Commit graph

49 commits

Author SHA1 Message Date
jperkin
b091c2f172 Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.
2013-07-12 10:44:52 +00:00
taca
26ced77591 Update bind96 to 9.6.3.1.ESV.9pl1 (BIND 9.6-ESV-R9-P1).
Please refer CHANGES file for complete changes and here is quote from
release announce.

Introduction

   BIND 9.6-ESV-R9-P1 is the latest production release of BIND 9.6-ESV.


Security Fixes

   Prevents exploitation of a runtime_check which can crash named
   when satisfying a recursive query for particular malformed zones.
   (CVE-2013-3919) [RT #33690]

   Prevents a named assert (crash) when validating caused by using
   "Bad cache" data before it has been initialized. [CVE-2012-3817]
   [RT #30025]

   A condition has been corrected where improper handling of
   zero-length RDATA could cause undesirable behavior, including
   termination of the named process. [CVE-2012-1667] [RT #29644]

New Features

   Adds a new configuration option, "check-spf"; valid values are
   "warn" (default) and "ignore".  When set to "warn", checks SPF
   and TXT records in spf format, warning if either resource record
   type occurs without a corresponding record of the other resource
   record type.  [RT #33355]

   Adds support for Uniform Resource Identifier (URI) resource
   records. [RT #23386]

   Adds support for Host Identity Protocol (HIP) resource records
   [RT #19384]

   Adds support for the EUI48 and EUI64 RR types. [RT #33082]

   Adds support for the RFC 6742 ILNP record types (NID, LP, L32,
   and L64). [RT #31836]

   The contributed queryperf utility has been improved, now retaining
   better round trip time statistics. [RT #30128]
2013-06-06 02:57:58 +00:00
wiz
d2ca14a3f1 Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.
2013-05-31 12:39:57 +00:00
rodent
a0a1f2e57c Fixes:
COMMENT should not be longer than 70 characters.
 COMMENT should not begin with 'A'.
 COMMENT should not begin with 'An'.
 COMMENT should not begin with 'a'.
 COMMENT should not end with a period.
 COMMENT should start with a capital letter.

pkglint warnings. Some files also got minor formatting, spelling, and style
corrections.
2013-04-06 03:45:05 +00:00
wiz
a8730d5aa1 Bump PKGREVISION for mysql default change to 55. 2013-03-02 20:33:21 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
obache
64deda1dc9 recursive bump from cyrus-sasl libsasl2 shlib major bump. 2012-12-16 01:51:57 +00:00
asau
e059e7e469 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 17:18:07 +00:00
cheusov
141b842e87 Add CONFLICTS between net/bind and net/host.
net/bind9*: remove "bind<x.y.z" entries from CONFLICTS. It is useless
   because package's PKGBASE is "bind".
2012-10-21 15:49:06 +00:00
taca
09ef878f5e Update bind96 to 9.6.3.1.ESV.7pl4 (BIND 9.6-ESV-R7-P4).
Here are change changes from release note.  Note security fixes except
CVE-2012-5166 should be already fixed in previous version of bind96 package.

Please refer https://kb.isc.org/article/AA-00795 for list of full bug fixes.


Security Fixes

* A deliberately constructed combination of records could cause named to hang
  while populating the additional section of a response. [CVE-2012-5166] [RT
  #31090]
* Prevents a named assert (crash) when queried for a record whose RDATA
  exceeds 65535 bytes [CVE-2012-4244] [RT #30416]
* Prevents a named assert (crash) when validating caused by using "Bad cache"
  data before it has been initialized. [CVE-2012-3817] [RT #30025]
* A condition has been corrected where improper handling of zero-length RDATA
  could cause undesirable behavior, including termination of the named
  process. [CVE-2012-1667] [RT #29644]


New Features

  None


Feature Changes

* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get an answer.
  [RT #29492]
2012-10-10 03:04:57 +00:00
wiz
8b5d49eb78 Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.
2012-10-03 21:53:53 +00:00
taca
a08a1204fd Update bind96 to bind-9.6.3.1.ESV.7pl3 (BIND 9.6-ESV-R7-P3).
--- 9.6-ESV-R7-P3 released ---

3364.	[security]	Named could die on specially crafted record.
			[RT #30416]

3358	[bug]		Fix declaration of fatal in bin/named/server.c
			and bin/nsupdate/main.c. [RT #30522]
2012-09-13 01:32:54 +00:00
wiz
b598935c28 Make it clearer which package contains exactly which bind version.
Patch from Bug Hunting.
2012-08-26 14:23:49 +00:00
spz
478f8f98a7 patch version fixing CVE-2012-3817:
--- 9.6-ESV-R7-P2 released ---

   3346.   [security]      Bad-cache data could be used before it was
                           initialized, causing an assert. [RT #30025]

   3343.   [bug]           Relax isc_random_jitter() REQUIRE tests. [RT #29821]

   3342.   [bug]           Change #3314 broke saving of stub zones to disk
                           resulting in excessive cpu usage in some cases.
                           [RT #29952]
2012-07-24 21:14:19 +00:00
sbd
21792a9296 Recursive PKGREVISION bump for libxml2 buildlink addition. 2012-06-14 07:43:06 +00:00
taca
b87a6bfac2 Update bind96 to 9.6.3.1.ESV.7pl1 (BIND 9.6-ESV-R7-P1).
Security release for CVE-2012-1667.

	--- 9.6-ESV-R7-P1 released ---

3331.	[security]	dns_rdataslab_fromrdataset could produce bad
			rdataslabs. [RT #29644]
2012-06-04 13:29:19 +00:00
taca
a0a2b6cd06 Update bind96 package to 9.6.3.1.ESV.7 (BIND 9.6-ESV-R7).
New Features

*  None

Feature Changes

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

Bug Fixes

*  The locking strategy around the handling of iterative queries
   has been tuned to reduce unnecessary contention in a multi-threaded
   environment.  (Note that this may not provide a measurable
   improvement over previous versions of BIND, but it corrects the
   performance impact of change 3309 / RT #27995) [RT #29239]

*  Addresses a race condition that can cause named to to crash when
   the masters list for a zone is updated via rndc reload/reconfig
   [RT #26732]

*  Fixes a race condition in zone.c that can cause named to crash
   during the processing of rndc delzone [RT #29028]

*  Prevents a named segfault from resolver.c due to procedure
   fctx_finddone() not being thread-safe.  [RT #27995]

*  Uses hmctx, not mctx when freeing rbtdb->heaps to avoid triggering
   an assertion when flushing cache data. [RT #28571]

*  Resolves inconsistencies in locating DNSSEC keys where zone names
   contain characters that require special mappings [RT #28600]

*  A new flag -R  has been added to queryperf for running tests
   using non-recursive queries.  It also now builds correctly on
   MacOS version 10.7 (darwin)  [RT #28565]

*  Named no longer crashes if gssapi is enabled in named.conf but
   was not compiled into the binary [RT #28338]

*  SDB now handles unexpected errors from back-end database drivers
   gracefully instead of exiting on an assert. [RT #28534]
2012-05-22 03:34:31 +00:00
taca
22160b7777 Add fix to a race condition in the resolver code that can cause a recursive
nameserver: <https://kb.isc.org/article/AA-00664>.

Bump PKGREVISION.
2012-05-01 02:47:52 +00:00
taca
5724ce0c37 Update bind96 package to 9.6.3.1.ESV.6 (BIND 9.6-ESV-R6).
Security Fixes

  + BIND 9 nameservers performing recursive queries could cache an
    invalid record and subsequent queries for that record could
    crash the resolvers with an assertion failure. [RT #26590]
    [CVE-2011-4313]

Feature Changes

  + Improves initial start-up and server reload time by increasing
    the default size of the hash table the configuration parser
    uses to keep track of loaded zones and allowing it to grow
    dynamically to better handle systems with large numbers of
    zones.  [RT #26523]

  + --enable-developer, a new composite argument to the configure
    script, enables a set of build options normally disabled but
    frequently selected in test or development builds, specifically:
    enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip,
    enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and
    Darwin, also enable_exportlib) [RT #27103]
2012-04-05 00:41:10 +00:00
taca
c999cfae38 Don't install doc/arm HTML files twice. 2012-03-12 15:40:15 +00:00
spz
eae83a54cd BIND 9.6-ESV-R5-P1 is a security patch for BIND 9.6-ESV-R5.
* BIND 9 nameservers performing recursive queries could cache an invalid
  record and subsequent queries for that record could crash the resolvers
  with an assertion failure. [RT #26590]
2011-11-16 22:26:07 +00:00
shattered
26ce32cfbd PR/29576 -- Use @RCD_SCRIPTS_SHELL@ in rc.d scripts, not /bin/sh 2011-10-07 22:37:02 +00:00
taca
2ac1b2a030 Update bind96 pacakge to 9.6.3.1.ESV.5 (9.6-ESV-R5).
For full changes, please refer:
ftp://ftp.isc.org/isc/bind9/9.6-ESV-R5/RELEASE-NOTES-BIND-9.6-ESV.html


New Features

9.6-ESV-R5

     * Added a tool able to generate malformed packets to allow testing of
       how named handles them. [RT #24096]

Security Fixes

9.6-ESV-R5

     * named, set up to be a caching resolver, is vulnerable to a user
       querying a domain with very large resource record sets (RRSets)
       when trying to negatively cache the response. Due to an off-by-one
       error, caching the response could cause named to crash. [RT #24650]
       [CVE-2011-1910]
     * Change #2912 populated the message section in replies to UPDATE
       requests, which some Windows clients wanted. This exposed a latent
       bug that allowed the response message to crash named. With this
       fix, change 2912 has been reduced to copy only the zone section to
       the reply. A more complete fix for the latent bug will be released
       later. [RT #24777]

Feature Changes

9.6-ESV-R5

     * Merged in the NetBSD ATF test framework (currently version 0.12)
       for development of future unit tests. Use configure --with-atf to
       build ATF internally or configure --with-atf=prefix to use an
       external copy. [RT #23209]
     * Added more verbose error reporting from DLZ LDAP. [RT #23402]
     * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
2011-08-10 15:24:51 +00:00
taca
e7c5783160 Update bind96 package to 9.6.3.1.ESV.4pl3 (9.6-ESV-R4-P3), security release.
The package name was selected as:

- Make sure to greater version from bind-9.6.3.
- Include "ESV" (Extended Support Version) string.

Since changes from BIND 9.6.3 are too may, please refer changes in detail:

ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html
ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html
2011-07-05 14:28:06 +00:00
taca
f586d099a2 Update bind96 package to 9.6.3.
9.6.3

     * BIND now builds with threads disabled in versions of NetBSD earlier
       than 5.0 and with pthreads enabled by default in NetBSD versions
       5.0 and higher. Also removes support for unproven-pthreads,
       mit-pthreads and ptl2. [RT #19203]
     * HPUX now correctly defaults to using /dev/poll, which should
       increase performance. [RT #21919]
     * If named is running as a threaded application, after an "rndc stop"
       command has been issued, other inbound TCP requests can cause named
       to hang and never complete shutdown. [RT #22108]
     * When performing a GSS-TSIG signed dynamic zone update, memory could
       be leaked. This causes an unclean shutdown and may affect
       long-running servers. [RT #22573]
     * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
       allows for a TCP DoS attack. Until there is a kernel fix, ISC is
       disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
     * Corrected a defect where a combination of dynamic updates and zone
       transfers incorrectly locked the in-memory zone database, causing
       named to freeze. [RT #22614]
     * Don't run MX checks (check-mx) when the MX record points to ".".
       [RT #22645]
     * DST key reference counts can now be incremented via dst_key_attach.
       [RT #22672]
     * isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy
       attr. [RT #22766]
     * The Kerberos realm was being truncated when being pulled from the
       the host prinicipal, make krb5-self updates fail. [RT #22770]
     * named failed to preserve the case of domain names in RDATA which is
       not compressible when writing master files. [RT #22863]
     * There was a bug in how the clients-per-query code worked with some
       query patterns. This could result, in rare circumstances, in having
       all the client query slots filled with queries for the same DNS
       label, essentially ignoring the max-clients-per-query setting. [RT
       #22972]
2011-02-09 16:24:14 +00:00
taca
cf6aa8d9f8 Update bind96 package to bind-9.6.2pl3 (9.6.2-P3).
http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories

CVE: CVE-2010-3613
CERT: VU#706148
BIND: cache incorrectly allows a ncache entry and a rrsig for the same type

CVE: CVE-2010-3614
CERT: VU#837744
BIND: Key algorithm rollover bug in bind9
2010-12-02 00:32:34 +00:00
taca
325d72d30d Update net/bind96 package to 9.6.2pl2 (9.6.2-P2).
--- 9.6.2-P2 released ---

2876.	[bug]		Named could return SERVFAIL for negative responses
			from unsigned zones. [RT #21131]

	--- 9.6.2-P1 released ---

2852.	[bug]		Handle broken DNSSEC trust chains better. [RT #15619]
2010-05-26 15:57:37 +00:00
gls
ebc7e1cc27 Disable kqueue on Dragonfly to make bind96 work.
As reported by Justin Sherrill in PR pkg/43195.

Bump PKGREVISION.
2010-04-22 20:22:26 +00:00
taca
dd7d08b6e2 Update net/bind96 to 9.6.1pl3 (9.6.1-P3).
--- 9.6.1-P3 released ---

2831.	[security]	Do not attempt to validate or cache
			out-of-bailiwick data returned with a secure
			answer; it must be re-fetched from its original
			source and validated in that context. [RT #20819]

2828.	[security]	Cached CNAME or DNAME RR could be returned to clients
			without DNSSEC validation. [RT #20737]

2827.	[security]	Bogus NXDOMAIN could be cached as if valid. [RT #20712]
2010-01-20 01:01:15 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
taca
057190f88b Modify named9.sh to create /dev/random in chrooted environment
as base system's /etc/rc.d/named.

Bump PKGREVISION.
2009-12-11 16:21:21 +00:00
joerg
6ffb46d702 Use libtool --tag explicitly if calling gcc instead of cc in preparation
for libtool 2.2.
2009-11-25 22:15:25 +00:00
taca
052f521aaf Update BIND 9.6.1-P2.
--- 9.6.1-P2 released ---

2772.	[security]	When validating, track whether pending data was from
			the additional section or not and only return it if
			validates as secure. [RT #20438]
2009-11-25 09:50:06 +00:00
jklos
2ef2df6848 BIND on NetBSD/macppc (and likely other PowerPC) lock up after some time
if threads are enabled, so we disable threads until this is fixed.
2009-09-28 22:52:47 +00:00
taca
9fee7935e4 Sort PLIST. No functional change. 2009-09-13 01:44:26 +00:00
tnn
ad17fd833c turn on inet6 by default if the platform supports it. Bump revision. 2009-09-08 08:42:45 +00:00
jklos
2f0576b03e Assembly language atomic operations don't work on NetBSD mipsel, so
disable them with CONFIGURE_ARGS.
2009-08-15 01:30:57 +00:00
reed
1e51409956 Fix PKGNAME that I broke. 2009-07-29 00:16:33 +00:00
reed
d731c0905b Update to 9.6.1-P1.
This is for PR pkg/41796: Security fix CVE-2009-0696
2009-07-29 00:03:38 +00:00
obache
7dec7f2e02 Update bind96 to 9.6.1.
Based on PR 41772 by Robert Elz.

Pkgsrc changes:
 o MAKE_JOBS_SAFE=no, README said "Do not use a parallel make".
 o remove patch-aj, libbind has been removed from the BIND 9 distribution
   since 9.6.0.
 o add bind-dig-sigchase option. requested by PR 41751.

Changes since 9.6.0:

	--- 9.6.1 released ---

2607.	[bug]		named could incorrectly delete NSEC3 records for
			empty nodes when processing a update request.
			[RT #19749]

2606.	[bug]		"delegation-only" was not being accepted in
			delegation-only type zones. [RT #19717]

2605.	[bug]		Accept DS responses from delegation only zones.
			[RT # 19296]

2603.	[port]		win32: handle .exe extension of named-checkzone and
			named-comilezone argv[0] names under windows.
			[RT #19767]

2602.	[port]		win32: fix debugging command line build of libisccfg.
			[RT #19767]

	--- 9.6.1rc1 released ---

2599.	[bug]		Address rapid memory growth when validation fails.
			[RT #19654]

2597.	[bug]		Handle a validation failure with a insecure delegation
			from a NSEC3 signed master/slave zone.  [RT #19464]

2596.	[bug]		Stale tree nodes of cache/dynamic rbtdb could stay
			long, leading to inefficient memory usage or rejecting
			newer cache entries in the worst case. [RT #19563]

2595.	[bug]		Fix unknown extended rcodes in dig. [RT #19625]

2592.	[bug]		Treat "any" as a type in nsupdate. [RT #19455]

2591.	[bug]		named could die when processing a update in
			removed_orphaned_ds(). [RT #19507]

2588.	[bug]		SO_REUSEADDR could be set unconditionally after failure
			of bind(2) call.  This should be rare and mostly
			harmless, but may cause interference with other
			processes that happen to use the same port. [RT #19642]

2586.	[bug]		Missing cleanup of SIG rdataset in searching a DLZ DB
			or SDB. [RT #19577]

2585.	[bug]		Uninitialized socket name could be referenced via a
			statistics channel, triggering an assertion failure in
			XML rendering. [RT #19427]

2584.	[bug]		alpha: gcc optimization could break atomic operations.
			[RT #19227]

2583.	[port]		netbsd: provide a control to not add the compile
			date to the version string, -DNO_VERSION_DATE.

2582.	[bug]		Don't emit warning log message when we attempt to
			remove non-existant journal. [RT #19516]

2579.	[bug]		DNSSEC lookaside validation failed to handle unknown
			algorithms. [RT #19479]

2578.	[bug]		Changed default sig-signing-type to 65534, because
			65535 turns out to be reserved.  [RT #19477]

2499.	[port]		solaris: lib/lwres/getaddrinfo.c namespace clash.
			[RT #18837]

	--- 9.6.1b1 released ---

2577.	[doc]		Clarified some statistics counters. [RT #19454]

2576.	[bug]		NSEC record were not being correctly signed when
			a zone transitions from insecure to secure.
			Handle such incorrectly signed zones. [RT #19114]

2574.	[doc]		Document nsupdate -g and -o. [RT #19351]

2573.	[bug]		Replacing a non-CNAME record with a CNAME record in a
			single transaction in a signed zone failed. [RT #19397]

2568.	[bug]		Report when the write to indicate a otherwise
			successful start fails. [RT #19360]

2567.	[bug]		dst__privstruct_writefile() could miss write errors.
			write_public_key() could miss write errors.
			dnssec-dsfromkey could miss write errors.
			[RT #19360]

2564.	[bug]		Only take EDNS fallback steps when processing timeouts.
			[RT #19405]

2563.	[bug]		Dig could leak a socket causing it to wait forever
			to exit. [RT #19359]

2562.	[doc]		ARM: miscellaneous improvements, reorganization,
			and some new content.

2561.	[doc]		Add isc-config.sh(1) man page. [RT #16378]

2560.	[bug]		Add #include <config.h> to iptable.c. [RT #18258]

2559.	[bug]		dnssec-dsfromkey could compute bad DS records when
			reading from a K* files.  [RT #19357]

2557.	[cleanup]	PCI compliance:
			* new libisc log module file
			* isc_dir_chroot() now also changes the working
			  directory to "/".
			* additional INSISTs
			* additional logging when files can't be removed.

2556.	[port]		Solaris: mkdir(2) on tmpfs filesystems does not do the
			error checks in the correct order resulting in the
			wrong error code sometimes being returned. [RT #19249]

2554.	[bug]		Validation of uppercase queries from NSEC3 zones could
			fail. [RT #19297]

2553.	[bug]		Reference leak on DNSSEC validation errors. [RT #19291]

2552.	[bug]		zero-no-soa-ttl-cache was not being honoured.
			[RT #19340]

2551.	[bug]		Potential Reference leak on return. [RT #19341]

2550.	[bug]		Check --with-openssl=<path> finds <openssl/opensslv.h>.
			[RT #19343]

2549.	[port]		linux: define NR_OPEN if not currently defined.
			[RT #19344]

2548.	[bug]		Install iterated_hash.h. [RT #19335]

2547.	[bug]		openssl_link.c:mem_realloc() could reference an
			out-of-range area of the source buffer.  New public
			function isc_mem_reallocate() was introduced to address
			this bug. [RT #19313]

2545.	[doc]		ARM: Legal hostname checking (check-names) is
			for SRV RDATA too. [RT #19304]

2544.	[cleanup]	Removed unused structure members in adb.c. [RT #19225]

2543.	[contrib]	Update contrib/zkt to version 0.98. [RT #19113]

2542.	[doc]		Update the description of dig +adflag. [RT #19290]

2541.	[bug]		Conditionally update dispatch manager statistics.
			[RT #19247]

2539.	[security]	Update the interaction between recursion, allow-query,
			allow-query-cache and allow-recursion.  [RT #19198]

2538.	[bug]		cache/ADB memory could grow over max-cache-size,
			especially with threads and smaller max-cache-size
			values. [RT #19240]

2537.	[experimental]	Added more statistics counters including those on socket
			I/O events and query RTT histograms. [RT #18802]

2536.	[cleanup]	Silence some warnings when -Werror=format-security is
			specified. [RT #19083]

2535.	[bug]		dig +showsearh and +trace interacted badly. [RT #19091]

2532.	[bug]		dig: check the question section of the response to
			see if it matches the asked question. [RT #18495]

2531.	[bug]		Change #2207 was incomplete. [RT #19098]

2530.	[bug]		named failed to reject insecure to secure transitions
			via UPDATE. [RT #19101]

2529.	[cleanup]	Upgrade libtool to silence complaints from recent
			version of autoconf. [RT #18657]

2528.   [cleanup]       Silence spurious configure warning about
                        --datarootdir [RT #19096]

2527.	[bug]		named could reuse cache on reload with
			enabling/disabling validation. [RT #19119]

2525.	[experimental]	New logging category "query-errors" to provide detailed
			internal information about query failures, especially
			about server failures. [RT #19027]

2524.	[port]		sunos: dnssec-signzone needs strtoul(). [RT #19129]

2523.	[bug]		Random type rdata freed by dns_nsec_typepresent().
			[RT #19112]

2522.	[security]	Handle -1 from DSA_do_verify() and EVP_VerifyFinal().

2521.	[bug]		Improve epoll cross compilation support. [RT #19047]

2519.	[bug]		dig/host with -4 or -6 didn't work if more than two
			nameserver addresses of the excluded address family
			preceded in resolv.conf. [RT #19081]

2517.	[bug]		dig +trace with -4 or -6 failed when it chose a
			nameserver address of the excluded address.
			[RT #18843]

2516.	[bug]		glue sort for responses was performed even when not
			needed. [RT #19039]

2514.	[bug]		dig/host failed with -4 or -6 when resolv.conf contains
			a nameserver of the excluded address family.
			[RT #18848]

2511.	[cleanup]	dns_rdata_tofmttext() add const to linebreak.
			[RT #18885]

2506.	[port]		solaris: Check at configure time if
			hack_shutup_pthreadonceinit is needed. [RT #19037]

2505.	[port]		Treat amd64 similarly to x86_64 when determining
			atomic operation support. [RT #19031]

2503.	[port]		linux: improve compatibility with Linux Standard
			Base. [RT #18793]

2502.	[cleanup]	isc_radix: Improve compliance with coding style,
			document function in <isc/radix.h>. [RT #18534]
2009-07-26 09:07:58 +00:00
obache
9286987de4 Update HOMEPAGE url. 2009-07-24 12:30:00 +00:00
joerg
62d1ba2bac Remove @dirrm entries from PLISTs 2009-06-14 18:03:28 +00:00
tron
0554442edb Add URL for mirror on "ftp.belnet.be" to master site list. 2009-03-23 14:43:13 +00:00
joerg
2d1ba244e9 Simply and speed up buildlink3.mk files and processing.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
2009-03-20 19:23:50 +00:00
adrianp
9c6ed31887 ${CHOWN} the pid directory as well for chroot running 2009-02-26 23:49:24 +00:00
adrianp
3559873fa1 Since rc1 the default location of the pidfiles have changed so update
the rc.d scripts accordingly.
Problem found by John Klos
2009-02-23 09:22:16 +00:00
adrianp
abad6b0f29 Fix build on OpenSolaris
http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/bind/getaddrinfo.c.patch
2009-02-21 14:51:43 +00:00
adrianp
e3c751d735 Changes since 9.6.0:
2522.	[security]	Handle -1 from DSA_do_verify() and EVP_verify().
2009-01-08 09:03:15 +00:00
adrianp
3a0e31e052 BIND 9.6.0
Full NSEC3 support
Automatic zone re-signing
Default PID file location
New tool: dnssec-dsfromkey
Randomize server selection on queries

http://oldwww.isc.org/sw/bind/view/?release=9.6.0
https://www.isc.org/software/bind/new-features/9.6
2009-01-04 00:21:36 +00:00