Log message:
net/nsd: Update to version 4.11.1.

Pkgsrc changes:
 * Remove now-upstream-integrated patch.
 * Checksum changes.

Upstream changes:

NSD version 4.11.0 had a serious bug in which applying updates to
zones (and other modifications that require a reload, such as adding
and deleting zones), could stop entirely after reception of a broken
or corrupted update via zone transfer. We believe that this broken
state would appear as one of the NSD processes consuming 100% CPU.
Version 4.11.1 has this corrected as well as some other smaller
non-critical bugs.

We strongly advise to not run NSD version 4.11.0, and if you have
it deployed already, upgrade to 4.11.1 at the earliest possible
opportunity.

4.11.1
================
BUG FIXES:
        - Fix #415: Fix out of tree builds. Thanks Florian Obser (@fobser).
        - Fix #414: XoT interoperability with BIND and Knot
        - Fix #421: old-main can quit before the reload process received
          from old-main that it is done on the reload_listener pipe.
          Thanks Otto Retter.
        - Fix whitespace in comment.
        - Fix #424: Stalled updates after corrupt transfer.

4.11.0
================
FEATURES:
        - Support reloading configuration on SIGHUP.
        - Fix #383: log timestamps in ISO8601 format with timezone.
          This adds the option `log-time-iso: yes` that logs in ISO8601
          format.
        - Updated cookie secrets management.
          The default cookie secret file location can be set at compile time
          with the --with-cookiesecretsfile=path option to configure. The
          default location is changed to {dbdir}/cookiesecrets.txt. The
          previous default location will be checked at startup when there is
          no cookie secrets file at the new default location.
          A staging cookie can now also be configured in the configuration
          file and secrets configured in the configuration file now take
          precedence over those read from file.
          All DNS related setting in the configuration file will be reevaluated
          and effectuated after nsd-control reconfig.
        - Merge #398: RFC 9660 The DNS Zone Version (ZONEVERSION) Option
        - Merge #406: ohttp and tls-supported-groups SvcParam suppor
        - Merge #408: NINFO, RKEY, RESINFO, WALLET, CLA and TA RR types
        - Merge #409: Writing of NSAP-PTR, GPOS and HIP RR types
        - Merge #407: Better balanced verbosity levels for logging.

BUG FIXES:
        - Fix title underline and declaration after statement warnings.
        - Add cross platform freebsd, openbsd and netbsd to github ci.
        - Update simdzone to include fix for netbsd double bswap declarations,
          and also semantic checks for DS and ZONEMD. And CFLAGS has -march
          prepended to fix detection.
        - Merge #376: Point the user towards tcpdump for logging individual
          queries.
        - Track $INCLUDEs in zone files.
        - Fix ci to update macos-12 to the macos-15 runner image.
        - Merge #390: Apply non-xfr tasks before xfr tasks.
          This fixes an issue where non-xfr tasks are lost when they are
          batch processed together with non-xfr tasks.
          This merge also changes that notifies are passed on from the serve
          processes to the xfrd directly instead of via main. This was
          necessary to allow applying the non-xfr tasks without forking a
          backup-main for the sole purpose of forwarding notifies.
        - Merge #391: Update copyright lines (in version output).
        - Fix #392: Inconsistent documentation about control-interface.
        - Merge #395: Explain the zonefile example better.
        - Merge #394: Fix the path to use doc/manual/.
        - Fix analyzer issue in do_print_cookie_secrets to check for failure.
        - Merge #404: Introducing Sphinx substitution in code blocks.
          As well as other fixes with Sphinx build.
        - Update Copyright lines in help output
        - Merge #395: Explain zonefile example better
        - Merge #394: Fix doc path (fixes "Edit on GitHub" button in \ 
the docs)
        - Fix Makefile for parallel build failure around bison rule.
        - Fix #405: Fix typo in documentation.
        - Treat a mismatch in RRset TTLs as a warning.

Log message:
net/nsd: Update comment in patch with upstream pull request ID.

Log message:
Update nsd to version 4.10.1.

Pkgsrc changes:
 * Add a patch so that this builds again on NetBSD,
   upstream had borrowed some of our code but not ensured
   that it still built for us...

Upstream changes:

NSD 4.10.1

This release consists primarily of bug fixes.

@bilias implemented mutual TLS authentication for zone transfers.
Please consult the nsd.conf manual for details on the newly introduced
configuration options tls-auth-port and tls-auth-xfr-only.

@orlitzky provided integration for the OpenRC init system.

Version 4.10.0 was the first release to integrate simdzone. Build
issues on OpenBSD releases before 5.6, Gentoo and Solaris have been
reported and fixed. The fallback parser, used on systems that lack
SSE4.2 and AVX2 instruction sets, contained some bugs with regards
to state keeping and under certain circumstances a use after free
bug was encountered in buffer management.

FEATURES:

 * Merge #352 from orlitzky: contrib: add OpenRC service script,
   config file, and tmpfiles entry.
 * Merge #337 from bilias: Mutual TLS-AUTH.

BUG FIXES:

 * Fix incorrect punctuation of log messages.
 * Fix for #317, document more text on pidfile permissions.
 * Fix #334: RFC8482 behavior documentation.
 * Fix for OpenSSL 3.0 deprecated functions.
 * Merge #341: Fix allow-query wording in nsd.conf.5.in.
 * Fix test script from making spurious output.
 * Fix cpu_affinity and socket_partitioning tests for --enable-log-role.
 * Fix #344: Update simdzone.
 * Fix #347: Adjust verbosity for TLS (+TCP) to be 5.
 * Merge #348: Move TLS logging to verbosity level 5.
 * For #347: Also adjust verbosity of log message for remaining TCP connections.
 * Merge #349: log file name before loading.
 * Use MAKE variable rather than make command directly in Makefile.
 * Serialize WKS RRs using numeric values rather than names.
 * Fix propagation of Makefile targets to simdzone.
 * Do not log ACL mismatch on followed CNAMEs.
 * Fix link of xfr-inspect for libssl dependency.
 * Initialize tls_auth_port and tls_auth_xfr_only options.
 * Merge #358: Fix Hurd build error due to log_err.
 * Update simdzone to fix detection of AVX2 support.

simdzone 0.1.1

FEATURES:

 * Test to verify configure.ac and Makefile.in are correct.
 * Add support for reading from stdin if filename is "-".
 * Add support for building with Oracle Developer Studio 12.6.
 * Add support for "time" service for Well-Know Services (WKS) RR.

BUG FIXES:

 * Fix makefile dependencies.
 * Fix makefile to use source directory for build dependencies.
 * Fix changelog to reflect v0.1.0 release.
 * Update makefile to not use target-specific variables.
 * Fix makefile clean targets.
 * Fix state keeping in fallback scanner for contiguous and quoted.
 * Fix bug in name scanner.
 * Fix type mnemonic parsing in fallback parser.
 * Fix endian.h to include machine/endian.h on OpenBSD releases before 5.6.
 * Fix use after free on buffer resize.
 * Fix parsing of numeric protocols in WKS RRs.
 * Make devclean target depend on realclean target.
 * Fix detection of AVX2 support by checking generic AVX support
   by the processor and operating system (#222).

CHANGES:

 * Make relative includes relative to current working directory.
 * Split Autoconf and CMake compiler tests for supported SIMD instructions.

Log message:
net/nsd: Updatet to 4.10.1

Changelog:
25 April 2024: Jeroen
	- Bump simdzone to fix OpenBSD build issues.
	- Tag for 4.10.0rc1.

24 April 2024: Wouter
	- Fix that the reload handler for sigchild uses signal_add, and
	  also that the signal handler is restored when done.
	- Fix that when server verify is done it resets the sigchild handler.
	- Fix makedist.sh for simdzone inclusion.
	- Fix makedist.sh to remove simdzone git tracking information and
	  scripting temporaries from tarball.
	- Fix error output of makedist.sh.

23 April 2024: Wouter
	- Fix #329: TCP accept queues number.

22 April 2024: Jeroen
	- Use simdzone version with name parser fix.

16 April 2024: Jeroen
	- Replace Flex+Bison based zone parser with simdzone.

15 April 2024: Wouter
	- Unit test for dname subdomain test used by xfrd-tcp.c.

9 April 2024: Wouter
	- Fix IXFR requests upstream for zones with a long name. Thanks for
	  the report to Yuuki Wakisaka from Internet Initiative Japan Inc.

8 April 2024: Wouter
	- For #317: Modify nsd service script to stop NSD from creating a
	  pid file that systemd is not using.
	- Fix #324: Clarify the purpose of contrib/bug390.patch.

Log message:
net/nsd: Update to 4.9.1

Changelog:
4 April 2024: Jeroen
	- Use rooted temporary path in makedist.sh.
	- Tag for 4.9.1.

3 April 2024: Jeroen
	- Replace multiple strcat and strcpy by snprintf.
	- Tag for 4.9.0.

26 March 2024: Jeroen
	- Test if debug is available in do-tests.
	- Enforce timeout from NSD in ixfr_gone test.
	- Update expressions in ixfr_and_restart test.
	- Make algorithm explicit in control-repattern test.
	- Switch algorithm to hmac-256 for testplan_mess test.
	- Tag for 4.9.0rc1.

25 March 2024: Jeroen
	- Fix timing sensitivity in ixfr_outsync test.

22 March 2024: Jeroen
	- Set up doc/RELNOTES for upcoming release.

26 February 2024: Willem
	- Merge #316: Fix to reap defunct children by the reload process that
	  emerged when some serve child processes were still serving TCP
	  request while the others had already quit, while the reload process
	  was waiting for the signal from the backup/old main process that all
	  children exited.
	- Fix (also from Merge #316) to reap exited children more frequently
	  from server main loop for processes that exited during reload, but
	  missed the initial reaping at start of the main loop because they
	  took somewhat longer to exit.

16 February 2024: Wouter
	- Fix compile with memclean for xfrd nsd.db close.
	- In xfrd del secondary zone, the timer could perhaps have
	  event_added, and if so, it would not be event_del if a tcp connection
	  is active at the time. This could cause the libevent event lists
	  to fail. Also fix to make sure to set event_added for the
	  nsd-control ssl nonblocking handshake and check event_added there
	  too, for extra certainty.

15 February 2024: Willem
	- Merge #304: Support for Catalog zones version "2" as specified in
	  RFC 9432. Both the consumer as well as the producer role are
	  implemented, but only a single catalog consumer zone is allowed.
	  The "coo" property, only relevant with multiple catalog consumer,
	  is therefore not supported. The "group" property is supported.
	  Have a look at the nsd.conf man page for details on how to
	  configure and use catalog zones.

12 February 2024: Willem
	- Allow SOA apex queries to otherwise with allow-query protected zones
	  for clients matching a provide-xfr rule, because clients that are
	  allowed to transfer the zone need to be able to query SOA at the
	  apex preceding the actual transfer.

6 February 2024: Wouter
	- Fix #313: nsd 4.8 stats with implausible spikes.

16 January 2024: Wouter
	- Move acx_nlnetlabs.m4 to version 48, with ssp and getaddrinfo
	  include check.

14 January 2024: Wouter
	- Move acx_nlnetlabs.m4 to version 47, with crypt32 check.

8 December 2023: Wouter
	- Merge #309: More RFC 8499 compliance.
	- Fix #310: NSD stats contain the terms "master" and "slave".
	- Fix control-reconfig-xfrd test for zonestatus primary that is
	  printed by nsd-control zonestatus.

7 December 2023: Wouter
	- Merge #307 from anandb-ripencc: Many improvements to the nsd.conf
	  man page.
	- Fix #308: Deprecate "multi-master-check" in favour of
	  "multi-primary-check".

6 December 2023: Wouter
	- Fix to sync the tests script file common.sh.
	- Update test script file common.sh.
	- Fix #306: Missing AC_SUBST(dbdir) breaks installation with 4.8.0.
	- Fix for #306: Create directory for xfrd.state and zone.list files
	  in make install.

Log message:
nsd: Update to 4.8.0

Changelog:
29 November 2023: Wouter
	- Tag for 4.8.0rc1.

28 November 2023: Wouter
	- Set up doc/RELNOTES for upcoming release.
	- Fix unit test kill_from_pidfile function for nonexistent files
	  because the argument is evaluated before the test expression.
	- Fix rr-test to also convert the contents of the just written output
	  file.
	- Fix test set to remove -f nsd.db and rm nsd.db commands.
	- Fix test set to remove difffile option.

27 November 2023: Jeroen
	- Fix #14: Set timeout to 3s when servicing remaining TCP connections.
	- Fix: Always instate write handler after reading queries from TCP.
	- Answer first query on connections accepted just before reload.

27 November 2023: Wouter
	- Merge #305: faster stats. Statistics can be gathered while a reload
	  is in progress.

27 November 2023: Willem
	- Merge #302: Test package fixes. Correct Auxfiles, kill_from_pidfile
	  function and fix drop_updates, rr-test and xfr_update tests.

1 November 2023: Jeroen
	- Remove on-disk database.

31 October 2023: Wouter
	- Merge #301: improve the logging of ixfr fallbacks to axfr.

30 October 2023: Jeroen
	- Fix processing of consolidated IXFRs.

30 October 2023: Wouter
	- Fix for interprocess communication to set quit sync command from
	  main process explicitly.

3 October 2023: Wouter
	- Merge #281: Proxy protocol. An implementation of PROXYv2 for NSD.
	  It can be configured with proxy-protocol-port: portnum with the
	  port number of the interface on which proxy traffic is handled.
	  The interface can support proxy traffic for UDP, TCP and TLS.

21 September 2023: Wouter
	- Merge #295: Update e-mail addresses, add ref to support contracts

31 August 2023: Wouter
	- Fix autoconf 2.69 warnings in configure.

14 July 2023: Wouter
	- Merge #287: Update nsd.conf.5.in.

11 July 2023: Wouter
	- Fix unused variable warning in unit test of udb.

22 June 2023: Wouter
	- Fix #284: dnstap_collector.c: SOCK_NONBLOCK is not available on
	  Mac/Darwin.

7 June 2023: Wouter
	- Merge #282: Improve nsd.conf man page.
	- Fix unused but set variable warning.
	- Fix #283: Compile failure in remote.c when --disable-bind8-stats
	  and --without-ssl are specified.

Log message:
*: bump for openssl 3

Log message:
nsd: Update to 4.7.0

Changelog:
This release adds a script for bash autocompletion for nsd-control. Also
nsd-control can be configured to use unencrypted operation also when
compiled without openssl. There is also a systemd service unit example
file contributed. The dnstap log service can be contacted over TCP, with
the dnstap-ip: ip option. It is also possible to use TLS, with
dnstap-tls, it is enabled by default, and can be configured with the
dnstap-server-name, dnstap-cert-bundle, dnstap-client-key-file and
dnstap-client-cert-file options. The configure option
--enable-root-server is obsolete, it is no longer used and defaults to
on. In addition, the build file should support multicore build with
flex and bison more easily.

FEATURES:

    Merge #263: Add bash autocompletion script for nsd-control.
    Fix #267: Allow unencrypted local operation of nsd-control.
    Merge #269 from Fale: Add systemd service unit.
    Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
    dnstap over TLS, default enabled. Configured with the
    options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
    dnstap-tls-client-key-file and dnstap-tls-client-cert-file.

BUG FIXES:

    Fix #239: -Wincompatible-pointer-types warning in remote.c.
    Fix configure for -Wstrict-prototypes.
    Fix #262: Zone(s) not synchronizing properly via TLS.
    Fix for #262: More error logging for SSL read failures for zone
    transfers.
    Merge #265: Fix C99 compatibility issue.
    Fix #266: Fix build with --without-ssl.
    Fix for #267: neater variable definitions.
    Fix #270: reserved identifier violation.
    Fix to clean more memory on exit of dnstap collector.
    Fix dnstap to not check socket path when using IP address.
    Fix to compile without ssl with dnstap-tls code.
    Dnstap tls code fixes.
    Fix include brackets for ssl.h include statements, instead of quotes.
    Fix static analyzer warning about nsd_event_method initialization.
    Fix #273: Large TXT record breaks AXFR.
    Fix ixfr create from adding too many record types.
    Fix cirrus script for submit to coverity scan to libtoolize
    the configure script components config.guess and config.sub.
    Fix readme status badge links.
    make depend.
    Fix for build to run flex and bison before compiling code that needs
    the headers.
    Fix to remove unused whitespace from acx_nlnetlabs.m4 and config.h.
    For #279: Note that autoreconf -fi creates the configure script
    and also the needed auxiliary files, for autoconf 2.69 and 2.71.
    Fix unused variable warning in unit test, from clang compile.
    Fix #240: Prefix messages originating from verifier.
    Fix #275: Drop unnecessary root server checks.