CVS commit: pkgsrc/net/bind918

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Fri Dec 13 17:29:56 UTC 2024

Modified Files:
        pkgsrc/net/bind918: Makefile PLIST distinfo
        pkgsrc/net/bind918/patches: patch-bin_named_server.c
            patch-lib_isc_netmgr_netmgr.c patch-lib_isc_time.c

Log Message:
net/bind918: update to 9.18.32

9.18.32 (2024-12-11)

New Features

* Update built-in bind.keys file with the new 2025 IANA root key.

* Add an initial-ds entry to bind.keys for the new root key, ID 38696, which
  is scheduled for publication in January 2025.  [GL #4896]

Removed Features

* Move contributed DLZ modules into a separate repository.  DLZ modules
  should not be used except in testing.

* The DLZ modules were not maintained, the DLZ interface itself is going to
  be scheduled for removal, and the DLZ interface is blocking.  Any module
  that blocks the query to the database blocks the whole server.

* The DLZ modules now live in
  https://gitlab.isc.org/isc-projects/dlz-modules repository.  [GL #4865]

Feature Changes

* Emit more helpful log messages for exceeding max-records-per-type.

* The new log message is emitted when adding or updating an RRset fails due
  to exceeding the max-records-per-type limit.  The log includes the owner
  name and type, corresponding zone name, and the limit value.  It will be
  emitted on loading a zone file, inbound zone transfer (both AXFR and
  IXFR), handling a DDNS update, or updating a cache DB.  It's especially
  helpful in the case of zone transfer, since the secondary side doesn't
  have direct access to the offending zone data.

* It could also be used for max-types-per-name, but this change doesn't
  implement it yet as it's much less likely to happen in practice.

* Harden key management when key files have become unavailable.

* Prior to doing key management, BIND 9 will check if the key files on disk
  match the expected keys.  If key files for previously observed keys have
  become unavailable, this will prevent the internal key manager from
  running.

Bug Fixes

* {&dns} is as valid as {?dns} in a SVCB's dohpath.

* dig failed to parse a valid SVCB record with a dohpath URI template
  containing a {&dns}, like "dohpath=/some/path?key=value{&dns}".  [GL
  #4922]

* Fix NSEC3 closest encloser lookup for names with empty non-terminals.

* A previous performance optimization for finding the NSEC3 closest encloser
  when generating authoritative responses could cause servers to return
  incorrect NSEC3 records in some cases.  This faulty optimization has been
  removed.  [GL #4950]

* dig options of the form [+-]option=<value> failed to display the value on
  the printed command line.  This has been fixed.  [GL #4993]

* Provide more visibility into TLS configuration errors by logging
  SSL_CTX_use_certificate_chain_file() and SSL_CTX_use_PrivateKey_file()
  errors individually.  [GL #5008]


To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/net/bind918/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/bind918/PLIST
cvs rdiff -u -r1.23 -r1.24 pkgsrc/net/bind918/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/patches/patch-bin_named_server.c
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/net/bind918/patches/patch-lib_isc_netmgr_netmgr.c \
    pkgsrc/net/bind918/patches/patch-lib_isc_time.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/bind918/Makefile
diff -u pkgsrc/net/bind918/Makefile:1.42 pkgsrc/net/bind918/Makefile:1.43
--- pkgsrc/net/bind918/Makefile:1.42    Thu Nov 14 22:21:03 2024
+++ pkgsrc/net/bind918/Makefile Fri Dec 13 17:29:56 2024
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.42 2024/11/14 22:21:03 wiz Exp $
+# $NetBSD: Makefile,v 1.43 2024/12/13 17:29:56 taca Exp $
 
 DISTNAME=      bind-${BIND_VERSION}
 PKGNAME=       ${DISTNAME:S/-P/pl/}
-PKGREVISION=   3
 CATEGORIES=    net
 MASTER_SITES=  https://downloads.isc.org/isc/bind9/${BIND_VERSION}/
 EXTRACT_SUFX=  .tar.xz
@@ -16,7 +15,7 @@ CONFLICTS+=   host-[0-9]*
 
 MAKE_JOBS_SAFE=        no
 
-BIND_VERSION=  9.18.31
+BIND_VERSION=  9.18.32
 
 BUILD_DEFS+=   BIND_DIR VARBASE
 
@@ -59,7 +58,7 @@ PKG_USERS=            ${BIND_USER}:${BIND_GROUP}
 PKG_GECOS.${BIND_USER}=        Named pseudo-user
 PKG_HOME.${BIND_USER}= ${BIND_DIR}
 
-DOCS=                  CHANGES OPTIONS.md README.md
+DOCS=                  OPTIONS.md README.md
 
 FILES_SUBST+=          BIND_GROUP=${BIND_GROUP} \
                        BIND_USER=${BIND_USER} PAX=${PAX:Q} \

Index: pkgsrc/net/bind918/PLIST
diff -u pkgsrc/net/bind918/PLIST:1.4 pkgsrc/net/bind918/PLIST:1.5
--- pkgsrc/net/bind918/PLIST:1.4        Mon Apr 24 13:48:06 2023
+++ pkgsrc/net/bind918/PLIST    Fri Dec 13 17:29:56 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2023/04/24 13:48:06 taca Exp $
+@comment $NetBSD: PLIST,v 1.5 2024/12/13 17:29:56 taca Exp $
 bin/arpaname
 bin/delv
 bin/dig
@@ -296,7 +296,6 @@ sbin/named
 sbin/rndc
 sbin/rndc-confgen
 sbin/tsig-keygen
-share/doc/bind9/CHANGES
 share/doc/bind9/OPTIONS.md
 share/doc/bind9/README.md
 share/examples/bind9/bind.keys

Index: pkgsrc/net/bind918/distinfo
diff -u pkgsrc/net/bind918/distinfo:1.23 pkgsrc/net/bind918/distinfo:1.24
--- pkgsrc/net/bind918/distinfo:1.23    Mon Oct 21 13:24:45 2024
+++ pkgsrc/net/bind918/distinfo Fri Dec 13 17:29:56 2024
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.23 2024/10/21 13:24:45 taca Exp $
+$NetBSD: distinfo,v 1.24 2024/12/13 17:29:56 taca Exp $
 
-BLAKE2s (bind-9.18.31.tar.xz) = e91aa18a0bbfb992bff401d9c834742fac569a9de4a653478a8710fca3bdbbad
-SHA512 (bind-9.18.31.tar.xz) = e51873484be3ee367eb1e601b8e0adc45abcdb16df04021ea42ffcc51b99821f8b30f67b2a693a90ad3efa51698a651c8da9d7947ee8fa19680f627afe1f7034
-Size (bind-9.18.31.tar.xz) = 5385812 bytes
+BLAKE2s (bind-9.18.32.tar.xz) = bade94bc1d29146ef54d0558e6a1aaea968d7f3e6b2e3e24ef91caab54e4861e
+SHA512 (bind-9.18.32.tar.xz) = fa01978ca44cb5d559d8675dda4272b1327aebc0dca68b2e7b948e8c1bbd82da74f6258d40896ddccf86711d554b7ed4c0df93143e78b663724466738ac1320d
+Size (bind-9.18.32.tar.xz) = 5332480 bytes
 SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1
 SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b
-SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d
+SHA1 (patch-bin_named_server.c) = 52190897c4c4b141d98ca5bca7cc3eb4c83ac584
 SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36
 SHA1 (patch-configure.ac) = 65f4255300a0ab3b6b663fe59412570fd7b08675
 SHA1 (patch-lib_dns_byaddr.c) = 647ddaaaf040233e18d1a87d83bc2bd63d2a20e3
@@ -22,10 +22,10 @@ SHA1 (patch-lib_dns_zone.c) = cd7bc1e76c
 SHA1 (patch-lib_isc_include_isc_netmgr.h) = 48ac44c6a9b81e6b442deba6c075653d3691464b
 SHA1 (patch-lib_isc_net.c) = 743de2701fa96ef25e5689f40e381628cff641d5
 SHA1 (patch-lib_isc_netmgr_netmgr-int.h) = d84993edf254605f85421fbdd2fc523255c7316d
-SHA1 (patch-lib_isc_netmgr_netmgr.c) = 0e94f78e0f6ac43197883adac7828a3f0d04291c
+SHA1 (patch-lib_isc_netmgr_netmgr.c) = ad4ad0167d6c8c757a2f794e54b9d3314da370e3
 SHA1 (patch-lib_isc_rwlock.c) = 1d114248ddee20db7a7429afab446f8b2f0dca82
 SHA1 (patch-lib_isc_siphash.c) = 2dd80dde7bd8e869a3cf03c1699665b56eaaf866
-SHA1 (patch-lib_isc_time.c) = 22780fd25d89a0ece46ec1624b3977ca4c46281a
+SHA1 (patch-lib_isc_time.c) = a8ad9e2f18c58927e58aeda63041b5f5d54b2fa8
 SHA1 (patch-lib_isc_timer.c) = aea2019bbf3d84cad77af432a2bbdf0da8f2f893
 SHA1 (patch-lib_ns_Makefile.am) = a91e1713185c4366e96bf52ebee38e3b7e35a0c6
 SHA1 (patch-lib_ns_client.c) = 4093c82254321e6c6eaa40ea1cf738b3f9bda0bb

Index: pkgsrc/net/bind918/patches/patch-bin_named_server.c
diff -u pkgsrc/net/bind918/patches/patch-bin_named_server.c:1.1 pkgsrc/net/bind918/patches/patch-bin_named_server.c:1.2
--- pkgsrc/net/bind918/patches/patch-bin_named_server.c:1.1     Sun Dec 11 01:57:55 2022
+++ pkgsrc/net/bind918/patches/patch-bin_named_server.c Fri Dec 13 17:29:56 2024
@@ -1,11 +1,11 @@
-$NetBSD: patch-bin_named_server.c,v 1.1 2022/12/11 01:57:55 sekiya Exp $
+$NetBSD: patch-bin_named_server.c,v 1.2 2024/12/13 17:29:56 taca Exp $
 
 * Take from NetBSD base, especially disable checking working directory
   is writable as BIND_USER in NetBSD base system.
 
---- bin/named/server.c.orig    2020-05-06 09:59:35.000000000 +0000
+--- bin/named/server.c.orig    2024-12-03 13:00:51.226928524 +0000
 +++ bin/named/server.c
-@@ -6667,12 +6667,14 @@ directory_callback(const char *clausenam
+@@ -7161,12 +7161,14 @@ directory_callback(const char *clausenam
                            directory);
        }
  
@@ -14,13 +14,13 @@ $NetBSD: patch-bin_named_server.c,v 1.1 
                isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
                              NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
                              "directory '%s' is not writable", directory);
-               return (ISC_R_NOPERM);
+               return ISC_R_NOPERM;
        }
 +#endif
  
        result = isc_dir_chdir(directory);
        if (result != ISC_R_SUCCESS) {
-@@ -9110,6 +9112,7 @@ load_configuration(const char *filename,
+@@ -9560,6 +9562,7 @@ load_configuration(const char *filename,
                named_os_changeuser();
        }
  
@@ -28,7 +28,7 @@ $NetBSD: patch-bin_named_server.c,v 1.1 
        /*
         * Check that the working directory is writable.
         */
-@@ -9120,7 +9123,7 @@ load_configuration(const char *filename,
+@@ -9570,7 +9573,7 @@ load_configuration(const char *filename,
                result = ISC_R_NOPERM;
                goto cleanup;
        }

Index: pkgsrc/net/bind918/patches/patch-lib_isc_netmgr_netmgr.c
diff -u pkgsrc/net/bind918/patches/patch-lib_isc_netmgr_netmgr.c:1.2 pkgsrc/net/bind918/patches/patch-lib_isc_netmgr_netmgr.c:1.3
--- pkgsrc/net/bind918/patches/patch-lib_isc_netmgr_netmgr.c:1.2        Tue Feb 13 13:50:39 2024
+++ pkgsrc/net/bind918/patches/patch-lib_isc_netmgr_netmgr.c    Fri Dec 13 17:29:56 2024
@@ -1,10 +1,10 @@
-$NetBSD: patch-lib_isc_netmgr_netmgr.c,v 1.2 2024/02/13 13:50:39 taca Exp $
+$NetBSD: patch-lib_isc_netmgr_netmgr.c,v 1.3 2024/12/13 17:29:56 taca Exp $
 
 * Take from NetBSD base.
 
---- lib/isc/netmgr/netmgr.c.orig       2024-02-11 10:42:55.700991300 +0000
+--- lib/isc/netmgr/netmgr.c.orig       2024-12-03 13:00:51.590934387 +0000
 +++ lib/isc/netmgr/netmgr.c
-@@ -314,7 +314,7 @@ isc__netmgr_create(isc_mem_t *mctx, uint
+@@ -323,7 +323,7 @@ isc__netmgr_create(isc_mem_t *mctx, uint
                mgr->workers_running++;
                isc_thread_create(nm_thread, &mgr->workers[i], &worker->thread);
  
@@ -13,8 +13,8 @@ $NetBSD: patch-lib_isc_netmgr_netmgr.c,v
                isc_thread_setname(worker->thread, name);
        }
  
-@@ -1910,6 +1910,13 @@ isc_nmhandle_getdata(isc_nmhandle_t *han
-       return (handle->opaque);
+@@ -1928,6 +1928,13 @@ isc_nmhandle_getdata(isc_nmhandle_t *han
+       return handle->opaque;
  }
  
 +int
Index: pkgsrc/net/bind918/patches/patch-lib_isc_time.c
diff -u pkgsrc/net/bind918/patches/patch-lib_isc_time.c:1.2 pkgsrc/net/bind918/patches/patch-lib_isc_time.c:1.3
--- pkgsrc/net/bind918/patches/patch-lib_isc_time.c:1.2 Wed Feb  8 00:13:44 2023
+++ pkgsrc/net/bind918/patches/patch-lib_isc_time.c     Fri Dec 13 17:29:56 2024
@@ -1,8 +1,8 @@
-$NetBSD: patch-lib_isc_time.c,v 1.2 2023/02/08 00:13:44 taca Exp $
+$NetBSD: patch-lib_isc_time.c,v 1.3 2024/12/13 17:29:56 taca Exp $
 
 * More check time_t range.
 
---- lib/isc/time.c.orig        2023-01-12 22:21:15.270402532 +0000
+--- lib/isc/time.c.orig        2024-12-03 13:00:51.595934467 +0000
 +++ lib/isc/time.c
 @@ -318,7 +318,7 @@ isc_time_seconds(const isc_time_t *t) {
  
@@ -30,6 +30,6 @@ $NetBSD: patch-lib_isc_time.c,v 1.2 2023
 +               * (Let's hope the compiler got the actual test right.)
 +               */
 +              UNUSED(i);
-               return (ISC_R_RANGE);
+               return ISC_R_RANGE;
        }