Hello, This updates security/opendnssec to 1.4.12: === OPENDNSSEC-808: Crash on query with empty query section (thanks HÃ¥vard Eidnes). SUPPORT-191: Regression, Must accept notify without SOA (thanks Christos Trochalakis). OPENDNSSEC-845: memory leak occuring when responding to IXFR out when having had multiple updates. OPENDNSSEC-805: Avoid full resign due to mismatch in backup file when upgrading from 1.4.8 or later. OPENDNSSEC-828: parsing zone list could show data from next zone when zones iterated on single line. OPENDNSSEC-811,OPENDNSSEC-827,e.o.: compiler warnings and other static code analysis cleanup OPENDNSSEC-847: Broken DNS IN notifications when pkt answer section is empty. OPENDNSSEC-838: Crash in signer after having removed a zone. Update dependency to ldns to version 1.6.17 enabling the DNS HIP record. Prevent responding to queries when not fully started yet. ===
It removes two already applied patches, and adds a new one which has also been accepted upstream: https://github.com/opendnssec/opendnssec/pull/603 Finally it updates LIB_DEPENDS so that databases/sqlite3 is only part of the sqlite3 flavor to make portcheck happy. -- Patrik Lundin Index: Makefile =================================================================== RCS file: /cvs/ports/security/opendnssec/Makefile,v retrieving revision 1.7 diff -u -p -u -r1.7 Makefile --- Makefile 23 Sep 2016 09:16:57 -0000 1.7 +++ Makefile 19 Nov 2016 11:30:09 -0000 @@ -2,8 +2,7 @@ COMMENT= open-source turn-key solution for DNSSEC -DISTNAME= opendnssec-1.4.10 -REVISION= 0 +DISTNAME= opendnssec-1.4.12 CATEGORIES= security @@ -19,7 +18,6 @@ WANTLIB += c crypto iconv ldns lzma m pt MASTER_SITES= http://dist.opendnssec.org/source/ LIB_DEPENDS= converters/libiconv \ - databases/sqlite3 \ net/ldns/libldns \ textproc/libxml @@ -35,6 +33,7 @@ FLAVOR?= sqlite3 .if ${FLAVOR:Msqlite3} WANTLIB+= sqlite3 +LIB_DEPENDS+= databases/sqlite3 .endif .if ${FLAVOR:Mmysql} Index: distinfo =================================================================== RCS file: /cvs/ports/security/opendnssec/distinfo,v retrieving revision 1.3 diff -u -p -u -r1.3 distinfo --- distinfo 14 Jun 2016 11:29:46 -0000 1.3 +++ distinfo 19 Nov 2016 11:30:09 -0000 @@ -1,2 +1,2 @@ -SHA256 (opendnssec-1.4.10.tar.gz) = VbRMHaOmZe7wrx0bP00cV9IPUPd4WLHdPQPKbrwd98s= -SIZE (opendnssec-1.4.10.tar.gz) = 1036069 +SHA256 (opendnssec-1.4.12.tar.gz) = S6bPBvzRExwe2RPWGVndyQcm7V5PFTyQ9F7GREVSigw= +SIZE (opendnssec-1.4.12.tar.gz) = 1036392 Index: patches/patch-conf_conf_xml_in =================================================================== RCS file: /cvs/ports/security/opendnssec/patches/patch-conf_conf_xml_in,v retrieving revision 1.1.1.1 diff -u -p -u -r1.1.1.1 patch-conf_conf_xml_in --- patches/patch-conf_conf_xml_in 13 Oct 2015 17:03:55 -0000 1.1.1.1 +++ patches/patch-conf_conf_xml_in 19 Nov 2016 11:30:09 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-conf_conf_xml_in,v 1.1.1.1 2015/10/13 17:03:55 jca Exp $ ---- conf/conf.xml.in.orig Mon Jul 21 11:30:08 2014 -+++ conf/conf.xml.in Wed Aug 20 08:52:31 2014 -@@ -28,7 +28,7 @@ +--- conf/conf.xml.in.orig Mon Oct 17 14:32:58 2016 ++++ conf/conf.xml.in Mon Nov 14 18:41:45 2016 +@@ -31,7 +31,7 @@ <Logging> <!-- Command line verbosity will overwrite configure file --> <Verbosity>3</Verbosity> @@ -10,7 +10,7 @@ $OpenBSD: patch-conf_conf_xml_in,v 1.1.1 </Logging> <PolicyFile>@OPENDNSSEC_CONFIG_DIR@/kasp.xml</PolicyFile> -@@ -36,19 +36,17 @@ +@@ -39,19 +39,17 @@ </Common> <Enforcer> @@ -33,7 +33,7 @@ $OpenBSD: patch-conf_conf_xml_in,v 1.1.1 <Interval>PT3600S</Interval> <!-- <ManualKeyGeneration/> --> <!-- <RolloverNotification>P14D</RolloverNotification> --> -@@ -60,12 +58,10 @@ +@@ -63,12 +61,10 @@ </Enforcer> <Signer> Index: patches/patch-enforcer_ksm_database_access_lite_c =================================================================== RCS file: patches/patch-enforcer_ksm_database_access_lite_c diff -N patches/patch-enforcer_ksm_database_access_lite_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-enforcer_ksm_database_access_lite_c 19 Nov 2016 11:30:09 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- enforcer/ksm/database_access_lite.c.orig Mon Nov 14 18:59:16 2016 ++++ enforcer/ksm/database_access_lite.c Mon Nov 14 19:00:58 2016 +@@ -41,6 +41,8 @@ + #include <time.h> + #include <unistd.h> + ++#include <sys/select.h> ++ + #include <sqlite3.h> + + #include "ksm/dbsdef.h" Index: patches/patch-enforcer_utils_ksmutil_c =================================================================== RCS file: patches/patch-enforcer_utils_ksmutil_c diff -N patches/patch-enforcer_utils_ksmutil_c --- patches/patch-enforcer_utils_ksmutil_c 14 Jun 2016 11:29:46 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-enforcer_utils_ksmutil_c,v 1.1 2016/06/14 11:29:46 jca Exp $ ---- enforcer/utils/ksmutil.c.orig Wed May 4 21:09:00 2016 -+++ enforcer/utils/ksmutil.c Wed May 4 21:09:22 2016 -@@ -6878,7 +6878,7 @@ int ListKeys(int zone_id) - hsm_key_t *key = NULL; - ldns_rr *dnskey_rr = NULL; - hsm_sign_params_t *sign_params = NULL; -- hsm_ctx_t* ctx; -+ hsm_ctx_t* ctx = NULL; - - if (verbose_flag) { - /* connect to the HSM */ Index: patches/patch-signer_src_signer_zone_c =================================================================== RCS file: patches/patch-signer_src_signer_zone_c diff -N patches/patch-signer_src_signer_zone_c --- patches/patch-signer_src_signer_zone_c 14 Jun 2016 11:29:46 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,21 +0,0 @@ -$OpenBSD: patch-signer_src_signer_zone_c,v 1.1 2016/06/14 11:29:46 jca Exp $ ---- signer/src/signer/zone.c.orig Wed May 4 21:09:53 2016 -+++ signer/src/signer/zone.c Wed May 4 21:10:02 2016 -@@ -571,7 +571,7 @@ zone_add_rr(zone_type* zone, ldns_rr* rr, int do_stats - rr_type* record = NULL; - ods_status status = ODS_STATUS_OK; - char* str = NULL; -- int i; -+ size_t i; - - ods_log_assert(rr); - ods_log_assert(zone); -@@ -694,7 +694,7 @@ zone_del_nsec3params(zone_type* zone) - { - domain_type* domain = NULL; - rrset_type* rrset = NULL; -- int i; -+ size_t i; - - ods_log_assert(zone); - ods_log_assert(zone->name);
