Log message:
nsd: Update to 4.3.0

Changelog:

10 March 2020: Wouter
	- repository has version number 4.3.0.  Tag for 4.3.0rc1.

3 March 2020: Wouter
	- Fix that the retry wait does not exceed one day for zone transfers.

27 February 2020: Wouter
	- Fix warning on FreeBSD about pointer size cast.

26 February 2020: Wouter
	- Fixup fix of reuseport TCP for server close of sockets not used
	  by it.  And the unit test skips when the necessary debug output
	  is not enabled.

25 February 2020: Wouter
	- Fix event unit test, signal has to be registered with signal_add,
	  event_add not for every backend for signals.  The event_initialized
	  is not possible for every backend, so event_added variable.  The
	  agent write event fires after a timeout, instead of on event write
	  so that it does not trigger a sigpipe event when the handlers stop.
	  Timeout shorted to 0.1 second.  event_get_fd was not implemented,
	  so used ev_fd.  Debug output printfs added to see what happens.
	- Fix checkconf test for new drop-updates config option.
	- Fix errors with reuseport and TCP file descriptors, it was
	  closing them for server-1 in server-2 and server-3..

7 February 2020: Jeroen
	- Add feature to drop queries with opcode UPDATE.

6 February 2020: Jeroen
	- Support SO_BINDTODEVICE on Linux. Specify bindtodevice: yes
	  to bind sockets directly to the network interface.
	- Support SO_SETFIB on FreeBSD. Add setfib=<FIB> after an ip-address
	  option to use the specified FIB for that socket.
	- Require user to add servers=<range> after an ip-address option to
	  specify the servers that must listen on that socket.

6 February 2020: Wouter
	- Merge PR#60: Minor portability fixes from michaelforney, with
	  avoid pointer arithmetic on void* and avoid unnecessary VLA.

4 February 2020: Wouter
	- Merge PR#22: minimise-any: prefer polular and not large RRset,
	  from Daisuke Higashi.
	- Fix responses for IXFR so that the authority section is not echoed
	  in the response.

21 January 2020: Wouter
	- Fix leak in server bitset setup.

16 January 2020: Jeroen
	- Add zone resource record iterator for future zone-verification port.
	- Set FD_CLOEXEC on opened sockets.
	- Add popen3 implementation for future zone-verification port.
	- Add -r option to cutest so that a subset of tests can be run.

15 January 2020: Jeroen
	- Add feature to pin server proccesses to specific cpus.
	- Add feature to pin IP addresses to selected server processes.
	- Set process title to identify individual processes.

13 January 2020: Wouter
	- Merge pull request #59 from buddyns: add FreeBSD support
	  for conf key ip-transparent.

10 January 2020: Wouter
	- Fix unreachable code in ssl set options code.
	- Fix bad shift in assertion code analyzer complaint.

6 January 2020: Wouter
	- Fix #56: Drop sparse TSIG signing support in NSD.
	  Sign every axfr packet with TSIG, according to the latest
	  draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.

12 December 2019: Wouter
	- Note that use-systemd is not necessary and ignored in man page.

11 December 2019: Wouter
	- Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.
	- use-systemd is ignored in nsd.conf, when NSD is compiled with
	  libsystemd it always signals readiness, if possible.

9 December 2019: Wouter
	- Fix to define upper bounds on rr counts read from untrusted packet
	  data.
	- Try different annotation for radix_find_prefix_node not reachable.
	- Separate acl_addr_match_range functions for ip4 and ip6, to
	  please checkers.
	- Avoid unused variable warning in new match_range_v4 function.

6 December 2019: Wouter
	- Fix to define max number of EDNS records we are willing to
	  spend time on.
	- Fix size of string len and capacity type cast in udbradtree.
	- Fix to protect rrcount in tsig_find_rr from overflow.
	- Annotate radix_find_prefix_node not reachable trail code.
	- Fix to protect rrcount in packet_find_notify_serial from overflow.
	- Fix to close socket on error in create_tcp_accept_sock.
	- Fix to log on failure to chmod for socket for remote control.
	- Fix to remove unneeded if in open of socket for remote control.
	- Fix to restore input parameter on call failure in create_dirs.
	- Please checker by terminating and initialising string read
	  by remote control.
	- Fixup of random_generate negative modulo, from previous commit,
	  and return srandom when random is used if no getrandom.

5 December 2019: Wouter
	- Fix fname null check of fname in namedb_read_zonefile.
	- Fix implicit cast of size in udb_radnode_array_grow.
	- Fix ignore of return value of ssl_printf in remote.c.
	- Fix unused check of fd in parent_handle_reload_command.
	- Fix to use getrandom() for randomness, if available.
	- Attempt to fix signedness of nscount lookup in ixfr query_process.
	- Fix identical branches for ssl_print of errors in remote.c.
	- Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
	- Fix to separate header and data lines in parse_zone_list_file.

Log message:
nsd: Update to 4.2.4

Changelog:
3 December 2019: Wouter
	- Fix #52: do not log transient network full errors unless higher
	  verbosity is set.
	- Fix checkconf test for new error output string.
	- tag for 4.2.4rc1 release.

27 November 2017 Jeroen
	- Fix regressions in configparser.y

22 November 2019: Wouter
	- Fix #48: Add make distclean that removes config.h made by configure.
	  And add maintainer-clean that removes bison and flex output.

18 November 2019: Wouter
	- Detect fixed time memcmp for openssl 0.9.8 compatibility.
	- Detect EC_KEY_new_by_curve_name for openssl 0.9.8.
	- include limits.h for UINT_MAX.
	- If no recvmmsg, dont use msg_flags member, but errno for error,
	  where our fallback function left it, msg_flags also does not exist
	  on some systems.
	- Remove unused variable warning for portability.

14 November 2019: Wouter
	- Fix checkconf test with filenames that sort in the same order.
	- Tag for 4.2.3rc1.  Branch master is 4.2.4 in development.

11 November 2019: Wouter
	- Fix #44: document that remote-control is a top-level nsd.conf
	  attribute.
	- Fix compile on OSX.
	- Fix for #44: nicer top-level clause documentation.

22 October 2019: Jeroen
	- Number of different UDP handlers has been reduced to one. recvmmsg
	  and sendmmsg implementations are now used on all platforms.
	  Compatible implementations are in place for systems that lack the
	  system calls.
	- Socket options are now set in designated functions for easy reuse.
	- Socket setup has been simplified for easy reuse.
	- Configuration parser is now aware of the context in which an option
	  was specified.

21 October 2019: Wouter
	- For #21 add
	  contrib/patch_for_s6_startup_and_other_service_supervisors.diff
	  that adds support for readiness notification with READY_FD from
	  Cameron Nemo.

17 October 2019: Jeroen
	- Fix #40: Merge small fixes for confine-to-zone by Greg Bock.

15 October 2019: Jeroen
	- For #39: Merge confine-to-zone feature contributes by Greg Bock.

26 September 2019: Wouter
	- Fix #38: log address and failure reason with tls handshake errors,
	  squelches (the same as unbound) some unless high verbosity is used.
	- Fixup clang analysis warning in xfrd_parse_received_xfr_packet
	  master dereference.

25 September 2019: Wouter
	- The nsd.conf includes are sorted ascending, for include statements
	  with a '*' from glob.

16 September 2019: Wouter
	- Fixup warnings during --disable-ipv6 compile.
	- Fixup unit test executable to run without IPv6.

4 September 2019: Wouter
	- Fix #35: excessive logging of ixfr failures, it stops the log when
	  fallback to axfr is possible. log is enabled at high verbosity.

2 September 2019: Wouter
	- For #21: pidfile "" allows to run NSD without a pidfile, for
	  startup management tools like daemontools.

28 August 2019: Wouter
	- In tests check for tls test tool availability.

Log message:
*: Remove obsolete BUILDLINK_API_DEPENDS.openssl.

Log message:
*: Recursive revision bump for openssl 1.1.1.

Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.

Log message:
Update to 4.2.2

* Readd _OPENBSD_SOURCE explicitly to fix build on NetBSD 9

Changelog:
13 August 2019: Wouter
	- Fix error message for out of zone data to have more information.

12 August 2019: Wouter
	- Fix #33: Fix segfault in service of remaining streams on exit.

6 August 2019: Wouter
	- Tag for 4.2.2rc1.

5 August 2019: Wouter
	- PR #31: nsd-control: Add missing stdio header.
	- PR #32: tsig: Fix compilation without HAVE_SSL.
	- Cleanup tls context on xfrd exit.

31 July 2019: Wouter
	- Fix #29: SSHFP check NULL pointer dereference.
	- Fix #30: SSHFP check failure due to missing domain name.
	- Fix to timeval_add in minievent for remaining second in microseconds.

22 July 2019: Wouter
	- Set timeout for refetch immediately, only spread load when there
	  are retries.

19 July 2019: Wouter
	- Set no renegotiation on the SSL context to stop client
	  session renegotiation.

18 July 2019: Wouter
	- Fix #25: NSD doesn't refresh zones after extended downtime,
	  it refreshes the old zones, with a random delay of a couple of
	  seconds to spread the load.
	- Fix so that expired zones stay expired when server is down a
	  long time.

17 July 2019: Wouter
	- Fix that NSD warns for wrong length of the hash in SSHFP records.

15 July 2019: Wouter
	- PR #23: Fix typo in nsd.conf man-page.

4 July 2019: Wouter
	- Set version to 4.2.2 in development.
	- clean memory on exit of nsd-checkzone for memory debug.
	- Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
	  dname_concatenate() function.  Reported by Frederic Cambus.
	  It causes the zone parser to crash on a malformed zone file,
	  with assertions enabled, an assertion catches it.
	- Fix #19: Out-of-bounds read caused by improper validation of
	  array index.  Reported by Frederic Cambus.  The zone parser
	  fails on type SIG because of mismatched definition with RRSIG.

2 July 2019: Wouter
	- Tag for 4.2.1rc1

27 June 2019: Wouter
	- Fix unit test for added options and no dot after zone updated
	  log message.
	- Fix compile without accept4.

21 June 2019: Wouter
	- Omit remaining tcp processing if the list is empty.
	- Fix output of nsd-checkconf -h.

20 June 2019: Wouter
	- Initialize event structures before event_set, to stop uninitialized
	  values from setting event library lists and assertions, that would
	  sometimes also show after event_del.
	- Added num.tls and num.tls6 stat counters.
	- PR #12: send-buffer-size, receive-buffer-size,
	  tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
	- Do not use symbol from libc, instead use own replacement, if not
	  available, for accept4.
	- Fix #14, tcp connections have 1/10 to be active and have to work
	  every second, and then they get time to complete during a reload,
	  this is a process that lingers with the old version during a version
	  update.

19 June 2019: Wouter
	- Fix tls handshake event callback function mistake, reported
	  by Mykhailo Danylenko.

18 June 2019: Wouter
	- Fix #15: crash in SSL library, initialize variables for TCP access
	  when TLS is configured.

14 June 2019: Wouter
	- Fix to init event not pointer, in reassignment.

12 June 2019: Wouter
	- Fix to init event structure for reassignment.

Log message:
Remove _OPENBSD_SOURCE for NetBSD from Makefile

* Upstream includes _OPENBSD_SOURCE for NetBSD.
  Noticed by gdt@. Thank you.

Log message:
nsd: update HOMEPAGE

The previous one 404s.

Log message:
Update to 4.2.0

Changelog:
4.2.0
================
FEATURES:
	- Print IP address when bind socket fails with error.
	- Fix #4249: The option hide-identity: yes stops NSD from responding
	  with the hostname for chaos class queries.  Implements the RFC4829
	  security considerations.
	- Patch to add support for TCP Fast Open, from Sara
	  Dickinson (Sinodun).
	- Patch to add support for tls service on a specified tls port,
	  from Sara Dickinson (Sinodun).
	- Use travis for build check, initial unit test and clang analysis.
BUG FIXES:
	- Fix to delete unused zparser.default_apex member.
	- Fix that the TLS handshake routine sets the correct event to
	  continue when done.
	- Fix that TLS renegotiation calls the read and write routines again
	  with the same parameters when the desired event has been satisfied.
	- Fix that TCP Fastopen has better error message and supports OSX.
	- Fix to avoid buffer alloc with global buffer in tls write handler.
	- Fix to initialize event structure when accepting TCP connection.
	- Disable TLS1.0, TLS1.1 and weak ciphers, enable
	  CIPHER_SERVER_PREFERENCE, patch from Andreas Schulze.
	- further setup ssl ctx after the keys are loaded, for ECDH.
	- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
	  patch from Andreas Schulze.
	- Fix #10: Fix memory leaks caused by duplicate rr and include
	  instructions.
	- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.

4.1.27
================
FEATURES:
	- Deny ANY with only one RR in response, by default.  Patch from
	  Daisuke Higashi.  The deny-any statement in nsd.conf sets ANY
	  queries over UDP to be further moved to TCP as well.
	  Also no additional section processing for type ANY, reducing
	  the response size.
	- Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds
	  nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig
	  and del_tsig.  These changes are gone after reload, edit the
	  config file (or a file included from it) to make changes that
	  last after restart.
BUG FIXES:
	- Fix #4213: disable-ipv6 and dnstap compile error.
	- Fix to reduce region_log_stats if condition, this removes a
	  debug statement.
        - Fix for FreeBSD port with dnstap enabled.
	- Fix to remove unused code.
	- Fix #6: nsd-control-setup: Change validity time to a shorter
	  period (<2038).
	- Fix unused definition in header remote.h.
	- Fix #4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big.
	- Fix #4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets.
	- Fixed radtree_insert memory leak.
	- Fixed access recycled variable.

Log message:
Do not conflict with nsd in NetBSD base. Rename rc.d script to nlsnd

Bump PKGREVISION.