--- - branch: MAIN date: Wed Feb 17 21:36:03 UTC 2021 files: - new: '1.10' old: '1.9' path: pkgsrc/net/bind916/Makefile pathrev: pkgsrc/net/bind916/Makefile@1.10 type: modified - new: '1.10' old: '1.9' path: pkgsrc/net/bind916/distinfo pathrev: pkgsrc/net/bind916/distinfo@1.10 type: modified - new: '1.2' old: '1.1' path: pkgsrc/net/bind916/patches/patch-lib_ns_client.c pathrev: pkgsrc/net/bind916/patches/patch-lib_ns_client.c@1.2 type: modified id: 20210217T213603Z.d0a71da7cc32f34f2905678fec56aedbc5b350be log: "bind: update to 9.16.12.\n\nXXX: why does this have so many patches?\n\n\t--- 9.16.12 released ---\n\n5578.\t[protocol]\tMake \"check-names\" accept A records below \"_spf\",\n\t\t\t\"_spf_rate\", and \"_spf_verify\" labels in order to cater\n\t\t\tfor the \"exists\" SPF mechanism specified in RFC 7208\n\t\t\tsection 5.7 and appendix D.1. [GL #2377]\n\n5577.\t[bug]\t\tFix the \"three is a crowd\" key rollover bug in KASP by\n\t\t\tcorrectly implementing Equation (2) of the \"Flexible and\n\t\t\tRobust Key Rollover\" paper. [GL #2375]\n\n5575.\t[bug]\t\tWhen migrating to KASP, BIND 9 considered keys with the\n\t\t\t\"Inactive\" and/or \"Delete\" timing metadata to be\n\t\t\tpossible active keys. This has been fixed. [GL #2406]\n\n5572.\t[bug]\t\tAddress potential double free in generatexml().\n\t\t\t[GL #2420]\n\n5571.\t[bug]\t\tnamed failed to start when its configuration included a\n\t\t\tzone with a non-builtin \"allow-update\" ACL attached.\n\t\t\t[GL #2413]\n\n5570.\t[bug]\t\tImprove performance of the DNSSEC verification code by\n\t\t\treducing the number of repeated calls to\n\t\t\tdns_dnssec_keyfromrdata(). [GL #2073]\n\n5569.\t[bug]\t\tEmit useful error message when \"rndc retransfer\" is\n\t\t\tapplied to a zone of inappropriate type. [GL #2342]\n\n5568.\t[bug]\t\tFixed a crash in \"dnssec-keyfromlabel\" when using ECDSA\n\t\t\tkeys. [GL #2178]\n\n5567.\t[bug]\t\tDig now reports unknown dash options while pre-parsing\n\t\t\tthe options. This prevents \"-multi\" instead of \"+multi\"\n\t\t\tfrom reporting memory usage before ending option parsing\n\t\t\twith \"Invalid option: -lti\". [GL #2403]\n\n5566.\t[func]\t\tAdd \"stale-answer-client-timeout\" option, which is the\n\t\t\tamount of time a recursive resolver waits before\n\t\t\tattempting to answer the query using stale data from\n\t\t\tcache. [GL #2247]\n\n5565.\t[func]\t\tThe SONAMEs for BIND 9 libraries now include the current\n\t\t\tBIND 9 version number, in an effort to tightly couple\n\t\t\tinternal libraries with a specific release. [GL #2387]\n\n5562.\t[security]\tFix off-by-one bug in ISC SPNEGO implementation.\n\t\t\t(CVE-2020-8625) [GL #2354]\n\n5561.\t[bug]\t\tKASP incorrectly set signature validity to the value of\n\t\t\tthe DNSKEY signature validity. This is now fixed.\n\t\t\t[GL #2383]\n\n5560.\t[func]\t\tThe default value of \"max-stale-ttl\" has been changed\n\t\t\tfrom 12 hours to 1 day and the default value of\n\t\t\t\"stale-answer-ttl\" has been changed from 1 second to 30\n\t\t\tseconds, following RFC 8767 recommendations. [GL #2248]\n\n5456.\t[func]\t\tAdded \"primaries\" as a synonym for \"masters\" in\n\t\t\tnamed.conf, and \"primary-only\" as a synonym for\n\t\t\t\"master-only\" in the parameters to \"notify\", to bring\n\t\t\tterminology up-to-date with RFC 8499. [GL #1948]\n\n5362.\t[func]\t\tLimit the size of IXFR responses so that AXFR will\n\t\t\tbe used instead if it would be smaller. This is\n\t\t\tcontrolled by the \"max-ixfr-ratio\" option, which\n\t\t\tis a percentage representing the ratio of IXFR size\n\t\t\tto the size of the entire zone. This value cannot\n\t\t\texceed 100%, which is the default. [GL #1515]\n" module: pkgsrc subject: 'CVS commit: pkgsrc/net/bind916' unixtime: '1613597763' user: wiz