From owner-svn-ports-all@freebsd.org Wed Mar 18 18:54:46 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9E0DA2695DB; Wed, 18 Mar 2020 18:54:46 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48jK3B2Dpvz4DG2; Wed, 18 Mar 2020 18:54:46 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3542E266B9; Wed, 18 Mar 2020 18:54:46 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02IIsk4h033362; Wed, 18 Mar 2020 18:54:46 GMT (envelope-from pi@FreeBSD.org) Received: (from pi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02IIsjq5033360; Wed, 18 Mar 2020 18:54:45 GMT (envelope-from pi@FreeBSD.org) Message-Id: <202003181854.02IIsjq5033360@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org using -f From: Kurt Jaeger Date: Wed, 18 Mar 2020 18:54:45 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r528662 - in head/dns/nsd: . files X-SVN-Group: ports-head X-SVN-Commit-Author: pi X-SVN-Commit-Paths: in head/dns/nsd: . files X-SVN-Commit-Revision: 528662 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 18:54:46 -0000 Author: pi Date: Wed Mar 18 18:54:45 2020 New Revision: 528662 URL: https://svnweb.freebsd.org/changeset/ports/528662 Log: dns/nsd: upgrade 4.2.4 -> 4.3.0 This port incorporates also the proposed bug fix at bug #242367 Major changes: This release adds cpu affinity. By pinning a server process to a specific cpu, having a separate network card also for that cpu, and an interface address also for that server process, the throughput is increased. This increases performance of the nameserver. Sparse TSIG signing support is removed, to comply with the latest tsig standard update draft. There is a feature to drop update queries, with opcode UPDATE, with nsd.conf option drop-updates. 4.3.0 ========= FEATURES: - Fix to use getrandom() for randomness, if available. - Fix #56: Drop sparse TSIG signing support in NSD. Sign every axfr packet with TSIG, according to the latest draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1. - Merge pull request #59 from buddyns: add FreeBSD support for conf key ip-transparent. - Add feature to pin server processes to specific cpus. - Add feature to pin IP addresses to selected server processes. - Set process title to identify individual processes. - Merge PR#22: minimise-any: prefer polular and not large RRset, from Daisuke Higashi. - Add support for SO_BINDTODEVICE on Linux. - Add support for SO_SETFIB on FreeBSD. - Add feature to drop queries with opcode UPDATE. BUG FIXES: - Fix fname null check of fname in namedb_read_zonefile. - Fix implicit cast of size in udb_radnode_array_grow. - Fix ignore of return value of ssl_printf in remote.c. - Fix unused check of fd in parent_handle_reload_command. - Attempt to fix signedness of nscount lookup in ixfr query_process. - Fix identical branches for ssl_print of errors in remote.c. - Fix type cast bounds, signedness of opt_rdlen in edns_parse_record. - Fix to separate header and data lines in parse_zone_list_file. - Fix to define max number of EDNS records we are willing to spend time on. - Fix size of string len and capacity type cast in udbradtree. - Fix to protect rrcount in tsig_find_rr from overflow. - Annotate radix_find_prefix_node not reachable trail code. - Fix to protect rrcount in packet_find_notify_serial from overflow. - Fix to close socket on error in create_tcp_accept_sock. - Fix to log on failure to chmod for socket for remote control. - Fix to remove unneeded if in open of socket for remote control. - Fix to restore input parameter on call failure in create_dirs. - Please checker by terminating and initialising string read by remote control. - Fix to define upper bounds on rr counts read from untrusted packet data. - Separate acl_addr_match_range functions for ip4 and ip6, to please checkers. - Avoid unused variable warning in new match_range_v4 function. - Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters. - use-systemd is ignored in nsd.conf, when NSD is compiled with libsystemd it always signals readiness, if possible. - Note that use-systemd is not necessary and ignored in man page. - Fix unreachable code in ssl set options code. - Fix bad shift in assertion code analyzer complaint. - Fix responses for IXFR so that the authority section is not echoed in the response. - Merge PR#60: Minor portability fixes from michaelforney, with avoid pointer arithmetic on void* and avoid unnecessary VLA. - Fix that the retry wait does not exceed one day for zone transfers. CHANGES: - Set FD_CLOEXEC on opened sockets. PR: 244886, 242367[2] Submitted by: Jaap Akkerhuis (maintainer) Reported by: Leo Vandewoestijne [2] Relnotes: https://github.com/NLnetLabs/nsd/blob/NSD_4_3_0_REL/doc/ChangeLog Modified: head/dns/nsd/Makefile head/dns/nsd/distinfo head/dns/nsd/files/nsd.in Modified: head/dns/nsd/Makefile ============================================================================== --- head/dns/nsd/Makefile Wed Mar 18 18:49:50 2020 (r528661) +++ head/dns/nsd/Makefile Wed Mar 18 18:54:45 2020 (r528662) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= nsd -PORTVERSION= 4.2.4 +PORTVERSION= 4.3.0 CATEGORIES= dns MASTER_SITES= http://www.nlnetlabs.nl/downloads/nsd/ \ ftp://ftp.rhnet.is/pub/nsd/ Modified: head/dns/nsd/distinfo ============================================================================== --- head/dns/nsd/distinfo Wed Mar 18 18:49:50 2020 (r528661) +++ head/dns/nsd/distinfo Wed Mar 18 18:54:45 2020 (r528662) @@ -1,3 +1,3 @@ -TIMESTAMP = 1575979717 -SHA256 (nsd-4.2.4.tar.gz) = 9ebd6d766765631a56c0eb332eac26b310fa39f662e5582c8210488cf91ef27c -SIZE (nsd-4.2.4.tar.gz) = 1148826 +TIMESTAMP = 1584440239 +SHA256 (nsd-4.3.0.tar.gz) = 7a007d655d30f1edd001206839107e651966e1e519d53ba2c036491044111e97 +SIZE (nsd-4.3.0.tar.gz) = 1168198 Modified: head/dns/nsd/files/nsd.in ============================================================================== --- head/dns/nsd/files/nsd.in Wed Mar 18 18:49:50 2020 (r528661) +++ head/dns/nsd/files/nsd.in Wed Mar 18 18:54:45 2020 (r528662) @@ -44,8 +44,6 @@ command="%%PREFIX%%/sbin/${name}" command_args="-c ${nsd_config} -P ${pidfile}" extra_commands="reload" -load_rc_config "${name}" - if [ -n "$2" ]; then profile="$2" if [ "x${nsd_profiles}" != "x" ]; then