pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bind920: update to BIND version 9.20.1:
Module Name: pkgsrc-wip
Committed By: Havard Eidnes <he%NetBSD.org@localhost>
Pushed By: he
Date: Sat Aug 24 18:27:14 2024 +0000
Changeset: ef7201b7226bdea46d75b99113c77a8b39178ee1
Modified Files:
bind920/DESCR
bind920/Makefile
bind920/distinfo
Log Message:
bind920: update to BIND version 9.20.1:
Pkgsrc changes:
* Fix DESCR to say this is BIND 9.20
* Version + checksums.
Upstream changes:
BIND 9.20.1
-----------
New Features
~~~~~~~~~~~~
- Tighten 'max-recursion-queries' and add 'max-query-restarts' option.
``42e70b0f0e``
There were cases in resolver.c when the `max-recursion-queries` quota
was ineffective. It was possible to craft zones that would cause a
resolver to waste resources by sending excessive queries while
attempting to resolve a name. This has been addressed by correcting
errors in the implementation of `max-recursion-queries`, and by
reducing the default value from 100 to 32.
In addition, a new `max-query-restarts` option has been added which
limits the number of times a recursive server will follow CNAME or
DNAME records before terminating resolution. This was previously a
hard-coded limit of 16, and now defaults to 11. :gl:`#4741`
:gl:`!9282`
- Implement rndc retransfer -force. ``008bfb6249``
A new optional argument '-force' has been added to the command channel
command 'rndc retransfer'. When it is specified, named aborts the
ongoing zone transfer (if there is one), and starts a new transfer.
:gl:`#2299` :gl:`!9219`
- Generate changelog from git log. ``cf60eb2738``
Use a single source of truth, the git log, to generate the list of
CHANGES. Use the .rst format and include it in the ARM for a quick
reference with proper gitlab links to issues and merge requests.
:gl:`#75` :gl:`!9180`
Feature Changes
~~~~~~~~~~~~~~~
- Call rcu_barrier() in the isc_mem_destroy() just once. ``e00b13ac6e``
The previous work in this area was led by the belief that we might be
calling call_rcu() from within call_rcu() callbacks. After carefully
checking all the current callback, it became evident that this is not
the case and the problem isn't enough rcu_barrier() calls, but
something entirely else.
Call the rcu_barrier() just once as that's enough and the multiple
rcu_barrier() calls will not hide the real problem anymore, so we can
find it. :gl:`!9247`
- Don't open route socket if we don't need it. ``4f369af51e``
When automatic-interface-scan is disabled, the route socket was still
being opened. Add new API to connect / disconnect from the route
socket only as needed.
Additionally, move the block that disables periodic interface rescans
to a place where it actually have access to the configuration values.
Previously, the values were being checked before the configuration was
loaded. :gl:`!9239`
- Allow shorter resolver-query-timeout configuration. ``840e56a979``
The minimum allowed value of 'resolver-query-timeout' was lowered to
301 milliseconds instead of the earlier 10000 milliseconds (which is
the default). As earlier, values less than or equal to 300 are
converted to seconds before applying the limit. :gl:`#4320`
:gl:`!9220`
- Replace `#define DNS_GETDB_` with struct of bools. ``6d1fdb8505``
Replace `#define DNS_GETDB_` with struct of bools to make it easier to
pretty-print the attributes in a debugger. :gl:`#4559` :gl:`!9205`
- Fix data race in clean_finds_at_name. ``be1e649974``
Stop updating `find.result_v4` and `find.result_v4` in
`clean_finds_at_name`. The values are supposed to be
static. :gl:`#4118` :gl:`!9197`
Bug Fixes
~~~~~~~~~
- Reconfigure catz member zones during named reconfiguration.
``9a0c59c89a``
During a reconfiguration named wasn't reconfiguring catalog zones'
member zones. This has been fixed. :gl:`#4733`
- Disassociate the SSL object from the cached SSL_SESSION.
``54b24fb015``
When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.
Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions. :gl:`#4834` :gl:`!9274`
- Attach/detach to the listening child socket when accepting TLS.
``24ac7a7cd2``
When TLS connection (TLSstream) connection was accepted, the children
listening socket was not attached to sock->server and thus it could
have been freed before all the accepted connections were actually
closed.
In turn, this would cause us to call isc_tls_free() too soon - causing
cascade errors in pending SSL_read_ex() in the accepted connections.
Properly attach and detach the children listening socket when
accepting and closing the server connections. :gl:`#4833` :gl:`!9273`
- Fix --enable-tracing build on systems without dtrace. ``d8d49c9340``
Missing file util/dtrace.sh prevented builds on system without dtrace
utility. This has been corrected.
- Make hypothesis optional for system tests. ``c5f1cb8a04``
Ensure that system tests can be executed without Python hypothesis
package. :gl:`#4831` :gl:`!9267`
- Dig now reports missing query section for opcode QUERY. ``b277a6f1f0``
Query responses should contain the question section with some
exceptions. Dig was not reporting this. :gl:`#4808` :gl:`!9269`
- Fix assertion failure in the glue cache. ``f8a0c0bed6``
Fix an assertion failure that could happen as a result of data race
between free_gluetable() and addglue() on the same headers.
:gl:`#4691` :gl:`!9256`
- Don't use 'create' flag unnecessarily in findnode() ``4281aaab45``
when searching the cache for a node so that we can delete an rdataset,
it isn't necessary to set the 'create' flag. if the node doesn't exist
yet, we won't be able to delete anything from it anyway. :gl:`!9253`
- Raise the log level of priming failures. ``074c7cc12c``
When a priming query is complete, it's currently logged at level
ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising
it to ISC_LOG_NOTICE in the case of failure. [GL #3516] :gl:`#3516`
:gl:`!9250`
- Fix assertion failure when checking named-checkconf version.
``42e84e4b97``
Checking the version of `named-checkconf` would end with assertion
failure. This has been fixed. :gl:`#4827` :gl:`!9246`
- Valid TSIG signatures with invalid time cause crash. ``2438db2eae``
An assertion failure triggers when the TSIG has valid cryptographic
signature, but the time is invalid. This can happen when the times
between the primary and secondary servers are not synchronised.
:gl:`#4811` :gl:`!9245`
- Don't skip the counting if fcount_incr() is called with force==true.
``9cd2880a82``
The fcount_incr() was incorrectly skipping the accounting for the
fetches-per-zone if the force argument was set to true. We want to
skip the accounting only when the fetches-per-zone is completely
disabled, but for individual names we need to do the accounting even
if we are forcing the result to be success. :gl:`#4786` :gl:`!9241`
- Don't skip the counting if fcount_incr() is called with force==true
(v2) ``1db5c6a0d3``
The fcount_incr() was not increasing counter->count when force was set
to true, but fcount_decr() would try to decrease the counter leading
to underflow and assertion failure. Swap the order of the arguments
in the condition, so the !force is evaluated after incrementing the
.count. :gl:`#4846` :gl:`!9299`
- Fix PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP usage.
``46caf5f4a4``
The PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP are
usually not defines, but enum values, so simple preprocessor check
doesn't work.
Check for PTHREAD_MUTEX_ADAPTIVE_NP from the autoconf
AS_COMPILE_IFELSE block and define HAVE_PTHREAD_MUTEX_ADAPTIVE_NP.
This should enable adaptive mutex on Linux and FreeBSD.
As PTHREAD_MUTEX_ERRORCHECK actually comes from POSIX and Linux glibc
does define it when compatibility macros are being set, we can just
use PTHREAD_MUTEX_ERRORCHECK instead of PTHREAD_MUTEX_ERRORCHECK_NP.
:gl:`!9240`
- Remove extra newline from yaml output. ``53738634c3``
I split this into two commits, one for the actual newline removal, and
one for issues I found, ruining the yaml output when some errors were
outputted.
- CID 498025 and CID 498031: Overflowed constant INTEGER_OVERFLOW.
``b6298b394e``
Add INSIST to fail if the multiplication would cause the variables to
overflow. :gl:`#4798` :gl:`!9229`
- Remove unnecessary operations. ``067f87f158``
Decrementing optlen immediately before calling continue is unneccesary
and inconsistent with the rest of dns_message_pseudosectiontoyaml and
dns_message_pseudosectiontotext. Coverity was also reporting an
impossible false positive overflow of optlen (CID 499061). :gl:`!9223`
- Fix generation of 6to4-self name expansion from IPv4 address.
``00ce93a69c``
The period between the most significant nibble of the encoded IPv4
address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the
wrong name being checked. Add system test for 6to4-self
implementation. :gl:`#4766` :gl:`!9217`
- Fix false QNAME minimisation error being reported. ``fb07c38697``
Remove the false positive "success resolving" log message when QNAME
minimisation is in effect and the final result is NXDOMAIN.
:gl:`#4784` :gl:`!9215`
- Dig +yaml was producing unexpected and/or invalid YAML output.
``a42afbce2e``
:gl:`#4796` :gl:`!9213`
- SVBC alpn text parsing failed to reject zero length alpn.
``1a1413ff59``
:gl:`#4775` :gl:`!9209`
- Return SERVFAIL for a too long CNAME chain. ``d7e5f7903d``
When cutting a long CNAME chain, named was returning NOERROR instead
of SERVFAIL (alongside with a partial answer). This has been fixed.
:gl:`#4449` :gl:`!9203`
- Properly calculate the amount of system memory. ``c63b7fad49``
On 32 bit machines isc_meminfo_totalphys could return an incorrect
value. :gl:`#4799` :gl:`!9199`
- Update key lifetime and metadata after dnssec-policy reconfig.
``a5f554959e``
Adjust key state and timing metadata if dnssec-policy key lifetime
configuration is updated, so that it also affects existing keys.
:gl:`#4677` :gl:`!9191`
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=ef7201b7226bdea46d75b99113c77a8b39178ee1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
bind920/DESCR | 2 +-
bind920/Makefile | 2 +-
bind920/distinfo | 6 +++---
3 files changed, 5 insertions(+), 5 deletions(-)
diffs:
diff --git a/bind920/DESCR b/bind920/DESCR
index 389254b187..f493cf283d 100644
--- a/bind920/DESCR
+++ b/bind920/DESCR
@@ -2,5 +2,5 @@ BIND, the Berkeley Internet Name Daemon.
Release notes are available via https://bind9.readthedocs.io/en/
-This package contains the BIND 9.18 release. Upstream labels it
+This package contains the BIND 9.20 release. Upstream labels it
as supported.
diff --git a/bind920/Makefile b/bind920/Makefile
index cbfddd564f..12c1a610c5 100644
--- a/bind920/Makefile
+++ b/bind920/Makefile
@@ -15,7 +15,7 @@ CONFLICTS+= host-[0-9]*
MAKE_JOBS_SAFE= no
-BIND_VERSION= 9.20.0
+BIND_VERSION= 9.20.1
BUILD_DEFS+= BIND_DIR VARBASE
diff --git a/bind920/distinfo b/bind920/distinfo
index 178c688d86..818752c3ea 100644
--- a/bind920/distinfo
+++ b/bind920/distinfo
@@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.20 2024/07/23 13:50:32 taca Exp $
-BLAKE2s (bind-9.20.0.tar.xz) = 72d36220b98533a0d386e5648c2da5944df5f0f170c07725d3cb97b42994caf9
-SHA512 (bind-9.20.0.tar.xz) = 38dcb5d401b357127f11af521594daf2a7df1fbf444f80a823d10d1077903a59faac4299f925ad77283610c54c816ac0f53edb6d1cdb664abc36368457840e55
-Size (bind-9.20.0.tar.xz) = 5760416 bytes
+BLAKE2s (bind-9.20.1.tar.xz) = 1fd3ee4303f45f6ec89c9a6e4f5057f2a703e56d8ab33c78af6fd8fdfdced403
+SHA512 (bind-9.20.1.tar.xz) = 4d410da58bd4e4b7c17961fd026014c330811e4a906e9d6db63419c7347815c6634ffc4ef97513a361add13419ee70ba814c97b583e85d2df89438b9d937d657
+Size (bind-9.20.1.tar.xz) = 5789604 bytes
SHA1 (patch-bin_named_include_named_os.h) = d14f7e2e6c45c6a6879a9b7900a9f0348975bbe7
SHA1 (patch-bin_named_os.c) = 9496ffdb0cbc225222161f41e6fcb7d494d430cc
SHA1 (patch-bin_named_server.c) = 7fa9617cbeb6eaa85a73422311319fdb62c18fe6
Home |
Main Index |
Thread Index |
Old Index