Log message:
*: Recursive revision bump for openssl 1.1.1.

Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.

Log message:
Update to 4.2.2

* Readd _OPENBSD_SOURCE explicitly to fix build on NetBSD 9

Changelog:
13 August 2019: Wouter
	- Fix error message for out of zone data to have more information.

12 August 2019: Wouter
	- Fix #33: Fix segfault in service of remaining streams on exit.

6 August 2019: Wouter
	- Tag for 4.2.2rc1.

5 August 2019: Wouter
	- PR #31: nsd-control: Add missing stdio header.
	- PR #32: tsig: Fix compilation without HAVE_SSL.
	- Cleanup tls context on xfrd exit.

31 July 2019: Wouter
	- Fix #29: SSHFP check NULL pointer dereference.
	- Fix #30: SSHFP check failure due to missing domain name.
	- Fix to timeval_add in minievent for remaining second in microseconds.

22 July 2019: Wouter
	- Set timeout for refetch immediately, only spread load when there
	  are retries.

19 July 2019: Wouter
	- Set no renegotiation on the SSL context to stop client
	  session renegotiation.

18 July 2019: Wouter
	- Fix #25: NSD doesn't refresh zones after extended downtime,
	  it refreshes the old zones, with a random delay of a couple of
	  seconds to spread the load.
	- Fix so that expired zones stay expired when server is down a
	  long time.

17 July 2019: Wouter
	- Fix that NSD warns for wrong length of the hash in SSHFP records.

15 July 2019: Wouter
	- PR #23: Fix typo in nsd.conf man-page.

4 July 2019: Wouter
	- Set version to 4.2.2 in development.
	- clean memory on exit of nsd-checkzone for memory debug.
	- Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
	  dname_concatenate() function.  Reported by Frederic Cambus.
	  It causes the zone parser to crash on a malformed zone file,
	  with assertions enabled, an assertion catches it.
	- Fix #19: Out-of-bounds read caused by improper validation of
	  array index.  Reported by Frederic Cambus.  The zone parser
	  fails on type SIG because of mismatched definition with RRSIG.

2 July 2019: Wouter
	- Tag for 4.2.1rc1

27 June 2019: Wouter
	- Fix unit test for added options and no dot after zone updated
	  log message.
	- Fix compile without accept4.

21 June 2019: Wouter
	- Omit remaining tcp processing if the list is empty.
	- Fix output of nsd-checkconf -h.

20 June 2019: Wouter
	- Initialize event structures before event_set, to stop uninitialized
	  values from setting event library lists and assertions, that would
	  sometimes also show after event_del.
	- Added num.tls and num.tls6 stat counters.
	- PR #12: send-buffer-size, receive-buffer-size,
	  tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
	- Do not use symbol from libc, instead use own replacement, if not
	  available, for accept4.
	- Fix #14, tcp connections have 1/10 to be active and have to work
	  every second, and then they get time to complete during a reload,
	  this is a process that lingers with the old version during a version
	  update.

19 June 2019: Wouter
	- Fix tls handshake event callback function mistake, reported
	  by Mykhailo Danylenko.

18 June 2019: Wouter
	- Fix #15: crash in SSL library, initialize variables for TCP access
	  when TLS is configured.

14 June 2019: Wouter
	- Fix to init event not pointer, in reassignment.

12 June 2019: Wouter
	- Fix to init event structure for reassignment.

Log message:
Remove _OPENBSD_SOURCE for NetBSD from Makefile

* Upstream includes _OPENBSD_SOURCE for NetBSD.
  Noticed by gdt@. Thank you.

Log message:
nsd: update HOMEPAGE

The previous one 404s.

Log message:
Update to 4.2.0

Changelog:
4.2.0
================
FEATURES:
	- Print IP address when bind socket fails with error.
	- Fix #4249: The option hide-identity: yes stops NSD from responding
	  with the hostname for chaos class queries.  Implements the RFC4829
	  security considerations.
	- Patch to add support for TCP Fast Open, from Sara
	  Dickinson (Sinodun).
	- Patch to add support for tls service on a specified tls port,
	  from Sara Dickinson (Sinodun).
	- Use travis for build check, initial unit test and clang analysis.
BUG FIXES:
	- Fix to delete unused zparser.default_apex member.
	- Fix that the TLS handshake routine sets the correct event to
	  continue when done.
	- Fix that TLS renegotiation calls the read and write routines again
	  with the same parameters when the desired event has been satisfied.
	- Fix that TCP Fastopen has better error message and supports OSX.
	- Fix to avoid buffer alloc with global buffer in tls write handler.
	- Fix to initialize event structure when accepting TCP connection.
	- Disable TLS1.0, TLS1.1 and weak ciphers, enable
	  CIPHER_SERVER_PREFERENCE, patch from Andreas Schulze.
	- further setup ssl ctx after the keys are loaded, for ECDH.
	- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
	  patch from Andreas Schulze.
	- Fix #10: Fix memory leaks caused by duplicate rr and include
	  instructions.
	- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.

4.1.27
================
FEATURES:
	- Deny ANY with only one RR in response, by default.  Patch from
	  Daisuke Higashi.  The deny-any statement in nsd.conf sets ANY
	  queries over UDP to be further moved to TCP as well.
	  Also no additional section processing for type ANY, reducing
	  the response size.
	- Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds
	  nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig
	  and del_tsig.  These changes are gone after reload, edit the
	  config file (or a file included from it) to make changes that
	  last after restart.
BUG FIXES:
	- Fix #4213: disable-ipv6 and dnstap compile error.
	- Fix to reduce region_log_stats if condition, this removes a
	  debug statement.
        - Fix for FreeBSD port with dnstap enabled.
	- Fix to remove unused code.
	- Fix #6: nsd-control-setup: Change validity time to a shorter
	  period (<2038).
	- Fix unused definition in header remote.h.
	- Fix #4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big.
	- Fix #4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets.
	- Fixed radtree_insert memory leak.
	- Fixed access recycled variable.

Log message:
Do not conflict with nsd in NetBSD base. Rename rc.d script to nlsnd

Bump PKGREVISION.

Log message:
Update nsd to 4.1.26

XXX Remove MESSAGE as nsd 4.0.0 came out in October 2013?
XXX Did not add dnstap support to pkg.

29 November 2018: Wouter
       - Tag for 4.1.26rc1.

27 November 2018: Wouter
       - Fix parsezone failure in 4194 fix.

26 November 2018: Wouter
       - Fix to not set GLOB_NOSORT so the nsd.conf include: files are
         sorted and in a predictable order.
       - Added nsd-control changezone.  nsd-control changezone name pattern
         allows the change of a zone pattern option without downtime for
         the zone, in one operation.
       - Fix #3433: document that reconfig does not change per-zone stats.

20 November 2018: Wouter
       - Fix #4205: enable-recvmmsg in mixed IPv4/IPv6 environment fails.
         This sets the msg_hdr.msg_namelen correctly after receipt.

19 November 2018: Wouter
       - Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes
         option in nsd.conf.
       - Fix #4202: nsd-control delzone incorrect exit code on error.
       - Tab style fix to use tab for 8 spaces, from Xiaobo Liu.

25 October 2018: Wouter
       - Adjust dnstap socket path for chroot.

22 October 2018: Wouter
       - Fix #4194: Zone file parser derailed by non-FQDN names in RHS of
         DNSSEC RRs.
       - Fix some more, neater code and checks for domain length limit.
       - check that the dnstap socket file can be opened and exists, print
         error if not.

4 October 2018: Wouter
       - dnstap work, the dnstap.proto is a copy of the file from Unbound,
         also dnstap.m4 configure include file.
       - dnstap collector: free eventbase and memclean nicer.
       - dnstap collector: send data and read it in collector.
       - dnstap/dnstap.c and .h from Unbound's contribution from
         Farsight Security, added to then adapt it for dnstap logging in NSD.
       - dnstap.c with auth query and auth response, and called from
         the collector.
       - dnstap work, config nsd.conf parse.
       - dnstap example config.

25 September 2018: Wouter
       - NSD 4.1.25 released, trunk has 4.1.26 in development.

18 September 2018: Wouter
       - tag for NSD 4.1.25rc1.

17 September 2018: Wouter
       - Fix #4156: Fix systemd service manager state change notification

14 September 2018: Wouter
       - Remove unused if clause during server service startup.

13 September 2018: Wouter
       - Fix typo in clang analysis test.
       - Annotate exit functions with noreturn.
       - nsd-control prints neater errors for file failures.

12 September 2018: Wouter
       - clang analysis test.

11 September 2018: Wouter
       - Fix to combine the same error function into one, from Xiaobo Liu.
       - Fix initialisation in remote.c.
       - please clang analyzer and fix parse of IPSECKEY with bad gateway.
       - Fix unit test code for clang analyzer.
       - Fix nsd-checkconf fail on bad zone name.

10 September 2018: Wouter
       - Fix coding style in nsd.c

7 September 2018: Wouter
       - append_trailing_slash has one implementation and is not repeated
         differently.

4 September 2018: Wouter
       - Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu.

15 August 2018: Wouter
       - Fix use_systemd typo/leftover in remote.c.

13 August 2018: Wouter
       - tag for 4.1.24 release.
       - trunk is 4.1.25 in development.
       - Fix that nsec3 precompile deletion happens before the RRs of
         the zone are deleted.
       - Fix printout of accepted remote control connection for unix sockets.

6 August 2018: Wouter
       - tag for 4.1.24rc1 release.

Log message:
Update nsd to 4.1.24

4.1.24
================
FEATURES:
        - #4102: control interface via local socket.
          configure it with control-interface: "/path/nsd.ctl"  The path
          has to start with a / to separate it from an IP address.
          The local socket does not use SSL, but unencrypted traffic, use
          file and containing directory permissions to restrict access.
        - configure --enable-systemd (needs pkg-config and libsystemd) can
          be used to then use-systemd: yes in nsd.conf and have readiness
          signalling with systemd.
        - RFC8162 support, for record type SMIMEA.
BUG FIXES:
        - Patch to fix openwrt for mac os build darwin detection in configure.
        - Fix that first control-interface determines if TLS is used.  Warn
          when IP address interfaces are used without TLS.
        - #4106: Fix that stats printed from nsd-control are recast from
          unsigned long to unsigned (remote.c).
        - Fix that type CAA (and URI) in the zone file can contain
          dots when not in quotes.
        - #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM
          chain, NSD leniently attempts to find a working NSEC3PARAM.

4.1.23
================
BUG FIXES:
        - Fix NSD time sensitive TSIG compare vulnerability.

4.1.22
================
FEATURES:
        - refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
          and allows TCP queries like normal.
        - Use accept4 to speed up answer of TCP queries, on Linux, FreeBSD
          and OpenBSD.
BUG FIXES:
        - Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.
        - Fix to use same condition for nsec3 hash allocation and free.

Log message:
Update to 4.1.21

Changelog:
Features
    --enable-memclean cleans up memory for use with memory checkers,
      eg. valgrind.
    refuse-any nsd.conf option that refuses queries of type ANY.
    lower memory usage for tcp connections, so tcp-count can be higher.

Bug Fixes
    Fix unused variable warnings and uninit variable in statistics printout
      from clang analyzer.
    Fix spelling error in xfr-inspect.
    Fix #3562: explain build error when flex missing.
    Fix buffer size warnings from compiler on filename lengths.
    Fix #4093: Release notes not using 2018.