238498 – [MAINTAINER] dns/nsd Upgrade to version 4.2.0

Bug 238498 - [MAINTAINER] dns/nsd Upgrade to version 4.2.0

Summary: [MAINTAINER] dns/nsd Upgrade to version 4.2.0

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Steve Wills

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-06-11 13:07 UTC by Jaap Akkerhuis
Modified:	2019-06-18 02:34 UTC (History)
CC List:	0 users

See Also:

Flags:	jaap: maintainer-feedback+

Attachments
patch to upgrade (806 bytes, patch) 2019-06-11 13:07 UTC, Jaap Akkerhuis	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jaap Akkerhuis 2019-06-11 13:07:45 UTC

Created attachment 204988 [details]
patch to upgrade

Comment 1 Jaap Akkerhuis 2019-06-11 13:09:37 UTC

This release contains new features, contributed from Sinodun, that
implement TCP fast open support and also support for service on DNS over
TLS.

There is also TLS OCSP stapling support with the tls-service-ocsp option
in nsd.conf.

The new option hide-identity can be used in nsd.conf to stop NSD from
responding with the hostname for probe queries that elicit the chaos
class response, this is conform RFC4892.

There is a bug fix for memory leaks during zone file read, with
duplicate records in the zone file.


4.2.0
================
FEATURES:
- Print IP address when bind socket fails with error.
- Fix #4249: The option hide-identity: yes stops NSD from responding
  with the hostname for chaos class queries.  Implements the RFC4892
  security considerations.
- Patch to add support for TCP Fast Open, from Sara
  Dickinson (Sinodun).
- Patch to add support for tls service on a specified tls port,
  from Sara Dickinson (Sinodun).
- Use travis for build check, initial unit test and clang analysis.
- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
  patch from Andreas Schulze.

BUG FIXES:
- Fix to delete unused zparser.default_apex member.
- Fix that the TLS handshake routine sets the correct event to
  continue when done.
- Fix that TLS renegotiation calls the read and write routines again
  with the same parameters when the desired event has been satisfied.
- Fix that TCP Fastopen has better error message and supports OSX.
- Fix to avoid buffer alloc with global buffer in tls write handler.
- Fix to initialize event structure when accepting TCP connection.
- Disable TLS1.0, TLS1.1 and weak ciphers, enable
  CIPHER_SERVER_PREFERENCE, patch from Andreas Schulze.
- further setup ssl ctx after the keys are loaded, for ECDH.
- Fix #10: Fix memory leaks caused by duplicate rr and include
  instructions.
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.

Comment 2 commit-hook freebsd_committer

2019-06-18 02:34:01 UTC

A commit references this bug:

Author: swills
Date: Tue Jun 18 02:33:02 UTC 2019
New revision: 504465
URL: https://svnweb.freebsd.org/changeset/ports/504465

Log:
  dns/nsd: update to 4.2.0

  PR:		238498
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

Changes:
  head/dns/nsd/Makefile
  head/dns/nsd/distinfo

Comment 3 Steve Wills freebsd_committer

2019-06-18 02:34:08 UTC

Committed, thanks!