head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.2 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.3.0.10 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.8 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.6 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.4 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.2 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.2.0.8 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.6 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.2 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.1.1.1.0.6 pkgsrc-2010Q4-base:1.1.1.1 pkgsrc-2010Q3:1.1.1.1.0.4 pkgsrc-2010Q3-base:1.1.1.1 pkgsrc-2010Q2:1.1.1.1.0.2 pkgsrc-2010Q2-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.4 date 2013.06.06.03.02.14; author taca; state dead; branches; next 1.3; commitid egUoDgh2WSQK8vSw; 1.3 date 2012.04.05.00.40.09; author taca; state Exp; branches; next 1.2; 1.2 date 2011.02.16.17.43.22; author taca; state Exp; branches; next 1.1; 1.1 date 2010.05.26.16.11.47; author taca; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2010.05.26.16.11.47; author taca; state Exp; branches 1.1.1.1.6.1; next ; 1.1.1.1.6.1 date 2011.02.23.19.23.21; author tron; state Exp; branches; next ; desc @@ 1.4 log @Remove bind97 package which was EOL on November 2012. Please migrate to bind98 or bind99. @ text @$NetBSD: patch-ae,v 1.3 2012/04/05 00:40:09 taca Exp $ --- config.threads.in.orig 2012-03-22 19:14:04.000000000 +0000 +++ config.threads.in @@@@ -45,6 +45,8 @@@@ case $host in use_threads=false ;; *-freebsd*) use_threads=false ;; +*-dragonfly*) + use_threads=false ;; [*-bsdi[234]*]) # Thread signals do not work reliably on some versions of BSD/OS. use_threads=false ;; @ 1.3 log @Update bind97 package to 9.7.5. Security Fixes + BIND 9 nameservers performing recursive queries could cache an invalid record and subsequent queries for that record could crash the resolvers with an assertion failure. [RT #26590] [CVE-2011-4313] Feature Changes + It is now possible to explicitly disable DLV in named.conf by specifying "dnssec-lookaside no;". This is the default, but the ability to configure it makes it clearly visible to administrators. [RT #24858] + --enable-developer, a new composite argument to the configure script, enables a set of build options normally disabled but frequently selected in test or development builds, specifically: enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip, enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and Darwin, also enable_exportlib) [RT #27103] @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.2 2011/02/16 17:43:22 taca Exp $ @ 1.2 log @Update bind97 package to 9.7.3. * also sync rc scrpt with base system. Bug Fixes 9.7.3 * BIND now builds with threads disabled in versions of NetBSD earlier than 5.0 and with pthreads enabled by default in NetBSD versions 5.0 and higher. Also removes support for unproven-pthreads, mit-pthreads and ptl2. [RT #19203] * Added a regression test for fix 2896/RT #21045 ("rndc sign" failed to properly update the zone when adding a DNSKEY for publication only). [RT #21324] * "nsupdate -l" now gives error message if "session.key" file is not found. [RT #21670] * HPUX now correctly defaults to using /dev/poll, which should increase performance. [RT #21919] * If named is running as a threaded application, after an "rndc stop" command has been issued, other inbound TCP requests can cause named to hang and never complete shutdown. [RT #22108] * After an "rndc reconfig", the refresh timer for managed-keys is ignored, resulting in managed-keys not being refreshed until named is restarted. [RT #22296] * An NSEC3PARAM record placed inside a zone which is not properly signed with NSEC3 could cause named to crash, if changed via dynamic update. [RT #22363] * "rndc -h" now includes "loadkeys" option. [RT #22493] * When performing a GSS-TSIG signed dynamic zone update, memory could be leaked. This causes an unclean shutdown and may affect long-running servers. [RT #22573] * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows for a TCP DoS attack. Until there is a kernel fix, ISC is disabling SO_ACCEPTFILTER support in BIND. [RT #22589] * When signing records, named didn't filter out any TTL changes to DNSKEY records. This resulted in an incomplete key set. TTL changes are now dealt with before signing. [RT #22590] * Corrected a defect where a combination of dynamic updates and zone transfers incorrectly locked the in-memory zone database, causing named to freeze. [RT #22614] * Don't run MX checks (check-mx) when the MX record points to ".". [RT #22645] * DST key reference counts can now be incremented via dst_key_attach. [RT #22672] * The IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros in win32 were updated/corrected per current Windows OS. [RT #22724] * "dnssec-settime -S" no longer tests prepublication interval validity when the interval is set to 0. [RT #22761] * isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy attr. [RT #22766] * The Kerberos realm was being truncated when being pulled from the the host prinicipal, make krb5-self updates fail. [RT #22770] * named failed to preserve the case of domain names in RDATA which is not compressible when writing master files. [RT #22863] * The man page for dnssec-keyfromlabel incorrectly had "-U" rather than the correct option "-I". [RT #22887] * The "rndc" command usage statement was missing the "-b" option. [RT #22937] * There was a bug in how the clients-per-query code worked with some query patterns. This could result, in rare circumstances, in having all the client query slots filled with queries for the same DNS label, essentially ignoring the max-clients-per-query setting. [RT #22972] * The secure zone update feature in named is based on the zone being signed and configured for dynamic updates. A bug in the ACL processing for "allow-update { none; };" resulted in a zone that is supposed to be static being treated as a dynamic zone. Thus, name would try to sign/re-sign that zone erroneously. [RT #23120] @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.1.1.1 2010/05/26 16:11:47 taca Exp $ d3 1 a3 1 --- config.threads.in.orig 2010-12-21 04:30:15.000000000 +0000 d5 1 a5 1 @@@@ -44,6 +44,8 @@@@ case $host in d11 1 a11 1 *-bsdi[234]*) @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- config.threads.in.orig 2006-07-20 05:39:07.000000000 +0000 d5 1 a5 1 @@@@ -48,6 +48,8 @@@@ case $host in a13 38 @@@@ -121,7 +123,7 @@@@ then AC_MSG_RESULT(native) LIBS="-lpthread $LIBS" else - if test ! -d $LOCALBASE/pthreads + if test ! -d $LOCALBASE/pthreads -a ! -f /usr/include/pthread.h then AC_MSG_RESULT(none) AC_MSG_ERROR("could not find thread libraries") @@@@ -129,13 +131,21 @@@@ then if $use_threads then - AC_MSG_RESULT(mit-pthreads/unproven-pthreads) - pkg="$LOCALBASE/pthreads" - lib1="-L$pkg/lib -Wl,-R$pkg/lib" - lib2="-lpthread -lm -lgcc -lpthread" - LIBS="$lib1 $lib2 $LIBS" - CPPFLAGS="$CPPFLAGS -I$pkg/include" - STD_CINCLUDES="$STD_CINCLUDES -I$pkg/include" + if test -f /usr/include/pthread.h + then + AC_MSG_RESULT(native pthreads) + LIBS="-lpthread $LIBS" + CPPFLAGS="$CPPFLAGS -I/usr/inclue" + STD_CINDLUES="$STD_CINDLUES -I/usr/include" + else + AC_MSG_RESULT(mit-pthreads/unproven-pthreads) + pkg="$LOCALBASE/pthreads" + lib1="-L$pkg/lib -Wl,-R$pkg/lib" + lib2="-lpthread -lm -lgcc -lpthread" + LIBS="$lib1 $lib2 $LIBS" + CPPFLAGS="$CPPFLAGS -I$pkg/include" + STD_CINCLUDES="$STD_CINCLUDES -I$pkg/include" + fi fi fi fi @ 1.1.1.1 log @Importing net/bind97 package 9.7.0pl2 package. (This is simply based on net/bind96). BIND 9.7.0pl2 (9.7.0-P2) New Features in BIND 9.7 - 'DNSSEC for Humans' BIND 9.7 introduces several improvements, especially for simplifying DNSSEC configuration and DNSSEC maintenance. This article lists some of the new features and significant changes in BIND 9.7. For more information please refer these webpage. http://www.isc.org/software/bind/new-features/9.7 http://www.isc.org/files/release-notes/9.7.0-P2%20rel%20notes.txt @ text @@ 1.1.1.1.6.1 log @Pullup ticket #3363 - requested by taca net/bind97: security update Revisions pulled up: - net/bind97/Makefile 1.6 - net/bind97/PLIST 1.4 - net/bind97/distinfo 1.6 - net/bind97/files/named9.sh 1.2 - net/bind97/patches/patch-ac 1.3 - net/bind97/patches/patch-ae 1.2 --- Module Name: pkgsrc Committed By: taca Date: Wed Feb 16 17:43:22 UTC 2011 Modified Files: pkgsrc/net/bind97: Makefile PLIST distinfo pkgsrc/net/bind97/files: named9.sh pkgsrc/net/bind97/patches: patch-ac patch-ae Log Message: Update bind97 package to 9.7.3. * also sync rc scrpt with base system. Bug Fixes 9.7.3 * BIND now builds with threads disabled in versions of NetBSD earlier than 5.0 and with pthreads enabled by default in NetBSD versions 5.0 and higher. Also removes support for unproven-pthreads, mit-pthreads and ptl2. [RT #19203] * Added a regression test for fix 2896/RT #21045 ("rndc sign" failed to properly update the zone when adding a DNSKEY for publication only). [RT #21324] * "nsupdate -l" now gives error message if "session.key" file is not found. [RT #21670] * HPUX now correctly defaults to using /dev/poll, which should increase performance. [RT #21919] * If named is running as a threaded application, after an "rndc stop" command has been issued, other inbound TCP requests can cause named to hang and never complete shutdown. [RT #22108] * After an "rndc reconfig", the refresh timer for managed-keys is ignored, resulting in managed-keys not being refreshed until named is restarted. [RT #22296] * An NSEC3PARAM record placed inside a zone which is not properly signed with NSEC3 could cause named to crash, if changed via dynamic update. [RT #22363] * "rndc -h" now includes "loadkeys" option. [RT #22493] * When performing a GSS-TSIG signed dynamic zone update, memory could be leaked. This causes an unclean shutdown and may affect long-running servers. [RT #22573] * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows for a TCP DoS attack. Until there is a kernel fix, ISC is disabling SO_ACCEPTFILTER support in BIND. [RT #22589] * When signing records, named didn't filter out any TTL changes to DNSKEY records. This resulted in an incomplete key set. TTL changes are now dealt with before signing. [RT #22590] * Corrected a defect where a combination of dynamic updates and zone transfers incorrectly locked the in-memory zone database, causing named to freeze. [RT #22614] * Don't run MX checks (check-mx) when the MX record points to ".". [RT #22645] * DST key reference counts can now be incremented via dst_key_attach. [RT #22672] * The IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros in win32 were updated/corrected per current Windows OS. [RT #22724] * "dnssec-settime -S" no longer tests prepublication interval validity when the interval is set to 0. [RT #22761] * isc_mutex_init_errcheck() in phtreads/mutex.c failed to destroy attr. [RT #22766] * The Kerberos realm was being truncated when being pulled from the the host prinicipal, make krb5-self updates fail. [RT #22770] * named failed to preserve the case of domain names in RDATA which is not compressible when writing master files. [RT #22863] * The man page for dnssec-keyfromlabel incorrectly had "-U" rather than the correct option "-I". [RT #22887] * The "rndc" command usage statement was missing the "-b" option. [RT #22937] * There was a bug in how the clients-per-query code worked with some query patterns. This could result, in rare circumstances, in having all the client query slots filled with queries for the same DNS label, essentially ignoring the max-clients-per-query setting. [RT #22972] * The secure zone update feature in named is based on the zone being signed and configured for dynamic updates. A bug in the ACL processing for "allow-update { none; };" resulted in a zone that is supposed to be static being treated as a dynamic zone. Thus, name would try to sign/re-sign that zone erroneously. [RT #23120] @ text @d3 1 a3 1 --- config.threads.in.orig 2010-12-21 04:30:15.000000000 +0000 d5 1 a5 1 @@@@ -44,6 +44,8 @@@@ case $host in d14 38 @