head 1.5; access; symbols pkgsrc-2020Q3:1.3.0.2 pkgsrc-2020Q3-base:1.3; locks; strict; comment @# @; 1.5 date 2020.12.19.16.41.36; author taca; state dead; branches; next 1.4; commitid OO7ochGNlGmCbnAC; 1.4 date 2020.11.26.13.21.51; author taca; state Exp; branches; next 1.3; commitid bWzbMfeMa4LPOoxC; 1.3 date 2020.09.19.13.09.27; author taca; state Exp; branches; next 1.2; commitid 1rrdQRy3EzVhWEoC; 1.2 date 2020.08.30.19.26.45; author christos; state Exp; branches; next 1.1; commitid wf4f0470DucBF7mC; 1.1 date 2020.08.09.15.20.22; author taca; state Exp; branches; next ; commitid pq8lgp6OYL0AYojC; desc @@ 1.5 log @net/bind916: update to 9.16.10 Update bind916 to 9.16.10 (BIND 9.16.10). pkgsrc changes: * Make blocklist/blacklist support really compiled in. * Fix build problem with pkcs11 PKG_OPTIONS and allow to use it. --- 9.16.10 released --- 5544. [func] Restore the default value of "nocookie-udp-size" to 4096 bytes. [GL #2250] 5541. [func] Adjust the "max-recursion-queries" default from 75 to 100. [GL #2305] 5540. [port] Fix building with native PKCS#11 support for AEP Keyper. [GL #2315] 5539. [bug] Tighten handling of missing DNS COOKIE responses over UDP by falling back to TCP. [GL #2275] 5538. [func] Add NSEC3 support to KASP. A new option for "dnssec-policy", "nsec3param", can be used to set the desired NSEC3 parameters. NSEC3 salt collisions are automatically prevented during resalting. Salt generation is now logged with zone context. [GL #1620] 5534. [bug] The CNAME synthesized from a DNAME was incorrectly followed when the QTYPE was CNAME or ANY. [GL #2280] @ text @$NetBSD: patch-configure,v 1.4 2020/11/26 13:21:51 taca Exp $ * Add DragonFly support. * Use proper link options for NetBSD. * Link proper postgresql library. * Take from NetBSD base, adding support for blacklistd. --- configure.orig 2020-10-13 08:41:40.000000000 +0000 +++ configure @@@@ -637,6 +637,10 @@@@ BUILD_LDFLAGS BUILD_CPPFLAGS BUILD_CFLAGS BUILD_CC +BLACKLISTLINKOBJS +BLACKLISTLINKSRCS +BLOCKLISTLINKOBJS +BLOCKLISTLINKSRCS DLZ_DRIVER_MYSQL_LIBS DLZ_DRIVER_MYSQL_INCLUDES DLZ_SYSTEM_TEST @@@@ -730,6 +734,8 @@@@ JSON_C_LIBS JSON_C_CFLAGS LIBXML2_LIBS LIBXML2_CFLAGS +LIBUV_LIBS +LIBUV_CFLAGS NZD_MANS NZDTARGETS NZDSRCS @@@@ -1719,6 +1725,8 @@@@ Optional Packages: --with-dlz-stub=ARG Build with stub DLZ driver [yes|no]. (Required to use stub driver with DLZ) --with-make-clean run "make clean" at end of configure [yes|no] + --with-blacklist Build with blacklist + --with-blocklist Build with blocklist Some influential environment variables: CC C compiler command @@@@ -3917,7 +3925,7 @@@@ fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h + inttypes.h stdint.h unistd.h blacklist.h blocklist.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@@@ -22499,7 +22507,7 @@@@ else fi ;; #( - *-freebsd*|*-openbsd*|*-netbsd*) : + *-dragonfly*|*-freebsd*|*-openbsd*|*-netbsd*) : LDFLAGS="${LDFLAGS} -Wl,-E" SO_CFLAGS="-fpic" @@@@ -22531,9 +22539,9 @@@@ fi ;; #( *-solaris*) : - SO_CFLAGS="-KPIC" - SO_LDFLAGS="-G -z text" - SO_LD="ld" + SO_CFLAGS="-fPIC" + SO_LDFLAGS="-Xcompiler -shared -Wl,-z -Wl,text" + SO_LD="${CC}" ;; #( ia64-hp-hpux*) : @@@@ -22974,8 +22982,8 @@@@ $as_echo "no" >&6; } fi if test -n "-L$use_dlz_postgres_lib -lpq" then - DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L$use_dlz_postgres_lib -lpq" - DLZ_DRIVER_POSTGRES_LIBS="-L$use_dlz_postgres_lib -lpq" + DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L${PREFIX}/lib -lpq" + DLZ_DRIVER_POSTGRES_LIBS="-L${PREFIX}/lib -lpq" fi @@@@ -26182,6 +26190,8 @@@@ report() { test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$LIBXML2_LIBS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSON_C_LIBS" = "X" || echo " JSON statistics (--with-json-c): $JSON_C_CFLAGS $JSON_C_LIBS" + test "X$BLACKLIST" = "X" || echo " blacklist support (--with-blacklist)" + test "X$BLOCKLIST" = "X" || echo " blocklist support (--with-blocklist)" test "X$ZLIB_LIBS" = "X" || echo " HTTP zlib compression (--with-zlib)" test "X$NZD_TOOLS" = "X" || echo " LMDB database to store configuration for 'addzone' zones (--with-lmdb)" test "no" = "$with_libidn2" || echo " IDN support (--with-libidn2)" @@@@ -26260,6 +26270,8 @@@@ report() { test "X$PYTHON" = "X" && echo " Python tools (--with-python)" test "X$LIBXML2_LIBS" = "X" && echo " XML statistics (--with-libxml2)" test "X$JSON_C_LIBS" = "X" && echo " JSON statistics (--with-json-c)" + test "X$BLACKLIST" = "X" && echo " blacklist support (--with-blacklist)" + test "X$BLOCKLIST" = "X" && echo " blocklist support (--with-blocklist)" test "X$ZLIB_LIBS" = "X" && echo " HTTP zlib compression (--with-zlib)" test "X$NZD_TOOLS" = "X" && echo " LMDB database to store configuration for 'addzone' zones (--with-lmdb)" test "no" = "$with_libidn2" && echo " IDN support (--with-libidn2)" @ 1.4 log @net/bind916: update to 9.16.9 --- 9.16.9 released --- 5533. [func] Add the "stale-refresh-time" option, a time window that starts after a failed lookup, during which a stale RRset is served directly from cache before a new attempt to refresh it is made. [GL #2066] 5530. [bug] dnstap did not capture responses to forwarded UPDATE requests. [GL #2252] 5527. [bug] A NULL pointer dereference occurred when creating an NTA recheck query failed. [GL #2244] 5525. [bug] Change 5503 inadvertently broke cross-compilation by replacing a call to AC_LINK_IFELSE() with a call to AC_RUN_IFELSE() in configure.ac. This has been fixed, making cross-compilation possible again. [GL #2237] 5523. [bug] The initial lookup in a zone transitioning to/from a signed state could fail if the DNSKEY RRset was not found. [GL #2236] 5522. [bug] Fixed a race/NULL dereference in TCPDNS send. [GL #2227] 5520. [bug] Fixed a number of shutdown races, reference counting errors, and spurious log messages that could occur in the network manager. [GL #2221] 5518. [bug] Stub zones now work correctly with primary servers using "minimal-responses yes". [GL #1736] 5517. [bug] Do not treat UV_EOF as a TCP4RecvErr or a TCP6RecvErr. [GL #2208] --- 9.16.8 released --- 5516. [func] The default EDNS buffer size has been changed from 4096 to 1232 bytes. [GL #2183] 5515. [func] Add 'rndc dnssec -rollover' command to trigger a manual rollover for a specific key. [GL #1749] 5514. [bug] Fix KASP expected key size for Ed25519 and Ed448. [GL #2171] 5513. [doc] The ARM section describing the "rrset-order" statement was rewritten to make it unambiguous and up-to-date with the source code. [GL #2139] 5512. [bug] "rrset-order" rules using "order none" were causing named to crash despite named-checkconf treating them as valid. [GL #2139] 5511. [bug] 'dig -u +yaml' failed to display timestamps to the microsecond. [GL #2190] 5510. [bug] Implement the attach/detach semantics for dns_message_t to fix a data race in accessing an already-destroyed fctx->rmessage. [GL #2124] 5509. [bug] filter-aaaa: named crashed upon shutdown if it was in the process of recursing for A RRsets. [GL #1040] 5508. [func] Added new parameter "-expired" for "rndc dumpdb" that also prints expired RRsets (awaiting cleanup) to the dump file. [GL #1870] 5507. [bug] Named could compute incorrect SIG(0) responses. [GL #2109] 5506. [bug] Properly handle failed sysconf() calls, so we don't report invalid memory size. [GL #2166] 5505. [bug] Updating contents of a mixed-case RPZ could cause some rules to be ignored. [GL #2169] 5503. [bug] Cleaned up reference counting of network manager handles, now using isc_nmhandle_attach() and _detach() instead of _ref() and _unref(). [GL #2122] @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.3 2020/09/19 13:09:27 taca Exp $ @ 1.3 log @net/bind916: update to 9.16.7 Update bind916 pacakge to 9.16.7. --- 9.16.7 released --- 5501. [func] Log CDS/CDNSKEY publication. [GL #1748] 5500. [bug] Fix (non-)publication of CDS and CDNSKEY records. [GL #2103] 5499. [func] Add '-P ds' and '-D ds' arguments to dnssec-settime. [GL #1748] 5497. [bug] 'dig +bufsize=0' failed to disable EDNS. [GL #2054] 5496. [bug] Address a TSAN report by ensuring each rate limiter object holds a reference to its task. [GL #2081] 5495. [bug] With query minimization enabled, named failed to resolve ip6.arpa. names that had extra labels to the left of the IPv6 part. [GL #1847] 5494. [bug] Silence the EPROTO syslog message on older systems. [GL #1928] 5493. [bug] Fix off-by-one error when calculating new hash table size. [GL #2104] 5492. [bug] Tighten LOC parsing to reject a period (".") and/or "m" as a value. Fix handling of negative altitudes which are not whole meters. [GL #2074] 5491. [bug] rbtversion->glue_table_size could be read without the appropriate lock being held. [GL #2080] 5489. [bug] Named erroneously accepted certain invalid resource records that were incorrectly processed after subsequently being written to disk and loaded back, as the wire format differed. Such records include: CERT, IPSECKEY, NSEC3, NSEC3PARAM, NXT, SIG, TLSA, WKS, and X25. [GL !3953] 5488. [bug] NTA code needed to have a weak reference on its associated view to prevent the latter from being deleted while NTA tests were being performed. [GL #2067] 5486. [func] Add 'rndc dnssec -checkds' command, which signals to named that the DS record for a given zone or key has been updated in the parent zone. [GL #1613] @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.2 2020/08/30 19:26:45 christos Exp $ d8 1 a8 1 --- configure.orig 2020-09-04 10:44:49.000000000 +0000 d21 1 a21 1 @@@@ -732,6 +736,8 @@@@ JSON_C_LIBS d30 1 a30 1 @@@@ -1721,6 +1727,8 @@@@ Optional Packages: d39 1 a39 1 @@@@ -3919,7 +3927,7 @@@@ fi d48 1 a48 267 @@@@ -18454,7 +18462,265 @@@@ esac +# +# was --with-blacklist specified? +# +BLACKLISTLINKOBJS= +BLACKLISTLINKSRCS= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for blacklist library" >&5 +$as_echo_n "checking for blacklist library... " >&6; } + +# Check whether --with-blacklist was given. +if test "${with_blacklist+set}" = set; then : + withval=$with_blacklist; with_blacklist="$withval" +else + with_blacklist="auto" +fi + + +have_blacklist="" +case "$with_blacklist" in + no) + ;; + auto|yes) + for d in /usr /usr/local /opt/local + do + if test -f "${d}/include/blacklist.h" + then + if test ${d} != /usr + then + blacklist_cflags="-I ${d}/include" + LIBS="$LIBS -L${d}/lib" + fi + have_blacklist="yes" + fi + done + ;; + *) + if test -f "${with_blacklist}/include/blacklist.h" + then + blacklist_cflags="-I${with_blacklist}/include" + LIBS="$LIBS -L${with_blacklist}/lib" + have_blacklist="yes" + else + as_fn_error $? "$with_blacklist/include/blacklist.h not found." "$LINENO" 5 + fi + ;; +esac + +if test "X${have_blacklist}" != "X" +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing blacklist" >&5 +$as_echo_n "checking for library containing blacklist... " >&6; } +if ${ac_cv_search_blacklist+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char blacklist_open(void); +int +main () +{ +return blacklist_open(); + ; + return 0; +} +_ACEOF +for ac_lib in '' blacklist; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_blacklist=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_blacklist+:} false; then : + break +fi +done +if ${ac_cv_search_blacklist+:} false; then : + +else + ac_cv_search_blacklist=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_blacklist" >&5 +$as_echo "$ac_cv_search_blacklist" >&6; } +ac_res=$ac_cv_search_blacklist +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + as_fn_error $? "found blacklist include but not library." "$LINENO" 5 + have_blacklist="" +fi + +elif test "X$with_blacklist" = Xyes +then + as_fn_error $? "include/blacklist.h not found." "$LINENO" 5 +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + +BLACKLIST= +if test "X${have_blacklist}" != "X" +then + CFLAGS="$CFLAGS $blacklist_cflags" + +$as_echo "#define HAVE_BLACKLIST 1" >>confdefs.h + + BLACKLIST=1 + BLACKLISTLINKSRCS='${BLACKLISTLINKSRCS}' + BLACKLISTLINKOBJS='${BLACKLISTLINKOBJS}' +fi + +# +# was --with-blocklist specified? +# +BLOCKLISTLINKOBJS= +BLOCKLISTLINKSRCS= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for blocklist library" >&5 +$as_echo_n "checking for blocklist library... " >&6; } + +# Check whether --with-blocklist was given. +if test "${with_blocklist+set}" = set; then : + withval=$with_blocklist; with_blocklist="$withval" +else + with_blocklist="auto" +fi + + +have_blocklist="" +case "$with_blocklist" in + no) + ;; + auto|yes) + for d in /usr /usr/local /opt/local + do + if test -f "${d}/include/blocklist.h" + then + if test ${d} != /usr + then + blocklist_cflags="-I ${d}/include" + LIBS="$LIBS -L${d}/lib" + fi + have_blocklist="yes" + fi + done + ;; + *) + if test -f "${with_blocklist}/include/blocklist.h" + then + blocklist_cflags="-I${with_blocklist}/include" + LIBS="$LIBS -L${with_blocklist}/lib" + have_blocklist="yes" + else + as_fn_error $? "$with_blocklist/include/blocklist.h not found." "$LINENO" 5 + fi + ;; +esac + +if test "X${have_blocklist}" != "X" +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing blocklist" >&5 +$as_echo_n "checking for library containing blocklist... " >&6; } +if ${ac_cv_search_blocklist+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char blocklist_open(void); +int +main () +{ +return blocklist_open(); + ; + return 0; +} +_ACEOF +for ac_lib in '' blocklist; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_blocklist=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_blocklist+:} false; then : + break +fi +done +if ${ac_cv_search_blocklist+:} false; then : + +else + ac_cv_search_blocklist=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_blocklist" >&5 +$as_echo "$ac_cv_search_blocklist" >&6; } +ac_res=$ac_cv_search_blocklist +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + as_fn_error $? "found blocklist include but not library." "$LINENO" 5 + have_blocklist="" +fi + +elif test "X$with_blocklist" = Xyes +then + as_fn_error $? "include/blocklist.h not found." "$LINENO" 5 +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + +BLOCKLIST= +if test "X${have_blocklist}" != "X" +then + CFLAGS="$CFLAGS $blocklist_cflags" + +$as_echo "#define HAVE_BLOCKLIST 1" >>confdefs.h + BLOCKLIST=1 + BLOCKLISTLINKSRCS='${BLOCKLISTLINKSRCS}' + BLOCKLISTLINKOBJS='${BLOCKLISTLINKOBJS}' +fi # Check whether --with-zlib was given. if test "${with_zlib+set}" = set; then : withval=$with_zlib; @@@@ -22586,7 +22852,7 @@@@ else d57 1 a57 1 @@@@ -22618,9 +22884,9 @@@@ fi d70 1 a70 1 @@@@ -23049,8 +23315,8 @@@@ $as_echo "no" >&6; } d81 1 a81 1 @@@@ -26255,6 +26523,8 @@@@ report() { d90 1 a90 1 @@@@ -26333,6 +26603,8 @@@@ report() { @ 1.2 log @add support for both blacklist and blocklist @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.1 2020/08/09 15:20:22 taca Exp $ d8 3 a10 3 --- configure.orig 2020-07-03 06:44:14.000000000 -0400 +++ configure 2020-08-30 15:10:37.131653135 -0400 @@@@ -637,6 +637,10 @@@@ d21 1 a21 1 @@@@ -732,6 +736,8 @@@@ d30 1 a30 1 @@@@ -1719,6 +1725,8 @@@@ d39 1 a39 1 @@@@ -3917,7 +3925,7 @@@@ d48 1 a48 1 @@@@ -18385,7 +18393,265 @@@@ d314 1 a314 1 @@@@ -22517,7 +22783,7 @@@@ d323 1 a323 1 @@@@ -22549,9 +22815,9 @@@@ d336 1 a336 1 @@@@ -22980,8 +23246,8 @@@@ d347 1 a347 10 @@@@ -24465,6 +24731,8 @@@@ case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + : Avoid regenerating within pkgsrc + exit 0 ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; @@@@ -26186,6 +26454,8 @@@@ d356 1 a356 1 @@@@ -26264,6 +26534,8 @@@@ @ 1.1 log @net/bind916: add version 9.16.5 package Add bind916 version 9.16.5 package (BIND 9.16.5). BIND, the Berkeley Internet Name Daemon. This package contains the BIND 9.16 release. * New dnssec-policy statement to configure a key and signing policy for zones, enabling automatic key regeneration and rollover. * New network manager based on libuv. * Added support for the new GeoIP2 geolocation API, libmaxminddb. * Improved DNSSEC trust anchor configuration using the trust-anchors statement, permitting configuration of trust anchors in DS as well as DNSKEY format. * YAML output for dig, mdig, and delv. @ text @d1 1 a1 1 $NetBSD$ d8 3 a10 3 --- configure.orig 2020-07-03 10:44:14.000000000 +0000 +++ configure @@@@ -637,6 +637,8 @@@@ BUILD_LDFLAGS d16 2 d21 1 a21 1 @@@@ -732,6 +734,8 @@@@ JSON_C_LIBS d30 1 a30 1 @@@@ -1719,6 +1723,7 @@@@ Optional Packages: d35 1 d39 1 a39 1 @@@@ -3917,7 +3922,7 @@@@ fi d44 1 a44 1 + inttypes.h stdint.h unistd.h blacklist.h d48 1 a48 1 @@@@ -18385,6 +18390,135 @@@@ esac d181 125 d307 4 d313 2 a314 1 @@@@ -22517,7 +22651,7 @@@@ else d323 1 a323 1 @@@@ -22549,9 +22683,9 @@@@ fi d336 1 a336 1 @@@@ -22980,8 +23114,8 @@@@ $as_echo "no" >&6; } d347 10 a356 1 @@@@ -26186,6 +26320,7 @@@@ report() { d361 1 d365 1 a365 1 @@@@ -26264,6 +26399,7 @@@@ report() { d370 1 @