2024-04-20 16:02:40 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
net/bind918: fix blocklist handling
Apply change of revision 1.21 in NetBSD base which fixed PR bin/58170.
Bump PKGREVISION.
|
2024-04-18 15:37:53 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
net/bind918: update to 9.18.62
9.18.26 (2024-04-17)
6364. [protocol] Add RESOLVER.ARPA to the built in empty zones.
[GL #4580]
6363. [bug] dig/mdig +ednsflags=<non-zero-value> did not re-enable
EDNS if it had been disabled. [GL #4641]
6361. [bug] Some invalid ISO 8601 durations were accepted
erroneously. [GL #4624]
6360. [bug] Don't return static-stub synthesised NS RRset.
[GL #4608]
6359. [bug] Fix bug in Depends (keymgr_dep) function. [GL #4552]
6351. [protocol] Support for the RESINFO record type has been added.
[GL #4413]
6346. [bug] Cleaned up several minor bugs in the RBTDB dbiterator
implementation. [GL !8741]
6345. [bug] Added missing dns_rdataset_disassociate calls in
validator.c:findnsec3proofs. [GL #4571]
6340. [test] Fix incorrectly reported errors when running tests
with `make test` on platforms with older pytest.
[GL #4560]
6338. [func] Optimize slabheader placement, so the infrastructure
records are put in the beginning of the slabheader
linked list. [GL !8675]
6334. [doc] Improve ARM parental-agents definition. [GL #4531]
6333. [bug] Fix the DNS_GETDB_STALEFIRST flag, which was defined
incorrectly in lib/ns/query.c. [GL !8683]
6330. [doc] Update ZSK minimum lifetime documentation in ARM, also
depends on signing delay. [GL #4510]
6328. [func] Add workaround to enforce dynamic linker to pull
jemalloc earlier than libc to ensure all memory
allocations are done via jemalloc. [GL #4404]
6326. [bug] Changes to "listen-on" statements were ignored on
reconfiguration unless the port or interface address was
changed, making it impossible to change a related
listener transport type. Thanks to Thomas Amgarten.
[GL #4518] [GL #4528]
6325. [func] Expose the TCP client count in statistics channel.
[GL #4425]
6324. [bug] Fix a possible crash in 'dig +nssearch +nofail' and
'host -C' commands when one of the name servers returns
SERVFAIL. [GL #4508]
6313. [bug] When dnssec-policy is in effect the DNSKEY's TTLs in
the zone where not being updated to match the policy.
This lead to failures when DNSKEYs where updated as the
TTLs mismatched. [GL #4466]
|
2024-04-05 16:01:01 by Thomas Klausner | Files touched by this commit (49) |
Log message:
*: recursive bump for protobuf 26.1
|
2024-03-20 15:59:15 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
net/bind918: update to 9.18.25
9.18.25 (2024-03-20)
6356. [bug] Create the pruning task in the dns_cache_flush(), so
the cache pruning still works after the flush.
[GL #4621]
6353. [bug] Improve the TTL-based cleaning by removing the expired
headers from the heap, so they don't block the next
cleaning round and clean more than a single item for
each new addition to the RBTDB. [GL #4591]
6352. [bug] Revert change 6319 and decrease lock contention during
RBTDB tree pruning by not cleaning up nodes recursively
within a single prune_tree() call. [GL #4596]
6350. [bug] Address use after free in expire_lru_headers. [GL #4495]
|
2024-02-13 14:50:39 by Takahiro Kambe | Files touched by this commit (4) | |
Log message:
net/bind918: update to 9.18.24
9.18.24 (2024-02-13)
--- 9.18.24 released ---
6343. [bug] Fix case insensitive setting for isc_ht hashtable.
[GL #4568]
--- 9.18.23 released ---
6322. [security] Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL #4424]
6321. [security] Change 6315 inadvertently introduced regressions that
could cause named to crash. [GL #4234]
6320. [bug] Under some circumstances, the DoT code in client
mode could process more than one message at a time when
that was not expected. That has been fixed. [GL #4487]
--- 9.18.22 released ---
6319. [func] Limit isc_task_send() overhead for RBTDB tree pruning.
[GL #4383]
6317. [security] Restore DNS64 state when handling a serve-stale timeout.
(CVE-2023-5679) [GL #4334]
6316. [security] Specific queries could trigger an assertion check with
nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
6315. [security] Speed up parsing of DNS messages with many different
names. (CVE-2023-4408) [GL #4234]
6314. [bug] Address race conditions in dns_tsigkey_find().
[GL #4182]
6312. [bug] Conversion from NSEC3 signed to NSEC signed could
temporarily put the zone into a state where it was
treated as unsigned until the NSEC chain was built.
Additionally conversion from one set of NSEC3 parameters
to another could also temporarily put the zone into a
state where it was treated as unsigned until the new
NSEC3 chain was built. [GL #1794] [GL #4495]
6310. [bug] Memory leak in zone.c:sign_zone. When named signed a
zone it could leak dst_keys due to a misplaced
'continue'. [GL #4488]
6306. [func] Log more details about the cause of "not exact" errors.
[GL #4500]
6304. [bug] The wrong time was being used to determine what RRSIGs
where to be generated when dnssec-policy was in use.
[GL #4494]
6302. [func] The "trust-anchor-telemetry" statement is no longer
marked as experimental. This silences a relevant log
message that was emitted even when the feature was
explicitly disabled. [GL #4497]
6300. [bug] Fix statistics export to use full 64 bit signed numbers
instead of truncating values to unsigned 32 bits.
[GL #4467]
6299. [port] NetBSD has added 'hmac' to libc which collides with our
use of 'hmac'. [GL #4478]
|
2024-01-30 19:29:21 by Adam Ciarcinski | Files touched by this commit (47) |
Log message:
revbump for devel/abseil
|
2024-01-13 21:08:25 by Taylor R Campbell | Files touched by this commit (8) |
Log message:
*/builtin.mk: Disable for cross-build if executes target program.
We can't run target programs during cross-build, so we either need to
disable builtin detection or find another way to detect the target
program's version.
No change to native builds because this just makes some existing
logic conditional on native builds.
|
2024-01-05 02:53:35 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
net/bind918: fix BUILDLINK_ABI_DEPENDS
We have 9.8.21 but not yet 9.18.30nb1.
|
2024-01-05 02:52:20 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
net/bind918: update to 9.18.21
9.18.21 (2023-12-20)
6297. [bug] Improve LRU cleaning behaviour. [GL #4448]
6296. [func] The "resolver-nonbackoff-tries" and
"resolver-retry-interval" options are deprecated;
a warning will be logged if they are used. [GL #4405]
6294. [bug] BIND might sometimes crash after startup or
re-configuration when one 'tls' entry is used multiple
times to connect to remote servers due to initialisation
attempts from contexts of multiple threads. That has
been fixed. [GL #4464]
6290. [bug] Dig +yaml will now report "no servers could be reached"
also for UDP setup failure when no other servers or
tries are left. [GL #1229]
6287. [bug] Recognize escapes when reading the public key from file.
[GL !8502]
6286. [bug] Dig +yaml will now report "no servers could be reached"
on TCP connection failure as well as for UDP timeouts.
[GL #4396]
6282. [func] Deprecate AES-based DNS cookies. [GL #4421]
|
2023-11-18 05:07:29 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
net/bind918: updte to 9.18.20
Note: B.ROOT-SERVERS.NET's addresses will be changed November 27, 2023.
9.18.20 (2023-11-15)
6280. [bug] Fix missing newlines in the output of "rndc nta -dump".
[GL !8454]
6277. [bug] Take into account local authoritative zones when
falling back to serve-stale. [GL #4355]
6275. [bug] Fix assertion failure when using lock-file configuration
option together -X argument to named. [GL #4386]
6274. [bug] The 'lock-file' file was being removed when it
shouldn't have been making it ineffective if named was
started 3 or more times. [GL #4387]
6271. [bug] Fix a shutdown race in dns__catz_update_cb(). [GL #4381]
6269. [maint] B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and
2801:1b8:10::b. [GL #4101]
6267. [func] The timeouts for resending zone refresh queries over UDP
were lowered to enable named to more quickly determine
that a primary is down. [GL #4260]
6265. [bug] Don't schedule resign operations on the raw version
of an inline-signing zone. [GL #4350]
6261. [bug] Fix a possible assertion failure on an error path in
resolver.c:fctx_query(), when using an uninitialized
link. [GL #4331]
6254. [cleanup] Add semantic patch to do an explicit cast from char
to unsigned char in ctype.h class of functions.
[GL #4327]
6252. [test] Python system tests have to be executed by invoking
pytest directly. Executing them with the legacy test
runner is no longer supported. [GL #4250]
6250. [bug] The wrong covered value was being set by
dns_ncache_current for RRSIG records in the returned
rdataset structure. This resulted in TYPE0 being
reported as the covered value of the RRSIG when dumping
the cache contents. [GL #4314]
|