Add a message file which encourages to run the name server in a
  change root non-root configuration.
This address PR pkg/14876 by Greg A. Woods.

Bump package revision because of the above changes.

Revision 1.67 / (download) - annotate - [select for diffs], Wed Mar 16 13:56:24 2005 UTC (17 years, 10 months ago) by tron
Branch: MAIN
Changes since 1.66: +3 -2 lines
Diff to previous 1.66 (colored)

- Rename rc script "named" to "named9" to avoid conflicts with NetBSD's
  builtin script.
- Don't set "pidfile" in "named9.sh" because it breaks change rooted
  configurations.
- Disable inlining in "lib/dns/rbt.c" on PowerPC systems because certain
  GCC version create broken code for that file.
Bump package revision because of the above changes.

Revision 1.66 / (download) - annotate - [select for diffs], Tue Mar 15 16:07:01 2005 UTC (17 years, 10 months ago) by tron
Branch: MAIN
Changes since 1.65: +7 -15 lines
Diff to previous 1.65 (colored)

- Reorder assignment to fix "pkglint" warnings.
- Use RCD_SCRIPTS mechanism to install startup scripts as suggested by
  Greg A. Woods in PR pkg/19099.

Revision 1.63.2.1 / (download) - annotate - [select for diffs], Thu Jan 27 13:31:24 2005 UTC (18 years ago) by salo
Branch: pkgsrc-2004Q4
Changes since 1.63: +7 -3 lines
Diff to previous 1.63 (colored) next main 1.64 (colored)

Pullup ticket 249 - requested by Todd Vierling
security fix for bind9

Revisions pulled up:
- pkgsrc/net/bind9/Makefile 1.65
- pkgsrc/net/bind9/distinfo 1.20

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Jan 26 09:32:31 UTC 2005

   Modified Files:
   	pkgsrc/net/bind9: Makefile distinfo

   Log Message:
   Apply ISC patch to fix a potential DoS in BIND 9.3.0 reported
   in VU#938617.
   Bump package version number to 9.3.0pl1 because of this.

Revision 1.65 / (download) - annotate - [select for diffs], Wed Jan 26 09:32:31 2005 UTC (18 years ago) by tron
Branch: MAIN
Changes since 1.64: +7 -3 lines
Diff to previous 1.64 (colored)

Apply ISC patch to fix a potential DoS in BIND 9.3.0 reported in VU#938617.
Bump package version number to 9.3.0pl1 because of this.

Revision 1.64 / (download) - annotate - [select for diffs], Wed Dec 29 15:31:24 2004 UTC (18 years, 1 month ago) by minskim
Branch: MAIN
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)

Use VARBASE.

Revision 1.63 / (download) - annotate - [select for diffs], Sat Dec 18 21:01:46 2004 UTC (18 years, 1 month ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base
Branch point for: pkgsrc-2004Q4
Changes since 1.62: +4 -2 lines
Diff to previous 1.62 (colored)

BIND 9.3.0 dies right after launch on VAX and m68k when threading is
enabled. Until this is fixed, we'll turn off threading for VAX and m68k.
PowerPC has some other issue, and i386 and SPARC appear to work fine with
threading.

Revision 1.62 / (download) - annotate - [select for diffs], Sun Oct 3 09:20:41 2004 UTC (18 years, 4 months ago) by tron
Branch: MAIN
Changes since 1.61: +3 -4 lines
Diff to previous 1.61 (colored)

Update "bind9" package to version 9.3.0. Changes since version 9.2.3:
- DNSSEC is now DS based (RFC 3658).
  See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
- DNSSEC lookaside validation.
- check-names is now implemented.
- rrset-order in more complete.
- IPv4/IPv6 transition support, dual-stack-servers.
- IXFR deltas can now be generated when loading master files,
  ixfr-from-differences.
- It is now possible to specify the size of a journal, max-journal-size.
- It is now possible to define a named set of master servers to be
  used in masters clause, masters.
- The advertised EDNS UDP size can now be set, edns-udp-size.
  allow-v6-synthesis has been obsoleted.
	NOTE:
	* Zones containing MD and MF will now be rejected.
	* dig, nslookup name. now report "Not Implemented" as
	  NOTIMP rather than NOTIMPL.  This will have impact on scripts
	  that are looking for NOTIMPL.
- libbind: corresponds to that from BIND 8.4.5.

Revision 1.61 / (download) - annotate - [select for diffs], Sun Oct 3 00:17:49 2004 UTC (18 years, 4 months ago) by tv
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)

Libtool fix for PR pkg/26633, and other issues.  Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.

Revision 1.60 / (download) - annotate - [select for diffs], Fri Aug 27 06:29:09 2004 UTC (18 years, 5 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base, pkgsrc-2004Q3
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (colored)

Replace RPATH_FLAG with LINKER_RPATH_FLAG and COMPILER_RPATH_FLAG,
which are the full option names used to set rpath directives for the
linker and the compiler, respectively.  In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath.  The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use.  They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively.  Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.

Revision 1.59 / (download) - annotate - [select for diffs], Thu Apr 15 20:13:20 2004 UTC (18 years, 9 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2
Changes since 1.58: +2 -3 lines
Diff to previous 1.58 (colored)

Bump package revision after recent package list changes because older
version of the package miss an important shared library.

Revision 1.58 / (download) - annotate - [select for diffs], Wed Apr 14 20:26:51 2004 UTC (18 years, 9 months ago) by snj
Branch: MAIN
Changes since 1.57: +4 -4 lines
Diff to previous 1.57 (colored)

Convert to buildlink3.

Revision 1.57 / (download) - annotate - [select for diffs], Tue Apr 6 14:54:17 2004 UTC (18 years, 10 months ago) by manu
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)

Build and install BIND9 resolver in ${prefix}/include/bind/ and
${prefix}/lib/libbind.a , just like the BIND8 package does.

Revision 1.56 / (download) - annotate - [select for diffs], Fri Mar 26 02:27:47 2004 UTC (18 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base, pkgsrc-2004Q1
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)

PKGREVISION bump after openssl-security-fix-update to 0.9.6m.
Buildlink files: RECOMMENDED version changed to current version.

Revision 1.55 / (download) - annotate - [select for diffs], Sat Feb 14 17:21:46 2004 UTC (18 years, 11 months ago) by jlam
Branch: MAIN
Changes since 1.54: +1 -3 lines
Diff to previous 1.54 (colored)

LIBTOOL_OVERRIDE and SHLIBTOOL_OVERRIDE are now lists of shell globs
relative to ${WRKSRC}.  Remove redundant LIBTOOL_OVERRIDE settings that
are automatically handled by the default setting in bsd.pkg.mk.

Revision 1.54 / (download) - annotate - [select for diffs], Sun Dec 28 10:30:07 2003 UTC (19 years, 1 month ago) by tron
Branch: MAIN
Changes since 1.53: +3 -4 lines
Diff to previous 1.53 (colored)

Make "${IPV6H}" substitution in package list more efficient.

Revision 1.53 / (download) - annotate - [select for diffs], Wed Nov 12 03:39:41 2003 UTC (19 years, 2 months ago) by jschauma
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base, pkgsrc-2003Q4
Changes since 1.52: +2 -1 lines
Diff to previous 1.52 (colored)

PKGREVISION++ after openssl update.

Revision 1.52 / (download) - annotate - [select for diffs], Mon Oct 27 03:56:03 2003 UTC (19 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.51: +5 -5 lines
Diff to previous 1.51 (colored)

upgrade to 9.2.3.

If you have installed BIND 9.1.3-P1, BIND 9.1.3-P2, BIND 9.2.2-P1,
BIND 9.2.2-P2, BIND 9.2.3rc2 or BIND 9.2.3rc3 it is recommended that
you upgrade.  These versions generate false positives when applying
delegation-only tests.

        --- 9.2.3 released ---
1525.   [bug]           dns_cache_create() could trigger a REQUIRE
                        failure in isc_mem_put() during error cleanup.
1524.   [port]          AIX needs to be able to resolve all symbols when
                        creating shared libraries (--with-libtool).
1523.   [bug]           Fix race condition in rbtdb. [RT# 9189]
1522.   [bug]           dns_db_findnode() relax the requirements on 'name'.
                        [RT# 9286]
1518.   [bug]           dns_nxt_buildrdata(), and hence dns_nxt_build(),
                        contained a off-by-one error when working out the
                        number of octets in the bitmap.
1514.   [bug]           named: isc_hash_destroy() was being called too early.
                        [RT #9160]
1513.   [doc]           Add "US" to root-delegation-only exclude list.
        --- 9.2.3rc4 released ---
1512.   [bug]           Extend the delegation-only logging to return query
                        type, class and responding nameserver.
1511.   [bug]           delegation-only was generating false positives
                        on negative answers from subzones.
        --- 9.2.3rc3 released ---
1510.   [func]          New view option "root-delegation-only".  Apply
                        delegation-only check to all TLDs and root.
                        Note there are some TLDs that are NOT delegation
			only (e.g. DE, LV, US and MUSEUM) these can be excluded
                        from the checks by using exclude.
                        root-delegation-only exclude {
                                "DE"; "LV"; "US"; "MUSEUM";
                        };
1509.   [bug]           Hint zones should accept delegation-only.  Forward
                        zone should not accept delegation-only.
1508.   [bug]           Don't apply delegation-only checks to answers from
                        forwarders.
1507.   [bug]           Handle BIND 8 style returns to NS queries to parents
                        when making delegation-only checks.
1506.   [bug]           Wrong return type for dns_view_isdelegationonly().
        --- 9.2.3rc2 released ---
1505.   [bug]           Uninitialised rdataset in sdb. [RT #8750]
1504.   [func]          New zone type "delegation-only".
1503.   [port]          win32: install libeay32.dll outside of system32.
(9.2.2-P2 is somewhere around here)

Revision 1.51 / (download) - annotate - [select for diffs], Mon Sep 22 13:22:16 2003 UTC (19 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.50: +4 -4 lines
Diff to previous 1.50 (colored)

Update bind9 package to 9.2.2p3 (9.2.2-P3).


	--- 9.2.2-P3 released ---

1512.	[bug]		Extend the delegation-only logging to return query
			type, class and responding nameserver.

1511.	[bug]		delegation-only was generating false positives
			on negative answers from subzones.

Revision 1.50 / (download) - annotate - [select for diffs], Sat Sep 20 12:50:24 2003 UTC (19 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.49: +4 -8 lines
Diff to previous 1.49 (colored)

9.2.2-P2

        --- 9.2.2-P2 released ---
1509.   [bug]           Hint zones should accept delegation-only.  Forward
                        zone should not accept delegation-only.
1508.   [bug]           Don't apply delegation-only checks to answers from
                        forwarders.
1507.   [bug]           Handle BIND 8 style returns to NS queries to parents
                        when making delegation-only checks.
1506.   [bug]           Wrong return type for dns_view_isdelegationonly().

Revision 1.49 / (download) - annotate - [select for diffs], Wed Sep 17 14:28:51 2003 UTC (19 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.48: +6 -1 lines
Diff to previous 1.48 (colored)

upgrade to 9.2.2p1.

---
BIND 9.2.2-P1 is now available.

In response to high demand from our users, ISC is releasing a patch for BIND
to support the declaration of "delegation-only" zones in caching/recursive
name servers.  Briefly, a zone which has been declared "delegation-only" will
be effectively limited to containing NS RRs for subdomains, but no actual
data outside its apex (for example, its SOA RR and apex NS RRset).  This can
be used to filter out "wildcard" or "synthesized" data from NAT boxes or from
authoritative name servers whose undelegated (in-zone) data is of no interest.

Revision 1.48 / (download) - annotate - [select for diffs], Fri Mar 14 19:37:52 2003 UTC (19 years, 10 months ago) by jlam
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)

(1) Publicly export the value of _OPSYS_RPATH_NAME as RPATH_FLAG;
    Makefiles simply need to use this value often, for better or for
    worse.

(2) Create a new variable FIX_RPATH that lists variables that should
    be cleansed of -R or -rpath values if ${_USE_RPATH} is "no".  By
    default, FIX_RPATH contains LIBS, X11_LDFLAGS, and LDFLAGS, and
    additional variables may be appended from package Makefiles.

Revision 1.47 / (download) - annotate - [select for diffs], Mon Mar 10 03:01:09 2003 UTC (19 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.46: +4 -3 lines
Diff to previous 1.46 (colored)

Make the USE_INET6/IPV6H handling a bit more readable.
(won't fix PR 20019 though...)

Revision 1.46 / (download) - annotate - [select for diffs], Wed Mar 5 05:40:45 2003 UTC (19 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)

Update bind9 to 9.2.2
Changes: many, at least 1 security related.

Revision 1.45 / (download) - annotate - [select for diffs], Sun Oct 6 16:44:53 2002 UTC (20 years, 4 months ago) by seb
Branch: MAIN
CVS Tags: netbsd-1-6-1-base, netbsd-1-6-1
Changes since 1.44: +12 -3 lines
Diff to previous 1.44 (colored)

buildlink1 -> buildlink2
Add support for native pthread via mk/pthread.buildlink2.mk

Revision 1.41.4.1 / (download) - annotate - [select for diffs], Thu Sep 5 10:22:55 2002 UTC (20 years, 5 months ago) by agc
Branch: netbsd-1-6
Changes since 1.41: +8 -1 lines
Diff to previous 1.41 (colored) next main 1.42 (colored)

Pull up versions 1.42-1.44 of Makefile, and version 1.4 of PLIST, to the
netbsd-1-6 pkgsrc branch.

Requested by Grant Beattie.

> From: grant beattie <grant@netbsd.org>
> Date: Tue, 20 Aug 2002 04:38:18 +0300 (EEST)
>
> Module Name:    pkgsrc
> Committed By:   grant
> Date:           Tue Aug 20 01:38:18 UTC 2002
>
> Modified Files:
>         pkgsrc/net/bind9: Makefile PLIST
>
> Log Message:
> deal with optional installation of ipv6.h on non-ipv6 platforms.

Revision 1.44 / (download) - annotate - [select for diffs], Mon Aug 26 12:09:36 2002 UTC (20 years, 5 months ago) by grant
Branch: MAIN
Changes since 1.43: +3 -3 lines
Diff to previous 1.43 (colored)

use USE_INET6 to determine whether or not to install
include/isc/ipv6.h

Revision 1.43 / (download) - annotate - [select for diffs], Mon Aug 26 11:25:41 2002 UTC (20 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)

this extra doublequote causes "make plist" to fail

Revision 1.42 / (download) - annotate - [select for diffs], Tue Aug 20 01:38:16 2002 UTC (20 years, 5 months ago) by grant
Branch: MAIN
Changes since 1.41: +7 -0 lines
Diff to previous 1.41 (colored)

deal with optional installation of ipv6.h on non-ipv6 platforms.

Revision 1.41 / (download) - annotate - [select for diffs], Wed Jul 24 12:55:56 2002 UTC (20 years, 6 months ago) by grant
Branch: MAIN
CVS Tags: netbsd-1-6-RELEASE-base
Branch point for: netbsd-1-6
Changes since 1.40: +4 -0 lines
Diff to previous 1.40 (colored)

override built-in libtool to fix shared library major versions on
non-NetBSD systems.

Revision 1.40 / (download) - annotate - [select for diffs], Fri Jul 19 11:20:30 2002 UTC (20 years, 6 months ago) by martti
Branch: MAIN
CVS Tags: pkgviews-base, pkgviews
Changes since 1.39: +3 -3 lines
Diff to previous 1.39 (colored)

Use INSTALL_SCRIPT to install the startup files.

Revision 1.38.2.1 / (download) - annotate - [select for diffs], Sun Jun 23 18:54:53 2002 UTC (20 years, 7 months ago) by jlam
Branch: buildlink2
Changes since 1.38: +9 -8 lines
Diff to previous 1.38 (colored) next main 1.39 (colored)

Merge from pkgsrc-current to buildlink2 branch.

Revision 1.39 / (download) - annotate - [select for diffs], Mon Jun 17 12:58:22 2002 UTC (20 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: buildlink2-base
Changes since 1.38: +9 -8 lines
Diff to previous 1.38 (colored)

Use openssl buildlink.mk instead of USE_SSL.

Revision 1.38 / (download) - annotate - [select for diffs], Sat May 4 14:56:23 2002 UTC (20 years, 9 months ago) by taca
Branch: MAIN
Branch point for: buildlink2
Changes since 1.37: +3 -3 lines
Diff to previous 1.37 (colored)

Update bind9 pacakge to 9.2.1 (with pkglint free).


	--- 9.2.1 released ---

1271.	[port]		win32: a make file contained absolute version specific
			references.

1269.	[bug]		Missing masters clause was not handled gracefully.
			[RT #2703]

1244.	[bug]		Receiving a TCP message from a blackhole address would
			prevent further messages being received over that
			interface.

1178.	[bug]		Follow and cache (if appropriate) A6 and other
			data chains to completion in the additional section.

	--- 9.2.1rc2 released ---

1240.	[bug]		It was possible to leak zone references by
			specifying an incorrect zone to rndc.

1239.	[bug]		Under certain circumstances named could continue to
			use a name after it had been freed triggering
			INSIST() failures.  [RT #2614]

1238.	[bug]		It is possible to lockup the server when shutting down
			if notifies are being processed. [RT #2591]

1237.	[bug]		nslookup: "set q=type" failed.

1236.	[bug]		dns_rdata{class,type}_fromtext() didn't handle non
			NULL terminated text regions. [RT #2588]

1232.	[bug]		unix/errno2result() didn't handle EADDRNOTAVAIL.

1231.	[port]		HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.

1230.	[bug]		isccc_cc_isreply() and isccc_cc_isack() were broken.

1229.	[bug]		named would crash if it received a TSIG signed
			query as part of an AXFR response. [RT #2570]

1228.	[bug]		'make install' did not depend on 'make all'. [RT #2559]

1227.	[bug]		dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
			if a number was expected and some other token was
			found. [RT#2532]

1222.	[bug]		Specifying 'port *' did not always result in a system
			selected (non-reserved) port being used. [RT #2537]

1221.	[bug]		Zone types 'master', 'slave' and 'stub' were not being
			compared case insensitively. [RT #2542]

1218.	[bug]		Named incorrectly returned SERVFAIL rather than
			NOTAUTH when there was a TSIG BADTIME error. [RT #2519]

1216.	[bug]		Multiple server clauses for the same server were not
			reported.  [RT #2514]

1215.	[port]		solaris: add support to ifconfig.sh for x86 2.5.1

1214.	[bug]		Win32: isc_file_renameunique() could leave zero length
			files behind.

1212.	[port]		libbind: 64k answer buffers were causing stack space
			to be exceeded for certian OS.  Use heap space instead.

1211.	[bug]		dns_name_fromtext() incorrectly handled certain
			valid octal bitlabels. [RT #2483]

1210.	[bug]		libbind: getnameinfo() failed to lookup IPv4 mapped /
			compatible addresses. [RT #2461]

1208.	[bug]		dns_master_load*() failed to log a error message if
			an error was detected when parsing the ownername of
			a record.  [RT #2448]

	--- 9.2.1rc1 released ---

1207.	[bug]		libbind: getaddrinfo() could call freeaddrinfo() with
			an invalid pointer.

1206.	[bug]		SERVFAIL and NOTIMP responses to an EDNS query should
			trigger a non-EDNS retry.

1205.	[bug]		OPT, TSIG and TKEY cannot be used to set the "class"
			of the message. [RT #2449]

1204.	[bug]		libbind: res_nupdate() failed to update the name
			server addresses before sending the update.

1201.	[bug]		Require that if 'callbacks' is passed to
			dns_rdata_fromtext(), callbacks->error and
			callbacks->warn are initialized.

1200.	[bug]		Log 'errno' that we are unable to convert to
			isc_result_t. [RT #2404]

1198.	[bug]		OPT printing style was not consistant with the way the
			header fields are printed.  The DO bit was not reported
			if set.  Report if any of the MBZ bits are set.

1197.	[bug]		Attempts to define the same acl multiple times were not
			detected.

1196.	[contrib]	update mdnkit to 2.2.3.

1195.	[bug]		Attempts to redefine builtin acls should be caught.
			[RT #2403]

1194.	[bug]		Not all duplicate zone definitions were being detected
			at the named.conf checking stage. [RT #2431]

1193.	[bug]		Best effort parsing didn't handle packet truncation.

1191.   [bug]           A dynamic update removing the last non-apex name in
			a secure zone would fail. [RT #2399]

1189.	[bug]		On some systems, malloc(0) returns NULL, which
			could cause the caller to report an out of memory
			error. [RT #2398]

1188.	[bug]		Dynamic updates of a signed zone would fail if
			some of the zone private keys were unavailable.

1186.   [bug]           isc_hex_tobuffer(,,length = 0) failed to unget the
                        EOL token when reading to end of line.

1185.	[bug]		libbind: don't assume statp->_u._ext.ext is valid
			unless RES_INIT is set when calling res_*init().

1184.	[bug]		libbind: call res_ndestroy() if RES_INIT is set
			when res_*init() is called.

1183.	[bug]		Handle ENOSR error when writing to the internal
			control pipe. [RT #2395]

1182.	[bug]		The server could throw an assertion failure when
			constructing a negative response packet.

1176.	[doc]		Document that allow-v6-synthesis is only performed
			for clients that are supplied recursive service.
			[RT #2260]

1175.	[bug]		named-checkzone failed to call dns_result_register()
			at startup which could result in runtime
			exceptions when printing "out of memory" errors.
			[RT #2335]

1174.	[bug]		Win32: add WSAECONNRESET to the expected errors
			from connect(). [RT #2308]

1173.	[bug]		Potential memory leaks in isc_log_create() and
			isc_log_settag(). [RT #2336]

1172.	[doc]		Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
			table of RR types in ARM.

1170.	[bug]		Don't attempt to print the token when a I/O error
			occurs when parsing named.conf. [RT #2275]

1168.	[bug]		Empty also-notify clauses were not handled. [RT #2309]

1167.	[contrib]	nslint-2.1a3 (from author).

1166.	[bug]		"Not Implemented" should be reported as NOTIMP,
			not NOTIMPL. [RT #2281]

1165.	[bug]		We were rejecting notify-source{-v6} in zone clauses.

1164.	[bug]		Empty masters clauses in slave / stub zones were not
			handled gracefully. [RT #2262]

1162.	[bug]		The allow-notify option was not accepted in slave
			zone statements.

1161.	[bug]		named-checkzone looped on unbalanced brackets.
			[RT #2248]

1160.	[bug]		Generating Diffie-Hellman keys longer than 1024
			bits could fail. [RT #2241]

1156.	[port]		The configure test for strsep() incorrectly
			succeeded on certain patched versions of
			AIX 4.3.3. [RT #2190]

1154.	[bug]		Don't attempt to obtain the netmask of a interface
			if there is no address configured. [RT #2176]

1152.	[bug]		libbind: read buffer overflows.

1144.	[bug]		rndc-confgen would crash if both the -a and -t
			options were specified. [RT #2159]

1142.	[bug]		dnssec-signzone would fail to delete temporary files
			in some failure cases. [RT #2144]

1141.	[bug]		When named rejected a control message, it would
			leak a file descriptor and memory.  It would also
			fail to respond, causing rndc to hang.
			[RT #2139, #2164]

1140.	[bug]		rndc-confgen did not accept IPv6 addresses as arguments
			to the -s option. [RT #2138]

1136.	[bug]		CNAME records synthesized from DNAMEs did not
			have a TTL of zero as required by RFC2672.
			[RT #2129]

1125.	[bug]		rndc: -k option was missing from usage message.
			[RT #2057]

1124.	[doc]		dig: +[no]dnssec, +[no]besteffort and +[no]fail
			are now documented. [RT #2052]

1123.	[bug]		dig +[no]fail did not match description. [RT #2052]

1109.	[bug]		nsupdate accepted illegal ttl values.

1108.	[bug]		On Win32, rndc was hanging when named was not running
			due to failure to select for exceptional conditions
			in select(). [RT #1870]

1081.	[bug]		Multicast queries were incorrectly identified
			based on the source address, not the destination
			address.

1072.	[bug]		The TCP client quota could be exceeded when
			recursion occurred. [RT #1937]

1071.	[bug]		Sockets listening for TCP DNS connections
			specified an excessive listen backlog. [RT #1937]

1070.	[bug]		Copy DNSSEC OK (DO) to response as specified by
			draft-ietf-dnsext-dnssec-okbit-03.txt.

1014.	[bug]		Some queries would cause statistics counters to
			increment more than once or not at all. [RT #1321]

1012.	[bug]		The -p option to named did not behave as documented.

 988.	[bug]		'additional-from-auth no;' did not work reliably
			in the case of queries answered from the cache.
			[RT #1436]

 995.	[bug]		dig, host, nslookup: using a raw IPv6 address as a
			target address should be fatal on a IPv4 only system.

Revision 1.37 / (download) - annotate - [select for diffs], Tue Nov 27 03:38:40 2001 UTC (21 years, 2 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH003
Changes since 1.36: +3 -8 lines
Diff to previous 1.36 (colored)

upgrade to 9.2.0.
list of changes between 9.1.3 to 9.2.0 is available at:
http://www.isc.org/products/BIND/bind9.html

Revision 1.36 / (download) - annotate - [select for diffs], Wed Jul 4 00:21:34 2001 UTC (21 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.35: +3 -3 lines
Diff to previous 1.35 (colored)

upgrade to 9.1.3 from ISC.  changes between 9.1.2 to 9.1.3:

	--- 9.1.3 released ---

	--- 9.1.3rc3 released ---

 911.	[bug]		Fail gracefully with multiple hint zones. [RT #1433]

 910.	[port]		Some pre-RFC2133 IPv6 implementations do not define
			IN6ADDR_ANY_INIT. [RT #1416]

	--- 9.1.3rc2 released ---

 904.	[bug]		The server would leak memory if attempting to use
			an expired TSIG key. [RT #1406]

 903.	[bug]		dig should not crash when receiving a TCP packet
			of length 0.

 902.	[bug]		The -d option was ignored if both -t and -g were also
			specified.

 901.	[cleanup]	The man pages no longer have empty lines outside of
			literal blocks.

 898.	[bug]		"dig" failed to set a nonzero exit status
			on UDP query timeout. [RT #1323]

 894.	[bug]		When using the DNSSEC tools, a message intended to warn
			when the keyboard was being used because of the lack
			of a suitable random device was not being printed.

 892.	[bug]		The server could attempt to refresh a zone that
			was being loaded, causing an assertion failure.
			[RT #1335]

 891.	[bug]		Return an error when a SIG(0) signed response to
			an unsigned query is seen.  This should actually
			do the verification, but it's not currently
			possible. [RT #1391]

 888.	[bug]		Don't die when using TKEY to delete a nonexistent
			TSIG key. [RT #1392]

 860.	[interop]	Drop cross class glue in zone transfers.

 852.	[bug]		Handle responses from servers which do not
			now about IXFR.

 850.	[bug]		dns_rbt_findnode() would not find nodes that were
			split on a bitstring label somewhere other than in
			the last label of the node. [RT #1351]

 705.	[port]		Work out resource limit type for use where rlim_t is
			not available. [RT #695]

 704.	[port]		RLIMIT_NOFILE is not available on all platforms.

 703.	[port]		sys/select.h is needed on older platforms. [RT #695]

	--- 9.1.3rc1 released ---

 831.	[bug]		The configure script tried to determine
			endianness before making its final decision on
			which C compiler to use, causing Solaris/x86
			systems with gcc to be incorrectly identified
			as big-endian. [RT #1315]

 827.	[bug]		When an IXFR protocol error occurs, the slave
			should retry with AXFR.

 826.	[bug]		Some IXFR protocol errors were not detected.

 825.	[bug]		zone.c:ns_query() detached from the wrong zone
			reference. [RT #1264]

 824.	[bug]		Correct line numbers reported by dns_master_load().
			[RT #1263]

 822.	[bug]		Sending nxrrset prerequisites would crash nsupdate.
			[RT #1248]

 806.	[bug]		DNS_R_SEENINCLUDE was failing to propagate back up
			the calling stack to the zone maintence level, causing
			zones to not reload when an included file was touched
			but the top-level zone file was not.

 771.	[cleanup]	TSIG errors related to unsynchronized clocks
			are logged better. [RT #919]

 734.	[bug]		An attempt to re-lock the zone lock could occur if
			the server was shutdown during a zone tranfer.
			[RT #830]

 712.	[bug]		Sending a large signed update message caused an
			assertion failure. [RT #718]

 669.	[bug]		dnssec-keygen now makes the public key file
			non-world-readable for symmetric keys. [RT #403]

Revision 1.35 / (download) - annotate - [select for diffs], Sun May 6 00:19:06 2001 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.34: +3 -3 lines
Diff to previous 1.34 (colored)

upgrade to 9.1.2.

	--- 9.1.2 released ---

	--- 9.1.2rc1 released ---

 820.	[bug]		Name server address lookups failed to follow
			A6 chains into the glue of local authoritative
			zones.

 819.	[bug]		In certain cases, the resolver's attempts to
			restart an address lookup at the root could cause
			the fetch to deadlock (with itself) instead of
			restarting. [RT #1225]

 818.	[bug]		Certain pathological responses to ANY queries could
			cause an assertion failure. [RT #1218]

 816.	[bug]		Report potential problems with log file accessibility
			at configuration time, since such problems can't
			reliably be reported at the time they actually occur.

 815.	[bug]		If a log file was specified with a path separator
			character (i.e. "/") in its name and the directory
			did not exist, the log file's name was treated as
			though it were the directory name. [RT #1189]

 814.	[bug]		Socket objects left over from accept() failures
			were incorrectly destroyed, causing corruption
			of socket manager data structures.

 813.	[bug]		File descriptors exceeding FD_SETSIZE were handled
			badly. [RT #1192]

 812.	[bug]		dig sometimes printed incomplete IXFR responses
			due to an uninitialized variable. [RT #1188]

 811.	[bug]		Parentheses were not quoted in zone dumps. [RT #1194]

 810.	[bug]		The signer name in SIG records was not properly
 			downcased when signing/verifying records. [RT #1186]

 807.	[bug]		When setting up TCP connections for incoming zone
			transfers, the transfer-source port was not
			ignored like it should be.

 804.	[bug]		Attempting to obtain entropy could fail in some
 			situations.  This would be most common on systems
			with user-space threads. [RT #1131]

 802.	[bug]		DNSSEC key tags were computed incorrectly in almost
 			all cases. [RT #1146]

 801.	[bug]		nsupdate should treat lines beginning with ';' as
 			comments. [RT #1139]

 800.	[bug]		dnssec-signzone produced incorrect statistics for
 			large zones. [RT #1133]

 799.	[bug]		The ADB didn't find AAAA glue in a zone unless A6
			glue was also present.

Revision 1.34 / (download) - annotate - [select for diffs], Thu Apr 12 03:35:25 2001 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.33: +2 -4 lines
Diff to previous 1.33 (colored)

on bind9 mailing list isc/niminum people recommended against the use of
/dev/urandom.

Revision 1.33 / (download) - annotate - [select for diffs], Thu Mar 29 03:40:42 2001 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.32: +3 -4 lines
Diff to previous 1.32 (colored)

upgrade to 9.1.1.  functionality equal to 9.1.1rc7 (= 9.1.0.7)

Revision 1.32 / (download) - annotate - [select for diffs], Tue Mar 27 09:01:27 2001 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.31: +4 -4 lines
Diff to previous 1.31 (colored)

upgrade to 9.1.1rc7.

        --- 9.1.1rc7 released ---

 791.   [bug]           The control channel did not work over IPv6.

 790.   [bug]           Wildcards created using dynamic update or IXFR
                        could fail to match. [RT #1111]

 787.   [bug]           The DNSSEC tools failed to downcase domain
                        names when mapping them into file names.

 786.   [bug]           When DNSSEC signing/verifying data, owner names were
                        not properly downcased.

        --- 9.1.1rc6 released ---

 785.   [bug]           A race condition in the resolver could cause
                        an assertion failure. [RT #673, #872, #1048]

 784.   [bug]           nsupdate and other programs would not quit properly
                        if some signals were blocked by the caller. [RT #1081]

 783.   [bug]           Following CNAMEs could cause an assertion failure
                        when either using an sdb database or under very
                        rare conditions.

 780.   [bug]           Error handling code dealing with out of memory or
                        other rare errors could lead to assertion failures
                        by calling functions on unitialized names. [RT #1065]

Revision 1.31 / (download) - annotate - [select for diffs], Fri Mar 16 00:14:03 2001 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)

upgrade to 9.1.1rc5 (version # is 9.1.0.5 to prevent going backward)

	--- 9.1.1rc5 released ---

 778.	[bug]		When starting cache cleaning, cleaning_timer_action()
			returned without first pausing the iterator, which
			could cause deadlock. [RT #998]

 777.	[bug]		An empty forwarders list in a zone failed to override
			global forwarders. [RT #995]

 775.   [bug]		Address match lists with invalid netmasks caused
			the configuration parser to abort with an assertion
			failure. [RT #996]

 772.	[bug]		Owner names could be incorrectly omitted from cache
			dumps in the presence of negative caching entries.
			[RT #991]

 686.   [bug]		dig and nslookup can now be properly aborted during
			blocking operations. [RT #568]

Revision 1.30 / (download) - annotate - [select for diffs], Wed Mar 7 00:39:17 2001 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored)

upgrade to 9.1.1rc4.

	--- 9.1.1rc4 released ---

 767.	[bug]		The configuration parser handled invalid ports badly.
			[RT #961]

 766.	[bug]		A few cases in query_find() could leak fname.
			This would trigger the mpctx->allocated == 0
			assertion when the server exited.
			[RT #739, #776, #798, #812, #818, #821, #845,
			#892, #935, #966]

 759.	[bug]		The resolver didn't turn off "avoid fetches" mode
			when restarting, possibly causing resolution
			to fail when it should not.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

 758.	[bug]		The "avoid fetches" code did not treat negative
			cache entries correctly, causing fetches that would
			be useful to be avoided.  This bug only affected
			platforms which support both IPv4 and IPv6. [RT #927]

 756.	[bug]		dns_zone_load() could "return" success when no master
			file was configured.

 755.	[bug]		Fix incorrectly formatted log messages in zone.c.

 709.	[bug]		ANY or SIG queries for data with a TTL of 0
			would return SERVFAIL. [RT #620]

Revision 1.29 / (download) - annotate - [select for diffs], Tue Feb 27 02:54:27 2001 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.28: +6 -7 lines
Diff to previous 1.28 (colored)

upgrade to 9.1.1rc3 (package version # is 9.1.0.3 as rc3 is prior to 9.1.1).

	--- 9.1.1rc3 released ---

 754.	[bug]		Certain failure conditions sending UDP packets
			could cause the server to retry the transmission
			indefinitely. [RT #902]

 753.	[bug]		dig, host, and nslookup would fail to contact a
			remote server if getaddrinfo() returned an IPv6
			address on a system that doesn't support IPv6.
			[RT #917]

 750.	[bug]		A query should not match a DNAME whose trust level
			is pending.  [RT #916]

 749.	[bug]		When a query matched a DNAME in a secure zone, the
			server did not return the signature of the DNAME.
			[RT #915]

 747.	[bug]		The code to determine whether an IXFR was possible
			did not properly check for a database that could
			not have a journal. [RT #865, #908]

 746.	[bug]		The sdb didn't clone rdatasets properly, causing
			a crash when the server followed delegations. [RT #905]

 744.	[bug]		When returning DNS_R_CNAME or DNS_R_DNAME as the
			result of an ANY or SIG query, the resolver failed
			to setup the return event's rdatasets, causing an
			assertion failure in the query code.  [RT #881]

 743.	[bug]		Receiving a large number of certain malformed
			answers could cause named to stop responding.
			[RT #861]

 742.	[bug]		dig +domain did not work. [RT #850]

 738.	[bug]		If a non-threadsafe sdb driver supported AXFR and
			received an AXFR request, it would deadlock or die
			with an assertion failure. [RT #852]

 737.	[port]		stdtime.c failed to compile on certain platforms.

 648.	[port]		Add support for pre-RFC2133 IPv6 implementations.

	--- 9.1.1rc2 released ---

 733.	[bug]		Reference counts of dns_acl_t objects need to be
			locked but were not. [RT #801, #821]

 708.	[bug]		When building with --with-openssl, the openssl headers
			included with BIND 9 should not be used. [RT #702]

Revision 1.28 / (download) - annotate - [select for diffs], Sun Feb 25 04:18:04 2001 UTC (21 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.27: +6 -6 lines
Diff to previous 1.27 (colored)

Cleanup MKDIR usage => INSTALL_*_DIR
XXX need to teach pkglint to be more picky about this

Revision 1.27 / (download) - annotate - [select for diffs], Sat Feb 17 18:18:36 2001 UTC (21 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)

Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.

Revision 1.26 / (download) - annotate - [select for diffs], Tue Feb 13 04:56:14 2001 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.25: +4 -3 lines
Diff to previous 1.25 (colored)

build it with internal openssl.  9.1.1rc1 has issues with include search path.

Revision 1.25 / (download) - annotate - [select for diffs], Thu Feb 8 10:31:43 2001 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.24: +10 -2 lines
Diff to previous 1.24 (colored)

use 9.1.1rc1.  we upgrade to release candidate for important fixes
(change id 727 is very important).
hack: package version number is set to 9.1.0.1, as 9.1.1rc1 is prior to 9.1.1.

 729.   [port]          pthread_setconcurrency() needs to be called on Solaris.

 727.   [port]          Work around OS bug where accept() succeeds but
                        fails to fill in the peer address of the accepted
                        connection, by treating it as an error rather than
                        an assertion failure. [RT #809]

 723.   [bug]           Referrals whose NS RRs had a 0 TTL caused the resolver
                        to return DNS_R_SERVFAIL. [RT #783]

 720.   [bug]           Server could enter infinite loop in
                        dispatch.c:do_cancel(). [RT #743]

 719.   [bug]           Rapid reloads could trigger an assertion failure.
                        [RT #743, #763]

 717.   [bug]           Certain TKEY processing failure modes could
                        reference an uninitialized variable, causing the
                        server to crash. [RT #750]

 716.   [bug]           The first line of a $INCLUDE master file was lost if
                        an origin was specified. [RT #744]

 715.   [bug]           Resolving some A6 chains could cause an assertion
                        failure in adb.c. [RT #738]

 711.   [bug]           The libisc and liblwres implementations of
                        inet_ntop contained an off by one error.

 706.   [bug]           Zones with an explicit "allow-update { none; };"
                        were considered dynamic and therefore not reloaded
                        on SIGHUP or "rndc reload".

 700.   [bug]           $GENERATE range check was wrong. [RT #688]

 698.   [bug]           Aborting nsupdate with ^C would lead to several
                        race conditions.

 699.   [bug]           The lexer mishandled empty quoted strings. [RT #694]

 694.   [bug]           $GENERATE did not produce the last entry.
                        [RT #682, #683]

 693.   [bug]           An empty lwres statement in named.conf caused
                        the server to crash while loading.

 692.   [bug]           Deal with systems that have getaddrinfo() but not
                        gai_strerror(). [RT #679]

 691.   [bug]           Configuring per-view forwarders caused an assertion
                        failure. [RT #675, #734]

Revision 1.24 / (download) - annotate - [select for diffs], Sun Feb 4 12:19:24 2001 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.23: +5 -1 lines
Diff to previous 1.23 (colored)

add rc.d/lwresd

Revision 1.23 / (download) - annotate - [select for diffs], Wed Jan 31 04:07:36 2001 UTC (22 years ago) by hubertf
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)

make the rc.d script's name a bit more obvious

Revision 1.22 / (download) - annotate - [select for diffs], Sun Jan 28 13:19:28 2001 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.21: +5 -2 lines
Diff to previous 1.21 (colored)

use OpenSSL shipped with netbsd 1.5, or in pkgsrc/security/openssl.

Revision 1.21 / (download) - annotate - [select for diffs], Sun Jan 28 06:51:01 2001 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.20: +4 -2 lines
Diff to previous 1.20 (colored)

use urandom (should be good enough), otherwise dnssec-keygen will take forever

Revision 1.20 / (download) - annotate - [select for diffs], Fri Jan 26 21:12:02 2001 UTC (22 years ago) by hubertf
Branch: MAIN
Changes since 1.19: +3 -4 lines
Diff to previous 1.19 (colored)

After discussion with Michael Graff, disable threads until we get a
in-tree threads implementation. Benefit of this is that the pkg now
works on all platforms (Tested: 1.5/sparc).

Revision 1.19 / (download) - annotate - [select for diffs], Fri Jan 26 04:25:36 2001 UTC (22 years ago) by hubertf
Branch: MAIN
Changes since 1.18: +7 -1 lines
Diff to previous 1.18 (colored)

Add a startup script

Revision 1.18 / (download) - annotate - [select for diffs], Thu Jan 18 13:12:04 2001 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.17: +3 -2 lines
Diff to previous 1.17 (colored)

upgrade to 9.1.0 from ISC.

too many changes to be mentioned here.

Revision 1.17 / (download) - annotate - [select for diffs], Sat Dec 30 13:57:45 2000 UTC (22 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.16: +1 -5 lines
Diff to previous 1.16 (colored)

Manually syncing ONLY_FOR_PLATFORM is not the way to go.
Remove ONLY_FOR_PLATFORM, and let it fail while installing the DEPENDS.

Revision 1.16 / (download) - annotate - [select for diffs], Thu Dec 28 16:49:37 2000 UTC (22 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.15: +3 -2 lines
Diff to previous 1.15 (colored)

Sync ONLY_FOR_PLATFORM with devel/unproven-pthreads.

Revision 1.15 / (download) - annotate - [select for diffs], Mon Nov 13 16:12:49 2000 UTC (22 years, 2 months ago) by toshii
Branch: MAIN
Changes since 1.14: +2 -3 lines
Diff to previous 1.14 (colored)

Setting CC in CONFIGURE_ENV doesn't work as it will be overwritten
by the configure.  Instead, set LDFLAGS so that unproven-pthreads
can be found before pth.  Fixes pr #11418.

Revision 1.14 / (download) - annotate - [select for diffs], Mon Nov 13 04:43:23 2000 UTC (22 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

upgrade to 9.0.1 from ISC.

	--- 9.0.1 released ---

 547.	[bug]		dnssafe doesn't correctly handle RSA keys longer
			than 2000 bits.  Disable support for long keys.

	--- 9.0.1rc2 released ---

 527.	[bug]		When a hint zone was configured, the spurious warning
			messages "Hint zones do not have a forward field" and
			"Hint zones do not have a forwarders field" were
			printed. [RT #439]

	--- 9.0.1rc1 released ---

 526.	[bug]		nsupdate incorrectly refused to add RRs with a TTL
			of 0.

 523.	[doc]		The source to the Administrator Reference Manual is
			now an XML file using the DocBook DTD, and is included
			in the distribution.  The plain text version of the
			ARM is temporarily unavailable while we figure out
			how to generate readable plain text from the XML.

 520.	[bug]		Upgraded libtool to 1.3.5, which makes shared
			library builds almost work on AIX (and possibly
			others).

 519.	[bug]		dns_name_split() would improperly split some bitstring
			labels, zeroing a few of the least signficant bits in
			the prefix part.  When such an improperly created
			prefix was returned to the RBT database, the bogus
			label was dutifully stored, corrupting the tree.
			[RT #369]

 518.	[bug]		The resolver did not realize that a DNAME which was
			"the answer" to the client's query was "the answer",
			and such queries would fail. [RT #399]

 517.	[bug]		The resolver's DNAME code would trigger an assertion
			if there was more than one DNAME in the chain.
			[RT #399]

 516.	[bug]		Cache lookups which had a NULL node pointer, e.g.
			those by dns_view_find(), and which would match a
			DNAME, would trigger an INSIST(!search.need_cleanup)
			assertion. [RT #399]

 515.	[bug]		The ssu table was not being attached / detached
			by dns_zone_[sg]etssutable. [RT#397]

 511.	[bug]		The message code could throw an assertion on an
			out of memory failure. [RT #392]

 510.	[bug]		Remove spurious view notify warning. [RT #376]

 505.	[bug]		nsupdate was printing "unknown result code". [RT #373]

 502.	[func]		On a SERVFAIL reply, DiG will now try the next server
			in the list, unless the +fail option is specified.

 501.	[bug]		Incorrect port numbers were being displayed by
			nslookup.  [RT #352]

 500.	[func]		Nearly useless +details option removed from DiG.

 499.	[func]		In DiG, specifying a class with -c or type with -t
			changes command-line parsing so that classes and
			types are only recognized if following -c or -t.
			This allows hosts with the same name as a class or
			type to be looked up.

 498.	[doc]		There is now a man page for "dig"
			in doc/man/bin/dig.1.

 495.	[bug]		nsupdate was unable to handle large records. [RT #368]

 491.	[bug]		nsupdate would segfault when sending certain
			prerequisites with empty RDATA. [RT #356]

 488.	[bug]		Locks weren't properly destroyed in some cases.

 486.	[bug]		nslookup: "set all" and "server" commands showed
			the incorrect port number if a port other than 53
			was specified. [RT #352]

 485.	[func]		When dig had more than one server to query, it would
			send all of the messages at the same time.  Add
			rate limiting of the transmitted messages.

 483.	[bug]		nslookup: "set all" showed a "search" option but it
			was not settable.

 482.	[bug]		nslookup: a plain "server" or "lserver" should be
			treated as a lookup.

 481.	[bug]		nslookup:get_next_command() stack size could exceed
			per thread limit.

 480.	[bug]		strtok() is not thread safe. [RT #349]

 476.	[bug]		A zone could expire while a zone transfer was in
			progress triggering a INSIST failure. [RT #329]

 475.	[bug]		query_getzonedb() sometimes returned a non-null version
			on failure.  This caused assertion failures when
			generating query responses where names subject to
			additional section processing pointed to a zone
			to which access had been denied by means of the
			allow-query option. [RT #336]

 474.	[bug]		The mnemonic of the CHAOS class is CH according to
			RFC1035, but it was printed and read only as CHAOS.
			We now accept both forms as input, and print it
			as CH. [RT #305]

 473.	[bug]		nsupdate overran the end of the list of name servers
			when no servers could be reached, typically causing
			it to print the error message "dns_request_create:
			not implemented".

 472.	[bug]		Off-by-one error caused isc_time_add() to sometimes
			produce invalid time values.

 471.	[bug]		nsupdate didn't compile on HP/UX 10.20

 463.	[bug]		nsupdate sent malformed SOA queries to the second
			and subsequent name servers in resolv.conf if the
			query sent to the first one failed.

 459.	[bug]		Nslookup processed the "set" command incorrectly.

 458.	[bug]		Nslookup didn't properly check class and type values.
			[RT #305]

 457.	[bug]		Dig/host/hslookup didn't properly handle connect
			timeouts in certain situations, causing an
			unnecessary warning message to be printed.

 447.	[bug]		Dig didn't properly retry in TCP mode after
			a truncated reply.  [RT #277]

 403.	[bug]		"host" did not use the search list.

 395.	[bug]		nslookup printed incorrect RR type mnemonics
			for RRs of type >= 21 [RT #237].

 388.	[func]		dig and host can now do reverse ipv6 lookups.

 387.	[func]		Add dns_byaddr_createptrname(), which converts
			an address into the name used by a PTR query.

 379.	[func]		New library function isc_sockaddr_anyofpf().

 347.	[bug]		Don't crash if an argument is left off options in dig.

 346.	[func]		Add support for .digrc config file, in the
			user's current directory

 345.	[bug]		Large-scale changes/cleanups to dig:
			* Significantly improve structure handling
			* Don't pre-load entire batch files
			* Add name/rr counting/limiting
			* Fix SIGINT handling
			* Shorten timeouts to match v8's behavior

	--- 9.0.0 released ---

Revision 1.13 / (download) - annotate - [select for diffs], Mon Sep 18 05:16:45 2000 UTC (22 years, 4 months ago) by rh
Branch: MAIN
CVS Tags: netbsd-1-5-RELEASE, netbsd-1-4-PATCH003
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)

Update bind9 to 9.0.0 (release version) as requested by hubertf to get this
in before the 1.5 release.  Changes are bugfixes only.

Revision 1.12 / (download) - annotate - [select for diffs], Tue Aug 29 10:57:16 2000 UTC (22 years, 5 months ago) by rh
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)

Update bind9 to 9.0.0rc5.  Changes are bugfixes only, including a fix that
makes patch-ab unnecessary:

 * A typo in the HS A code caused an assertion failure.

 * lwres_gethostbyname() and company set lwres_h_errno
                        to a random value on success.

 * If named was shut down early in the startup
   process, ns_omapi_shutdown() would attempt to lock
   an unintialized mutex. [RT #262]

 * stub zones could leak memory and reference counts if
                        all the masters were unreachable.

 * isc_rwlock_lock() would needlessly block
   readers when it reached the read quota even
   if no writers were waiting.

 * Log messages were occasionally lost or corrupted
   due to a race condition in isc_log_doit().

 * The request library didn't completely work with IPv6.

 * Check for IPV6_RECVPKTINFO and use it instead of
   IPV6_PKTINFO if found. [RT #229]

Revision 1.11 / (download) - annotate - [select for diffs], Wed Aug 23 06:50:45 2000 UTC (22 years, 5 months ago) by rh
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)

Fix PLIST to include bin/nslookup -- thanks to hubert's new leftover list
for finding this.
Update bind to 9.0.0rc4.  Changes and fixes are:

 * "host" did not use the search list.
 * Treat undefined acls as errors, rather than
   warning and then later throwing an assertion.
 * SIG(0) signing and verifying was done incorrectly.
 * When reloading the server with a config file
   containing a syntax error, it could catch an
   assertion failure trying to perform zone
   maintenance on, or sending notifies from,
   tentatively created zones whose views were
   never fully configured and lacked an address
   database and request manager.
 * "dig" sometimes caught an assertion failure when
   using TSIG, depending on the key length.
 * Many debugging messages were partially formatted
   even when debugging was turned off, causing a
   significant decrease in query performance.
 * There is now a man page for "nsupdate"
 * nslookup printed incorrect RR type mnemonics
   for RRs of type >= 21
 * Attempting to send a reqeust over IPv6 using
   dns_request_create() on a system without IPv6
   support caused an assertion failure [RT #235].
 * Missing strdup() of ACL name caused random
   ACL matching failures [RT #228].
 * nsupdate was incorrectly limiting TTLs to 65535 instead
   of 2147483647.
 * When writing a master file, print the SOA and NS
   records (and their SIGs) before other records.
 * named -u failed on many Linux systems where the
   libc provided kernel headers do not match
    the current kernel.
 * nsupdate didn't work with IPv6.

Revision 1.10 / (download) - annotate - [select for diffs], Thu Aug 10 12:51:48 2000 UTC (22 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.9: +5 -2 lines
Diff to previous 1.9 (colored)

upgrade to 9.0.0rc2.
add patch to help 2292bis environment (= latest KAME, Solaris8).

--- rc1 -> rc2

	--- 9.0.0rc2 released ---

 377.	[bug]		When additional data lookups were refused due to
			"allow-query", the databases were still being
			attached causing reference leaks.

 376.	[bug]		The server should always use good entropy when
			performing cryptographic functions needing entropy.

 375.	[bug]		Per-zone allow-query did not properly override the
			view/global one for CNAME targets and additional
			data [RT #220].

 374.	[bug]		SOA in authoritative negative responses had wrong TTL.

 373.	[func]		nslookup is now installed by "make install".

 372.	[bug]		Deal with Microsoft DNS servers appending two bytes of
			garbage to zone transfer requests.

 371.	[bug]		At high debug levels, doing an outgoing zone transfer
			of a very large RRset could cause an assertion failure
			during logging.

 370.	[bug]		The error messages for rollforward failures were
			overly terse.

 367.   [bug]		Allow proper selection of server on nslookup command
			line.

 365.	[bug]		nsupdate -k leaked memory.

 362.	[bug]		rndc no longer aborts if the configuration file is
			missing an options statement. [RT #209]

 359.	[bug]		dnssec-signzone occasionally signed glue records.

 357.	[bug]		The zone file parser crashed if the argument
			to $INCLUDE was a quoted string.

 354.	[doc]		Man pages for the dnssec tools are now included in
			the distribution, in doc/man/dnssec.

 353.	[bug]		double increment in lwres/gethost.c:copytobuf().
			(RT# 187)

 352.	[bug]		Race condition in dns_client_t startup could cause
			an assertion failure.

 351.	[bug]		Constructing a response with rcode SERVFAIL to a TSIG
			signed query could crash the server.

 350.	[bug]		Also-notify lists specified in the global options
			block were not correctly reference counted, causing
			a memory leak.

 349.	[bug]		Processing a query with the CD bit set now works
			as expected.

 344.	[bug]		When shutting down, lwresd sometimes tried
			to shut down its client tasks twice,
			triggering an assertion.

 343.	[bug]		Although zone maintenance SOA queries and
			notify requests were signed with TSIG keys
			when configured for the server in case,
			the TSIG was not verified on the response.

 342.	[bug]		The wrong name was being passed to
			dns_name_dup() when generating a TSIG
			key using TKEY.

 340.	[bug]		The top-level COPYRIGHT file was missing from
			the distribution.

 339.	[bug]		DNSSEC validation of the response to an ANY
			query at a name with a CNAME RR in a secure
			zone triggered an assertion failure.

 337.	[bug]		"dig" did not recognize "nsap-ptr" as an RR type
			on the command line.

 336.	[bug]		"dig -f" used 64 k of memory for each line in
			the file.  It now uses much less, though still
			proportionally to the file size.

 335.	[bug]		named would occasionally attempt recursion when
			it was disallowed or undesired.

 333.	[bug]		The resolver incorrectly accepted referrals to
			domains that were not parents of the query name,
			causing assertion failures.

 331.	[bug]		Only log "recursion denied" if RD is set. (RT #178)

Revision 1.9 / (download) - annotate - [select for diffs], Wed Jul 26 08:46:23 2000 UTC (22 years, 6 months ago) by rh
Branch: MAIN
Changes since 1.8: +7 -8 lines
Diff to previous 1.8 (colored)

Update bind9 to 9.0.0rc1.  This is the first release candidate for bind9.
Changes are too numerous to list here in detail, but highlights are:

  The communication between "rndc" and "named" is now
  authenticated using digital signatures.  Because of
  this, rndc now requires a configuration file "rndc.conf"
  containing a shared secret, with a corresponding
  "controls" clause in named.conf.

  When the server is chrooted using the -t option,
  it no longer needs copies of the passwd and group
  files in the chroot environment.

  Various bug fixes and cleanups, especially
  in the dig, host, nslookup, and nsupdate
  programs.

There are a few known bugs:

  The option "query-source * port 53;" will not work as
  expected.  Instead of the wildcard address "*", you need
  to use an explicit source IP address.

  On some systems, IPv6 and IPv4 sockets interact in
  unexpected ways.  For details, see doc/misc/ipv6.
  To reduce the impact of these problems, the server
  no longer listens for requests on IPv6 addresses
  by default.  If you need to accept DNS queries over
  IPv6, you must specify "listen-on-v6 { any; };"
  in the named.conf options statement.

  There are known problems with thread signal handling
  under Solaris 2.6.

Revision 1.8 / (download) - annotate - [select for diffs], Mon Jun 19 13:54:08 2000 UTC (22 years, 7 months ago) by hubertf
Branch: MAIN
Changes since 1.7: +4 -4 lines
Diff to previous 1.7 (colored)

Updated bind to V9.0.0b4.

Changes: This is still _not_ a release candidate for BIND 9.0.0;
  More configuration options can be specified separately for each
  view, including the "key" and "server" statements; Fixed:
  Numerous bugs have been fixed and the code has been cleaned
  up. Added: Stub zones have been implemented; Additional
  configuration options have been implemented, such as
  "max-cache-ttl" and "max-ncache-ttl".

Revision 1.7 / (download) - annotate - [select for diffs], Thu May 25 02:03:12 2000 UTC (22 years, 8 months ago) by hubertf
Branch: MAIN
Changes since 1.6: +4 -4 lines
Diff to previous 1.6 (colored)

Update to 9.0.0b3. Changes:
  The "dig" and "host" tools have been completely rewritten and
  are included in the base distribution. Fixed: Most bugs reported
  against beta 2.  Added: The server now supports "views", a
  mechanism for answering DNS queries differently to different
  requestors. This will make split DNS setups much easier to build;
  NOTIFY (RFC1996) has been implemented; Basic support for validation
  of DNSSEC signatures has been implemented (for details, see
  "doc/misc/dnssec").

Revision 1.6 / (download) - annotate - [select for diffs], Fri Apr 28 06:43:00 2000 UTC (22 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.5: +5 -1 lines
Diff to previous 1.5 (colored)

BUILD_DEFS+=USE_INET6, just for
ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/README-IPv6.html

Revision 1.5 / (download) - annotate - [select for diffs], Fri Mar 31 11:15:23 2000 UTC (22 years, 10 months ago) by hubertf
Branch: MAIN
Changes since 1.4: +7 -13 lines
Diff to previous 1.4 (colored)

Update to bind9.0.0 beta2. Changes:

  Many more config file options
  implemented (see doc/misc/options for a
  summary of the current implementation
  status), portability improvements, (works
  much better than beta 1 on FreeBSD 3.4),
  and bugfixes (almost all bugs reported
  against beta 1 have been fixed).

Revision 1.4 / (download) - annotate - [select for diffs], Tue Feb 29 01:28:44 2000 UTC (22 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

lwresd is also a script... use INSTALL_SCRIPT

Revision 1.3 / (download) - annotate - [select for diffs], Mon Feb 28 01:05:47 2000 UTC (22 years, 11 months ago) by hubertf
Branch: MAIN
CVS Tags: netbsd-1-4-PATCH002
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

the rndc we install is a script - use INSTALL_SCRIPT

Revision 1.2 / (download) - annotate - [select for diffs], Tue Feb 22 21:54:11 2000 UTC (22 years, 11 months ago) by hubertf
Branch: MAIN
Changes since 1.1: +4 -1 lines
Diff to previous 1.1 (colored)

Add ONLY_FOR_PLATFORM, pointed out by Bernd.

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Feb 22 03:50:57 2000 UTC (22 years, 11 months ago) by hubertf
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

   BIND 9.0.0b1 is the first public release of BIND 9 code.  It will
   be most useful to advanced users working with IPv6 or DNSSEC.

   BIND 9.0.0b1 is not functionally complete, and is not a release
   candidate for BIND 9.0.0.  The ISC anticipates a number of additional
   beta releases between now and May, when BIND 9.0.0 is scheduled to
   be released.

   The ISC does not recommend using BIND 9.0.0b1 for "production"
   services.

Revision 1.1 / (download) - annotate - [select for diffs], Tue Feb 22 03:50:57 2000 UTC (22 years, 11 months ago) by hubertf
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>