bind920: add commented-out -fsanitize=thread, broken in -current.
NetBSD/pkgsrc-wip cee11c1 — bind920 distinfo Makefile, bind920/patches patch-lib_dns_zone.c patch-bin_named_statschannel.c
bind920: update to BIND version 9.20.7.
Pkgsrc changes:
* Remove patches now integrated upstream.
* Checksum changes.
Upstream changes:
BIND 9.20.7
-----------
New Features
~~~~~~~~~~~~
- Implement the min-transfer-rate-in configuration option.
``4a5a9c8256``
A new option 'min-transfer-rate-in <bytes> <minutes>' has been added
to the view and zone configurations. It can abort incoming zone
[280 lines not shown]bind920: Apply fix for upstream issue 5215.
This is https://gitlab.isc.org/isc-projects/bind9/-/issues/5215
Bump PKGREVISION.
NetBSD/pkgsrc-wip 3884d5b — bind920 distinfo Makefile, bind920/patches patch-bin_named_statschannel.c patch-lib_dns_zone.c
bind920: apply patch to fix BIND issue #5198.
Ref. https://gitlab.isc.org/isc-projects/bind9/-/issues/5198
which was an assert failure in the stats handling.
Bump PKGREVISION.
bind920: upgrade to version 9.20.6.
pkgsrc changes:
* basically none, dist-name & checksums.
upstream changes:
BIND 9.20.6
-----------
New Features
~~~~~~~~~~~~
- Adds support for EDE code 1 and 2. ``b3eab79bc18``
Add support for EDE codes 1 & 2 which might occurs during DNSSEC
validation in case of unsupported RRSIG algorithm or DNSKEY digest.
:gl:`#2715` :gl:`!9996`
[135 lines not shown]bind920: update to version 9.20.5.
Pkgsrc changes:
* Basically only version + checksum changes.
Upstream changes:
BIND 9.20.5
-----------
Security Fixes
~~~~~~~~~~~~~~
- [CVE-2024-12705] DNS-over-HTTP(s) flooding fixes. ``51900adf29c``
Fix DNS-over-HTTP(S) implementation issues that arise under heavy
query load. Optimize resource usage for :iscman:`named` instances that
accept queries over DNS-over-HTTP(S).
[213 lines not shown]bind920: update to BIND version 9.20.4.
Upstream changes:
BIND 9.20.4
-----------
New Features
~~~~~~~~~~~~
- Update bind.keys with the new 2025 IANA root key. ``1f988e2cc7``
Add an 'initial-ds' entry to bind.keys for the new root key, ID 38696,
which is scheduled for publication in January 2025. :gl:`#4896`
:gl:`!9746`
- Support jinja2 templates in pytest runner. ``4a9380835f``
Configuration files in system tests which require some variables (e.g.
[256 lines not shown]bind920: update to version 9.20.3.
Pkgsrc changes:
* Remove patch from upstream which is now integrated.
* Checksum & PLIST changes.
Upstream release note at
https://downloads.isc.org/isc/bind9/9.20.3/doc/arm/html/notes.html
NetBSD/pkgsrc-wip 59117fc — bind920 distinfo Makefile, bind920/patches patch-bin_named_os.c patch-bin_named_server.c
bind920: update to version 9.20.2.
Pkgsrc changes:
* Remove patches now integrated upstream.
* Checksum changes.
Upstream changes:
Notes for BIND 9.20.2
---------------------
New Features
~~~~~~~~~~~~
- Support for Offline KSK implemented.
Add a new configuration option :any:`offline-ksk` to enable Offline
KSK key management. Signed Key Response (SKR) files created with
:iscman:`dnssec-ksr` (or other programs) can now be imported into
[92 lines not shown]bind920: Apply fix for ISC bind9 issue 4908.
This should prevent an assert() failure when any
of the local interfaces are "changed", though I
could not find that that had happened in my case.
Upstream-amended bug report:
https://gitlab.isc.org/isc-projects/bind9/-/issues/4908
and the fix is pulled from
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9458
Bump PKGREVISION.
bind920: fix maintainership (pkgsrc-users@), more text -> 9.20.
bind920: update to BIND version 9.20.1:
Pkgsrc changes:
* Fix DESCR to say this is BIND 9.20
* Version + checksums.
Upstream changes:
BIND 9.20.1
-----------
New Features
~~~~~~~~~~~~
- Tighten 'max-recursion-queries' and add 'max-query-restarts' option.
``42e70b0f0e``
There were cases in resolver.c when the `max-recursion-queries` quota
was ineffective. It was possible to craft zones that would cause a
[244 lines not shown]bind920: Add a package for BIND 9.20.x.
This is based on net/bind918, but almost none of the diffs
from that package have been ported over. In particular:
* No support here yet for NetBSD blacklist / blocklist.
* The "from in-tree version" patches need going over
and whether they should be submitted upstream.
This version has a couple of fixes added, primarily for NetBSD
portability, created by upstream but not present in this version:
* BIND issue #4793, merge request #9123: "BIND relinquishes
privileges too early" and ends up unable to open the control
port at 953.
* BIND issue #4862, merge request #9363: basically stop using
setresuid(), use the saved-id functionality of seteuid() instead.
