Bug 259098 - dns/nsd: Update to version 4.3.8
Summary: dns/nsd: Update to version 4.3.8
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Neel Chauhan
URL: https://www.nlnetlabs.nl/news/2021/Oc...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-12 11:09 UTC by Jaap Akkerhuis
Modified: 2021-10-12 16:34 UTC (History)
1 user (show)

See Also:

Attachments
Patch to upgrade (2.33 KB, patch)
2021-10-12 11:09 UTC, Jaap Akkerhuis 		jaap: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2021-10-12 11:09:08 UTC 
Created attachment 228622 [details]
Patch to upgrade

This release fixes a crash bug in delegation answers, and fixes
in NSEC3 answers. Also compile fixes for OpenSSL. The OpenSSL 3.0
API is supported.

The Mutual TLS feature allows for client authentication for XFR-over-TLS
connections, use the client-cert, client-key and client-key-pw options
to set up the certificate that NSD then uses to connect to the upstream
server to download the zone with.

4.3.8 ================
FEATURES:
- Merge #185 by cesarkuroiwa: Mutual TLS.

BUG FIXES:
- Fix to compile with OpenSSL 3.0.0beta2.
- Fix configure detection of SSL_CTX_set_security_level.
- Fix deprecated functions use from openssl 3.0.0beta2.
- For #184: Note that all zones can be targeted by some nsd-control
commands in the man page.
- Fixes for #185: Document client-cert, client-key and client-key-pw
  in the man page. Fix yacc semicolon. Fix unused variable warning.
  Use strlcpy instead of strncpy. Fix spelling error in error
  printout.
- Merge #187: Support using system-wide crypto policies.
- Fix #188: NSD fails to build against openssl 1.1 on CentOS 7.
- Fix sed script in ssldir split handling.
- Fix #189: nsd 4.3.7 crash answer_delegation: Assertion
  `query->delegation_rrset' failed.
- Fix #190: NSD returns 3 NSEC3 records for NODATA response.
- Fix compile failure with openssl 1.0.2.
- Fix #194: Incorrect NSEC3 response for SOA query below delegation
  point.


The port's Makefile had some reordering to satisfy portfmt(1)
Comment 1 Neel Chauhan freebsd_committer freebsd_triage 2021-10-12 16:33:33 UTC 
Committed!
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-10-12 16:34:28 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=895532dbe845c1263fe46696ecc374127d2c76bf

commit 895532dbe845c1263fe46696ecc374127d2c76bf
Author:     Jaap Akkerhuis <jaap@NLnetLabs.nl>
AuthorDate: 2021-10-12 16:32:54 +0000
Commit:     Neel Chauhan <nc@FreeBSD.org>
CommitDate: 2021-10-12 16:32:54 +0000

    dns/nsd: Update to 4.3.8

    Changes: https://www.nlnetlabs.nl/news/2021/Oct/12/nsd-4.3.8-released/

    PR:     259098

 dns/nsd/Makefile | 32 ++++++++++++++++----------------
 dns/nsd/distinfo |  6 +++---
 2 files changed, 19 insertions(+), 19 deletions(-)