On Sun, Feb 08, 2026 at 03:42:03PM +0000, Stuart Henderson wrote:
> On 2026/02/08 14:56, Caspar Schutijser wrote:
> > Hi,
> >
> > After more than a decade, a new version of validns is available.
> > It's now hosted with and maintained by DNS-OARC. The build system
> > has changed and all patches can go since they're incorporated in
> > the main branch.
> >
> > I can become MAINTAINER of this tool.
> >
> > Did I do the DISTFILES part right? (I think so, because it works and
> > produces the desired file name in the distfiles directory.)
> > Comments or OKs?
>
> DIST_TUPLE= codeberg DNS-OARC validns v0.9.0 .
Thanks, incorporated that in the diff below.
Caspar
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/validns/Makefile,v
diff -u -p -r1.6 Makefile
--- Makefile 27 Sep 2023 14:18:39 -0000 1.6
+++ Makefile 8 Feb 2026 16:20:45 -0000
@@ -1,29 +1,30 @@
COMMENT = DNS and DNSSEC zone file validator
-DISTNAME = validns-0.8
-REVISION = 1
+V = 0.9.0
+PKGNAME = validns-${V}
CATEGORIES = net
-HOMEPAGE = http://www.validns.net/
+DIST_TUPLE = codeberg DNS-OARC validns v${V} .
+
+MAINTAINER = Caspar Schutijser <[email protected]>
# BSD
PERMIT_PACKAGE = Yes
WANTLIB += Judy c crypto pthread
-SITES = ${HOMEPAGE}download/
-
LIB_DEPENDS = devel/libJudy
TEST_DEPENDS = devel/p5-Test-Command-Simple
-MAKE_ENV = CC="${CC}" CFLAGS="${CFLAGS}"
+CONFIGURE_STYLE = autoreconf
+AUTOCONF_VERSION = 2.69
+AUTOMAKE_VERSION = 1.18
+AUTORECONF = ./autogen.sh
-ALL_TARGET = validns
+CONFIGURE_ENV = CPPFLAGS="-I${LOCALBASE}/include"
LDFLAGS="-L${LOCALBASE}/lib"
-do-install:
- ${INSTALL_PROGRAM} ${WRKSRC}/validns ${PREFIX}/bin
- ${INSTALL_MAN} ${WRKSRC}/validns.1 ${PREFIX}/man/man1
+WRKSRC = ${WRKDIR}/validns
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/validns/distinfo,v
diff -u -p -r1.1.1.1 distinfo
--- distinfo 6 May 2017 15:52:24 -0000 1.1.1.1
+++ distinfo 8 Feb 2026 16:20:45 -0000
@@ -1,2 +1,2 @@
-SHA256 (validns-0.8.tar.gz) = 3y2w6qmYoEEf9MHE5BfrgtMq7Eg1+S9F8mxmyNHVvSI=
-SIZE (validns-0.8.tar.gz) = 190325
+SHA256 (DNS-OARC-validns-v0.9.0.tar.gz) =
ZwxAIgTewZUbIMTKP171KXYszs4Lu5eWlZzJ/alJ61M=
+SIZE (DNS-OARC-validns-v0.9.0.tar.gz) = 253152
Index: patches/patch-Makefile
===================================================================
RCS file: patches/patch-Makefile
diff -N patches/patch-Makefile
--- patches/patch-Makefile 11 Mar 2022 19:48:04 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,11 +0,0 @@
-Index: Makefile
---- Makefile.orig
-+++ Makefile
-@@ -1,6 +1,5 @@
- # The following options seem to work fine on Linux, FreeBSD, and Darwin
--OPTIMIZE=-O2 -g
--CFLAGS=-Wall -Werror -pthread -fno-strict-aliasing
-+CFLAGS+=-Wall -Werror -pthread -fno-strict-aliasing
- INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include
- CC?=cc
-
Index: patches/patch-carp_c
===================================================================
RCS file: patches/patch-carp_c
diff -N patches/patch-carp_c
--- patches/patch-carp_c 11 Mar 2022 19:48:04 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-Index: carp.c
---- carp.c.orig
-+++ carp.c
-@@ -102,7 +102,7 @@ static char proggy[MAXPATHLEN];
-
- const char *thisprogname(void)
- {
--#if defined(__FreeBSD__)
-+#if defined(__FreeBSD__) || defined(__OpenBSD__)
- return getprogname();
- #elif defined(__APPLE__)
- return getprogname();
Index: patches/patch-dnskey_c
===================================================================
RCS file: patches/patch-dnskey_c
diff -N patches/patch-dnskey_c
--- patches/patch-dnskey_c 11 Mar 2022 19:48:04 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,31 +0,0 @@
-https://github.com/tobez/validns/pull/71
-
-Index: dnskey.c
---- dnskey.c.orig
-+++ dnskey.c
-@@ -145,6 +145,7 @@ int dnskey_build_pkey(struct rr_dnskey *rr)
- unsigned int e_bytes;
- unsigned char *pk;
- int l;
-+ BIGNUM *n, *e;
-
- rsa = RSA_new();
- if (!rsa)
-@@ -165,11 +166,15 @@ int dnskey_build_pkey(struct rr_dnskey *rr)
- if (l < e_bytes) /* public key is too short */
- goto done;
-
-- rsa->e = BN_bin2bn(pk, e_bytes, NULL);
-+ e = BN_bin2bn(pk, e_bytes, NULL);
- pk += e_bytes;
- l -= e_bytes;
-
-- rsa->n = BN_bin2bn(pk, l, NULL);
-+ n = BN_bin2bn(pk, l, NULL);
-+ if (!e || !n)
-+ goto done;
-+
-+ RSA_set0_key(rsa, n, e, NULL);
-
- pkey = EVP_PKEY_new();
- if (!pkey)
Index: patches/patch-nsec3checks_c
===================================================================
RCS file: patches/patch-nsec3checks_c
diff -N patches/patch-nsec3checks_c
--- patches/patch-nsec3checks_c 11 Mar 2022 19:48:04 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,57 +0,0 @@
-https://github.com/tobez/validns/pull/71
-
-Index: nsec3checks.c
---- nsec3checks.c.orig
-+++ nsec3checks.c
-@@ -28,7 +28,7 @@
- static struct binary_data name2hash(char *name, struct rr *param)
- {
- struct rr_nsec3param *p = (struct rr_nsec3param *)param;
-- EVP_MD_CTX ctx;
-+ EVP_MD_CTX *ctx;
- unsigned char md0[EVP_MAX_MD_SIZE];
- unsigned char md1[EVP_MAX_MD_SIZE];
- unsigned char *md[2];
-@@ -45,26 +45,31 @@ static struct binary_data name2hash(char *name, struct
-
- /* XXX Maybe use Init_ex and Final_ex for speed? */
-
-- EVP_MD_CTX_init(&ctx);
-- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
-+ ctx = EVP_MD_CTX_new();
-+ if (ctx == NULL)
- return r;
-- digest_size = EVP_MD_CTX_size(&ctx);
-- EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length);
-- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
-- EVP_DigestFinal(&ctx, md[mdi], NULL);
-+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
-+ goto out;
-+ digest_size = EVP_MD_CTX_size(ctx);
-+ EVP_DigestUpdate(ctx, wire_name.data, wire_name.length);
-+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
-+ EVP_DigestFinal(ctx, md[mdi], NULL);
-
- for (i = 0; i < p->iterations; i++) {
-- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
-- return r;
-- EVP_DigestUpdate(&ctx, md[mdi], digest_size);
-+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
-+ goto out;
-+
-+ EVP_DigestUpdate(ctx, md[mdi], digest_size);
- mdi = (mdi + 1) % 2;
-- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
-- EVP_DigestFinal(&ctx, md[mdi], NULL);
-+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
-+ EVP_DigestFinal(ctx, md[mdi], NULL);
- }
-
- r.length = digest_size;
- r.data = getmem(digest_size);
- memcpy(r.data, md[mdi], digest_size);
-+out:
-+ EVP_MD_CTX_free(ctx);
- return r;
- }
-
Index: patches/patch-rrsig_c
===================================================================
RCS file: patches/patch-rrsig_c
diff -N patches/patch-rrsig_c
--- patches/patch-rrsig_c 11 Mar 2022 19:48:04 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,145 +0,0 @@
-https://github.com/tobez/validns/pull/71
-
-Index: rrsig.c
---- rrsig.c.orig
-+++ rrsig.c
-@@ -26,7 +26,7 @@
- struct verification_data
- {
- struct verification_data *next;
-- EVP_MD_CTX ctx;
-+ EVP_MD_CTX *ctx;
- struct rr_dnskey *key;
- struct rr_rrsig *rr;
- int ok;
-@@ -180,7 +180,7 @@ void *verification_thread(void *dummy)
- if (d) {
- int r;
- d->next = NULL;
-- r = EVP_VerifyFinal(&d->ctx, (unsigned char
*)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
-+ r = EVP_VerifyFinal(d->ctx, (unsigned char
*)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
- if (r == 1) {
- d->ok = 1;
- } else {
-@@ -232,7 +232,7 @@ static void schedule_verification(struct verification_
- } else {
- int r;
- G.stats.signatures_verified++;
-- r = EVP_VerifyFinal(&d->ctx, (unsigned char
*)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
-+ r = EVP_VerifyFinal(d->ctx, (unsigned char
*)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
- if (r == 1) {
- d->ok = 1;
- } else {
-@@ -250,21 +250,22 @@ static int verify_signature(struct verification_data *
- struct rr *signed_rr;
- int i;
-
-- EVP_MD_CTX_init(&d->ctx);
-+ if ((d->ctx = EVP_MD_CTX_new()) == NULL)
-+ return 0;
- switch (d->rr->algorithm) {
- case ALG_DSA:
- case ALG_RSASHA1:
- case ALG_DSA_NSEC3_SHA1:
- case ALG_RSASHA1_NSEC3_SHA1:
-- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1)
-+ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1)
- return 0;
- break;
- case ALG_RSASHA256:
-- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1)
-+ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1)
- return 0;
- break;
- case ALG_RSASHA512:
-- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1)
-+ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1)
- return 0;
- break;
- default:
-@@ -274,7 +275,7 @@ static int verify_signature(struct verification_data *
- chunk = rrsig_wirerdata_ex(&d->rr->rr, 0);
- if (chunk.length < 0)
- return 0;
-- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
-+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
-
- set = getmem_temp(sizeof(*set) * signed_set->count);
-
-@@ -294,12 +295,12 @@ static int verify_signature(struct verification_data *
- chunk = name2wire_name(signed_set->named_rr->name);
- if (chunk.length < 0)
- return 0;
-- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
-- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx,
&b2, 2);
-- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2,
2);
-- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx,
&b4, 4);
-- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2,
2);
-- EVP_VerifyUpdate(&d->ctx, set[i].wired.data,
set[i].wired.length);
-+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
-+ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2,
2);
-+ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2,
2);
-+ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4,
4);
-+ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2,
2);
-+ EVP_VerifyUpdate(d->ctx, set[i].wired.data,
set[i].wired.length);
- }
-
- schedule_verification(d);
-@@ -371,49 +372,12 @@ static void *rrsig_validate(struct rr *rrv)
- return rr;
- }
-
--static pthread_mutex_t *lock_cs;
--static long *lock_count;
--
--static unsigned long pthreads_thread_id(void)
--{
-- unsigned long ret;
--
-- ret=(unsigned long)pthread_self();
-- return(ret);
--}
--
--static void pthreads_locking_callback(int mode, int type, char *file, int
line)
--{
-- if (mode & CRYPTO_LOCK) {
-- pthread_mutex_lock(&(lock_cs[type]));
-- lock_count[type]++;
-- } else {
-- pthread_mutex_unlock(&(lock_cs[type]));
-- }
--}
--
- void verify_all_keys(void)
- {
- struct keys_to_verify *k = all_keys_to_verify;
- int i;
- struct timespec sleep_time;
-
-- ERR_load_crypto_strings();
-- if (G.opt.n_threads > 1) {
-- lock_cs = OPENSSL_malloc(CRYPTO_num_locks() *
sizeof(pthread_mutex_t));
-- lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-- for (i = 0; i < CRYPTO_num_locks(); i++) {
-- lock_count[i] = 0;
-- pthread_mutex_init(&lock_cs[i],NULL);
-- }
--
-- CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
-- CRYPTO_set_locking_callback((void
(*)())pthreads_locking_callback);
--
-- if (pthread_mutex_init(&queue_lock, NULL) != 0)
-- croak(1, "pthread_mutex_init");
-- }
--
- while (k) {
- freeall_temp();
- for (i = 0; i < k->n_keys; i++) {
-@@ -440,6 +404,7 @@ void verify_all_keys(void)
- if (k->to_verify[i].openssl_error != 0)
- e = k->to_verify[i].openssl_error;
- }
-+ EVP_MD_CTX_free(k->to_verify[i].ctx);
- }
- if (!ok) {
- struct named_rr *named_rr;
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/validns/pkg/PLIST,v
diff -u -p -r1.2 PLIST
--- pkg/PLIST 11 Mar 2022 19:48:04 -0000 1.2
+++ pkg/PLIST 8 Feb 2026 16:20:45 -0000
@@ -1,2 +1,7 @@
@bin bin/validns
@man man/man1/validns.1
+share/doc/validns/
+share/doc/validns/CHANGELOG.md
+share/doc/validns/LICENSE
+share/doc/validns/README.md
+share/doc/validns/TECHNICAL.md
