kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update bind99 to 9.9.6.

Browse source 
New Features

   Support for CAA record types, as described in RFC 6844 "DNS
   Certification Authority Authorization (CAA) Resource Record",
   was added. [RT#36625] [RT #36737]

   Disallow "request-ixfr" from being specified in zone statements
   where it is not valid (it is only valid for slave and redirect
   zones) [RT #36608]

   Support for CDS and CDNSKEY resource record types was added. For
   details see the proposed Informational Internet-Draft "Automating
   DNSSEC Delegation Trust Maintenance" at
   http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
   [RT #36333]

   Added version printing options to various BIND utilities. [RT #26057]
   [RT #10686]

   On Windows, enable the Python tools "dnssec-coverage" and
   "dnssec-checkds". [RT #34355]

   Added a "no-case-compress" ACL, which causes named to use
   case-insensitive compression (disabling change #3645) for specified
   clients. (This is useful when dealing with broken client
   implementations that use case-sensitive name comparisons, rejecting
   responses that fail to match the capitalization of the query
   that was sent.) [RT #35300]

Feature Changes

   Adds RPZ SOA to the additional section of responses to clearly
   indicate the use of RPZ in a manner that is intended to avoid
   causing issues for downstream resolvers and forwarders [RT #36507]

   rndc now gives distinct error messages when an unqualified zone
   name matches multiple views vs. matching no views [RT #36691]

   Improves the accuracy of dig's reported round trip times.  [RT #36611]

   The Windows installer now places files in the Program Files area
   rather than system services. [RT #35361]

   When an SPF record exists in a zone but no equivalent TXT record
   does, a warning will be issued.  The warning for the reverse
   condition is no longer issued. See the check-spf option in the
   documentation for details. [RT #36210]

   "named" will now log explicitly when using rndc.key to configure
   command channel. [RT #35316]

   The default setting for the -U option (setting the number of UDP
   listeners per interface) has been adjusted to improve performance.
   [RT #35417]

   Aging of smoothed round-trip time measurements is now limited
   to no more than once per second, to improve accuracy in selecting
   the best name server. [RT #32909]

   DNSSEC keys that have been marked active but have no publication
   date are no longer presumed to be publishable. [RT #35063]

Bug Fixes

   The Makefile in bin/python was changed to work around a bmake
   bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)

   Corrected bugs in the handling of wildcard records by the DNSSEC
   validator: invalid wildcard expansions could be treated as valid
   if signed, and valid wildcard expansions in NSEC3 opt-out ranges
   had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]

   When resigning, dnssec-signzone was removing all signatures from
   delegation nodes. It now retains DS and (if applicable) NSEC
   signatures.  [RT #36946]

   The AD flag was being set inappopriately on RPZ responses. [RT #36833]

   Updates the URI record type to current draft standard,
   draft-faltstrom-uri-08, and allows the value field to be zero
   length [RT #36642] [RT #36737]

   RRSIG sets that were not loaded in a single transaction at start
   up were not being correctly added to re-signing heaps.  [RT #36302]

   Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]

   A race condition could cause a crash in isc_event_free during
   shutdown.  [RT #36720]

   Addresses a race condition issue in dispatch. [RT #36731]

   acl elements could be miscounted, causing a crash while loading
   a config [RT #36675]

   Corrects a deadlock between view.c and adb.c. [RT #36341]

   liblwres wasn't properly handling link-local addresses in
   nameserver clauses in resolv.conf. [RT #36039]

   Buffers in isc_print_vsnprintf were not properly initialized
   leading to potential overflows when printing out quad values.
   [RT #36505]

   Don't call qsort() with a null pointer, and disable the GCC 4.9
   "delete null pointer check" optimizer option. This fixes problems
   when using GNU GCC 4.9.0 where its compiler code optimizations
   may cause crashes in BIND. For more information, see the operational
   advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]

   Fixed a bug that could cause repeated resigning of records in
   dynamically signed zones. [RT #35273]

   Fixed a bug that could cause an assertion failure after forwarding
   was disabled. [RT #35979]

   Fixed a bug that caused SERVFAILs when using RPZ on a system
   configured as a forwarder. [RT #36060]

   Worked around a limitation in Solaris's /dev/poll implementation
   that could cause named to fail to start when configured to use
   more sockets than the system could accomodate. [RT #35878]
This commit is contained in:
taca 2014-10-14 16:21:02 +00:00
parent b49e9ab99e
commit 5beb22a9d6
13 changed files with 71 additions and 130 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
net/bind99/Makefile
View file

@ -1,8 +1,7 @@
# $NetBSD: Makefile,v 1.38 2014/07/19 05:10:38 taca Exp $
# $NetBSD: Makefile,v 1.39 2014/10/14 16:21:02 taca Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \
http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/
@ -15,7 +14,7 @@ CONFLICTS+= host-[0-9]*
MAKE_JOBS_SAFE= no
BIND_VERSION= 9.9.5-P1
BIND_VERSION= 9.9.6
.include "../../mk/bsd.prefs.mk"

31
net/bind99/PLIST
View file

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.7 2014/03/11 14:05:07 jperkin Exp $
@comment $NetBSD: PLIST,v 1.8 2014/10/14 16:21:02 taca Exp $
bin/bind9-config
bin/dig
bin/host
@ -9,8 +9,10 @@ ${PLIST.inet6}include/isc/ipv6.h
include/bind9/check.h
include/bind9/getaddresses.h
include/bind9/version.h
include/dns/acache.h
include/dns/acl.h
include/dns/adb.h
include/dns/bit.h
include/dns/byaddr.h
include/dns/cache.h
include/dns/callbacks.h
@ -24,25 +26,34 @@ include/dns/dbtable.h
include/dns/diff.h
include/dns/dispatch.h
include/dns/dlz.h
include/dns/dlz_dlopen.h
include/dns/dns64.h
include/dns/dnssec.h
include/dns/ds.h
include/dns/ecdb.h
include/dns/enumclass.h
include/dns/enumtype.h
include/dns/events.h
include/dns/fixedname.h
include/dns/forward.h
include/dns/iptable.h
include/dns/journal.h
include/dns/keydata.h
include/dns/keyflags.h
include/dns/keytable.h
include/dns/keyvalues.h
include/dns/lib.h
include/dns/log.h
include/dns/lookup.h
include/dns/master.h
include/dns/masterdump.h
include/dns/message.h
include/dns/name.h
include/dns/ncache.h
include/dns/nsec.h
include/dns/nsec3.h
include/dns/opcode.h
include/dns/order.h
include/dns/peer.h
include/dns/portlist.h
include/dns/private.h
@ -61,19 +72,24 @@ include/dns/resolver.h
include/dns/result.h
include/dns/rootns.h
include/dns/rpz.h
include/dns/rriterator.h
include/dns/rrl.h
include/dns/sdb.h
include/dns/sdlz.h
include/dns/secalg.h
include/dns/secproto.h
include/dns/soa.h
include/dns/ssu.h
include/dns/stats.h
include/dns/tcpmsg.h
include/dns/time.h
include/dns/timer.h
include/dns/tkey.h
include/dns/tsec.h
include/dns/tsig.h
include/dns/ttl.h
include/dns/types.h
include/dns/update.h
include/dns/validator.h
include/dns/version.h
include/dns/view.h
@ -88,6 +104,8 @@ include/dst/result.h
include/isc/app.h
include/isc/assertions.h
include/isc/atomic.h
include/isc/backtrace.h
include/isc/base32.h
include/isc/base64.h
include/isc/bind9.h
include/isc/bitstring.h
@ -113,6 +131,7 @@ include/isc/httpd.h
include/isc/int.h
include/isc/interfaceiter.h
include/isc/iterated_hash.h
include/isc/keyboard.h
include/isc/lang.h
include/isc/lex.h
include/isc/lfsr.h
@ -130,13 +149,17 @@ include/isc/namespace.h
include/isc/net.h
include/isc/netaddr.h
include/isc/netdb.h
include/isc/netscope.h
include/isc/offset.h
include/isc/once.h
include/isc/ondestroy.h
include/isc/os.h
include/isc/parseint.h
include/isc/platform.h
include/isc/pool.h
include/isc/portset.h
include/isc/print.h
include/isc/queue.h
include/isc/quota.h
include/isc/radix.h
include/isc/random.h
@ -155,9 +178,11 @@ include/isc/sha2.h
include/isc/sockaddr.h
include/isc/socket.h
include/isc/stat.h
include/isc/stats.h
include/isc/stdio.h
include/isc/stdlib.h
include/isc/stdtime.h
include/isc/strerror.h
include/isc/string.h
include/isc/symtab.h
include/isc/syslog.h
@ -186,6 +211,7 @@ include/isccc/util.h
include/isccc/version.h
include/isccfg/aclconf.h
include/isccfg/cfg.h
include/isccfg/dnsconf.h
include/isccfg/grammar.h
include/isccfg/log.h
include/isccfg/namedconf.h
@ -202,6 +228,8 @@ include/lwres/net.h
include/lwres/netdb.h
include/lwres/platform.h
include/lwres/result.h
include/lwres/stdlib.h
include/lwres/string.h
include/lwres/version.h
lib/libbind9.la
lib/libdns.la
@ -305,6 +333,7 @@ man/man5/named.conf.5
man/man5/rndc.conf.5
man/man8/ddns-confgen.8
man/man8/dnssec-dsfromkey.8
man/man8/dnssec-importkey.8
man/man8/dnssec-keyfromlabel.8
man/man8/dnssec-keygen.8
man/man8/dnssec-revoke.8

22
net/bind99/distinfo
View file

@ -1,19 +1,13 @@
$NetBSD: distinfo,v 1.24 2014/06/14 16:15:04 taca Exp $
$NetBSD: distinfo,v 1.25 2014/10/14 16:21:02 taca Exp $
SHA1 (bind-9.9.5-P1.tar.gz) = ca3d89e88ea5f882a48f16319b2a0ee7d433932e
RMD160 (bind-9.9.5-P1.tar.gz) = fea9241081de419df1886b62456c79cc6aa4bc93
Size (bind-9.9.5-P1.tar.gz) = 7730150 bytes
SHA1 (bind-9.9.6.tar.gz) = 77f1289936543b8eddbc874ea905ae055687ad78
RMD160 (bind-9.9.6.tar.gz) = 1b9d2f3785bd9de7587b8da2be4aa1c893d9fd2b
Size (bind-9.9.6.tar.gz) = 7811896 bytes
SHA1 (patch-bin_dig_dighost.c) = 72cb7676cdf9cd4b44bc62c72bcf29127d9fbffe
SHA1 (patch-bin_tests_system_Makefile.in) = 5701c49d7177fccae6c08a2176988e30a3cf58a0
SHA1 (patch-bin_tests_system_Makefile.in) = 483fca89658263f5c1f974ce1151721835355aa8
SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2
SHA1 (patch-configure) = c94a5c1c9dd55ff245c1adbb7c4ddb4a8e16a171
SHA1 (patch-configure) = b55ed3e56b61df65f526079d6a14b65fdd3a5a43
SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f
SHA1 (patch-lib_bind9_Makefile.in) = 4d6c592646015c37a8c47dda8056fa01c9636dcd
SHA1 (patch-lib_dns_Makefile.in) = eab413fb2708b275ea944c6309bd3448e9ddec26
SHA1 (patch-lib_dns_rbt.c) = df4b029369d9fa3b250d8505b5f7590e2cd86654
SHA1 (patch-lib_isc_Makefile.in) = bd1d80457fb97d496306b84d4205296fd2577824
SHA1 (patch-lib_isccc_Makefile.in) = a31831872b7724cb84f663ed70a82335d812f95f
SHA1 (patch-lib_isccfg_Makefile.in) = 0de690dd4f46c42e4152f1d64d8edaecb69c6844
SHA1 (patch-lib_lwres_Makefile.in) = 40fd0ed1d699cb2f6258f33888a9495899373767
SHA1 (patch-lib_lwres_getaddrinfo.c) = ccc00e446867785e401eb92e63e05505dfd01087
SHA1 (patch-lib_lwres_getnameinfo.c) = 418ad349cf52925c9e8051b5c71d9d51ea8d2fb1
SHA1 (patch-lib_lwres_getaddrinfo.c) = cda91b6d1afa02de2c59d51490090ef4ab7f1a41
SHA1 (patch-lib_lwres_getnameinfo.c) = 7ded70795a9001cce5c8094ef3f70ac787a6d43d

10
net/bind99/patches/patch-bin_tests_system_Makefile.in
View file

@ -1,15 +1,15 @@
$NetBSD: patch-bin_tests_system_Makefile.in,v 1.4 2013/09/21 16:00:34 taca Exp $
$NetBSD: patch-bin_tests_system_Makefile.in,v 1.5 2014/10/14 16:21:02 taca Exp $
Build fix for DragonFly while linking of driver.so.
--- bin/tests/system/Makefile.in.orig 2013-09-05 05:09:08.000000000 +0000
--- bin/tests/system/Makefile.in.orig 2014-09-16 19:27:20.000000000 +0000
+++ bin/tests/system/Makefile.in
@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@
@@ -19,7 +19,7 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
-SUBDIRS = dlzexternal filter-aaaa lwresd rpz rrl \
+SUBDIRS = filter-aaaa lwresd rpz rrl \
-SUBDIRS = builtin dlzexternal filter-aaaa lwresd rpz rrl \
+SUBDIRS = builtin filter-aaaa lwresd rpz rrl \
rsabigexponent tkey tsiggss
TARGETS =

33
net/bind99/patches/patch-configure
View file

@ -1,21 +1,30 @@
$NetBSD: patch-configure,v 1.8 2014/02/02 07:58:20 taca Exp $
$NetBSD: patch-configure,v 1.9 2014/10/14 16:21:02 taca Exp $
* Add DragonFly support.
* Link proper postgresql library.
* Avoid using "==" for argument of test(1).
--- configure.orig 2014-01-27 18:58:24.000000000 +0000
--- configure.orig 2014-09-16 19:27:20.000000000 +0000
+++ configure
@@ -11685,7 +11685,7 @@ done
@@ -11677,7 +11677,7 @@ fi
test -n "$PYTHON" && break
done
;;
esac
- if test "X$PYTHON" == "X"
+ if test "X$PYTHON" = "X"
then
case "$use_python" in
unspec)
@@ -14410,6 +14410,8 @@ case $host in
- if test "X$PYTHON" == "X"; then
+ if test "X$PYTHON" = "X"; then
continue;
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking python module 'argparse'" >&5
@@ -11692,7 +11692,7 @@ $as_echo "not found" >&6; }
unset ac_cv_path_PYTHON
unset PYTHON
done
- if test "X$PYTHON" == "X"
+ if test "X$PYTHON" = "X"
then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for python support" >&5
$as_echo_n "checking for python support... " >&6; }
@@ -14494,6 +14494,8 @@ case $host in
use_threads=false ;;
*-freebsd*)
use_threads=true ;;
@ -24,7 +33,7 @@ $NetBSD: patch-configure,v 1.8 2014/02/02 07:58:20 taca Exp $
*-bsdi[234]*)
# Thread signals do not work reliably on some versions of BSD/OS.
use_threads=false ;;
@@ -19538,7 +19540,7 @@ $as_echo "no" >&6; }
@@ -19754,7 +19756,7 @@ $as_echo "no" >&6; }
fi
if test -n "-L$use_dlz_postgres_lib -lpq"
then

15
net/bind99/patches/patch-lib_bind9_Makefile.in
View file

@ -1,15 +0,0 @@
$NetBSD: patch-lib_bind9_Makefile.in,v 1.2 2013/09/21 16:00:34 taca Exp $
* XXX: Install with proper permission.
--- lib/bind9/Makefile.in.orig 2013-09-05 05:09:08.000000000 +0000
+++ lib/bind9/Makefile.in
@@ -79,7 +79,7 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libbind9.@A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_SCRIPT} libbind9.@A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libbind9.@A@ timestamp

15
net/bind99/patches/patch-lib_dns_Makefile.in
View file

@ -1,15 +0,0 @@
$NetBSD: patch-lib_dns_Makefile.in,v 1.2 2013/09/21 16:00:34 taca Exp $
* XXX: Install with proper permission.
--- lib/dns/Makefile.in.orig 2013-09-05 05:09:08.000000000 +0000
+++ lib/dns/Makefile.in
@@ -142,7 +142,7 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libdns.@A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_SCRIPT} libdns.@A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libdns.@A@ timestamp

15
net/bind99/patches/patch-lib_isc_Makefile.in
View file

@ -1,15 +0,0 @@
$NetBSD: patch-lib_isc_Makefile.in,v 1.3 2014/02/02 07:58:20 taca Exp $
* XXX: Install with proper permission.
--- lib/isc/Makefile.in.orig 2014-01-27 18:58:24.000000000 +0000
+++ lib/isc/Makefile.in
@@ -134,7 +134,7 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisc.@A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_SCRIPT} libisc.@A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libisc.@A@ libisc-nosymtbl.@A@ libisc.la \

15
net/bind99/patches/patch-lib_isccc_Makefile.in
View file

@ -1,15 +0,0 @@
$NetBSD: patch-lib_isccc_Makefile.in,v 1.1.1.1 2012/03/07 14:25:00 taca Exp $
* XXX: Install with proper permission.
--- lib/isccc/Makefile.in.orig 2011-02-19 23:47:38.000000000 +0000
+++ lib/isccc/Makefile.in
@@ -80,7 +80,7 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccc.@A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_SCRIPT} libisccc.@A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libisccc.@A@ timestamp

15
net/bind99/patches/patch-lib_isccfg_Makefile.in
View file

@ -1,15 +0,0 @@
$NetBSD: patch-lib_isccfg_Makefile.in,v 1.2 2013/09/21 16:00:34 taca Exp $
* XXX: Install with proper permission.
--- lib/isccfg/Makefile.in.orig 2013-09-05 05:09:08.000000000 +0000
+++ lib/isccfg/Makefile.in
@@ -78,7 +78,7 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccfg.@A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_SCRIPT} libisccfg.@A@ ${DESTDIR}${libdir}
clean distclean::
rm -f libisccfg.@A@ timestamp

15
net/bind99/patches/patch-lib_lwres_Makefile.in
View file

@ -1,15 +0,0 @@
$NetBSD: patch-lib_lwres_Makefile.in,v 1.1.1.1 2012/03/07 14:25:00 taca Exp $
* XXX: Install with proper permission.
--- lib/lwres/Makefile.in.orig 2007-06-19 23:47:22.000000000 +0000
+++ lib/lwres/Makefile.in
@@ -78,7 +78,7 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
install:: timestamp installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} liblwres.@A@ ${DESTDIR}${libdir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_SCRIPT} liblwres.@A@ ${DESTDIR}${libdir}
clean distclean::
rm -f liblwres.@A@ liblwres.la timestamp

6
net/bind99/patches/patch-lib_lwres_getaddrinfo.c
View file

@ -1,12 +1,12 @@
$NetBSD: patch-lib_lwres_getaddrinfo.c,v 1.1.1.1 2012/03/07 14:25:00 taca Exp $
$NetBSD: patch-lib_lwres_getaddrinfo.c,v 1.2 2014/10/14 16:21:02 taca Exp $
* Add fix for KAME based implementation.
--- lib/lwres/getaddrinfo.c.orig 2008-11-25 23:47:23.000000000 +0000
--- lib/lwres/getaddrinfo.c.orig 2014-09-16 19:27:20.000000000 +0000
+++ lib/lwres/getaddrinfo.c
@@ -142,6 +142,10 @@
#include <lwres/netdb.h>
#include <lwres/stdlib.h>
#include <lwres/string.h>
+#ifdef __KAME__
+#include <net/if.h>

4
net/bind99/patches/patch-lib_lwres_getnameinfo.c
View file

@ -1,8 +1,8 @@
$NetBSD: patch-lib_lwres_getnameinfo.c,v 1.1.1.1 2012/03/07 14:25:00 taca Exp $
$NetBSD: patch-lib_lwres_getnameinfo.c,v 1.2 2014/10/14 16:21:02 taca Exp $
* Add fix for KAME based implementation.
--- lib/lwres/getnameinfo.c.orig 2011-08-30 23:46:53.000000000 +0000
--- lib/lwres/getnameinfo.c.orig 2014-09-16 19:27:20.000000000 +0000
+++ lib/lwres/getnameinfo.c
@@ -121,6 +121,10 @@
#include <lwres/netdb.h>