The NetBSD Project

CVS log for pkgsrc/net/bind918/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / bind918

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.42: download - view: text, markup, annotated - select for diffs
Thu Nov 14 22:21:03 2024 UTC (3 weeks, 3 days ago) by wiz
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.41: preferred, colored
Changes since revision 1.41: +2 -2 lines
*: recursive bump for icu 76 shlib major version bump

Revision 1.41: download - view: text, markup, annotated - select for diffs
Fri Nov 1 12:53:48 2024 UTC (5 weeks, 3 days ago) by wiz
Branches: MAIN
Diff to: previous 1.40: preferred, colored
Changes since revision 1.40: +2 -2 lines
*: revbump for icu downgrade

Revision 1.40: download - view: text, markup, annotated - select for diffs
Fri Nov 1 00:53:01 2024 UTC (5 weeks, 3 days ago) by wiz
Branches: MAIN
Diff to: previous 1.39: preferred, colored
Changes since revision 1.39: +2 -1 lines
*: recursive bump for icu 76.1 shlib bump

Revision 1.39: download - view: text, markup, annotated - select for diffs
Mon Oct 21 13:24:45 2024 UTC (7 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.38: preferred, colored
Changes since revision 1.38: +2 -3 lines
net/bind918: update to 9.18.31

9.18.31 (2024-10-16)

New Features

* Added WALLET type.

  Add the new record type WALLET (262).  This provides a mapping from a
  domain name to a cryptographic currency wallet.  Multiple mappings can
  exist if multiple records exist.  [GL #4947]

Feature Changes

* Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS.

  This change allows fallback from an IXFR failure to AXFR when the reason
  is DNS_R_TOOMANYRECORDS.  [GL #4928]

Bug Fixes

* Fix a statistics channel counter bug when "forward only" zones are used.

  When resolving a zone with a "forward only" policy, and finding out that
  all the forwarders were marked as "bad", the "ServerQuota" counter of the
  statistics channel was incorrectly increased.  This has been fixed.  [GL
  #1793]

* Fix a bug in the static-stub implementation.

  Static-stub addresses and addresses from other sources were being mixed
  together, resulting in static-stub queries going to addresses not
  specified in the configuration, or alternatively, static-stub addresses
  being used instead of the correct server addresses.  [GL #4850]

* Don't allow statistics-channels if libxml2 and libjson-c are not
  configured.

  When BIND 9 is not configured with the libxml2 and libjson-c libraries,
  the use of the statistics-channels option is a fatal error.  [GL #4895]

* Limit the outgoing UDP send queue size.

  If the operating system UDP queue got full and the outgoing UDP sending
  started to be delayed, BIND 9 could exhibit memory spikes as it tried to
  enqueue all the outgoing UDP messages.  It now tries to deliver the
  outgoing UDP messages synchronously; if that fails, it drops the outgoing
  DNS message that would get queued up and then timeout on the client side.
  [GL #4930]

* Do not set SO_INCOMING_CPU.

  Remove the SO_INCOMING_CPU setting as kernel scheduling performs better
  without constraints. [GL #4936]

Known Issues

* There are no new known issues with this release.  See above for a list of
  all known issues affecting this BIND 9 branch.

Revision 1.38: download - view: text, markup, annotated - select for diffs
Sat Sep 21 10:24:29 2024 UTC (2 months, 2 weeks ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +2 -1 lines
*: recursive bump for protobuf 28.2

two static library became shared libraries - bump to be on the safe side

Revision 1.37: download - view: text, markup, annotated - select for diffs
Wed Sep 18 16:10:02 2024 UTC (2 months, 3 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +2 -2 lines
net/bind918: update to 9.18.30

BIND 9.18.30 (2024-09-18)

New Features

* Print the full path of the working directory in startup log messages.

  named now prints its initial working directory during startup, and the
  changed working directory when loading or reloading its configuration
  file, if it has a valid directory option defined.  [GL #4731]

Feature Changes

* Follow the number of CPUs set by taskset/cpuset.

  Administrators may wish to constrain the set of cores that named runs on
  via the taskset, cpuset, or numactl programs (or equivalents on other
  OSes).

  If the admin has used taskset, named now automatically uses the given
  number of CPUs rather than the system-wide count. [GL #4884]

Bug Fixes

* Verification of the privacy of an EDDSA key was broken.

  The check could lead to an attempt to sign records with a public key,
  which could cause a segmentation failure (read of a NULL pointer) within
  OpenSSL.  This has been fixed. [GL #4855]

* Fix algorithm rollover bug when there are two keys with the same keytag.

  If there was an algorithm rollover and two keys of different algorithms
  shared the same keytags, there was the possibility that the check of
  whether the key matched a specific state could be performed against the
  wrong key.  This has been fixed by not only checking for the matching key
  tag but also the key algorithm.  [GL #4878]

Known Issues

* There are no new known issues with this release. See above for a list of
  all known issues affecting this BIND 9 branch.

Revision 1.36: download - view: text, markup, annotated - select for diffs
Sat Aug 24 10:18:18 2024 UTC (3 months, 2 weeks ago) by he
Branches: MAIN
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +2 -2 lines
net/bind: update to version 9.18.29.

Pkgsrc changes:
 * None (just version + checksums)

Upstream changes:

BIND 9.18.29
------------

New Features
~~~~~~~~~~~~

- Tighten 'max-recursion-queries' and add 'max-query-restarts' option.
  ``fe3ae71e90``

  There were cases in resolver.c when the `max-recursion-queries` quota
  was ineffective. It was possible to craft zones that would cause a
  resolver to waste resources by sending excessive queries while
  attempting to resolve a name. This has been addressed by correcting
  errors in the implementation of `max-recursion-queries`, and by
  reducing the default value from 100 to 32.

  In addition, a new `max-query-restarts` option has been added which
  limits the number of times a recursive server will follow CNAME or
  DNAME records before terminating resolution. This was previously a
  hard-coded limit of 16, and now defaults to 11.   :gl:`#4741`
  :gl:`!9283`

- Generate changelog from git log. ``21a0b6aef7``

  Use a single source of truth, the git log, to generate the list of
  CHANGES. Use the .rst format and include it in the ARM for a quick
  reference with proper gitlab links to issues and merge requests.
  :gl:`#75` :gl:`!9181`

Feature Changes
~~~~~~~~~~~~~~~

- Use _exit() in the fatal() function. ``e4c483f45f``

  Since the fatal() isn't a correct but rather abrupt termination of the
  program, we want to skip the various atexit() calls because not all
  memory might be freed during fatal() call, etc.  Using _exit() instead
  of exit() has this effect - the program will end, but no destructors
  or atexit routines will be called. :gl:`!9263`

- Fix data race in clean_finds_at_name. ``541726871d``

  Stop updating `find.result_v4` and `find.result_v4` in
  `clean_finds_at_name`. The values are supposed to be
  static. :gl:`#4118` :gl:`!9198`

Bug Fixes
~~~~~~~~~

- Reconfigure catz member zones during named reconfiguration.
  ``944d0dc942``

  During a reconfiguration named wasn't reconfiguring catalog zones'
  member zones. This has been fixed. :gl:`#4733`

- Disassociate the SSL object from the cached SSL_SESSION.
  ``64fde41253``

  When the SSL object was destroyed, it would invalidate all SSL_SESSION
  objects including the cached, but not yet used, TLS session objects.

  Properly disassociate the SSL object from the SSL_SESSION before we
  store it in the TLS session cache, so we can later destroy it without
  invalidating the cached TLS sessions. :gl:`#4834` :gl:`!9279`

- Attach/detach to the listening child socket when accepting TLS.
  ``3ead47daff``

  When TLS connection (TLSstream) connection was accepted, the children
  listening socket was not attached to sock->server and thus it could
  have been freed before all the accepted connections were actually
  closed.

  In turn, this would cause us to call isc_tls_free() too soon - causing
  cascade errors in pending SSL_read_ex() in the accepted connections.

  Properly attach and detach the children listening socket when
  accepting and closing the server connections. :gl:`#4833` :gl:`!9278`

- Make hypothesis optional for system tests. ``0d1953d7a8``

  Ensure that system tests can be executed without Python hypothesis
  package. :gl:`#4831` :gl:`!9268`

- Don't loop indefinitely when isc_task quantum is 'unlimited'
  ``674420df64``

  Don't run more events than already scheduled.  If the quantum is set
  to a high value, the task_run() would execute already scheduled, and
  all new events that result from running event->ev_action().

  Setting quantum to a number of scheduled events will postpone events
  scheduled after we enter the loop here to the next task_run()
  invocation. :gl:`!9257`

- Raise the log level of priming failures. ``c948babeeb``

  When a priming query is complete, it's currently logged at level
  ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising
  it to ISC_LOG_NOTICE in the case of failure. [GL #3516] :gl:`#3516`
  :gl:`!9251`

- Add a compatibility shim for older libuv versions (< 1.19.0)
  ``61ff983f00``

  The uv_stream_get_write_queue_size() is supported only in relatively
  newer versions of libuv (1.19.0 or higher).  Provide a compatibility
  shim for this function , so BIND 9 can be built in environments with
  older libuv version.

- Remove extra newline from yaml output. ``1222dbe9f9``

  I split this into two commits, one for the actual newline removal, and
  one for issues I found, ruining the yaml output when some errors were
  outputted.

- CID 498025 and CID 498031: Overflowed constant INTEGER_OVERFLOW.
  ``bbdd888b8e``

  Add INSIST to fail if the multiplication would cause the variables to
  overflow. :gl:`#4798` :gl:`!9230`

- Remove unnecessary operations. ``2374a1a2bd``

  Decrementing optlen immediately before calling continue is unneccesary
  and inconsistent with the rest of dns_message_pseudosectiontoyaml and
  dns_message_pseudosectiontotext.  Coverity was also reporting an
  impossible false positive overflow of optlen (CID 499061). :gl:`!9224`

- Fix generation of 6to4-self name expansion from IPv4 address.
  ``df55c15ebb``

  The period between the most significant nibble of the encoded IPv4
  address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the
  wrong name being checked. Add system test for 6to4-self
  implementation. :gl:`#4766` :gl:`!9218`

- Fix false QNAME minimisation error being reported. ``4984afc80c``

  Remove the false positive "success resolving" log message when QNAME
  minimisation is in effect and the final result is NXDOMAIN.
  :gl:`#4784` :gl:`!9216`

- Dig +yaml was producing unexpected and/or invalid YAML output.
  ``2db62a4dba``

  :gl:`#4796` :gl:`!9214`

- SVBC alpn text parsing failed to reject zero length alpn.
  ``8f7be89052``

  :gl:`#4775` :gl:`!9210`

- Return SERVFAIL for a too long CNAME chain. ``f7de909b98``

  When cutting a long CNAME chain, named was returning NOERROR  instead
  of SERVFAIL (alongside with a partial answer). This has been fixed.
  :gl:`#4449` :gl:`!9204`

- Properly calculate the amount of system memory. ``9faf355a5c``

  On 32 bit machines isc_meminfo_totalphys could return an incorrect
  value. :gl:`#4799` :gl:`!9200`

- Update key lifetime and metadata after dnssec-policy reconfig.
  ``2107a64ee6``

  Adjust key state and timing metadata if dnssec-policy key lifetime
  configuration is updated, so that it also affects existing keys.
  :gl:`#4677` :gl:`!9192`

- Fix dig +timeout argument when using +https. ``381d6246d6``

  The +timeout argument was not used on DoH connections. This has been
  fixed.  :gl:`#4806` :gl:`!9161`

Revision 1.35: download - view: text, markup, annotated - select for diffs
Wed Jul 31 20:54:37 2024 UTC (4 months, 1 week ago) by markd
Branches: MAIN
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +2 -1 lines
bind918: dont accidentally find sphinx

Revision 1.33.2.1: download - view: text, markup, annotated - select for diffs
Sun Jul 28 13:17:32 2024 UTC (4 months, 1 week ago) by spz
Branches: pkgsrc-2024Q2
Diff to: previous 1.33: preferred, colored; next MAIN 1.34: preferred, colored
Changes since revision 1.33: +2 -3 lines
Pullup ticket #6882 - requested by taca
net/bind918: security update

Revisions pulled up:
- net/bind918/Makefile                                          1.34
- net/bind918/buildlink3.mk                                     1.3
- net/bind918/distinfo                                          1.20
- net/bind918/options.mk                                        1.3-1.4

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Mon Jul 22 18:09:01 UTC 2024

   Modified Files:
   	pkgsrc/net/bind918: buildlink3.mk options.mk

   Log Message:
   bind918: use gssapi as an option; that fixes builds when krb5-config is installed but not buildlinked


   To generate a diff of this commit:
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/bind918/buildlink3.mk \
       pkgsrc/net/bind918/options.mk

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Mon Jul 22 19:07:58 UTC 2024

   Modified Files:
   	pkgsrc/net/bind918: options.mk

   Log Message:
   bind918: use KRB5_CONFIG


   To generate a diff of this commit:
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind918/options.mk

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jul 23 13:50:32 UTC 2024

   Modified Files:
   	pkgsrc/net/bind918: Makefile distinfo

   Log Message:
   net/bind918: update to 9.18.28

   9.18.28 (2024-07-23)

   6404.	[security]	Remove SIG(0) support from named as a countermeasure
   			for CVE-2024-1975. [GL #4480]

   6403.	[security]	qctx-zversion was not being cleared when it should have
   			been leading to an assertion failure if it needed to be
   			reused. (CVE-2024-4076) [GL #4507]

   6401.	[security]	An excessively large number of rrtypes per owner can
   			slow down database query processing, so a limit has been
   			placed on the number of rrtypes that can be stored per
   			owner (node) in a cache or zone database. This is
   			configured with the new "max-rrtypes-per-name" option,
   			and defaults to 100. (CVE-2024-1737)
   			[GL #3403] [GL #4548]

   6400.	[security]	Excessively large rdatasets can slow down database
   			query processing, so a limit has been placed on the
   			number of records that can be stored per rdataset
   			in a cache or zone database. This is configured
   			with the new "max-records-per-type" option, and
   			defaults to 100. (CVE-2024-1737)
   			[GL #497] [GL #3405]

   6399.	[security]	Malicious DNS client that sends many queries over
   			TCP but never reads responses can cause server to
   			respond slowly or not respond at all for other
   			clients. (CVE-2024-0760) [GL #4481]

   6398.	[bug]		Fix potential data races in our DoH implementation
   			related to HTTP/2 session object management and
   			endpoints set object management after reconfiguration.
   			We would like to thank Dzintars and Ivo from nic.lv
   			for bringing this to our attention. [GL #4473]

   6397.	[bug]		Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT when looking for
   			parent NS records needed to get the DS result.
   			[GL #4661]

   6395.	[bug]		Handle ISC_R_HOSTDOWN and ISC_R_NETDOWN in resolver.c.
   			[GL #4736]

   6394.	[bug]		Named's -4 and -6 options now apply to zone primaries,
   			also-notify and parental-agents.  Report when a zone
   			has these options configured but does not have an IPv4
   			or IPv6 address listed respectively. [GL #3472]

   6393.	[func]		Deal with uv_tcp_close_reset() error return codes
   			more gracefully. [GL #4708]

   6392.	[bug]		Use a completely new memory context when flushing the
   			cache. [GL #2744]

   6391.	[bug]		TCP client statistics could sometimes fail to decrease
   			when accepting client connection fails. [GL #4742]

   6390.	[bug]		Fix a data race in isc_task_purgeevent(). [GL !8937]

   6389.	[bug]		dnssec-verify and dnssec-signzone could fail if there
   			was an obscured DNSKEY RRset at a delegatation.
   			[GL #4517]

   6388.	[bug]		Prevent an assertion failure caused by passing NULL to
   			dns_dispatch_resume() when a dns_request times out close
   			to view shutdown. [GL #4719]

   6386.	[bug]		When shutting down catzs->view could point to freed
   			memory. Obtain a reference to the view to prevent this.
   			[GL #4502]

   6385.	[func]		Relax SVCB alias mode checks to allow parameters.
   			[GL #4704]

   6384.	[bug]		Remove infinite loop when including a directory in a
   			zone file. [GL #4357]

   6383.	[bug]		Address an infinite loop in $GENERATE when a negative
   			value was converted in nibble mode. [GL #4353]

   6382.	[bug]		Fix RPZ response's SOA record TTL, which was incorrectly
   			set to 1 if 'add-soa' is used. [GL #3323]


   To generate a diff of this commit:
   cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/bind918/Makefile
   cvs rdiff -u -r1.19 -r1.20 pkgsrc/net/bind918/distinfo

Revision 1.34: download - view: text, markup, annotated - select for diffs
Tue Jul 23 13:50:32 2024 UTC (4 months, 2 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +2 -3 lines
net/bind918: update to 9.18.28

9.18.28 (2024-07-23)

6404.	[security]	Remove SIG(0) support from named as a countermeasure
			for CVE-2024-1975. [GL #4480]

6403.	[security]	qctx-zversion was not being cleared when it should have
			been leading to an assertion failure if it needed to be
			reused. (CVE-2024-4076) [GL #4507]

6401.	[security]	An excessively large number of rrtypes per owner can
			slow down database query processing, so a limit has been
			placed on the number of rrtypes that can be stored per
			owner (node) in a cache or zone database. This is
			configured with the new "max-rrtypes-per-name" option,
			and defaults to 100. (CVE-2024-1737)
			[GL #3403] [GL #4548]

6400.	[security]	Excessively large rdatasets can slow down database
			query processing, so a limit has been placed on the
			number of records that can be stored per rdataset
			in a cache or zone database. This is configured
			with the new "max-records-per-type" option, and
			defaults to 100. (CVE-2024-1737)
			[GL #497] [GL #3405]

6399.	[security]	Malicious DNS client that sends many queries over
			TCP but never reads responses can cause server to
			respond slowly or not respond at all for other
			clients. (CVE-2024-0760) [GL #4481]

6398.	[bug]		Fix potential data races in our DoH implementation
			related to HTTP/2 session object management and
			endpoints set object management after reconfiguration.
			We would like to thank Dzintars and Ivo from nic.lv
			for bringing this to our attention. [GL #4473]

6397.	[bug]		Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT when looking for
			parent NS records needed to get the DS result.
			[GL #4661]

6395.	[bug]		Handle ISC_R_HOSTDOWN and ISC_R_NETDOWN in resolver.c.
			[GL #4736]

6394.	[bug]		Named's -4 and -6 options now apply to zone primaries,
			also-notify and parental-agents.  Report when a zone
			has these options configured but does not have an IPv4
			or IPv6 address listed respectively. [GL #3472]

6393.	[func]		Deal with uv_tcp_close_reset() error return codes
			more gracefully. [GL #4708]

6392.	[bug]		Use a completely new memory context when flushing the
			cache. [GL #2744]

6391.	[bug]		TCP client statistics could sometimes fail to decrease
			when accepting client connection fails. [GL #4742]

6390.	[bug]		Fix a data race in isc_task_purgeevent(). [GL !8937]

6389.	[bug]		dnssec-verify and dnssec-signzone could fail if there
			was an obscured DNSKEY RRset at a delegatation.
			[GL #4517]

6388.	[bug]		Prevent an assertion failure caused by passing NULL to
			dns_dispatch_resume() when a dns_request times out close
			to view shutdown. [GL #4719]

6386.	[bug]		When shutting down catzs->view could point to freed
			memory. Obtain a reference to the view to prevent this.
			[GL #4502]

6385.	[func]		Relax SVCB alias mode checks to allow parameters.
			[GL #4704]

6384.	[bug]		Remove infinite loop when including a directory in a
			zone file. [GL #4357]

6383.	[bug]		Address an infinite loop in $GENERATE when a negative
			value was converted in nibble mode. [GL #4353]

6382.	[bug]		Fix RPZ response's SOA record TTL, which was incorrectly
			set to 1 if 'add-soa' is used. [GL #3323]

Revision 1.33: download - view: text, markup, annotated - select for diffs
Wed May 29 16:33:49 2024 UTC (6 months, 1 week ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2024Q2-base
Branch point for: pkgsrc-2024Q2
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +2 -1 lines
revbump after icu and protobuf updates

Revision 1.32: download - view: text, markup, annotated - select for diffs
Thu May 16 15:24:13 2024 UTC (6 months, 3 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +2 -3 lines
net/bind918: update to 9.18.27

9.18.27 (2024-05-15)

6374.	[bug]		Skip to next RRSIG if signature has expired or is in
			the future rather than failing immediately. [GL #4586]

6372.	[func]		Implement signature jitter for dnssec-policy. [GL #4554]

Revision 1.28.2.1: download - view: text, markup, annotated - select for diffs
Tue Apr 23 16:18:48 2024 UTC (7 months, 2 weeks ago) by bsiegert
Branches: pkgsrc-2024Q1
Diff to: previous 1.28: preferred, colored; next MAIN 1.29: preferred, colored
Changes since revision 1.28: +3 -2 lines
Pullup ticket #6851 - requested by taca
net/bind918: blocklist handling fix (PR bin/58170)

Revisions pulled up:
- net/bind918/Makefile                                          1.29-1.31
- net/bind918/distinfo                                          1.17-1.18
- net/bind918/patches/patch-lib_ns_query.c                      1.2

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Apr  5 14:01:01 UTC 2024

   Modified Files:
   	pkgsrc/audio/forked-daapd: Makefile
   	pkgsrc/audio/mixxx: Makefile
   	pkgsrc/audio/strawberry: Makefile
   	pkgsrc/audio/termusic: Makefile
   	pkgsrc/biology/plinkseq: Makefile
   	pkgsrc/chat/ekg: Makefile
   	pkgsrc/chat/libgadu: Makefile buildlink3.mk
   	pkgsrc/chat/mumble: Makefile
   	pkgsrc/databases/mysql80-server: Makefile
   	pkgsrc/databases/postgresql-postgis2: Makefile
   	pkgsrc/devel/compizconfig-backend-gconf: Makefile buildlink3.mk
   	pkgsrc/devel/libcompizconfig: Makefile buildlink3.mk
   	pkgsrc/devel/protobuf: buildlink3.mk
   	pkgsrc/devel/protobuf-c: Makefile buildlink3.mk
   	pkgsrc/devel/py-compizconfig: Makefile buildlink3.mk
   	pkgsrc/finance/bitcoin: Makefile
   	pkgsrc/geography/qgis: Makefile
   	pkgsrc/graphics/digikam: Makefile
   	pkgsrc/graphics/opencv: Makefile buildlink3.mk
   	pkgsrc/graphics/opencv-contrib-face: Makefile buildlink3.mk
   	pkgsrc/graphics/py-Willow: Makefile
   	pkgsrc/misc/marble: Makefile
   	pkgsrc/multimedia/vlc: Makefile
   	pkgsrc/net/bind916: Makefile
   	pkgsrc/net/bind918: Makefile
   	pkgsrc/net/frr: Makefile
   	pkgsrc/net/grpc: Makefile buildlink3.mk
   	pkgsrc/net/kopete: Makefile
   	pkgsrc/net/mosh: Makefile
   	pkgsrc/net/py-grpcio: Makefile
   	pkgsrc/net/py-grpcio-tools: Makefile
   	pkgsrc/net/qt6-qtgrpc: Makefile buildlink3.mk
   	pkgsrc/net/ratman: Makefile
   	pkgsrc/net/unbound: Makefile
   	pkgsrc/sysutils/collectd-grpc: Makefile
   	pkgsrc/sysutils/collectd-pinba: Makefile
   	pkgsrc/sysutils/collectd-riemann: Makefile
   	pkgsrc/sysutils/collectd-write_prometheus: Makefile
   	pkgsrc/sysutils/riemann-client: Makefile
   	pkgsrc/wm/ccsm: Makefile

   Log Message:
   *: recursive bump for protobuf 26.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Apr 18 13:37:53 UTC 2024

   Modified Files:
   	pkgsrc/net/bind918: Makefile distinfo

   Log Message:
   net/bind918: update to 9.18.62

   9.18.26 (2024-04-17)

   6364.	[protocol]	Add RESOLVER.ARPA to the built in empty zones.
   			[GL #4580]

   6363.	[bug]		dig/mdig +ednsflags=<non-zero-value> did not re-enable
   			EDNS if it had been disabled. [GL #4641]

   6361.	[bug]		Some invalid ISO 8601 durations were accepted
   			erroneously. [GL #4624]

   6360.	[bug]		Don't return static-stub synthesised NS RRset.
   			[GL #4608]

   6359.	[bug]		Fix bug in Depends (keymgr_dep) function. [GL #4552]

   6351.	[protocol]	Support for the RESINFO record type has been added.
   			[GL #4413]

   6346.	[bug]		Cleaned up several minor bugs in the RBTDB dbiterator
   			implementation. [GL !8741]

   6345.	[bug]		Added missing dns_rdataset_disassociate calls in
   			validator.c:findnsec3proofs. [GL #4571]

   6340.	[test]		Fix incorrectly reported errors when running tests
   			with `make test` on platforms with older pytest.
   			[GL #4560]

   6338.	[func]		Optimize slabheader placement, so the infrastructure
   			records are put in the beginning of the slabheader
   			linked list. [GL !8675]

   6334.	[doc]		Improve ARM parental-agents definition. [GL #4531]

   6333.	[bug]		Fix the DNS_GETDB_STALEFIRST flag, which was defined
   			incorrectly in lib/ns/query.c. [GL !8683]

   6330.	[doc]		Update ZSK minimum lifetime documentation in ARM, also
   			depends on signing delay. [GL #4510]

   6328.	[func]		Add workaround to enforce dynamic linker to pull
   			jemalloc earlier than libc to ensure all memory
   			allocations are done via jemalloc. [GL #4404]

   6326.	[bug]		Changes to "listen-on" statements were ignored on
   			reconfiguration unless the port or interface address was
   			changed, making it impossible to change a related
   			listener transport type. Thanks to Thomas Amgarten.
   			[GL #4518] [GL #4528]

   6325.	[func]		Expose the TCP client count in statistics channel.
   			[GL #4425]

   6324.	[bug]		Fix a possible crash in 'dig +nssearch +nofail' and
   			'host -C' commands when one of the name servers returns
   			SERVFAIL. [GL #4508]

   6313.	[bug]		When dnssec-policy is in effect the DNSKEY's TTLs in
   			the zone where not being updated to match the policy.
   			This lead to failures when DNSKEYs where updated as the
   			TTLs mismatched. [GL #4466]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Apr 20 14:02:40 UTC 2024

   Modified Files:
   	pkgsrc/net/bind918: Makefile distinfo
   	pkgsrc/net/bind918/patches: patch-lib_ns_query.c

   Log Message:
   net/bind918: fix blocklist handling

   Apply change of revision 1.21 in NetBSD base which fixed PR bin/58170.

   Bump PKGREVISION.

Revision 1.31: download - view: text, markup, annotated - select for diffs
Sat Apr 20 14:02:39 2024 UTC (7 months, 2 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +2 -1 lines
net/bind918: fix blocklist handling

Apply change of revision 1.21 in NetBSD base which fixed PR bin/58170.

Bump PKGREVISION.

Revision 1.30: download - view: text, markup, annotated - select for diffs
Thu Apr 18 13:37:53 2024 UTC (7 months, 3 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +2 -3 lines
net/bind918: update to 9.18.62

9.18.26 (2024-04-17)

6364.	[protocol]	Add RESOLVER.ARPA to the built in empty zones.
			[GL #4580]

6363.	[bug]		dig/mdig +ednsflags=<non-zero-value> did not re-enable
			EDNS if it had been disabled. [GL #4641]

6361.	[bug]		Some invalid ISO 8601 durations were accepted
			erroneously. [GL #4624]

6360.	[bug]		Don't return static-stub synthesised NS RRset.
			[GL #4608]

6359.	[bug]		Fix bug in Depends (keymgr_dep) function. [GL #4552]

6351.	[protocol]	Support for the RESINFO record type has been added.
			[GL #4413]

6346.	[bug]		Cleaned up several minor bugs in the RBTDB dbiterator
			implementation. [GL !8741]

6345.	[bug]		Added missing dns_rdataset_disassociate calls in
			validator.c:findnsec3proofs. [GL #4571]

6340.	[test]		Fix incorrectly reported errors when running tests
			with `make test` on platforms with older pytest.
			[GL #4560]

6338.	[func]		Optimize slabheader placement, so the infrastructure
			records are put in the beginning of the slabheader
			linked list. [GL !8675]

6334.	[doc]		Improve ARM parental-agents definition. [GL #4531]

6333.	[bug]		Fix the DNS_GETDB_STALEFIRST flag, which was defined
			incorrectly in lib/ns/query.c. [GL !8683]

6330.	[doc]		Update ZSK minimum lifetime documentation in ARM, also
			depends on signing delay. [GL #4510]

6328.	[func]		Add workaround to enforce dynamic linker to pull
			jemalloc earlier than libc to ensure all memory
			allocations are done via jemalloc. [GL #4404]

6326.	[bug]		Changes to "listen-on" statements were ignored on
			reconfiguration unless the port or interface address was
			changed, making it impossible to change a related
			listener transport type. Thanks to Thomas Amgarten.
			[GL #4518] [GL #4528]

6325.	[func]		Expose the TCP client count in statistics channel.
			[GL #4425]

6324.	[bug]		Fix a possible crash in 'dig +nssearch +nofail' and
			'host -C' commands when one of the name servers returns
			SERVFAIL. [GL #4508]

6313.	[bug]		When dnssec-policy is in effect the DNSKEY's TTLs in
			the zone where not being updated to match the policy.
			This lead to failures when DNSKEYs where updated as the
			TTLs mismatched. [GL #4466]

Revision 1.29: download - view: text, markup, annotated - select for diffs
Fri Apr 5 14:00:59 2024 UTC (8 months ago) by wiz
Branches: MAIN
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +2 -1 lines
*: recursive bump for protobuf 26.1

Revision 1.28: download - view: text, markup, annotated - select for diffs
Wed Mar 20 14:59:15 2024 UTC (8 months, 2 weeks ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2024Q1-base
Branch point for: pkgsrc-2024Q1
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +2 -2 lines
net/bind918: update to 9.18.25

9.18.25 (2024-03-20)

6356.	[bug]		Create the pruning task in the dns_cache_flush(), so
			the cache pruning still works after the flush.
			[GL #4621]

6353.	[bug]		Improve the TTL-based cleaning by removing the expired
			headers from the heap, so they don't block the next
			cleaning round and clean more than a single item for
			each new addition to the RBTDB. [GL #4591]

6352.	[bug]		Revert change 6319 and decrease lock contention during
			RBTDB tree pruning by not cleaning up nodes recursively
			within a single prune_tree() call. [GL #4596]

6350.	[bug]		Address use after free in expire_lru_headers. [GL #4495]

Revision 1.24.2.1: download - view: text, markup, annotated - select for diffs
Tue Feb 13 16:45:51 2024 UTC (9 months, 3 weeks ago) by bsiegert
Branches: pkgsrc-2023Q4
Diff to: previous 1.24: preferred, colored; next MAIN 1.25: preferred, colored
Changes since revision 1.24: +2 -2 lines
Pullup ticket #6835 - requested by taca
net/bind918: security fix

Revisions pulled up:
- net/bind918/Makefile                                          1.25-1.27
- net/bind918/buildlink3.mk                                     1.2
- net/bind918/distinfo                                          1.14-1.15
- net/bind918/patches/patch-lib_dns_rbtdb.c                     1.2
- net/bind918/patches/patch-lib_isc_netmgr_netmgr.c             1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jan  5 01:52:20 UTC 2024

   Modified Files:
   	pkgsrc/net/bind918: Makefile distinfo

   Log Message:
   net/bind918: update to 9.18.21

   9.18.21 (2023-12-20)

   6297.	[bug]		Improve LRU cleaning behaviour. [GL #4448]

   6296.	[func]		The "resolver-nonbackoff-tries" and
   			"resolver-retry-interval" options are deprecated;
   			a warning will be logged if they are used. [GL #4405]

   6294.	[bug]		BIND might sometimes crash after startup or
   			re-configuration when one 'tls' entry is used multiple
   			times to connect to remote servers due to initialisation
   			attempts from contexts of multiple threads. That has
   			been fixed. [GL #4464]

   6290.	[bug]		Dig +yaml will now report "no servers could be reached"
   			also for UDP setup failure when no other servers or
   			tries are left. [GL #1229]

   6287.	[bug]		Recognize escapes when reading the public key from file.
   			[GL !8502]

   6286.	[bug]		Dig +yaml will now report "no servers could be reached"
   			on TCP connection failure as well as for UDP timeouts.
   			[GL #4396]

   6282.	[func]		Deprecate AES-based DNS cookies. [GL #4421]

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Jan 30 18:29:21 UTC 2024

   Modified Files:
   	pkgsrc/audio/libilbc: Makefile
   	pkgsrc/audio/termusic: Makefile
   	pkgsrc/biology/plinkseq: Makefile
   	pkgsrc/chat/ekg: Makefile
   	pkgsrc/chat/libgadu: Makefile buildlink3.mk
   	pkgsrc/databases/postgresql-postgis2: Makefile
   	pkgsrc/devel/abseil: buildlink3.mk
   	pkgsrc/devel/compizconfig-backend-gconf: Makefile buildlink3.mk
   	pkgsrc/devel/cre2: Makefile
   	pkgsrc/devel/libcompizconfig: Makefile buildlink3.mk
   	pkgsrc/devel/protobuf: Makefile buildlink3.mk
   	pkgsrc/devel/protobuf-c: Makefile buildlink3.mk
   	pkgsrc/devel/py-compizconfig: Makefile buildlink3.mk
   	pkgsrc/devel/re2: Makefile buildlink3.mk
   	pkgsrc/graphics/opencv: Makefile buildlink3.mk
   	pkgsrc/graphics/opencv-contrib-face: Makefile buildlink3.mk
   	pkgsrc/graphics/py-Willow: Makefile
   	pkgsrc/inputmethod/fcitx5-mozc: Makefile
   	pkgsrc/misc/libreoffice: Makefile
   	pkgsrc/net/bind916: Makefile
   	pkgsrc/net/bind918: Makefile
   	pkgsrc/net/dnsdist: Makefile
   	pkgsrc/net/frr: Makefile
   	pkgsrc/net/grpc: Makefile buildlink3.mk
   	pkgsrc/net/mosh: Makefile
   	pkgsrc/net/py-grpcio: Makefile
   	pkgsrc/net/py-grpcio-tools: Makefile
   	pkgsrc/net/qt6-qtgrpc: Makefile buildlink3.mk
   	pkgsrc/net/ratman: Makefile
   	pkgsrc/net/unbound: Makefile
   	pkgsrc/sysutils/collectd-grpc: Makefile
   	pkgsrc/sysutils/collectd-pinba: Makefile
   	pkgsrc/sysutils/collectd-riemann: Makefile
   	pkgsrc/sysutils/collectd-write_prometheus: Makefile
   	pkgsrc/sysutils/riemann-client: Makefile
   	pkgsrc/wm/ccsm: Makefile

   Log Message:
   revbump for devel/abseil

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jan  5 01:53:35 UTC 2024

   Modified Files:
   	pkgsrc/net/bind918: buildlink3.mk

   Log Message:
   net/bind918: fix BUILDLINK_ABI_DEPENDS

   We have 9.8.21 but not yet 9.18.30nb1.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Feb 13 13:50:39 UTC 2024

   Modified Files:
   	pkgsrc/net/bind918: Makefile distinfo
   	pkgsrc/net/bind918/patches: patch-lib_dns_rbtdb.c
   	    patch-lib_isc_netmgr_netmgr.c

   Log Message:
   net/bind918: update to 9.18.24

   9.18.24 (2024-02-13)

   	--- 9.18.24 released ---

   6343.	[bug]		Fix case insensitive setting for isc_ht hashtable.
   			[GL #4568]

   	--- 9.18.23 released ---

   6322.	[security]	Specific DNS answers could cause a denial-of-service
   			condition due to DNS validation taking a long time.
   			(CVE-2023-50387) [GL #4424]

   6321.	[security]	Change 6315 inadvertently introduced regressions that
   			could cause named to crash. [GL #4234]

   6320.	[bug]		Under some circumstances, the DoT code in client
   			mode could process more than one message at a time when
   			that was not expected. That has been fixed. [GL #4487]

   	--- 9.18.22 released ---

   6319.	[func]		Limit isc_task_send() overhead for RBTDB tree pruning.
   			[GL #4383]

   6317.	[security]	Restore DNS64 state when handling a serve-stale timeout.
   			(CVE-2023-5679) [GL #4334]

   6316.	[security]	Specific queries could trigger an assertion check with
   			nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]

   6315.	[security]	Speed up parsing of DNS messages with many different
   			names. (CVE-2023-4408) [GL #4234]

   6314.	[bug]		Address race conditions in dns_tsigkey_find().
   			[GL #4182]

   6312.	[bug]		Conversion from NSEC3 signed to NSEC signed could
   			temporarily put the zone into a state where it was
   			treated as unsigned until the NSEC chain was built.
   			Additionally conversion from one set of NSEC3 parameters
   			to another could also temporarily put the zone into a
   			state where it was treated as unsigned until the new
   			NSEC3 chain was built. [GL #1794] [GL #4495]

   6310.	[bug]		Memory leak in zone.c:sign_zone. When named signed a
   			zone it could leak dst_keys due to a misplaced
   			'continue'. [GL #4488]

   6306.	[func]		Log more details about the cause of "not exact" errors.
   			[GL #4500]

   6304.	[bug]		The wrong time was being used to determine what RRSIGs
   			where to be generated when dnssec-policy was in use.
   			[GL #4494]

   6302.	[func]		The "trust-anchor-telemetry" statement is no longer
   			marked as experimental. This silences a relevant log
   			message that was emitted even when the feature was
   			explicitly disabled. [GL #4497]

   6300.	[bug]		Fix statistics export to use full 64 bit signed numbers
   			instead of truncating values to unsigned 32 bits.
   			[GL #4467]

   6299.	[port]		NetBSD has added 'hmac' to libc which collides with our
   			use of 'hmac'. [GL #4478]

Revision 1.27: download - view: text, markup, annotated - select for diffs
Tue Feb 13 13:50:39 2024 UTC (9 months, 3 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +2 -3 lines
net/bind918: update to 9.18.24

9.18.24 (2024-02-13)

	--- 9.18.24 released ---

6343.	[bug]		Fix case insensitive setting for isc_ht hashtable.
			[GL #4568]

	--- 9.18.23 released ---

6322.	[security]	Specific DNS answers could cause a denial-of-service
			condition due to DNS validation taking a long time.
			(CVE-2023-50387) [GL #4424]

6321.	[security]	Change 6315 inadvertently introduced regressions that
			could cause named to crash. [GL #4234]

6320.	[bug]		Under some circumstances, the DoT code in client
			mode could process more than one message at a time when
			that was not expected. That has been fixed. [GL #4487]

	--- 9.18.22 released ---

6319.	[func]		Limit isc_task_send() overhead for RBTDB tree pruning.
			[GL #4383]

6317.	[security]	Restore DNS64 state when handling a serve-stale timeout.
			(CVE-2023-5679) [GL #4334]

6316.	[security]	Specific queries could trigger an assertion check with
			nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]

6315.	[security]	Speed up parsing of DNS messages with many different
			names. (CVE-2023-4408) [GL #4234]

6314.	[bug]		Address race conditions in dns_tsigkey_find().
			[GL #4182]

6312.	[bug]		Conversion from NSEC3 signed to NSEC signed could
			temporarily put the zone into a state where it was
			treated as unsigned until the NSEC chain was built.
			Additionally conversion from one set of NSEC3 parameters
			to another could also temporarily put the zone into a
			state where it was treated as unsigned until the new
			NSEC3 chain was built. [GL #1794] [GL #4495]

6310.	[bug]		Memory leak in zone.c:sign_zone. When named signed a
			zone it could leak dst_keys due to a misplaced
			'continue'. [GL #4488]

6306.	[func]		Log more details about the cause of "not exact" errors.
			[GL #4500]

6304.	[bug]		The wrong time was being used to determine what RRSIGs
			where to be generated when dnssec-policy was in use.
			[GL #4494]

6302.	[func]		The "trust-anchor-telemetry" statement is no longer
			marked as experimental. This silences a relevant log
			message that was emitted even when the feature was
			explicitly disabled. [GL #4497]

6300.	[bug]		Fix statistics export to use full 64 bit signed numbers
			instead of truncating values to unsigned 32 bits.
			[GL #4467]

6299.	[port]		NetBSD has added 'hmac' to libc which collides with our
			use of 'hmac'. [GL #4478]

Revision 1.26: download - view: text, markup, annotated - select for diffs
Tue Jan 30 18:29:19 2024 UTC (10 months, 1 week ago) by adam
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +2 -1 lines
revbump for devel/abseil

Revision 1.25: download - view: text, markup, annotated - select for diffs
Fri Jan 5 01:52:20 2024 UTC (11 months ago) by taca
Branches: MAIN
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +2 -2 lines
net/bind918: update to 9.18.21

9.18.21 (2023-12-20)

6297.	[bug]		Improve LRU cleaning behaviour. [GL #4448]

6296.	[func]		The "resolver-nonbackoff-tries" and
			"resolver-retry-interval" options are deprecated;
			a warning will be logged if they are used. [GL #4405]

6294.	[bug]		BIND might sometimes crash after startup or
			re-configuration when one 'tls' entry is used multiple
			times to connect to remote servers due to initialisation
			attempts from contexts of multiple threads. That has
			been fixed. [GL #4464]

6290.	[bug]		Dig +yaml will now report "no servers could be reached"
			also for UDP setup failure when no other servers or
			tries are left. [GL #1229]

6287.	[bug]		Recognize escapes when reading the public key from file.
			[GL !8502]

6286.	[bug]		Dig +yaml will now report "no servers could be reached"
			on TCP connection failure as well as for UDP timeouts.
			[GL #4396]

6282.	[func]		Deprecate AES-based DNS cookies. [GL #4421]

Revision 1.24: download - view: text, markup, annotated - select for diffs
Sat Nov 18 04:07:28 2023 UTC (12 months, 3 weeks ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2023Q4-base
Branch point for: pkgsrc-2023Q4
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +2 -3 lines
net/bind918: updte to 9.18.20

Note: B.ROOT-SERVERS.NET's addresses will be changed November 27, 2023.

9.18.20 (2023-11-15)

6280.	[bug]		Fix missing newlines in the output of "rndc nta -dump".
			[GL !8454]

6277.	[bug]		Take into account local authoritative zones when
			falling back to serve-stale. [GL #4355]

6275.	[bug]		Fix assertion failure when using lock-file configuration
			option together -X argument to named. [GL #4386]

6274.	[bug]		The 'lock-file' file was being removed when it
			shouldn't have been making it ineffective if named was
			started 3 or more times. [GL #4387]

6271.	[bug]		Fix a shutdown race in dns__catz_update_cb(). [GL #4381]

6269.	[maint]		B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and
			2801:1b8:10::b. [GL #4101]

6267.	[func]		The timeouts for resending zone refresh queries over UDP
			were lowered to enable named to more quickly determine
			that a primary is down. [GL #4260]

6265.	[bug]		Don't schedule resign operations on the raw version
			of an inline-signing zone. [GL #4350]

6261.	[bug]		Fix a possible assertion failure on an error path in
			resolver.c:fctx_query(), when using an uninitialized
			link. [GL #4331]

6254.	[cleanup]	Add semantic patch to do an explicit cast from char
			to unsigned char in ctype.h class of functions.
			[GL #4327]

6252.	[test]		Python system tests have to be executed by invoking
			pytest directly. Executing them with the legacy test
			runner is no longer supported. [GL #4250]

6250.	[bug]		The wrong covered value was being set by
			dns_ncache_current for RRSIG records in the returned
			rdataset structure. This resulted in TYPE0 being
			reported as the covered value of the RRSIG when dumping
			the cache contents. [GL #4314]

Revision 1.23: download - view: text, markup, annotated - select for diffs
Wed Nov 15 18:14:44 2023 UTC (12 months, 3 weeks ago) by wiz
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +2 -2 lines
*: bump for protobuf 25

Revision 1.22: download - view: text, markup, annotated - select for diffs
Wed Nov 8 13:20:21 2023 UTC (13 months ago) by wiz
Branches: MAIN
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +2 -2 lines
*: recursive bump for icu 74.1

Revision 1.21: download - view: text, markup, annotated - select for diffs
Thu Nov 2 12:20:05 2023 UTC (13 months, 1 week ago) by wiz
Branches: MAIN
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +2 -2 lines
*: recursive bump for protobuf

Revision 1.20: download - view: text, markup, annotated - select for diffs
Tue Oct 24 22:10:12 2023 UTC (13 months, 2 weeks ago) by wiz
Branches: MAIN
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +2 -1 lines
*: bump for openssl 3

Revision 1.19: download - view: text, markup, annotated - select for diffs
Wed Sep 20 13:37:16 2023 UTC (14 months, 2 weeks ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +2 -2 lines
net/bind918: update to 9.18.19

9.18.19 (2023-09-20)

6246.	[security]	Fix use-after-free error in TLS DNS code when sending
			data. (CVE-2023-4236) [GL #4242]

6245.	[security]	Limit the amount of recursion that can be performed
			by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]

6244.	[bug]		Adjust log levels on malformed messages to NOTICE when
			transferring in a zone. [GL #4290]

6241.	[bug]		Take into account the possibility of partial TLS writes
			in TLS DNS code. That helps to prevent DNS messages
			corruption on long DNS over TLS streams. [GL #4255]

6240.	[bug]		Use dedicated per-worker thread jemalloc memory
			arenas for send buffers allocation to reduce memory
			consumption and avoid lock contention. [GL #4038]

6239.	[func]		Deprecate the 'dnssec-must-be-secure' option.
			[GL #3700]

6237.	[bug]		Address memory leaks due to not clearing OpenSSL error
			stack. [GL #4159]

6235.	[doc]		Clarify BIND 9 time formats. [GL #4266]

6234.	[bug]		Restore stale-refresh-time value after flushing the
			cache. [GL #4278]

6232.	[bug]		Following the introduction of krb5-subdomain-self-rhs
			and ms-subdomain-self-rhs update rules, removal of
			nonexistent PTR and SRV records via UPDATE could fail.
			[GL #4280]

6231.	[func]		Make nsupdate honor -v for SOA requests if the server
			is specified. [GL #1181]

6230.	[bug]		Prevent an unnecessary query restart if a synthesized
			CNAME target points to the CNAME owner. [GL #3835]

6227.	[bug]		Check the statistics-channel HTTP Content-length
			to prevent negative or overflowing values from
			causing a crash. [GL #4125]

6224.	[bug]		Check the If-Modified-Since value length to prevent
			out-of-bounds write. [GL #4124]

Revision 1.18: download - view: text, markup, annotated - select for diffs
Tue Sep 19 16:19:27 2023 UTC (14 months, 3 weeks ago) by he
Branches: MAIN
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +2 -2 lines
net/bind918: update HOMEPAGE to the place the previous version redirects to.

Revision 1.17: download - view: text, markup, annotated - select for diffs
Tue Aug 29 14:47:21 2023 UTC (15 months, 1 week ago) by taca
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +2 -2 lines
net/bind918: update to 9.18.18

--- 9.18.18 released ---

6220.	[func]		Deprecate the 'dialup' and 'heartbeat-interval'
			options. [GL #3700]

6219.	[bug]		Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
			[GL #4032]

6215.	[protocol]	Return REFUSED to GSS-API TKEY requests if GSS-API
			support is not configured. [GL #4225]

6213.	[bug]		Mark a primary server as temporarily unreachable if the
			TCP connection attempt times out. [GL #4215]

6212.	[bug]		Don't process detach and close netmgr events when
			the netmgr has been paused. [GL #4200]

Revision 1.16: download - view: text, markup, annotated - select for diffs
Wed Jul 19 15:20:21 2023 UTC (16 months, 3 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +2 -2 lines
net/bind918: update to 9.18.17

9.18.17 released

6206.	[bug]		Add shutdown checks in dns_catz_dbupdate_callback() to
			avoid a race with dns_catz_shutdown_catzs(). [GL #4171]

6205.	[bug]		Restore support to read legacy HMAC-MD5 K file pairs.
			[GL #4154]

6204.	[bug]		Use NS records for relaxed QNAME-minimization mode.
			This reduces the number of queries named makes when
			resolving, as it allows the non-existence of NS RRsets
			at non-referral nodes to be cached in addition to the
			referrals that are normally cached. [GL #3325]

6200.	[bug]		Fix nslookup erroneously reporting a timeout when the
			input is delayed. [GL #4044]

6199.	[bug]		Improve HTTP Connection: header protocol conformance
			in the statistics channel. [GL #4126]

6198.	[func]		Remove the holes in the isc_result_t enum to compact
			the isc_result tables. [GL #4149]

6197.	[bug]		Fix a data race between the dns_zone and dns_catz
			modules when registering/unregistering a database
			update notification callback for a catalog zone.
			[GL #4132]

6196.	[cleanup]	Report "permission denied" instead of "unexpected error"
			when trying to update a zone file on a read-only file
			system. Thanks to Midnight Veil. [GL #4134]

6193.	[bug]		Fix a catz db update notification callback registration
			logic error, which could crash named when receiving an
			AXFR update for a catalog zone while the previous update
			process of the catalog zone was already running.
			[GL #4136]

6166.	[func]		Retry without DNS COOKIE on FORMERR if it appears that
			the FORMERR was due to the presence of a DNS COOKIE
			option. [GL #4049]

Revision 1.15: download - view: text, markup, annotated - select for diffs
Tue Jul 18 18:36:29 2023 UTC (16 months, 3 weeks ago) by nia
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +3 -1 lines
net: Adapt packages to USE_(CC|CXX)_FEATURES where possible

Revision 1.14: download - view: text, markup, annotated - select for diffs
Thu Jul 13 13:45:43 2023 UTC (16 months, 4 weeks ago) by nia
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +1 -4 lines
*: remove all instances of GCC_REQD where my name is the most recent in
"cvs annotate" (part 1)

Hopefully this commit can be reviewed later if a better replacement
for GCC_REQD is committed.

Revision 1.13: download - view: text, markup, annotated - select for diffs
Wed Jul 12 19:58:50 2023 UTC (16 months, 4 weeks ago) by nia
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +4 -1 lines
bind918: Require at least GCC 4.9 for stdatomic.h.

Revision 1.8.2.1: download - view: text, markup, annotated - select for diffs
Mon Jun 26 09:34:44 2023 UTC (17 months, 2 weeks ago) by bsiegert
Branches: pkgsrc-2023Q1
Diff to: previous 1.8: preferred, colored; next MAIN 1.9: preferred, colored
Changes since revision 1.8: +2 -2 lines
Pullup ticket #6764 - requested by taca
net/bind918: security fix

Revisions pulled up:
- net/bind918/Makefile                                          1.10-1.12
- net/bind918/PLIST                                             1.4
- net/bind918/distinfo                                          1.7-1.9
- net/bind918/options.mk                                        1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Apr 24 13:48:06 UTC 2023

   Modified Files:
   	pkgsrc/net/bind918: Makefile PLIST distinfo options.mk

   Log Message:
   net/bind918: update to 9.18.14

   pkgsrc change: reduce some pkglint warnings.

   --- 9.18.14 released ---

   6145.	[bug]		Fix a possible use-after-free bug in the
   			dns__catz_done_cb() function. [GL #3997]

   6143.	[bug]		A reference counting problem on the error path in
   			the xfrin_connect_done() might cause an assertion
   			failure on shutdown.  [GL #3989]

   6142.	[bug]		Reduce the number of dns_dnssec_verify calls made
   			determining if revoked keys needs to be removed from
   			the trust anchors. [GL #3981]

   6141.	[bug]		Fix several issues in nsupdate timeout handling and
   			update the -t option's documentation. [GL #3674]

   6138.	[doc]		Fix the DF-flag documentation on the outgoing
   			UDP packets. [GL #3710]

   6136.	[cleanup]	Remove the isc_fsaccess API in favor of creating
   			temporary file first and atomically replace the key
   			with non-truncated content. [GL #3982]

   6132.	[doc]		Remove a dead link in the DNSSEC guide. [GL #3967]

   6129.	[cleanup]	Value stored to 'source' during its initialization is
   			never read. [GL #3965]

   6128.	[bug]		Fix an omission in an earlier commit to avoid a race
   			between the 'dns__catz_update_cb()' and
   			'dns_catz_dbupdate_callback()' functions. [GL #3968]

   6126.	[cleanup]	Deprecate zone type "delegation-only" and the
   			"delegation-only" and "root-delegation-only"
   			options. [GL #3953]

   6125.	[bug]		Hold a catz reference while the update process is
   			running, so that the catalog zone is not destroyed
   			during shutdown until the update process is finished or
   			properly canceled by the activated 'shuttingdown' flag.
   			[GL #3955]

   6124.	[bug]		When changing from a NSEC3 capable DNSSEC algorithm to
   			an NSEC3 incapable DNSSEC algorithm using KASP the zone
   			could sometimes be incompletely signed. [GL #3937]

   6121.	[bug]		Fix BIND and dig zone transfer hanging when
   			downloading large zones over TLS from a primary server,
   			especially over unstable connections. [GL #3867]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed May 17 13:43:52 UTC 2023

   Modified Files:
   	pkgsrc/net/bind918: Makefile distinfo

   Log Message:
   net/bind918: update to 9.18.15

   	--- 9.18.15 released ---

   6164.	[bug]		Set the rndc idle read timeout back to 60 seconds,
   			from the netmgr default of 30 seconds, in order to
   			match the behavior of 9.16 and earlier. [GL #4046]

   6161.	[bug]		Fix log file rotation when using absolute path as
   			file. [GL #3991]

   6157.	[bug]		When removing delegations in an OPTOUT range
   			empty-non-terminal NSEC3 records generated by
   			those delegations were not removed. [GL #4027]

   6156.	[bug]		Reimplement the maximum and idle timeouts for incoming
   			zone tranfers. [GL #4004]

   6155.	[bug]		Treat ISC_R_INVALIDPROTO as a networking error
   			in the dispatch code to avoid retrying with the
   			same server. [GL #4005]

   6152.	[bug]		In dispatch, honour the configured source-port
   			selection when UDP connection fails with address
   			in use error.

   			Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
   			[GL #3986]

   6149.	[test]		As a workaround, include an OpenSSL header file before
   			including cmocka.h in the unit tests, because OpenSSL
   			3.1.0 uses __attribute__(malloc), conflicting with a
   			redefined malloc in cmocka.h. [GL #4000]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Jun 21 14:42:23 UTC 2023

   Modified Files:
   	pkgsrc/net/bind918: Makefile distinfo

   Log Message:
   net/bind918: update to 9.18.16

   9.18.16 (2023-06-21)

   Security release:

   - CVE-2023-2828
   - CVE-2023-2911

   6192.	[security]	A query that prioritizes stale data over lookup
   			triggers a fetch to refresh the stale data in cache.
   			If the fetch is aborted for exceeding the recursion
   			quota, it was possible for 'named' to enter an infinite
   			callback loop and crash due to stack overflow. This has
   			been fixed. (CVE-2023-2911) [GL #4089]

   6190.	[security]	Improve the overmem cleaning process to prevent the
   			cache going over the configured limit. (CVE-2023-2828)
   			[GL #4055]

   6188.	[performance]	Reduce memory consumption by allocating properly
   			sized send buffers for stream-based transports.
   			[GL #4038]

   6186.	[bug]		Fix a 'clients-per-query' miscalculation bug. When the
   			'stale-answer-enable' options was enabled and the
   			'stale-answer-client-timeout' option was enabled and
   			larger than 0, named was taking two places from the
   			'clients-per-query' limit for each client and was
   			failing to gradually auto-tune its value, as configured.
   			[GL #4074]

   6185.	[func]		Add "ClientQuota" statistics channel counter, which
   			indicates the number of the resolver's spilled queries
   			due to reaching the clients per query quota. [GL !7978]

   6183.	[bug]		Fix a serve-stale bug where a delegation from cache
   			could be returned to the client. [GL #3950]

   6182.	[cleanup]	Remove configure checks for epoll, kqueue and
   			/dev/poll. [GL #4098]

   6181.	[func]		The "tkey-dhkey" option has been deprecated; a
   			warning will be logged when it is used. In a future
   			release, Diffie-Hellman TKEY mode will be removed.
   			[GL #3905]

   6180.	[bug]		The session key object could be incorrectly added
   			to multiple different views' keyrings. [GL #4079]

   6179.	[bug]		Fix an interfacemgr use-after-free error in
   			zoneconf.c:isself(). [GL #3765]

   6176.	[test]		Add support for using pytest & pytest-xdist to
   			execute the system test suite. [GL #3978]

   6174.	[bug]		BIND could get stuck on reconfiguration when a
   			'listen' statement for HTTP is removed from the
   			configuration. That has been fixed. [GL #4071]

   6173.	[bug]		Properly process extra "nameserver" lines in
   			resolv.conf otherwise the next line is not properly
   			processed. [GL #4066]

   6169.	[bug]		named could crash when deleting inline-signing zones
   			with "rndc delzone". [GL #4054]

   6165.	[bug]		Fix a logic error in dighost.c which could call the
   			dighost_shutdown() callback twice and cause problems
   			if the callback function was not idempotent. [GL #4039]

Revision 1.12: download - view: text, markup, annotated - select for diffs
Wed Jun 21 14:42:23 2023 UTC (17 months, 2 weeks ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -2 lines
net/bind918: update to 9.18.16

9.18.16 (2023-06-21)

Security release:

- CVE-2023-2828
- CVE-2023-2911

6192.	[security]	A query that prioritizes stale data over lookup
			triggers a fetch to refresh the stale data in cache.
			If the fetch is aborted for exceeding the recursion
			quota, it was possible for 'named' to enter an infinite
			callback loop and crash due to stack overflow. This has
			been fixed. (CVE-2023-2911) [GL #4089]

6190.	[security]	Improve the overmem cleaning process to prevent the
			cache going over the configured limit. (CVE-2023-2828)
			[GL #4055]

6188.	[performance]	Reduce memory consumption by allocating properly
			sized send buffers for stream-based transports.
			[GL #4038]

6186.	[bug]		Fix a 'clients-per-query' miscalculation bug. When the
			'stale-answer-enable' options was enabled and the
			'stale-answer-client-timeout' option was enabled and
			larger than 0, named was taking two places from the
			'clients-per-query' limit for each client and was
			failing to gradually auto-tune its value, as configured.
			[GL #4074]

6185.	[func]		Add "ClientQuota" statistics channel counter, which
			indicates the number of the resolver's spilled queries
			due to reaching the clients per query quota. [GL !7978]

6183.	[bug]		Fix a serve-stale bug where a delegation from cache
			could be returned to the client. [GL #3950]

6182.	[cleanup]	Remove configure checks for epoll, kqueue and
			/dev/poll. [GL #4098]

6181.	[func]		The "tkey-dhkey" option has been deprecated; a
			warning will be logged when it is used. In a future
			release, Diffie-Hellman TKEY mode will be removed.
			[GL #3905]

6180.	[bug]		The session key object could be incorrectly added
			to multiple different views' keyrings. [GL #4079]

6179.	[bug]		Fix an interfacemgr use-after-free error in
			zoneconf.c:isself(). [GL #3765]

6176.	[test]		Add support for using pytest & pytest-xdist to
			execute the system test suite. [GL #3978]

6174.	[bug]		BIND could get stuck on reconfiguration when a
			'listen' statement for HTTP is removed from the
			configuration. That has been fixed. [GL #4071]

6173.	[bug]		Properly process extra "nameserver" lines in
			resolv.conf otherwise the next line is not properly
			processed. [GL #4066]

6169.	[bug]		named could crash when deleting inline-signing zones
			with "rndc delzone". [GL #4054]

6165.	[bug]		Fix a logic error in dighost.c which could call the
			dighost_shutdown() callback twice and cause problems
			if the callback function was not idempotent. [GL #4039]

Revision 1.11: download - view: text, markup, annotated - select for diffs
Wed May 17 13:43:52 2023 UTC (18 months, 3 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +2 -2 lines
net/bind918: update to 9.18.15

	--- 9.18.15 released ---

6164.	[bug]		Set the rndc idle read timeout back to 60 seconds,
			from the netmgr default of 30 seconds, in order to
			match the behavior of 9.16 and earlier. [GL #4046]

6161.	[bug]		Fix log file rotation when using absolute path as
			file. [GL #3991]

6157.	[bug]		When removing delegations in an OPTOUT range
			empty-non-terminal NSEC3 records generated by
			those delegations were not removed. [GL #4027]

6156.	[bug]		Reimplement the maximum and idle timeouts for incoming
			zone tranfers. [GL #4004]

6155.	[bug]		Treat ISC_R_INVALIDPROTO as a networking error
			in the dispatch code to avoid retrying with the
			same server. [GL #4005]

6152.	[bug]		In dispatch, honour the configured source-port
			selection when UDP connection fails with address
			in use error.

			Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
			[GL #3986]

6149.	[test]		As a workaround, include an OpenSSL header file before
			including cmocka.h in the unit tests, because OpenSSL
			3.1.0 uses __attribute__(malloc), conflicting with a
			redefined malloc in cmocka.h. [GL #4000]

Revision 1.10: download - view: text, markup, annotated - select for diffs
Mon Apr 24 13:48:06 2023 UTC (19 months, 2 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +2 -3 lines
net/bind918: update to 9.18.14

pkgsrc change: reduce some pkglint warnings.


--- 9.18.14 released ---

6145.	[bug]		Fix a possible use-after-free bug in the
			dns__catz_done_cb() function. [GL #3997]

6143.	[bug]		A reference counting problem on the error path in
			the xfrin_connect_done() might cause an assertion
			failure on shutdown.  [GL #3989]

6142.	[bug]		Reduce the number of dns_dnssec_verify calls made
			determining if revoked keys needs to be removed from
			the trust anchors. [GL #3981]

6141.	[bug]		Fix several issues in nsupdate timeout handling and
			update the -t option's documentation. [GL #3674]

6138.	[doc]		Fix the DF-flag documentation on the outgoing
			UDP packets. [GL #3710]

6136.	[cleanup]	Remove the isc_fsaccess API in favor of creating
			temporary file first and atomically replace the key
			with non-truncated content. [GL #3982]

6132.	[doc]		Remove a dead link in the DNSSEC guide. [GL #3967]

6129.	[cleanup]	Value stored to 'source' during its initialization is
			never read. [GL #3965]

6128.	[bug]		Fix an omission in an earlier commit to avoid a race
			between the 'dns__catz_update_cb()' and
			'dns_catz_dbupdate_callback()' functions. [GL #3968]

6126.	[cleanup]	Deprecate zone type "delegation-only" and the
			"delegation-only" and "root-delegation-only"
			options. [GL #3953]

6125.	[bug]		Hold a catz reference while the update process is
			running, so that the catalog zone is not destroyed
			during shutdown until the update process is finished or
			properly canceled by the activated 'shuttingdown' flag.
			[GL #3955]

6124.	[bug]		When changing from a NSEC3 capable DNSSEC algorithm to
			an NSEC3 incapable DNSSEC algorithm using KASP the zone
			could sometimes be incompletely signed. [GL #3937]

6121.	[bug]		Fix BIND and dig zone transfer hanging when
			downloading large zones over TLS from a primary server,
			especially over unstable connections. [GL #3867]

Revision 1.9: download - view: text, markup, annotated - select for diffs
Wed Apr 19 08:11:01 2023 UTC (19 months, 3 weeks ago) by adam
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +2 -1 lines
revbump after textproc/icu update

Revision 1.8: download - view: text, markup, annotated - select for diffs
Fri Mar 17 13:58:59 2023 UTC (20 months, 3 weeks ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2023Q1-base
Branch point for: pkgsrc-2023Q1
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +2 -2 lines
net/bind918: update to 9.18.13

--- 9.18.13 released ---

6120.	[bug]		Use two pairs of dns_db_t and dns_dbversion_t in a
			catalog zone structure to avoid a race between the
			dns__catz_update_cb() and dns_catz_dbupdate_callback()
			functions. [GL #3907]

6119.	[bug]		Make sure to revert the reconfigured zones to the
			previous version of the view, when the new view
			reconfiguration fails during the configuration of
			one of the configured zones. [GL #3911]

6116.	[bug]		Fix error path cleanup issues in dns_catz_new_zones()
			and dns_catz_new_zone() functions. [GL #3900]

6115.	[bug]		Unregister db update notify callback before detaching
			from the previous db inside the catz update notify
			callback. [GL #3777]

6114.	[func]		Run the catalog zone update process on the offload
			threads. [GL #3881]

6113.	[func]		Add shutdown signaling for catalog zones. [GL !7571]

6112.	[func]		Add reference count tracing for dns_catz_zone_t and
			dns_catz_zones_t. [GL !7570]

6105.	[bug]		Detach 'rpzs' and 'catzs' from the previous view in
			configure_rpz() and configure_catz(), respectively,
			just after attaching it to the new view. [GL #3880]

6098.	[test]		Don't test HMAC-MD5 when not supported by libcrypto.
			[GL #3871]

6096.	[bug]		Fix RPZ reference counting error on shutdown in
			dns__rpz_timer_cb(). [GL #3866]

6095.	[test]		Test various 'islands of trust' configurations when
			using managed keys. [GL #3662]

6094.	[bug]		Building against (or running with) libuv versions
			1.35.0 and 1.36.0 is now a fatal error.  The rules for
			mixing and matching compile-time and run-time libuv
			versions have been tightened for libuv versions between
			1.35.0 and 1.40.0. [GL #3840]

6092.	[bug]		dnssec-cds failed to cleanup properly. [GL #3831]

6089.	[bug]		Source ports configured for query-source,
			transfer-source, etc, were being ignored. (This
			feature is deprecated, but it is not yet removed,
			so the bug still needed fixing.) [GL #3790]

Revision 1.7: download - view: text, markup, annotated - select for diffs
Thu Feb 16 13:37:16 2023 UTC (21 months, 3 weeks ago) by taca
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -2 lines
net/bind918: update to 9.18.12

	--- 9.18.12 released ---

6083.	[bug]		Fix DNSRPS-enabled builds as they were inadvertently
			broken by change 6042. [GL #3827]

6082.	[test]		fuzz/dns_message_checksig leaked memory when shutting
			down. [GL #3828]

6081.	[bug]		Handle primary server address lookup failures in
			nsupdate more gracefully. [GL #3830]

6080.	[bug]		'named -V' leaked memory. [GL #3829]

6079.	[bug]		Force set the DS state after a 'rdnc dnssec -checkds'
			command. [GL #3822]

6075.	[bug]		Add missing node lock when setting node->wild in
			add_wildcard_magic. [GL #3799]

6074.	[func]		Refactor the isc_nm_xfr_allowed() function to return
			isc_result_t instead of boolean. [GL #3808]

6073.	[bug]		Set RD=1 on DS requests to parental-agents. [GL #3783]

6072.	[bug]		Avoid the OpenSSL lock contention when initializing
			Message Digest Contexts by using explicit algorithm
			fetching, initializing static contexts for every
			supported algorithms, and initializing the new context
			by copying the static copy. [GL #3795]

6071.	[func]		The use of "port" when configuring query-source,
			transfer-source, notify-source and parental-source
			addresses has been deprecated, along with the
			use-v[46]-udp-ports and avoid-v[46]-udp-ports
			options. A warning will be logged when these
			options are used. In a future release, they
			will be removed. [GL #3781]


6069.	[bug]		Detach from the view in zone_shutdown() to
			release the memory held by the dead view
			early. [GL #3801]

6068.	[bug]		Downloading a zone via TLS from a server which does
			not negotiate "dot" ALPN token could crash BIND
			on shutdown. That has been fixed. [GL #3767]

Revision 1.3.2.1: download - view: text, markup, annotated - select for diffs
Sun Feb 12 19:52:24 2023 UTC (21 months, 3 weeks ago) by spz
Branches: pkgsrc-2022Q4
Diff to: previous 1.3: preferred, colored; next MAIN 1.4: preferred, colored
Changes since revision 1.3: +2 -3 lines
Pullup ticket #6736 - requested by taca
net/bind918: security update

Revisions pulled up:
- net/bind918/Makefile                                          1.6
- net/bind918/PLIST                                             1.2
- net/bind918/distinfo                                          1.4
- net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh deleted
- net/bind918/patches/patch-lib_isc_siphash.c                   1.2
- net/bind918/patches/patch-lib_isc_time.c                      1.2
- net/bind918/patches/patch-lib_ns_update.c                     1.2

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Feb  8 00:13:44 UTC 2023

   Modified Files:
   	pkgsrc/net/bind918: Makefile PLIST distinfo
   	pkgsrc/net/bind918/patches: patch-lib_isc_siphash.c
   	    patch-lib_isc_time.c patch-lib_ns_update.c
   Removed Files:
   	pkgsrc/net/bind918/patches:
   	    patch-bin_tests_system_keyfromlabel_tests.sh

   Log Message:
   net/bind918: update to 9.18.11

   Approved by MAINTAINER (sekiya@).

   	--- 9.18.11 released ---

   6067.	[security]	Fix serve-stale crash when recursive clients soft quota
   			is reached. (CVE-2022-3924) [GL #3619]

   6066.	[security]	Handle RRSIG lookups when serve-stale is active.
   			(CVE-2022-3736) [GL #3622]

   6064.	[security]	An UPDATE message flood could cause named to exhaust all
   			available memory. This flaw was addressed by adding a
   			new "update-quota" statement that controls the number of
   			simultaneous UPDATE messages that can be processed or
   			forwarded. The default is 100. A stats counter has been
   			added to record events when the update quota is
   			exceeded, and the XML and JSON statistics version
   			numbers have been updated. (CVE-2022-3094) [GL #3523]

   6062.	[func]		The DSCP implementation, which has been
   			nonfunctional for some time, is now marked as
   			obsolete and the implementation has been removed.
   			Configuring DSCP values in named.conf has no
   			effect, and a warning will be logged that
   			the feature should no longer be used. [GL #3773]

   6061.	[bug]		Fix unexpected "Prohibited" extended DNS error
   			on allow-recursion. [GL #3743]

   6060.	[bug]		Fix a use-after-free bug in dns_zonemgr_releasezone()
   			by detaching from the zone manager outside of the write
   			lock. [GL #3768]

   6059.	[bug]		In some serve stale scenarios, like when following an
   			expired CNAME record, named could return SERVFAIL if the
   			previous request wasn't successful. Consider non-stale
   			data when in serve-stale mode. [GL #3678]

   6058.	[bug]		Prevent named from crashing when "rndc delzone"
   			attempts to delete a zone added by a catalog zone.
   			[GL #3745]

   6053.	[bug]		Fix an ADB quota management bug in resolver. [GL #3752]

   6051.	[bug]		Improve thread safety in the dns_dispatch unit.
   			[GL #3178] [GL #3636]

   6050.	[bug]		Changes to the RPZ response-policy min-update-interval
   			and add-soa options now take effect as expected when
   			named is reconfigured. [GL #3740]

   6049.	[bug]		Exclude ABD hashtables from the ADB memory
   			overmem checks and don't clean ADB names
   			and ADB entries used in the last 10 seconds
   			(ADB_CACHE_MINIMUM). [GL #3739]

   6048.	[bug]		Fix a log message error in dns_catz_update_from_db(),
   			where serials with values of 2^31 or larger were logged
   			incorrectly as negative numbers. [GL #3742]

   6047.	[bug]		Try the next server instead of trying the same
   			server again on an outgoing query timeout.
   			[GL #3637]

   6046.	[bug]		TLS session resumption might lead to handshake
   			failures when client certificates are used for
   			authentication (Mutual TLS).  This has been fixed.
   			[GL #3725]

   6045.	[cleanup]	The list of supported DNSSEC algorithms changed log
   			level from "warning" to "notice" to match named's other
   			startup messages. [GL !7217]

   6044.	[bug]		There was an "RSASHA236" typo in a log message.
   			[GL !7206]

   5830.	[func]		Implement incremental resizing of isc_ht hash tables to
   			perform the rehashing gradually. The catalog zone
   			implementation has been optimized to work with hundreds
   			of thousands of member zones. [GL #3212] [GL #3744]


   To generate a diff of this commit:
   cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind918/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/PLIST
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind918/distinfo
   cvs rdiff -u -r1.1 -r0 \
       pkgsrc/net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/patches/patch-lib_isc_siphash.c \
       pkgsrc/net/bind918/patches/patch-lib_isc_time.c \
       pkgsrc/net/bind918/patches/patch-lib_ns_update.c

Revision 1.6: download - view: text, markup, annotated - select for diffs
Wed Feb 8 00:13:44 2023 UTC (22 months ago) by taca
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -3 lines
net/bind918: update to 9.18.11

Approved by MAINTAINER (sekiya@).

	--- 9.18.11 released ---

6067.	[security]	Fix serve-stale crash when recursive clients soft quota
			is reached. (CVE-2022-3924) [GL #3619]

6066.	[security]	Handle RRSIG lookups when serve-stale is active.
			(CVE-2022-3736) [GL #3622]

6064.	[security]	An UPDATE message flood could cause named to exhaust all
			available memory. This flaw was addressed by adding a
			new "update-quota" statement that controls the number of
			simultaneous UPDATE messages that can be processed or
			forwarded. The default is 100. A stats counter has been
			added to record events when the update quota is
			exceeded, and the XML and JSON statistics version
			numbers have been updated. (CVE-2022-3094) [GL #3523]

6062.	[func]		The DSCP implementation, which has been
			nonfunctional for some time, is now marked as
			obsolete and the implementation has been removed.
			Configuring DSCP values in named.conf has no
			effect, and a warning will be logged that
			the feature should no longer be used. [GL #3773]

6061.	[bug]		Fix unexpected "Prohibited" extended DNS error
			on allow-recursion. [GL #3743]

6060.	[bug]		Fix a use-after-free bug in dns_zonemgr_releasezone()
			by detaching from the zone manager outside of the write
			lock. [GL #3768]

6059.	[bug]		In some serve stale scenarios, like when following an
			expired CNAME record, named could return SERVFAIL if the
			previous request wasn't successful. Consider non-stale
			data when in serve-stale mode. [GL #3678]

6058.	[bug]		Prevent named from crashing when "rndc delzone"
			attempts to delete a zone added by a catalog zone.
			[GL #3745]

6053.	[bug]		Fix an ADB quota management bug in resolver. [GL #3752]

6051.	[bug]		Improve thread safety in the dns_dispatch unit.
			[GL #3178] [GL #3636]

6050.	[bug]		Changes to the RPZ response-policy min-update-interval
			and add-soa options now take effect as expected when
			named is reconfigured. [GL #3740]

6049.	[bug]		Exclude ABD hashtables from the ADB memory
			overmem checks and don't clean ADB names
			and ADB entries used in the last 10 seconds
			(ADB_CACHE_MINIMUM). [GL #3739]

6048.	[bug]		Fix a log message error in dns_catz_update_from_db(),
			where serials with values of 2^31 or larger were logged
			incorrectly as negative numbers. [GL #3742]

6047.	[bug]		Try the next server instead of trying the same
			server again on an outgoing query timeout.
			[GL #3637]

6046.	[bug]		TLS session resumption might lead to handshake
			failures when client certificates are used for
			authentication (Mutual TLS).  This has been fixed.
			[GL #3725]

6045.	[cleanup]	The list of supported DNSSEC algorithms changed log
			level from "warning" to "notice" to match named's other
			startup messages. [GL !7217]

6044.	[bug]		There was an "RSASHA236" typo in a log message.
			[GL !7206]

5830.	[func]		Implement incremental resizing of isc_ht hash tables to
			perform the rehashing gradually. The catalog zone
			implementation has been optimized to work with hundreds
			of thousands of member zones. [GL #3212] [GL #3744]

Revision 1.5: download - view: text, markup, annotated - select for diffs
Fri Jan 13 05:31:52 2023 UTC (22 months, 3 weeks ago) by sekiya
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -3 lines
Python is only needed for tests, so remove the dependency.

Pointed out by tnn@ and john@

Bump package revision.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Thu Jan 12 19:01:46 2023 UTC (22 months, 3 weeks ago) by jperkin
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -2 lines
bind918: Fix path to named-checkconf.

It moved since 9.16 from sbin to bin.  Bump PKGREVISION.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Wed Dec 14 21:44:03 2022 UTC (23 months, 3 weeks ago) by sekiya
Branches: MAIN
CVS tags: pkgsrc-2022Q4-base
Branch point for: pkgsrc-2022Q4
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +2 -2 lines
Fix MASTER_SITE, which was weirdly botched between test and commit.  No
functional code change.

Reported by jklos@.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Mon Dec 12 22:07:04 2022 UTC (23 months, 4 weeks ago) by sekiya
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +10 -4 lines
Fix build for PKG_DEVELOPER=yes (from taca@)

Bump pkgsrc version.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Sun Dec 11 01:57:55 2022 UTC (23 months, 4 weeks ago) by sekiya
Branches: MAIN
Add net/bind918

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>