head 1.7; access; symbols pkgsrc-2022Q1:1.6.0.4 pkgsrc-2022Q1-base:1.6 pkgsrc-2021Q4:1.6.0.2 pkgsrc-2021Q4-base:1.6 pkgsrc-2021Q3:1.5.0.2 pkgsrc-2021Q3-base:1.5 pkgsrc-2021Q2:1.4.0.18 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.16 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.14 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.12 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.4.0.10 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.4.0.6 pkgsrc-2020Q1-base:1.4 pkgsrc-2019Q4:1.4.0.8 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.4.0.4 pkgsrc-2019Q3-base:1.4 pkgsrc-2019Q2:1.4.0.2 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.2.0.4 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.2.0.2 pkgsrc-2018Q4-base:1.2 pkgsrc-2018Q3:1.1.0.2 pkgsrc-2018Q3-base:1.1; locks; strict; comment @# @; 1.7 date 2022.06.15.14.14.14; author taca; state dead; branches; next 1.6; commitid XewXz3CNATyMU8ID; 1.6 date 2021.10.29.06.02.26; author taca; state Exp; branches; next 1.5; commitid BflA7k3lLiTHyFeD; 1.5 date 2021.07.22.22.50.40; author taca; state Exp; branches 1.5.2.1; next 1.4; commitid FK3n2H3kcVdTj22D; 1.4 date 2019.06.20.02.13.58; author taca; state Exp; branches; next 1.3; commitid cdTLeJCiBnz70SrB; 1.3 date 2019.05.20.16.03.55; author taca; state Exp; branches; next 1.2; commitid fYcgLKjSjjIpAXnB; 1.2 date 2018.10.24.11.27.28; author jperkin; state Exp; branches; next 1.1; commitid lo5V9xUboEEnKcXA; 1.1 date 2018.09.09.13.11.38; author taca; state Exp; branches; next ; commitid C4BR3Hycs9ClLqRA; 1.5.2.1 date 2021.11.01.22.14.43; author tm; state Exp; branches; next ; commitid ixPuBRnXbxnjQ8fD; desc @@ 1.7 log @net/bind911: remove bind911 Remove EOL BIND 9.11. @ text @$NetBSD: patch-configure,v 1.6 2021/10/29 06:02:26 taca Exp $ * Add DragonFly support. * Use proper link options for NetBSD. * Link proper postgresql library. --- configure.orig 2021-10-11 19:35:49.000000000 +0000 +++ configure @@@@ -16004,6 +16004,8 @@@@ case $host in use_threads=false ;; *-freebsd*) use_threads=true ;; +*-dragonfly*) + use_threads=false ;; *-bsdi[234]*) # Thread signals do not work reliably on some versions of BSD/OS. use_threads=false ;; @@@@ -18667,27 +18669,10 @@@@ case "$use_libjson" in libjson_libs="" ;; auto|yes) - for d in /usr /usr/local /opt/local - do - if test -f "${d}/include/json/json.h" - then - if test ${d} != /usr - then - libjson_cflags="-I ${d}/include" - LIBS="$LIBS -L${d}/lib" - fi - have_libjson="yes" - elif test -f "${d}/include/json-c/json.h" - then - if test ${d} != /usr - then - libjson_cflags="-I ${d}/include" - LIBS="$LIBS -L${d}/lib" - fi - have_libjson="yes" - have_libjson_c="yes" - fi - done + libjson_cflags="`pkg-config --cflags json-c`" + LIBS="`pkg-config --libs json-c`" + have_libjson="yes" + have_libjson_c="yes" ;; *) if test -f "${use_libjson}/include/json/json.h" @@@@ -24439,7 +24424,7 @@@@ else fi ;; #( - *-freebsd*|*-openbsd*|*-netbsd*) : + *-dragonfly*|*-freebsd*|*-openbsd*|*-netbsd*) : LDFLAGS="${LDFLAGS} -Wl,-E" SO_CFLAGS="-fpic" @@@@ -24471,9 +24456,9 @@@@ fi ;; #( *-solaris*) : - SO_CFLAGS="-KPIC" - SO_LDFLAGS="-G -z text" - SO_LD="ld" + SO_CFLAGS="-fPIC" + SO_LDFLAGS="-Xcompiler -shared -Wl,-z -Wl,text" + SO_LD="${CC}" ;; #( ia64-hp-hpux*) : @@@@ -24733,8 +24718,8 @@@@ $as_echo "no" >&6; } fi if test -n "-L$use_dlz_postgres_lib -lpq" then - DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L$use_dlz_postgres_lib -lpq" - DLZ_DRIVER_POSTGRES_LIBS="-L$use_dlz_postgres_lib -lpq" + DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L${PREFIX}/lib -lpq" + DLZ_DRIVER_POSTGRES_LIBS="-L${PREFIX}/lib -lpq" fi @ 1.6 log @net/bind911: update to 9.11.36 --- 9.11.36 released --- 5736. [security] The "lame-ttl" option is now forcibly set to 0. This effectively disables the lame server cache, as it could previously be abused by an attacker to significantly degrade resolver performance. (CVE-2021-25219) [GL #2899] 5716. [bug] Multiple library names were mistakenly passed to the krb5-config utility when ./configure was invoked with the --with-gssapi=[/path/to/]krb5-config option. This has been fixed by invoking krb5-config separately for each required library. [GL #2866] @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.5 2021/07/22 22:50:40 taca Exp $ @ 1.5 log @net/bind911: update to 9.11.34 9.11.34 This maintenance release of BIND 9.11 contains no significant changes, although some minor updates have been made (for example, to fix build issues on Solaris 11). @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.4 2019/06/20 02:13:58 taca Exp $ a5 1 * Do not use "==" for test(1). d7 1 a7 1 --- configure.orig 2021-07-09 08:55:20.000000000 +0000 d9 1 a9 1 @@@@ -16057,6 +16057,8 @@@@ case $host in d18 1 a18 1 @@@@ -18720,27 +18722,10 @@@@ case "$use_libjson" in d50 1 a50 1 @@@@ -24492,7 +24477,7 @@@@ else d59 1 a59 1 @@@@ -24524,9 +24509,9 @@@@ fi d72 1 a72 1 @@@@ -24786,8 +24771,8 @@@@ $as_echo "no" >&6; } a82 9 @@@@ -28111,7 +28096,7 @@@@ report() { echo " localstatedir: $localstatedir" echo "-------------------------------------------------------------------------------" echo "Compiler: $CC" - if test "yes" == "$GCC"; then + if test "yes" = "$GCC"; then $CC --version 2>&1 | sed 's/^/ /' else case "$host_os" in @ 1.5.2.1 log @Pullup ticket #6524 - requested by taca net/bind911: security fix Revisions pulled up: - net/bind911/Makefile 1.51 - net/bind911/distinfo 1.37 - net/bind911/patches/patch-configure 1.6 --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 29 06:02:26 UTC 2021 Modified Files: pkgsrc/net/bind911: Makefile distinfo pkgsrc/net/bind911/patches: patch-configure Log Message: net/bind911: update to 9.11.36 --- 9.11.36 released --- 5736. [security] The "lame-ttl" option is now forcibly set to 0. This effectively disables the lame server cache, as it could previously be abused by an attacker to significantly degrade resolver performance. (CVE-2021-25219) [GL #2899] 5716. [bug] Multiple library names were mistakenly passed to the krb5-config utility when ./configure was invoked with the --with-gssapi=[/path/to/]krb5-config option. This has been fixed by invoking krb5-config separately for each required library. [GL #2866] @ text @d1 1 a1 1 $NetBSD$ d6 1 d8 1 a8 1 --- configure.orig 2021-10-11 19:35:49.000000000 +0000 d10 1 a10 1 @@@@ -16004,6 +16004,8 @@@@ case $host in d19 1 a19 1 @@@@ -18667,27 +18669,10 @@@@ case "$use_libjson" in d51 1 a51 1 @@@@ -24439,7 +24424,7 @@@@ else d60 1 a60 1 @@@@ -24471,9 +24456,9 @@@@ fi d73 1 a73 1 @@@@ -24733,8 +24718,8 @@@@ $as_echo "no" >&6; } d84 9 @ 1.4 log @net/bind911: update to 9.11.8 Update bind911 to 9.11.8 (BIND 9.11.8). --- 9.11.8 released --- 5244. [security] Fixed a race condition in dns_dispatch_getnext() that could cause an assertion failure if a significant number of incoming packets were rejected. (CVE-2019-6471) [GL #942] 5241. [bug] Fix Ed448 private and public key ASN.1 prefix blobs. [GL #225] 5237. [bug] Recurse to find the root server list with 'dig +trace'. [GL #1028] @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.3 2019/05/20 16:03:55 taca Exp $ d6 1 d8 1 a8 1 --- configure.orig 2019-06-04 16:01:00.000000000 +0000 d10 1 a10 1 @@@@ -15481,6 +15481,8 @@@@ case $host in d19 1 a19 1 @@@@ -18034,27 +18036,10 @@@@ case "$use_libjson" in d51 1 a51 1 @@@@ -23809,7 +23794,7 @@@@ else d60 1 a60 1 @@@@ -23841,9 +23826,9 @@@@ fi d73 1 a73 1 @@@@ -24099,8 +24084,8 @@@@ $as_echo "no" >&6; } d84 9 @ 1.3 log @net/bind911: update to 9.11.7 Update bind911 to 9.11.7, this is maintenance releases. --- 9.11.7 released --- 5233. [bug] Negative trust anchors did not work with "forward only;" to validating resolvers. [GL #997] 5232. [bug] Fix a high-load race/crash in isc_socket_cancel(). [GL #834] 5231. [protocol] Add support for displaying CLIENT-TAG and SERVER-TAG. [GL #960] 5229. [protocol] Enforce known SSHFP fingerprint lengths. [GL #852] 5228. [cleanup] If trusted-keys and managed-keys are configured simultaneously for the same name, the key cannot be rolled automatically. This configuration now logs a warning. [GL #868] 5224. [bug] Only test provide-ixfr on TCP streams. [GL #991] 5222. [bug] 'delv -t ANY' could leak memory. [GL #983] 5221. [test] Enable parallel execution of system tests on Windows. [GL !4101] 5218. [bug] Conditionally include . [GL #995] 5214. [bug] win32: named now removes its lock file upon shutdown. [GL #979] 5213. [bug] win32: Eliminated a race which allowed named.exe running as a service to be killed prematurely during shutdown. [GL #978] 5210. [bug] When dnstap is enabled and recursion is not available, incoming queries are now logged as "auth". Previously, this depended on whether recursion was requested by the client, not on whether recursion was available. [GL #963] 5209. [bug] When update-check-ksk is true, add_sigs was not considering offline keys, leaving record sets signed with the incorrect type key. [GL #763] 5208. [test] Run valid rdata wire encodings through totext+fromtext and tofmttext+fromtext methods to check these methods. [GL #899] 5207. [test] Check delv and dig TTL values. [GL #965] 5205. [bug] Enforce that a DS hash exists. [GL #899] 5204. [test] Check that dns_rdata_fromtext() produces a record that will be accepted by dns_rdata_fromwire(). [GL #852] 5203. [bug] Enforce whether key rdata exists or not in KEY, DNSKEY, CDNSKEY and RKEY. [GL #899] 5197. [bug] dig could die in best effort mode on multiple SIG(0) records. Similarly on multiple OPT and multiple TSIG records. [GL #920] 5194. [bug] Enforce non empty ZOMEMD hash. [GL #899] 5193. [bug] EID and NIMLOC failed to do multi-line output correctly. [GL #899] 5192. [bug] configure --fips-mode failed. [GL #946] 5191. [port] Darwin: dlzexternal/driver.so was not building. [GL #948] 5189. [cleanup] Remove revoked root DNSKEY from bind.keys. [GL #945] 5187. [test] Set time zone before running any tests in dnstap_test. [GL #940] 5185. [bug] PKCS11 build could fail if ECDSA is not supported. [GL #935] 5184. [bug] Missing unlocks in sdlz.c. [GL #936] 5182. [bug] Fix a high-load race/crash in handling of isc_socket_close() in resolver. [GL #834] 5180. [bug] delv now honors the operating system's preferred ephemeral port range. [GL #925] 5179. [cleanup] Replace some vague type declarations with the more specific dns_secalg_t and dns_dsdigest_t. Thanks to Tony Finch. [GL !1498] 5178. [bug] Handle EDQUOT (disk quota) and ENOSPC (disk full) errors when writing files. [GL #902] 5176. [tests] Remove a dependency on libxml in statschannel system test. [GL #926] 5175. [bug] Fixed a problem with file input in dnssec-keymgr, dnssec-coverage and dnssec-checkds when using python3. [GL #882] 5174. [doc] Tidy dnssec-keygen manual. [GL !1557] 5172. [bug] nsupdate now honors the operating system's preferred ephemeral port range. [GL #905] 5170. [test] Added --with-dlz-filesystem to feature-test. [GL !1587] 5168. [test] Do not crash on shutdown when RPZ fails to load. Also, keep previous version of the database if RPZ fails to load. [GL #813] 5167. [bug] nxdomain-redirect could sometimes lookup the wrong redirect name. [GL #892] @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.2 2018/10/24 11:27:28 jperkin Exp $ d7 1 a7 1 --- configure.orig 2019-05-10 05:03:58.000000000 +0000 d9 1 a9 1 @@@@ -15470,6 +15470,8 @@@@ case $host in d18 1 a18 1 @@@@ -18023,27 +18025,10 @@@@ case "$use_libjson" in d50 1 a50 1 @@@@ -23798,7 +23783,7 @@@@ else d59 1 a59 1 @@@@ -23830,9 +23815,9 @@@@ fi d70 1 a70 1 *) : d72 1 a72 1 @@@@ -24082,8 +24067,8 @@@@ $as_echo "no" >&6; } @ 1.2 log @bind911: Fix build on SunOS. @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.1 2018/09/09 13:11:38 taca Exp $ d7 1 a7 1 --- configure.orig 2018-10-06 01:36:17.000000000 +0000 d9 1 a9 1 @@@@ -15415,6 +15415,8 @@@@ case $host in d18 1 a18 1 @@@@ -17962,27 +17964,10 @@@@ case "$use_libjson" in d50 23 a72 30 @@@@ -23436,7 +23421,7 @@@@ if test "yes" = "$dlopen"; then SO_LD="ld" fi ;; - *-freebsd*|*-openbsd*) + *-dragonfly*|*-freebsd*|*-netbsd*|*-openbsd*) LDFLAGS="${LDFLAGS} -Wl,-E" SO_CFLAGS="-fpic" if test "yes" = "$use_libtool"; then @@@@ -23447,16 +23432,10 @@@@ if test "yes" = "$dlopen"; then SO_LD="${CC}" fi ;; - *-netbsd*) - SO_CFLAGS="-fpic" - SO_LDFLAGS="-Bshareable -x" - SO_LD="ld" - SO_STRIP="sed -e s/-Wl,//g" - ;; *-solaris*) - SO_CFLAGS="-KPIC" - SO_LDFLAGS="-G -z text" - SO_LD="ld" + SO_CFLAGS="-fPIC" + SO_LDFLAGS="-Xcompiler -shared -Wl,-z -Wl,text" + SO_LD="${CC}" ;; *-hp-hpux*) SO=sl @@@@ -23705,8 +23684,8 @@@@ $as_echo "no" >&6; } @ 1.1 log @net/bind911 Add BIND 9.11 package Add bind9.11.4pl1 (BIND 9.11.4-P1) package. Note: named(8) requires writable permission to current directory when start up or the directory specified by "directory" in options statement. BIND, the Berkeley Internet Name Daemon, version 9 is a major rewrite of nearly all aspects of the underlying BIND architecture. Some of the important features of BIND-9 are: - DNS Security - IP version 6 - DNS Protocol Enhancements - Views - Multiprocessor Support - Improved Portability Architecture - Full NSEC3 support - Automatic zone re-signing - New update-policy methods tcp-self and 6to4-self This package contains the BIND 9.11 release. - Catalog Zones, a new method for provisioning servers - "dnstap", a fast and flexible method of capturing and logging DNS traffic. - "dyndb", a new API for loading zone data from an external database - dnssec-keymgr, a new key mainenance utility - mdig, an alternate version of dig utility - And more... @ text @d1 1 a1 1 $NetBSD$ d7 1 a7 1 --- configure.orig 2018-07-24 17:24:11.000000000 +0000 d9 1 a9 1 @@@@ -15270,6 +15270,8 @@@@ case $host in d18 1 a18 1 @@@@ -17817,27 +17819,10 @@@@ case "$use_libjson" in d50 1 a50 1 @@@@ -23345,7 +23330,7 @@@@ if test "yes" = "$dlopen"; then d59 1 a59 1 @@@@ -23356,12 +23341,6 @@@@ if test "yes" = "$dlopen"; then d70 10 a79 3 SO_CFLAGS="-KPIC" SO_LDFLAGS="-G -z text" @@@@ -23614,8 +23593,8 @@@@ $as_echo "no" >&6; } @