[pkgsrc/trunk]: pkgsrc/net/ldns Update to ldns version 1.7.1.

[he <he%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4651b0ec362f
branches:  trunk
changeset: 336867:4651b0ec362f
user:      he <he%pkgsrc.org@localhost>
date:      Fri Jul 26 22:53:58 2019 +0000

description:
Update to ldns version 1.7.1.

Pkgsrc changes:
 * Adapt to patches adopted upstream.

Upstream changes:
* bugfix: Manage verification paths for OpenSSL >= 1.1.0
  Thanks Marco Davids
* bugfix #4106: find the SDK on MacOS X <= 10.6
  Thanks Bill Cole
* bugfix #4155: ldns-config contains never used variables
  Thanks Petr Men#?k
* bugfix #4221: drill -x crashes with malformed IPv4 address
  Thanks Oleksandr Tymoshenko
* bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK
  Thanks Tony Finch
* bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences
  Thanks Bill Parker
* bugfix #1260: Anticipate strchr returning NULL on unfound char
  Thanks Stephan Zeisberg
* bugfix #1257: Free after reallocing to 0 size
  Thanks Stephan Zeisberg
* bugfix #1256: Check parse limit before t increment
  Thanks Stephan Zeisberg
* bugfix #1245: Only one signature per RRset needs to be valid with
  ldns-verify-zone.  Thanks Emil Natan.
* ldns-notify can use all supported hash algorithms with -y.
* bugfix #1209: make install ldns.pc file
  Thanks Oleksandr Natalenko
* bugfix #1218: Only chase DS if signer is parent of owner.
  Thanks Emil Natan
* bugfix #617: Retry WKS service and protocol names lower case.
  Thanks Siali Yan
* Spelling errors in binaries and man pages
  Thanks Andreas Schulze
* removed duplicate condition in ldns_udp_send_query.
* ldns_wire2pkt: fix null pointer dereference if pkt allocation fails
  and fix memory leak with more EDNS sections
  Thanks Jan Vcelak
* bugfix #1399: ldns_pkt2wire() Python binding is broken.
  Thanks James Raftery
* ED25519 and ED448 support. Default is to autodetect support in
  OpenSSL.  Disable with --disable-ed25519 and --disable-ed448.
* ldns-notify: can have IPv6 address as argument.
* Fix time sensitive TSIG compare vulnerability.
* Fix that ldns-testns ignores sigpipe.
* Fix that ldns-notify sets the query RR as question RR, this
  removes the wrong TTL and 0 rdata from the packet printout.
* Allow -T flag to be used together with drill -x
* Python bindings compile with swig 4.0
  Thanks Jitka Plesn?kov?
* bugfix #4248: drill -DT fails for CNAME domain
  Thanks Thom Wiggers
* bugfix #4214: Various fixes and leaks found by coverity.
  Thanks Petr Men#?k
* Feature #3394: An -I option to ldns-notify to specify a source
  IP address to send to notify from.  Thanks Geert Hendrickx
* Bugfix #279: New API functions ldns_udp_connect2,
  ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2,
  that return -1 on failure and allow socket number 0
  to be returned too.  Thanks Joerg Sonnenberger
* Bugfix #1447: More verbose reporting of chasing problems with
  ldns-verify-zone.  Thanks Stephane Guedon
* OpenSSL engine support with ldns-signzone.
  See also https://penzin.net/ldns-signzone/
  Many thanks Vadim Penzin.
* Various improvements found with shellcheck.
  Thanks Jeffrey Walton
* PR #36 Update manpage of ldns-notify to mention algorithm
  support with TSIG.  Thanks Anand Buddhdev
* Compile warnings with signed char input to to_lower()
  and is_digit() with NetBSD.  Thanks H?vard Eidnes
* Missing Makefile.PL in DNS-LDNS perl module contribution.
  Thanks Jaap Akkerhuis

diffstat:

 net/ldns/Makefile                 |   7 +++++--
 net/ldns/PLIST                    |   3 ++-
 net/ldns/distinfo                 |  12 +++++-------
 net/ldns/patches/patch-parse.c    |  18 ------------------
 net/ldns/patches/patch-str2host.c |  19 -------------------
 5 files changed, 12 insertions(+), 47 deletions(-)

diffs (101 lines):

diff -r 94d43189077e -r 4651b0ec362f net/ldns/Makefile
--- a/net/ldns/Makefile Fri Jul 26 19:33:33 2019 +0000
+++ b/net/ldns/Makefile Fri Jul 26 22:53:58 2019 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.40 2019/07/08 08:25:59 roy Exp $
+# $NetBSD: Makefile,v 1.41 2019/07/26 22:53:58 he Exp $
 
-DISTNAME=      ldns-1.7.0
+DISTNAME=      ldns-1.7.1
 CATEGORIES=    net
 MASTER_SITES=  http://www.nlnetlabs.nl/downloads/ldns/
 
@@ -20,6 +20,9 @@
 CHECK_BUILTIN.openssl= no
 .include "../../security/openssl/buildlink3.mk"
 
+# if openssl < 1.1.0
+CONFIGURE_ARGS+=       --disable-dane-verify
+
 PLIST_VARS+=           sha2 gost
 .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
 PLIST_VARS.gost!=      \
diff -r 94d43189077e -r 4651b0ec362f net/ldns/PLIST
--- a/net/ldns/PLIST    Fri Jul 26 19:33:33 2019 +0000
+++ b/net/ldns/PLIST    Fri Jul 26 22:53:58 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.9 2019/07/08 08:25:59 roy Exp $
+@comment $NetBSD: PLIST,v 1.10 2019/07/26 22:53:58 he Exp $
 bin/ldns-chaos
 bin/ldns-compare-zones
 bin/ldns-config
@@ -58,6 +58,7 @@
 include/ldns/wire2host.h
 include/ldns/zone.h
 lib/libldns.la
+lib/pkgconfig/ldns.pc
 man/man1/ldns-chaos.1
 man/man1/ldns-compare-zones.1
 man/man1/ldns-config.1
diff -r 94d43189077e -r 4651b0ec362f net/ldns/distinfo
--- a/net/ldns/distinfo Fri Jul 26 19:33:33 2019 +0000
+++ b/net/ldns/distinfo Fri Jul 26 22:53:58 2019 +0000
@@ -1,8 +1,6 @@
-$NetBSD: distinfo,v 1.23 2019/07/08 08:25:59 roy Exp $
+$NetBSD: distinfo,v 1.24 2019/07/26 22:53:58 he Exp $
 
-SHA1 (ldns-1.7.0.tar.gz) = ceeeccf8a27e61a854762737f6ee02f44662c1b8
-RMD160 (ldns-1.7.0.tar.gz) = b0dfb70085258e69dda0fc343f0eece6df52e0a1
-SHA512 (ldns-1.7.0.tar.gz) = 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8
-Size (ldns-1.7.0.tar.gz) = 1304424 bytes
-SHA1 (patch-parse.c) = 3dbf4443b4a068f02e2799e820e8fcbf50abaa15
-SHA1 (patch-str2host.c) = 002e2f04059a9bc2479a8d66335595d4d7dd598f
+SHA1 (ldns-1.7.1.tar.gz) = d075a08972c0f573101fb4a6250471daaa53cb3e
+RMD160 (ldns-1.7.1.tar.gz) = 40e7eed3f76076f581b388563cbecb440c1a7753
+SHA512 (ldns-1.7.1.tar.gz) = e8f72a4ff4aa544acac5e7be9a8ba38c6b8d388bb26f9a0ed04c1a921622f8582cc8539beafc76a29187a55c94069b7c1875e77522e1a7e7bb3e297dd1e4c2b7
+Size (ldns-1.7.1.tar.gz) = 1244394 bytes
diff -r 94d43189077e -r 4651b0ec362f net/ldns/patches/patch-parse.c
--- a/net/ldns/patches/patch-parse.c    Fri Jul 26 19:33:33 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-parse.c,v 1.2 2018/02/13 15:08:11 he Exp $
-
-Apply fix for CVE-2017-1000231, via
-https://git.nlnetlabs.nl/ldns/commit/?id=c8391790
-
---- parse.c.orig       2014-01-10 21:04:41.000000000 +0000
-+++ parse.c
-@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, 
-                       if (line_nr) {
-                               *line_nr = *line_nr + 1;
-                       }
-+                      if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
-+                              *t = '\0';
-+                              return -1;
-+                      }
-                       *t++ = ' ';
-                       prev_c = c;
-                       continue;
diff -r 94d43189077e -r 4651b0ec362f net/ldns/patches/patch-str2host.c
--- a/net/ldns/patches/patch-str2host.c Fri Jul 26 19:33:33 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-$NetBSD: patch-str2host.c,v 1.1 2018/02/13 15:08:11 he Exp $
-
-Apply fix for CVE-2017-1000232 from
-https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02
-
---- str2host.c.orig    2014-01-10 21:04:41.000000000 +0000
-+++ str2host.c
-@@ -1458,7 +1458,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, con
-       if (! str) {
-               return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
-       }
--      length = (size_t)(dp - data);
-+      if (!(length = (size_t)(dp - data))) {
-+              LDNS_FREE(data);
-+              return LDNS_STATUS_SYNTAX_EMPTY;
-+      }
- 
-       /* Lose the overmeasure */
-       data = LDNS_XREALLOC(dp = data, uint8_t, length);