CVS commit: pkgsrc/net/bind918

["Havard Eidnes" <he%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   he
Date:           Sat Aug 24 10:18:18 UTC 2024

Modified Files:
        pkgsrc/net/bind918: Makefile distinfo

Log Message:
net/bind: update to version 9.18.29.

Pkgsrc changes:
 * None (just version + checksums)

Upstream changes:

BIND 9.18.29
------------

New Features
~~~~~~~~~~~~

- Tighten 'max-recursion-queries' and add 'max-query-restarts' option.
  ``fe3ae71e90``

  There were cases in resolver.c when the `max-recursion-queries` quota
  was ineffective. It was possible to craft zones that would cause a
  resolver to waste resources by sending excessive queries while
  attempting to resolve a name. This has been addressed by correcting
  errors in the implementation of `max-recursion-queries`, and by
  reducing the default value from 100 to 32.

  In addition, a new `max-query-restarts` option has been added which
  limits the number of times a recursive server will follow CNAME or
  DNAME records before terminating resolution. This was previously a
  hard-coded limit of 16, and now defaults to 11.   :gl:`#4741`
  :gl:`!9283`

- Generate changelog from git log. ``21a0b6aef7``

  Use a single source of truth, the git log, to generate the list of
  CHANGES. Use the .rst format and include it in the ARM for a quick
  reference with proper gitlab links to issues and merge requests.
  :gl:`#75` :gl:`!9181`

Feature Changes
~~~~~~~~~~~~~~~

- Use _exit() in the fatal() function. ``e4c483f45f``

  Since the fatal() isn't a correct but rather abrupt termination of the
  program, we want to skip the various atexit() calls because not all
  memory might be freed during fatal() call, etc.  Using _exit() instead
  of exit() has this effect - the program will end, but no destructors
  or atexit routines will be called. :gl:`!9263`

- Fix data race in clean_finds_at_name. ``541726871d``

  Stop updating `find.result_v4` and `find.result_v4` in
  `clean_finds_at_name`. The values are supposed to be
  static. :gl:`#4118` :gl:`!9198`

Bug Fixes
~~~~~~~~~

- Reconfigure catz member zones during named reconfiguration.
  ``944d0dc942``

  During a reconfiguration named wasn't reconfiguring catalog zones'
  member zones. This has been fixed. :gl:`#4733`

- Disassociate the SSL object from the cached SSL_SESSION.
  ``64fde41253``

  When the SSL object was destroyed, it would invalidate all SSL_SESSION
  objects including the cached, but not yet used, TLS session objects.

  Properly disassociate the SSL object from the SSL_SESSION before we
  store it in the TLS session cache, so we can later destroy it without
  invalidating the cached TLS sessions. :gl:`#4834` :gl:`!9279`

- Attach/detach to the listening child socket when accepting TLS.
  ``3ead47daff``

  When TLS connection (TLSstream) connection was accepted, the children
  listening socket was not attached to sock->server and thus it could
  have been freed before all the accepted connections were actually
  closed.

  In turn, this would cause us to call isc_tls_free() too soon - causing
  cascade errors in pending SSL_read_ex() in the accepted connections.

  Properly attach and detach the children listening socket when
  accepting and closing the server connections. :gl:`#4833` :gl:`!9278`

- Make hypothesis optional for system tests. ``0d1953d7a8``

  Ensure that system tests can be executed without Python hypothesis
  package. :gl:`#4831` :gl:`!9268`

- Don't loop indefinitely when isc_task quantum is 'unlimited'
  ``674420df64``

  Don't run more events than already scheduled.  If the quantum is set
  to a high value, the task_run() would execute already scheduled, and
  all new events that result from running event->ev_action().

  Setting quantum to a number of scheduled events will postpone events
  scheduled after we enter the loop here to the next task_run()
  invocation. :gl:`!9257`

- Raise the log level of priming failures. ``c948babeeb``

  When a priming query is complete, it's currently logged at level
  ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising
  it to ISC_LOG_NOTICE in the case of failure. [GL #3516] :gl:`#3516`
  :gl:`!9251`

- Add a compatibility shim for older libuv versions (< 1.19.0)
  ``61ff983f00``

  The uv_stream_get_write_queue_size() is supported only in relatively
  newer versions of libuv (1.19.0 or higher).  Provide a compatibility
  shim for this function , so BIND 9 can be built in environments with
  older libuv version.

- Remove extra newline from yaml output. ``1222dbe9f9``

  I split this into two commits, one for the actual newline removal, and
  one for issues I found, ruining the yaml output when some errors were
  outputted.

- CID 498025 and CID 498031: Overflowed constant INTEGER_OVERFLOW.
  ``bbdd888b8e``

  Add INSIST to fail if the multiplication would cause the variables to
  overflow. :gl:`#4798` :gl:`!9230`

- Remove unnecessary operations. ``2374a1a2bd``

  Decrementing optlen immediately before calling continue is unneccesary
  and inconsistent with the rest of dns_message_pseudosectiontoyaml and
  dns_message_pseudosectiontotext.  Coverity was also reporting an
  impossible false positive overflow of optlen (CID 499061). :gl:`!9224`

- Fix generation of 6to4-self name expansion from IPv4 address.
  ``df55c15ebb``

  The period between the most significant nibble of the encoded IPv4
  address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the
  wrong name being checked. Add system test for 6to4-self
  implementation. :gl:`#4766` :gl:`!9218`

- Fix false QNAME minimisation error being reported. ``4984afc80c``

  Remove the false positive "success resolving" log message when QNAME
  minimisation is in effect and the final result is NXDOMAIN.
  :gl:`#4784` :gl:`!9216`

- Dig +yaml was producing unexpected and/or invalid YAML output.
  ``2db62a4dba``

  :gl:`#4796` :gl:`!9214`

- SVBC alpn text parsing failed to reject zero length alpn.
  ``8f7be89052``

  :gl:`#4775` :gl:`!9210`

- Return SERVFAIL for a too long CNAME chain. ``f7de909b98``

  When cutting a long CNAME chain, named was returning NOERROR  instead
  of SERVFAIL (alongside with a partial answer). This has been fixed.
  :gl:`#4449` :gl:`!9204`

- Properly calculate the amount of system memory. ``9faf355a5c``

  On 32 bit machines isc_meminfo_totalphys could return an incorrect
  value. :gl:`#4799` :gl:`!9200`

- Update key lifetime and metadata after dnssec-policy reconfig.
  ``2107a64ee6``

  Adjust key state and timing metadata if dnssec-policy key lifetime
  configuration is updated, so that it also affects existing keys.
  :gl:`#4677` :gl:`!9192`

- Fix dig +timeout argument when using +https. ``381d6246d6``

  The +timeout argument was not used on DoH connections. This has been
  fixed.  :gl:`#4806` :gl:`!9161`


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/net/bind918/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/bind918/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/bind918/Makefile
diff -u pkgsrc/net/bind918/Makefile:1.35 pkgsrc/net/bind918/Makefile:1.36
--- pkgsrc/net/bind918/Makefile:1.35    Wed Jul 31 20:54:37 2024
+++ pkgsrc/net/bind918/Makefile Sat Aug 24 10:18:18 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.35 2024/07/31 20:54:37 markd Exp $
+# $NetBSD: Makefile,v 1.36 2024/08/24 10:18:18 he Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P/pl/}
@@ -15,7 +15,7 @@ CONFLICTS+=   host-[0-9]*
 
 MAKE_JOBS_SAFE=        no
 
-BIND_VERSION=  9.18.28
+BIND_VERSION=  9.18.29
 
 BUILD_DEFS+=   BIND_DIR VARBASE
 

Index: pkgsrc/net/bind918/distinfo
diff -u pkgsrc/net/bind918/distinfo:1.20 pkgsrc/net/bind918/distinfo:1.21
--- pkgsrc/net/bind918/distinfo:1.20    Tue Jul 23 13:50:32 2024
+++ pkgsrc/net/bind918/distinfo Sat Aug 24 10:18:18 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.20 2024/07/23 13:50:32 taca Exp $
+$NetBSD: distinfo,v 1.21 2024/08/24 10:18:18 he Exp $
 
-BLAKE2s (bind-9.18.28.tar.xz) = f1903d4dcf3d2142c4bcf6ffd279d7c8a4befbd99df3e60a3dadb5430cf6a891
-SHA512 (bind-9.18.28.tar.xz) = 19ba625f155c60dd821e3afe52adf3897b3e81289320282b3f43d604af1e7d4e67fafb98a9849782684935008bcd148f190e05234d501aa056daa6724e0119bb
-Size (bind-9.18.28.tar.xz) = 5533340 bytes
+BLAKE2s (bind-9.18.29.tar.xz) = 3a788db468b7bd54ea10b3b81ad6b8cc1429eef0bab13e827533377d3e6c5273
+SHA512 (bind-9.18.29.tar.xz) = 6c2676e2e2cb90f3bd73afb367813c54d1c961e12df1e12e41b9d0ee5a1d5cdf368d81410469753eaef37e43358b56796f078f3b2f20c3b247c4bef91d56c716
+Size (bind-9.18.29.tar.xz) = 5562720 bytes
 SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1
 SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b
 SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d