2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836) |
Log message:
*: Recursive revision bump for openssl 1.1.1.
|
2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255) |
Log message:
net: align variable assignments
pkglint -Wall -F --only aligned --only indent -r
No manual corrections.
|
2019-08-21 16:16:40 by Ryo ONODERA | Files touched by this commit (2) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
Update to 4.2.2
* Readd _OPENBSD_SOURCE explicitly to fix build on NetBSD 9
Changelog:
13 August 2019: Wouter
- Fix error message for out of zone data to have more information.
12 August 2019: Wouter
- Fix #33: Fix segfault in service of remaining streams on exit.
6 August 2019: Wouter
- Tag for 4.2.2rc1.
5 August 2019: Wouter
- PR #31: nsd-control: Add missing stdio header.
- PR #32: tsig: Fix compilation without HAVE_SSL.
- Cleanup tls context on xfrd exit.
31 July 2019: Wouter
- Fix #29: SSHFP check NULL pointer dereference.
- Fix #30: SSHFP check failure due to missing domain name.
- Fix to timeval_add in minievent for remaining second in microseconds.
22 July 2019: Wouter
- Set timeout for refetch immediately, only spread load when there
are retries.
19 July 2019: Wouter
- Set no renegotiation on the SSL context to stop client
session renegotiation.
18 July 2019: Wouter
- Fix #25: NSD doesn't refresh zones after extended downtime,
it refreshes the old zones, with a random delay of a couple of
seconds to spread the load.
- Fix so that expired zones stay expired when server is down a
long time.
17 July 2019: Wouter
- Fix that NSD warns for wrong length of the hash in SSHFP records.
15 July 2019: Wouter
- PR #23: Fix typo in nsd.conf man-page.
4 July 2019: Wouter
- Set version to 4.2.2 in development.
- clean memory on exit of nsd-checkzone for memory debug.
- Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
dname_concatenate() function. Reported by Frederic Cambus.
It causes the zone parser to crash on a malformed zone file,
with assertions enabled, an assertion catches it.
- Fix #19: Out-of-bounds read caused by improper validation of
array index. Reported by Frederic Cambus. The zone parser
fails on type SIG because of mismatched definition with RRSIG.
2 July 2019: Wouter
- Tag for 4.2.1rc1
27 June 2019: Wouter
- Fix unit test for added options and no dot after zone updated
log message.
- Fix compile without accept4.
21 June 2019: Wouter
- Omit remaining tcp processing if the list is empty.
- Fix output of nsd-checkconf -h.
20 June 2019: Wouter
- Initialize event structures before event_set, to stop uninitialized
values from setting event library lists and assertions, that would
sometimes also show after event_del.
- Added num.tls and num.tls6 stat counters.
- PR #12: send-buffer-size, receive-buffer-size,
tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
- Do not use symbol from libc, instead use own replacement, if not
available, for accept4.
- Fix #14, tcp connections have 1/10 to be active and have to work
every second, and then they get time to complete during a reload,
this is a process that lingers with the old version during a version
update.
19 June 2019: Wouter
- Fix tls handshake event callback function mistake, reported
by Mykhailo Danylenko.
18 June 2019: Wouter
- Fix #15: crash in SSL library, initialize variables for TCP access
when TLS is configured.
14 June 2019: Wouter
- Fix to init event not pointer, in reassignment.
12 June 2019: Wouter
- Fix to init event structure for reassignment.
|
2019-07-16 13:38:27 by Ryo ONODERA | Files touched by this commit (1) |
Log message:
Remove _OPENBSD_SOURCE for NetBSD from Makefile
* Upstream includes _OPENBSD_SOURCE for NetBSD.
Noticed by gdt@. Thank you.
|
2019-07-05 09:53:10 by Benny Siegert | Files touched by this commit (1) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
nsd: update HOMEPAGE
The previous one 404s.
|
2019-06-13 15:21:40 by Ryo ONODERA | Files touched by this commit (2) | ![Package updated](https://pkgsrc.se/images/update.gif) |
Log message:
Update to 4.2.0
Changelog:
4.2.0
================
FEATURES:
- Print IP address when bind socket fails with error.
- Fix #4249: The option hide-identity: yes stops NSD from responding
with the hostname for chaos class queries. Implements the RFC4829
security considerations.
- Patch to add support for TCP Fast Open, from Sara
Dickinson (Sinodun).
- Patch to add support for tls service on a specified tls port,
from Sara Dickinson (Sinodun).
- Use travis for build check, initial unit test and clang analysis.
BUG FIXES:
- Fix to delete unused zparser.default_apex member.
- Fix that the TLS handshake routine sets the correct event to
continue when done.
- Fix that TLS renegotiation calls the read and write routines again
with the same parameters when the desired event has been satisfied.
- Fix that TCP Fastopen has better error message and supports OSX.
- Fix to avoid buffer alloc with global buffer in tls write handler.
- Fix to initialize event structure when accepting TCP connection.
- Disable TLS1.0, TLS1.1 and weak ciphers, enable
CIPHER_SERVER_PREFERENCE, patch from Andreas Schulze.
- further setup ssl ctx after the keys are loaded, for ECDH.
- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
patch from Andreas Schulze.
- Fix #10: Fix memory leaks caused by duplicate rr and include
instructions.
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
4.1.27
================
FEATURES:
- Deny ANY with only one RR in response, by default. Patch from
Daisuke Higashi. The deny-any statement in nsd.conf sets ANY
queries over UDP to be further moved to TCP as well.
Also no additional section processing for type ANY, reducing
the response size.
- Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds
nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig
and del_tsig. These changes are gone after reload, edit the
config file (or a file included from it) to make changes that
last after restart.
BUG FIXES:
- Fix #4213: disable-ipv6 and dnstap compile error.
- Fix to reduce region_log_stats if condition, this removes a
debug statement.
- Fix for FreeBSD port with dnstap enabled.
- Fix to remove unused code.
- Fix #6: nsd-control-setup: Change validity time to a shorter
period (<2038).
- Fix unused definition in header remote.h.
- Fix #4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big.
- Fix #4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets.
- Fixed radtree_insert memory leak.
- Fixed access recycled variable.
|
2019-01-29 15:54:03 by Ryo ONODERA | Files touched by this commit (3) |
Log message:
Do not conflict with nsd in NetBSD base. Rename rc.d script to nlsnd
Bump PKGREVISION.
|
2019-01-17 14:59:37 by Patrick Welche | Files touched by this commit (2) |
Log message:
Update nsd to 4.1.26
XXX Remove MESSAGE as nsd 4.0.0 came out in October 2013?
XXX Did not add dnstap support to pkg.
29 November 2018: Wouter
- Tag for 4.1.26rc1.
27 November 2018: Wouter
- Fix parsezone failure in 4194 fix.
26 November 2018: Wouter
- Fix to not set GLOB_NOSORT so the nsd.conf include: files are
sorted and in a predictable order.
- Added nsd-control changezone. nsd-control changezone name pattern
allows the change of a zone pattern option without downtime for
the zone, in one operation.
- Fix #3433: document that reconfig does not change per-zone stats.
20 November 2018: Wouter
- Fix #4205: enable-recvmmsg in mixed IPv4/IPv6 environment fails.
This sets the msg_hdr.msg_namelen correctly after receipt.
19 November 2018: Wouter
- Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes
option in nsd.conf.
- Fix #4202: nsd-control delzone incorrect exit code on error.
- Tab style fix to use tab for 8 spaces, from Xiaobo Liu.
25 October 2018: Wouter
- Adjust dnstap socket path for chroot.
22 October 2018: Wouter
- Fix #4194: Zone file parser derailed by non-FQDN names in RHS of
DNSSEC RRs.
- Fix some more, neater code and checks for domain length limit.
- check that the dnstap socket file can be opened and exists, print
error if not.
4 October 2018: Wouter
- dnstap work, the dnstap.proto is a copy of the file from Unbound,
also dnstap.m4 configure include file.
- dnstap collector: free eventbase and memclean nicer.
- dnstap collector: send data and read it in collector.
- dnstap/dnstap.c and .h from Unbound's contribution from
Farsight Security, added to then adapt it for dnstap logging in NSD.
- dnstap.c with auth query and auth response, and called from
the collector.
- dnstap work, config nsd.conf parse.
- dnstap example config.
25 September 2018: Wouter
- NSD 4.1.25 released, trunk has 4.1.26 in development.
18 September 2018: Wouter
- tag for NSD 4.1.25rc1.
17 September 2018: Wouter
- Fix #4156: Fix systemd service manager state change notification
14 September 2018: Wouter
- Remove unused if clause during server service startup.
13 September 2018: Wouter
- Fix typo in clang analysis test.
- Annotate exit functions with noreturn.
- nsd-control prints neater errors for file failures.
12 September 2018: Wouter
- clang analysis test.
11 September 2018: Wouter
- Fix to combine the same error function into one, from Xiaobo Liu.
- Fix initialisation in remote.c.
- please clang analyzer and fix parse of IPSECKEY with bad gateway.
- Fix unit test code for clang analyzer.
- Fix nsd-checkconf fail on bad zone name.
10 September 2018: Wouter
- Fix coding style in nsd.c
7 September 2018: Wouter
- append_trailing_slash has one implementation and is not repeated
differently.
4 September 2018: Wouter
- Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu.
15 August 2018: Wouter
- Fix use_systemd typo/leftover in remote.c.
13 August 2018: Wouter
- tag for 4.1.24 release.
- trunk is 4.1.25 in development.
- Fix that nsec3 precompile deletion happens before the RRs of
the zone are deleted.
- Fix printout of accepted remote control connection for unix sockets.
6 August 2018: Wouter
- tag for 4.1.24rc1 release.
|
2018-09-04 13:24:34 by Patrick Welche | Files touched by this commit (2) |
Log message:
Update nsd to 4.1.24
4.1.24
================
FEATURES:
- #4102: control interface via local socket.
configure it with control-interface: "/path/nsd.ctl" The path
has to start with a / to separate it from an IP address.
The local socket does not use SSL, but unencrypted traffic, use
file and containing directory permissions to restrict access.
- configure --enable-systemd (needs pkg-config and libsystemd) can
be used to then use-systemd: yes in nsd.conf and have readiness
signalling with systemd.
- RFC8162 support, for record type SMIMEA.
BUG FIXES:
- Patch to fix openwrt for mac os build darwin detection in configure.
- Fix that first control-interface determines if TLS is used. Warn
when IP address interfaces are used without TLS.
- #4106: Fix that stats printed from nsd-control are recast from
unsigned long to unsigned (remote.c).
- Fix that type CAA (and URI) in the zone file can contain
dots when not in quotes.
- #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM
chain, NSD leniently attempts to find a working NSEC3PARAM.
4.1.23
================
BUG FIXES:
- Fix NSD time sensitive TSIG compare vulnerability.
4.1.22
================
FEATURES:
- refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
and allows TCP queries like normal.
- Use accept4 to speed up answer of TCP queries, on Linux, FreeBSD
and OpenBSD.
BUG FIXES:
- Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.
- Fix to use same condition for nsec3 hash allocation and free.
|
2018-06-10 06:27:03 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
Update to 4.1.21
Changelog:
Features
--enable-memclean cleans up memory for use with memory checkers,
eg. valgrind.
refuse-any nsd.conf option that refuses queries of type ANY.
lower memory usage for tcp connections, so tcp-count can be higher.
Bug Fixes
Fix unused variable warnings and uninit variable in statistics printout
from clang analyzer.
Fix spelling error in xfr-inspect.
Fix #3562: explain build error when flex missing.
Fix buffer size warnings from compiler on filename lengths.
Fix #4093: Release notes not using 2018.
|