bind920: update to version 9.20.13.

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: bind920: update to version 9.20.13.
From: Havard Eidnes (via pkgsrc-wip) <commit-notify%pkgsrc.org@localhost>
Date: Fri, 12 Sep 2025 15:46:14 +0000
Module Name:	pkgsrc-wip
Committed By:	Havard Eidnes <he%NetBSD.org@localhost>
Pushed By:	he
Date:		Fri Sep 12 17:45:09 2025 +0200
Changeset:	4e52dc8fa2b9418eb9d2a7c3fca0ea015077b671

Modified Files:
	bind920/Makefile
	bind920/distinfo

Log Message:
bind920: update to version 9.20.13.

Pkgsrc changes:
 * Basically just checksum updates.

BIND 9.20.13
------------

New Features
~~~~~~~~~~~~

- Add manual mode configuration option to dnsec-policy. ``1e435b107f``

  Add a new option ``manual-mode`` to :any:`dnssec-policy`. The intended
  use is that if it is enabled, it will not automatically move to the
  next state transition, but instead the transition is logged. Only
  after manual confirmation with ``rndc dnssec -step`` the transition is
  made. :gl:`#4606` :gl:`!10880`

- Add a new 'servfail-until-ready' configuration option for RPZ.
  ``925af17d21``

  By default, when :iscman:`named` is started it may start answering to
  queries before the response policy zones are completely loaded and
  processed. This new feature gives an option to the users to tell
  :iscman:`named` that incoming requests should result in SERVFAIL
  answer until all the response policy zones are processed and ready.
  Note that if one or more response policy zones fail to load,
  :iscman:`named` starts responding to queries according to those zones
  that did load.

  Note, that enabling this option has no effect when a DNS Response
  Policy Service (DNSRPS) interface is used. :gl:`#5222` :gl:`!10889`

- Support for parsing HHIT and BRID records has been added.
  ``1f051af24d``

  :gl:`#5444` :gl:`!10932`

Removed Features
~~~~~~~~~~~~~~~~

- Deprecate the "tkey-gssapi-credential" statement. ``b239a70cac``

  The :any:`tkey-gssapi-keytab` statement allows GSS-TSIG to be set up
  in a simpler and more reliable way than using the
  :any:`tkey-gssapi-credential` statement and setting environment
  variables (e.g. ``KRB5_KTNAME``). Therefore, the
  :any:`tkey-gssapi-credential` statement has been deprecated;
  :any:`tkey-gssapi-keytab` should be used instead.

  For configurations currently using a combination of both
  :any:`tkey-gssapi-keytab` *and* :any:`tkey-gssapi-credential`, the
  latter should be dropped and the keytab pointed to by
  :any:`tkey-gssapi-keytab` should now only contain the credential
  previously specified by :any:`tkey-gssapi-credential`. :gl:`#4204`
  :gl:`!10924`

- Obsolete the "tkey-domain" statement. ``9352ae65d7``

  Mark the ``tkey-domain`` statement as obsolete, since it has not had
  any effect on server behavior since support for TKEY Mode 2
  (Diffie-Hellman) was removed (in BIND 9.20.0). :gl:`#4204`
  :gl:`!10926`

Feature Changes
~~~~~~~~~~~~~~~

- Update clang-format style with options added in newer versions.
  ``0c2c477c31``

  Add and apply InsertBraces statement to add missing curly braces
  around one-line statements and use
  ControlStatementsExceptControlMacros for SpaceBeforeParens to remove
  space between foreach macro and the brace, e.g. `FOREACH (x) {`
  becomes `FOREACH(x) {`. :gl:`!10864`

Bug Fixes
~~~~~~~~~

- Ensure file descriptors 0-2 are in use. ``35dee6eb90``

  libuv expect file descriptors <= STDERR_FILENO are in use. otherwise,
  it may abort when closing a file descriptor it opened. :gl:`#5226`
  :gl:`!10908`

- Prevent spurious SERVFAILs for certain 0-TTL resource records.
  ``6b266b222c``

  Under certain circumstances, BIND 9 can return SERVFAIL when updating
  existing entries in the cache with new NS, A, AAAA, or DS records with
  0-TTL. :gl:`#5294` :gl:`!10898`

- Use DNS_RDATACOMMON_INIT to hide branch differences. ``a64df9729b``

  Initialization of the common members of rdata type structures varies
  across branches. Standardize it by using the `DNS_RDATACOMMON_INIT`
  macro for all types, so that new types are more likely to use it, and
  hence backport more cleanly. :gl:`#5467` :gl:`!10834`

- RPZ canonical warning displays zone entry incorrectly. ``d833676515``

  When an IPv6 rpz prefix entry is entered incorrectly the log message
  was just displaying the prefix rather than the full entry.  This has
  been corrected. :gl:`#5491` :gl:`!10930`

- Fix a catalog zone issue when having an unset 'default-primaries'
  configuration clause. ``293e75af28``

  A catalog zone with an unset ``default-primaries`` clause could cause
  an unexpected termination of the :iscman:`named` process after two
  reloading or reconfiguration commands. This has been fixed.
  :gl:`#5494` :gl:`!10905`

- Add and use __attribute__((nonnull)) in dnssec-signzone.c.
  ``a8eed36d3e``

  Clang 20 was spuriously warning about the possibility of passing a
  NULL file pointer to `fprintf()`, which uses the 'nonnull' attribute.
  To silence the warning, the functions calling `fprintf()` have been
  marked with the same attribute to assure that NULL can't be passed to
  them in the first place.

  Close #5487 :gl:`!10913`

- RPZ 'servfail-until-ready': skip updating SERVFAIL cache.
  ``af2fb26325``

  In order to not pollute the SERVFAIL cache with the configured
  SERVFAIL answers while RPZ is loading, set the NS_CLIENTATTR_NOSETFC
  attribute for the client. :gl:`!10940`

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=4e52dc8fa2b9418eb9d2a7c3fca0ea015077b671

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 bind920/Makefile | 2 +-
 bind920/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diffs:
diff --git a/bind920/Makefile b/bind920/Makefile
index 9fb7e9a5c4..dc3b6bcfbf 100644
--- a/bind920/Makefile
+++ b/bind920/Makefile
@@ -15,7 +15,7 @@ CONFLICTS+=	host-[0-9]*
 
 MAKE_JOBS_SAFE=	no
 
-BIND_VERSION=	9.20.12
+BIND_VERSION=	9.20.13
 
 BUILD_DEFS+=	BIND_DIR VARBASE
 
diff --git a/bind920/distinfo b/bind920/distinfo
index 5425004a7b..9bf445a7d3 100644
--- a/bind920/distinfo
+++ b/bind920/distinfo
@@ -1,6 +1,6 @@
 $NetBSD: distinfo,v 1.20 2024/07/23 13:50:32 taca Exp $
 
-BLAKE2s (bind-9.20.12.tar.xz) = 1c4de3d06cf76fa902a0a1378fc287f85d9614b8f472239fb42ec5cd66fd224d
-SHA512 (bind-9.20.12.tar.xz) = a27b8581bebc50822bfa8990323d1bbbb6081ccadf8abc9ce5a6b5945bd26612cce9480766abe127f6e9cda5917717d31a56070dc7719a7cc7495b7d116407ef
-Size (bind-9.20.12.tar.xz) = 5700944 bytes
+BLAKE2s (bind-9.20.13.tar.xz) = d91eff7a1c1527df32852b3f6daabb85e25d17eb322e5470ebc43b37c98ea28b
+SHA512 (bind-9.20.13.tar.xz) = 2e4be2153f80f60b97c0854ce69e5eb5c343713f5544ef6b9b9229d1ba65ba13e092c17170ae5ae328a97d0ccd8cb7c8cc8259baea70827a841d251423bc0a1c
+Size (bind-9.20.13.tar.xz) = 5762540 bytes
 SHA1 (patch-configure.ac) = d3b9bb82c8e164135b93a76d5c53ad40521226e2
Prev by Date: devel/ols: Moved package
Next by Date: wayland: fix build
Previous by Thread: devel/ols: Moved package
Next by Thread: wayland: fix build
Indexes:
Home | Main Index | Thread Index | Old Index