On 2026/02/08 14:56, Caspar Schutijser wrote:
> Hi,
>
> After more than a decade, a new version of validns is available.
> It's now hosted with and maintained by DNS-OARC. The build system
> has changed and all patches can go since they're incorporated in
> the main branch.
>
> I can become MAINTAINER of this tool.
>
> Did I do the DISTFILES part right? (I think so, because it works and
> produces the desired file name in the distfiles directory.)
> Comments or OKs?
DIST_TUPLE= codeberg DNS-OARC validns v0.9.0 .
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/validns/Makefile,v
> diff -u -p -r1.6 Makefile
> --- Makefile 27 Sep 2023 14:18:39 -0000 1.6
> +++ Makefile 8 Feb 2026 13:42:33 -0000
> @@ -1,29 +1,34 @@
> COMMENT = DNS and DNSSEC zone file validator
>
> -DISTNAME = validns-0.8
> -REVISION = 1
> +V = 0.9.0
> +PKGNAME = validns-${V}
>
> CATEGORIES = net
>
> -HOMEPAGE = http://www.validns.net/
> +HOMEPAGE = https://codeberg.org/DNS-OARC/validns
> +
> +MAINTAINER = Caspar Schutijser <[email protected]>
>
> # BSD
> PERMIT_PACKAGE = Yes
>
> WANTLIB += Judy c crypto pthread
>
> -SITES = ${HOMEPAGE}download/
> +SITES = https://codeberg.org/DNS-OARC/validns/archive/
> +
> +DISTFILES = validns-{v}${V}${EXTRACT_SUFX}
>
> LIB_DEPENDS = devel/libJudy
>
> TEST_DEPENDS = devel/p5-Test-Command-Simple
>
> -MAKE_ENV = CC="${CC}" CFLAGS="${CFLAGS}"
> +CONFIGURE_STYLE = autoreconf
> +AUTOCONF_VERSION = 2.69
> +AUTOMAKE_VERSION = 1.18
> +AUTORECONF = ./autogen.sh
>
> -ALL_TARGET = validns
> +CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include"
> LDFLAGS="-L${LOCALBASE}/lib"
>
> -do-install:
> - ${INSTALL_PROGRAM} ${WRKSRC}/validns ${PREFIX}/bin
> - ${INSTALL_MAN} ${WRKSRC}/validns.1 ${PREFIX}/man/man1
> +WRKSRC = ${WRKDIR}/validns
>
> .include <bsd.port.mk>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/net/validns/distinfo,v
> diff -u -p -r1.1.1.1 distinfo
> --- distinfo 6 May 2017 15:52:24 -0000 1.1.1.1
> +++ distinfo 8 Feb 2026 13:42:33 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (validns-0.8.tar.gz) = 3y2w6qmYoEEf9MHE5BfrgtMq7Eg1+S9F8mxmyNHVvSI=
> -SIZE (validns-0.8.tar.gz) = 190325
> +SHA256 (validns-0.9.0.tar.gz) = ZwxAIgTewZUbIMTKP171KXYszs4Lu5eWlZzJ/alJ61M=
> +SIZE (validns-0.9.0.tar.gz) = 253152
> Index: patches/patch-Makefile
> ===================================================================
> RCS file: patches/patch-Makefile
> diff -N patches/patch-Makefile
> --- patches/patch-Makefile 11 Mar 2022 19:48:04 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,11 +0,0 @@
> -Index: Makefile
> ---- Makefile.orig
> -+++ Makefile
> -@@ -1,6 +1,5 @@
> - # The following options seem to work fine on Linux, FreeBSD, and Darwin
> --OPTIMIZE=-O2 -g
> --CFLAGS=-Wall -Werror -pthread -fno-strict-aliasing
> -+CFLAGS+=-Wall -Werror -pthread -fno-strict-aliasing
> - INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include
> - CC?=cc
> -
> Index: patches/patch-carp_c
> ===================================================================
> RCS file: patches/patch-carp_c
> diff -N patches/patch-carp_c
> --- patches/patch-carp_c 11 Mar 2022 19:48:04 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,12 +0,0 @@
> -Index: carp.c
> ---- carp.c.orig
> -+++ carp.c
> -@@ -102,7 +102,7 @@ static char proggy[MAXPATHLEN];
> -
> - const char *thisprogname(void)
> - {
> --#if defined(__FreeBSD__)
> -+#if defined(__FreeBSD__) || defined(__OpenBSD__)
> - return getprogname();
> - #elif defined(__APPLE__)
> - return getprogname();
> Index: patches/patch-dnskey_c
> ===================================================================
> RCS file: patches/patch-dnskey_c
> diff -N patches/patch-dnskey_c
> --- patches/patch-dnskey_c 11 Mar 2022 19:48:04 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,31 +0,0 @@
> -https://github.com/tobez/validns/pull/71
> -
> -Index: dnskey.c
> ---- dnskey.c.orig
> -+++ dnskey.c
> -@@ -145,6 +145,7 @@ int dnskey_build_pkey(struct rr_dnskey *rr)
> - unsigned int e_bytes;
> - unsigned char *pk;
> - int l;
> -+ BIGNUM *n, *e;
> -
> - rsa = RSA_new();
> - if (!rsa)
> -@@ -165,11 +166,15 @@ int dnskey_build_pkey(struct rr_dnskey *rr)
> - if (l < e_bytes) /* public key is too short */
> - goto done;
> -
> -- rsa->e = BN_bin2bn(pk, e_bytes, NULL);
> -+ e = BN_bin2bn(pk, e_bytes, NULL);
> - pk += e_bytes;
> - l -= e_bytes;
> -
> -- rsa->n = BN_bin2bn(pk, l, NULL);
> -+ n = BN_bin2bn(pk, l, NULL);
> -+ if (!e || !n)
> -+ goto done;
> -+
> -+ RSA_set0_key(rsa, n, e, NULL);
> -
> - pkey = EVP_PKEY_new();
> - if (!pkey)
> Index: patches/patch-nsec3checks_c
> ===================================================================
> RCS file: patches/patch-nsec3checks_c
> diff -N patches/patch-nsec3checks_c
> --- patches/patch-nsec3checks_c 11 Mar 2022 19:48:04 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,57 +0,0 @@
> -https://github.com/tobez/validns/pull/71
> -
> -Index: nsec3checks.c
> ---- nsec3checks.c.orig
> -+++ nsec3checks.c
> -@@ -28,7 +28,7 @@
> - static struct binary_data name2hash(char *name, struct rr *param)
> - {
> - struct rr_nsec3param *p = (struct rr_nsec3param *)param;
> -- EVP_MD_CTX ctx;
> -+ EVP_MD_CTX *ctx;
> - unsigned char md0[EVP_MAX_MD_SIZE];
> - unsigned char md1[EVP_MAX_MD_SIZE];
> - unsigned char *md[2];
> -@@ -45,26 +45,31 @@ static struct binary_data name2hash(char *name, struct
> -
> - /* XXX Maybe use Init_ex and Final_ex for speed? */
> -
> -- EVP_MD_CTX_init(&ctx);
> -- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
> -+ ctx = EVP_MD_CTX_new();
> -+ if (ctx == NULL)
> - return r;
> -- digest_size = EVP_MD_CTX_size(&ctx);
> -- EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length);
> -- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
> -- EVP_DigestFinal(&ctx, md[mdi], NULL);
> -+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
> -+ goto out;
> -+ digest_size = EVP_MD_CTX_size(ctx);
> -+ EVP_DigestUpdate(ctx, wire_name.data, wire_name.length);
> -+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
> -+ EVP_DigestFinal(ctx, md[mdi], NULL);
> -
> - for (i = 0; i < p->iterations; i++) {
> -- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
> -- return r;
> -- EVP_DigestUpdate(&ctx, md[mdi], digest_size);
> -+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
> -+ goto out;
> -+
> -+ EVP_DigestUpdate(ctx, md[mdi], digest_size);
> - mdi = (mdi + 1) % 2;
> -- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
> -- EVP_DigestFinal(&ctx, md[mdi], NULL);
> -+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
> -+ EVP_DigestFinal(ctx, md[mdi], NULL);
> - }
> -
> - r.length = digest_size;
> - r.data = getmem(digest_size);
> - memcpy(r.data, md[mdi], digest_size);
> -+out:
> -+ EVP_MD_CTX_free(ctx);
> - return r;
> - }
> -
> Index: patches/patch-rrsig_c
> ===================================================================
> RCS file: patches/patch-rrsig_c
> diff -N patches/patch-rrsig_c
> --- patches/patch-rrsig_c 11 Mar 2022 19:48:04 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,145 +0,0 @@
> -https://github.com/tobez/validns/pull/71
> -
> -Index: rrsig.c
> ---- rrsig.c.orig
> -+++ rrsig.c
> -@@ -26,7 +26,7 @@
> - struct verification_data
> - {
> - struct verification_data *next;
> -- EVP_MD_CTX ctx;
> -+ EVP_MD_CTX *ctx;
> - struct rr_dnskey *key;
> - struct rr_rrsig *rr;
> - int ok;
> -@@ -180,7 +180,7 @@ void *verification_thread(void *dummy)
> - if (d) {
> - int r;
> - d->next = NULL;
> -- r = EVP_VerifyFinal(&d->ctx, (unsigned char
> *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
> -+ r = EVP_VerifyFinal(d->ctx, (unsigned char
> *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
> - if (r == 1) {
> - d->ok = 1;
> - } else {
> -@@ -232,7 +232,7 @@ static void schedule_verification(struct verification_
> - } else {
> - int r;
> - G.stats.signatures_verified++;
> -- r = EVP_VerifyFinal(&d->ctx, (unsigned char
> *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
> -+ r = EVP_VerifyFinal(d->ctx, (unsigned char
> *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
> - if (r == 1) {
> - d->ok = 1;
> - } else {
> -@@ -250,21 +250,22 @@ static int verify_signature(struct verification_data *
> - struct rr *signed_rr;
> - int i;
> -
> -- EVP_MD_CTX_init(&d->ctx);
> -+ if ((d->ctx = EVP_MD_CTX_new()) == NULL)
> -+ return 0;
> - switch (d->rr->algorithm) {
> - case ALG_DSA:
> - case ALG_RSASHA1:
> - case ALG_DSA_NSEC3_SHA1:
> - case ALG_RSASHA1_NSEC3_SHA1:
> -- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1)
> -+ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1)
> - return 0;
> - break;
> - case ALG_RSASHA256:
> -- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1)
> -+ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1)
> - return 0;
> - break;
> - case ALG_RSASHA512:
> -- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1)
> -+ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1)
> - return 0;
> - break;
> - default:
> -@@ -274,7 +275,7 @@ static int verify_signature(struct verification_data *
> - chunk = rrsig_wirerdata_ex(&d->rr->rr, 0);
> - if (chunk.length < 0)
> - return 0;
> -- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
> -+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
> -
> - set = getmem_temp(sizeof(*set) * signed_set->count);
> -
> -@@ -294,12 +295,12 @@ static int verify_signature(struct verification_data *
> - chunk = name2wire_name(signed_set->named_rr->name);
> - if (chunk.length < 0)
> - return 0;
> -- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
> -- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx,
> &b2, 2);
> -- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2,
> 2);
> -- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx,
> &b4, 4);
> -- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2,
> 2);
> -- EVP_VerifyUpdate(&d->ctx, set[i].wired.data,
> set[i].wired.length);
> -+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
> -+ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2,
> 2);
> -+ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2,
> 2);
> -+ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4,
> 4);
> -+ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2,
> 2);
> -+ EVP_VerifyUpdate(d->ctx, set[i].wired.data,
> set[i].wired.length);
> - }
> -
> - schedule_verification(d);
> -@@ -371,49 +372,12 @@ static void *rrsig_validate(struct rr *rrv)
> - return rr;
> - }
> -
> --static pthread_mutex_t *lock_cs;
> --static long *lock_count;
> --
> --static unsigned long pthreads_thread_id(void)
> --{
> -- unsigned long ret;
> --
> -- ret=(unsigned long)pthread_self();
> -- return(ret);
> --}
> --
> --static void pthreads_locking_callback(int mode, int type, char *file, int
> line)
> --{
> -- if (mode & CRYPTO_LOCK) {
> -- pthread_mutex_lock(&(lock_cs[type]));
> -- lock_count[type]++;
> -- } else {
> -- pthread_mutex_unlock(&(lock_cs[type]));
> -- }
> --}
> --
> - void verify_all_keys(void)
> - {
> - struct keys_to_verify *k = all_keys_to_verify;
> - int i;
> - struct timespec sleep_time;
> -
> -- ERR_load_crypto_strings();
> -- if (G.opt.n_threads > 1) {
> -- lock_cs = OPENSSL_malloc(CRYPTO_num_locks() *
> sizeof(pthread_mutex_t));
> -- lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
> -- for (i = 0; i < CRYPTO_num_locks(); i++) {
> -- lock_count[i] = 0;
> -- pthread_mutex_init(&lock_cs[i],NULL);
> -- }
> --
> -- CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
> -- CRYPTO_set_locking_callback((void
> (*)())pthreads_locking_callback);
> --
> -- if (pthread_mutex_init(&queue_lock, NULL) != 0)
> -- croak(1, "pthread_mutex_init");
> -- }
> --
> - while (k) {
> - freeall_temp();
> - for (i = 0; i < k->n_keys; i++) {
> -@@ -440,6 +404,7 @@ void verify_all_keys(void)
> - if (k->to_verify[i].openssl_error != 0)
> - e = k->to_verify[i].openssl_error;
> - }
> -+ EVP_MD_CTX_free(k->to_verify[i].ctx);
> - }
> - if (!ok) {
> - struct named_rr *named_rr;
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/net/validns/pkg/PLIST,v
> diff -u -p -r1.2 PLIST
> --- pkg/PLIST 11 Mar 2022 19:48:04 -0000 1.2
> +++ pkg/PLIST 8 Feb 2026 13:42:33 -0000
> @@ -1,2 +1,7 @@
> @bin bin/validns
> @man man/man1/validns.1
> +share/doc/validns/
> +share/doc/validns/CHANGELOG.md
> +share/doc/validns/LICENSE
> +share/doc/validns/README.md
> +share/doc/validns/TECHNICAL.md
>
