[Bug 291573] dns/ldns: update to 1.9.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291573

            Bug ID: 291573
           Summary: dns/ldns: update to 1.9.0
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://www.nlnetlabs.nl/projects/ldns/about/
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: jaap@NLnetLabs.nl
 Attachment #266087 maintainer-approval+
             Flags:

Created attachment 266087
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=266087&action=edit
patch to upgrade

This update includes the update for dns/py-ldns and p5-DNS-Ldns

The most prominent fix is for the bug where ldns would, break TXT RRset
signing when a WALLET RR is present at the same name. At the apex this
would break records responsible for SPF and/or domain control validation
(see https://github.com/NLnetLabs/ldns/issues/285 )


Changelog
=========
1.9.0    2025-12-04
   * PR #246: Make ldns_calc_keytag() available for CDNSKEY RR
     Thanks tgreenx and pnax
   * PR #247: Make ldns_key_rr2ds() available for CDNSKEY RR
     Thanks tgreenx
   * PR #248: Make ldns_rr_compare_{ds,ds_dnskey}() available for
     CDS and CDNSKEY RRs. Thanks tgreenx
   * PR #245: Make drill trace use IPv6 when used with -6
     Thanks Paul Radford
   * Fix #254: Unquoted "value" rdata for CAA records fail to validate.
     Follows the long string unquoted syntax from RFC8659, section 4.1.1.
   * Fix #266: ldns-read-zone -u fails if a type is the only type in a
     window and the type modulo 256 is equal to zero.
   * Fix #271: Intermittent build failure with multi-job
     builds (make -j).
   * Add ldns-verify-zone -s option. It checks all signature results,
     instead of passing by when one RRSIG validates. That prints output
     for spurious RRSIGs, the failures for them.
   * Fix RR types NSAP-PTR, GPOS and RESINFO to print unquoted strings.
   * Fix memory leak when trying to read zones that have equal RRs.
     the ldns_dnssec_*_add_rr() functions now return LDNS_STATUS_EQUAL_RR
     when an already existing RR is tried to be added. This is a API
     change, hence this also bumps the version to 1.9.0
   * PR #282: ensure returning pkt with LDNS_STATUS_OK. Thanks grobian.
   * PR #286: Fix RR Type AMTRELAY type nogateway, to print relay '.',
     and memory leaks in parsing it.
   * DSYNC is no longer a draft RR type and compiled by default
   * RFC 9824 support: Compact Denial of Existence in DNSSEC
   * The HHIT and BRID draft RR types
   * PR #249: If RNG is already seeded, return early.
     Thanks crrodriguez
   * PR #221: Improve error messages. Thanks jschauma
   * PR #256: Use SWIG_AppendOutput to support swig 4.3
     Thanks pemensik
   * PR #188: Homogenize paths for source files during compilation
     Thanks duthils
   * Fix #283: ldns-walk fails after update from 1.8.3 to 1.8.4
     Thanks jschauma
   * PR #200: Allow compiled tests to link to ldns statically via
     environment variable. Thanks FGasper and pemensik
   * PR #220: Optionally exclude ZONEMD RRs in ldns-compare-zone
     Thanks gjherbiet
   * Fix #285: A WALLET RR breaks TXT signing. Thanks bortzmeyer
   * Fix #287: ldns-verify-zone hangs with missing NSEC3 RRs.
     Thanks Roy Arends

-- 
You are receiving this mail because:
You are the assignee for the bug.