Up to [cvs.NetBSD.org] / pkgsrc / net / drill
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
net/drill: use ../ldns/version.mk, and thereby bump to 1.8.3.
net/drill: undo mistaken commit to branch.
net/drill: use ../ldns/version.mk, and thereby bump to 1.8.3.
*: bump for openssl 3
Update to version 1.7.1, included in ldns. Drill is now included in ldns, and the configure machinery has been re-done, so this now needs to build ldns locally in addition to drill, but this still only installs drill. Make the minimal adjustment so that this builds and installs drill. Now also works on systems with OpenSSL 1.1, so remove the BROKEN setting.
net: Mark packages that fail with OpenSSL 1.1 BROKEN
*: Recursive revision bump for openssl 1.1.1.
net: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections.
Comment out some dead HOMEPAGEs.
Bump PKGREVISION for security/openssl ABI bump.
fix openssl detection
Update to version 1.6.17. For the complete change log of the ldns container, see ../../net/ldns. Changes relevant to drill: * README now shows preferred way to configure for examples and drill. * Bind to source address for resolvers. drill binds to source with -I. Thanks Bryan Duff. * bugfix #497: Properly test for EOF when reading key files with drill. * bugfix #521: drill trace continue on empty non-terminals with NSEC3 * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
Add missing openssl buildlink, appeared in linux build
Update to sync with the ldns update to version 1.6.15. This changes the default trust anchor file from the dig-compatible value to a default of /usr/pkg/etc/unbound/root.key. Part of change log relevant to drill: * Configurable default trust anchor with --with-trust-anchor=FILE for drill, ldns-verify-zone and ldns-dane * bugfix #473: Dead code removal and resource leak fix in drill
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Add a patch each to code and documentation so that drill probes for /etc/trusted-key.key, and uses that as a trust anchor if neither -D nor -k options were specified. This feature is borrowed from BIND's dig when it is compiled with SIGCHASE support. Bump PKGREVISION.
Update from version 1.6.8 to 1.6.13. Ensure that ldns is at least as new as this package. I don't think there are specific fixes to drill in this update, so this is an update to pull in all the library fixes from ldns, since drill comes out of the ldns distribution.
* bugfix #335: Print both SHA-1 and SHA-256 corresponding DS records. * Fix verify NSEC3 denials. * allow for a secure trace if you use DS records as trust anchors * bugfix #313: trace on an empty nonterminal continuation.
Update from version 1.4.0 to 1.6.4. Thanks to Taylor R Campbell for nudge to update, and a patch to do so. Pkgsrc changes: o Add LICENSE=modified-bsd setting Upstream changes (also includes changes from the enclosing "ldns"): 1.6.4 2010-01-20 * Imported pyldns contribution by Zdenek Vasicek and Karel Slany. Changed its configure and Makefile to fit into ldns. Added its dname_* methods to the rdf_* class (as is the ldns API). Changed swig destroy of ldns_buffer class to ldns_buffer_free. Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them. * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash. * Bugfix: handle escaped characters in TXT rdata. * bug292: no longer crash on malformed domain names where a label is on position 255, which was a buffer overflow by one. * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change), which fixes resolv.conf reading badly terminated string buffers. * Fix ldns_pkt_set_random_id to be more random, and a little faster, it did not do value 0 statistically correctly. * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes, for portability. * bug295: nsec3-hash routine no longer case sensitive. * bug298: drill failed nsec3 denial of existence proof. 1.6.3 2009-12-04 * Bugfix: allow for unknown resource records in zonefile with rdlen=0. * Bugfix: also mark an RR as question if it comes from the wire * Bugfix: NSEC3 bitmap contained NSEC * Bugfix: Inherit class when creating signatures 1.6.2 2009-11-12 * Fix Makefile patch from Havard Eidnes, better install.sh usage. * Fix parse error on SOA serial of 2910532839. Fix print of ';' and readback of '\;' in names, also for '\\'. Fix parse of '\(' and '\)' in names. Also for file read. Also '\.' * Fix signature creation when TTLs are different for RRs in RRset. * bug273: fix so EDNS rdata is included in pkt to wire conversion. * bug274: fix use of c++ keyword 'class' for RR class in the code. * bug275: fix memory leak of packet edns rdata. * Fix timeout procedure for TCP and AXFR on Solaris. * Fix occasional NSEC bitmap bogus * Fix rr comparing (was in reversed order since 1.6.0) * bug278: fix parsing HINFO rdata (and other cases). * Fix previous owner name: also pick up if owner name is @. * RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9. 8 or higher. Reason for this default is the root to be signed with RSASHA256. * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines * Fix: Make ldns_dname_is_subdomain case insensitive. * Fix ldns-verify-zone so that address records at zone NS set are not considered glue (Or glue records fall below delegation) * Fix LOC RR altitude printing. * Feature: Added period (e.g. '3m6d') support at explicit TTLs. * Feature: DNSKEY rrset by default signed with minimal signatures but -A option for ldns-signzone to sign it with all keys. This makes the DNSKEY responses smaller for signed domains. 1.6.1 2009-09-14 * --enable-gost : use the GOST algorithm (experimental). * Added some missing options to drill manpage * Some fixes to --without-ssl option * Fixed quote parsing withing strings * Bitmask fix in EDNS handling * Fixed non-fqdn domain name completion for rdata field domain names of length 1 * Fixed chain validation with SHA256 DS records 1.6.0 Additions: * Addition of an ldns-config script which gives cflags and libs values, for use in configure scripts for applications that use use ldns. Can be disabled with ./configure --disable-ldns-config * Added direct sha1, sha256, and sha512 support in ldns. With these functions, all NSEC3 functionality can still be used, even if ldns is built without OpenSSL. Thanks to OpenBSD, Steve Reid, and Aaron D. Gifford for the code. * Added reading/writing support for the SPF Resource Record * Base32 functions are now exported Bugfixes: * ldns_is_rrset did not go through the complete rrset, but only compared the first two records. Thanks to Olafur Gudmundsson for report and patch * Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(), thanks to Marius Rieder for finding an patching this. * --without-ssl should now work. Make sure that examples/ and drill also get the --without-ssl flag on their configure, if this is used. * Some malloc() return value checks have been added * NSEC3 creation has been improved wrt to empty nonterminals, and opt-out. * Fixed a bug in the parser when reading large NSEC3 salt values. * Made the allowed length for domain names on wire and presentation format the same. Example tools: * ldns-key2ds can now also generate DS records for keys without the SEP flag * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to the first non-default DNSKEY TTL value it sees) 1.5.1 Example tools: * ldns-signzone was broken in 1.5.0 for multiple keys, this has been repaired Build system: * Removed a small erroneous output warning in examples/configure and drill/configure 1.5.0 Bug fixes: * fixed a possible memory overflow in the RR parser * build flag fix for Sun Studio * fixed a building race condition in the copying of header files * EDNS0 extended rcode; the correct assembled code number is now printed (still in the EDNS0 field, though) * ldns_pkt_rr no longer leaks memory (in fact, it no longer copies anything all) API addition: * ldns_key now has support for 'external' data, in which case the OpenSSL EVP structures are not used; ldns_key_set_external_key() and ldns_key_external_key() * added ldns_key_get_file_base_name() which creates a 'default' filename base string for key storage, of the form "K<zone>+<algorithm>+<keytag>" * the ldns_dnssec_* family of structures now have deep_free() functions, which also free the ldns_rr's contained in them * there is now an ldns_match_wildcard() function, which checks whether a domain name matches a wildcard name * ldns_sign_public has been split up; this resulted in the addition of ldns_create_empty_rrsig() and ldns_sign_public_buffer() Examples: * ldns-signzone can now automatically add DNSKEY records when using an OpenSSL engine, as it already did when using key files * added new example tool: ldns-nsec3-hash * ldns-dpa can now filter on specific query name and types * ldnsd has fixes for the zone name, a fix for the return value of recvfrom(), and an memory initialization fix (Thanks to Colm MacCárthaigh for the patch) * Fixed memory leaks in ldnsd 1.4.1 Bug fixes: * fixed a build issue where ldns lib existence was done too early * removed unnecessary check for pcap.h * NSEC3 optout flag now correctly printed in string output * inttypes.h moved to configured inclusion * fixed NSEC3 type bitmaps for empty nonterminals and unsigned delegations API addition: * for that last fix, we added a new function ldns_dname_add_from() that can clone parts of a dname
Update to drill-1.4.0: Sync with ldns-1.4.0 release. Add DESTDIR support.
Import drill version 1.0-pre3 from NLnet Labs, as embedded in ldns-1.3.0. Drill is a tool ala dig from BIND. It was designed with DNSSEC in mind and should be a useful debugging/query tool for DNSSEC. A lot of DNS debugging is done with dig, but as dig is made with the same libraries as BIND8/9 (the most used DNS server out there), what are you actually debugging/testing? Drill has nothing in common with either NSD nor BIND. During the development process we are actually uncovering obscure bugs in NSD and BIND (and in drill itself).
Initial revision