most cases, the failure mode is the same. Also, mark them broken on
mips when necessary.
While here, pet portlint.
Approved by: portmgr (tier-2 blanket)
As usual, it is recommended to rebuild or reinstall all the
dependent ports and the lang/ghc port itself in one of the following
ways:
# portmaster -w -r ghc
or
# portupgrade -fr lang/ghc
In case of pkg(8), it is probably safer to remove all the GHC-dependent
packages along with GHC and reinstall everything from scratch. For
example:
# pkg query "%ro" ghc > ghc-pkgs.txt
# pkg delete -y lang/ghc
In ghc-pkgs.txt, check and remove all the packages that have been moved
on the update, then use this command:
# pkg install -y `cat ghc-pkgs.txt`
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D16038
From now on, ports that depend on Qt4 will have to set
USES= qt:4
USE_QT= foo bar
ports depending on Qt5 will use
USES= qt:5
USE_QT= foo bar
PR: 229225
Exp-run by: antoine
Reviewed by: mat
Approved by: portmgr (antoine)
Differential Revision: →https://reviews.freebsd.org/D15540
dnstable (0.10.1)
* Check for endian.h headers.
* Add sys/socket.h include.
* Expunge protobuf-c references.
* Correct libyajl include path.
dnstable (0.10.0)
* Remove dnstable_convert into a separate repo to simplify
dependencies. https://github.com/farsightsec/dnstable-convert/
* Add generated man pages to source.
* Document dnstable_entry_set_iszone().
* Improve dnstable_reader(3) documentation.
* Add JSON output (-j option) to dnstable_lookup.
* Add test cases based on dnstable_lookup.
* Only encode RDATA so the hostname is at the beginning for NS, CNAME,
DNAME, PTR, MX, and SRV record types.
* Fix byteorder macros for macOS.
Sponsored by: Farsight Security, Inc.
Based on the new policy of all maintained ports reset
when maintaner is absent for 3 months.
Bug#226400 for science/py-tensorflow is ignored since 2018-03-06 (3+ months).
portscout database indicates that 48.94% of his ports aren't updated.
GeoDNS is a DNS server with per-client targeted responses. It powers the NTP
Pool system and other similar services.
WWW: https://github.com/abh/geodns
PR: 227492
Submitted by: Vinicius Zavam <egypcio@googlemail.com>
Differential Revision: https://reviews.freebsd.org/D15056
KDE ports build with -DQT_NO_CAST_FROM_BYTEARRAY, so the implicit cast
from QByteArray to const char * is not available. Make the necessary
conversion explicit.
This is being upstreamed as well (but would only land in 5.48 or later).
PR: 228735
Submitted by: ashish
Reported by: ashish
Reviewed by: tcberner
* Update lang/ghc to 8.4.2
* Update the boostrap compiler to 8.4.1
* Update the many hs-* ports
* Bump the rest
Thanks a lot to arrowd for doing all the heavy lifting :)
PR: 227968
Exp-run by: antoine
Submitted by: arrowd
Differential Revision: https://reviews.freebsd.org/D15005
The ISC changed their release model, they are now doing
odd-unstable/even-stable release numbering. This is a development
version, consider it alpha/beta quality. The next stable release will
be 9.14.0.
Changes: https://kb.isc.org/article/AA-01612
Sponsored by: Absolight
This release improves the stability and resiliency of the RPZ
implementation, prevents metrics gathering from slowing down the
processing of DNS queries and fixes an issue related to the cleaning
of EDNS Client Subnet entries from the cache.
Full changelog:
https://blog.powerdns.com/2018/05/22/powerdns-recursor-4-1-3-released/
PR: 228434
Submitted by: maintainer
- Bump PORTREVISION for package change
PR: 228321
Submitted by: Jose Luis Duran <jlduran@gmail.com>
Approved by: Matthieu Volat <mazhe@alkumuna.eu> (maintainer)
KadNode is a small decentralized DNS resolver that can use existing
public key infrastructures. It utilizes the BitTorrent P2P network
and mbedtls for TLS/crypto support.
WWW: https://github.com/mwarning/KadNode
PR: 225924
Submitted by: moritzwarning@web.de
Improvements:
* API: increase serial after DNSSEC related updates
* Dnsreplay: bail out on a too small outgoing buffer
* Lower ‘packet too short’ loglevel
* Make check-zone error on rows that have content but shouldn’t
* Avoid an isane amount of new backend connections during an AXFR
* Report unparseable data in stoul invalid_argument exception
* Recheck serial when AXFR is done
* Add TCP support for alias
PR: 228114
Submitted by: maintainer
Version 2 of dnscrypt-proxy is written in Go and therefore isn't capable
of dropping privileges after binding to a low port on FreeBSD.
By default, this port's daemon will listen on port 5353 (TCP/UDP).
With this option it's possible to bind it and listen on port 53 (TCP/UDP)
with mac_portacl(4) kernel module (network port access control policy).
For this add dnscrypt_proxy_mac_portacl_enable=YES in your rc.conf.
The dnscrypt-proxy startup script will load mac_portacl and add a rule
where %%USER%% user will be able to bind on port 53 (TCP/UDP). This port
can be changed by dnscrypt_proxy_mac_portacl_port variable in your rc.conf.
You also need to change dnscrypt-proxy config file to use port 53.
Suggested by: feld
Approved by: egypcio@googlemail.com (maintainer)
Differential Revision: https://reviews.freebsd.org/D15151
Main changes in the port:
- Improve instructions for using dnscrypt-proxy2 together with unbound. [1]
- Add dnscrypt_proxy_suexec option for users who want to run the daemon as
root.
- Move the configuration file from ${PREFIX}/etc/dnscrypt-proxy.toml to
${PREFIX}/etc/dnscrypt-proxy/dnscrypt-proxy.toml, because by default
temporary files will use the path of the config file.
This fixes a permission issue when fetching the public resolvers list.
Changes: https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/2.0.10/ChangeLog
PR: 227129 [1]
Submitted by: egypcio@googlemail.com (maintainer)
Reported by: erik@nordstroem.no [1]
Differential Revision: https://reviews.freebsd.org/D15024
In file included from dnsdist.cc:44:
In file included from ./dnsdist.hh:46:
In file included from /usr/local/include/boost/uuid/uuid_generators.hpp:17:
In file included from /usr/local/include/boost/uuid/random_generator.hpp:19:
In file included from /usr/local/include/boost/tti/has_member_function.hpp:15:
In file included from /usr/local/include/boost/tti/detail/dmem_fun.hpp:11:
In file included from /usr/local/include/boost/function_types/is_member_function_pointer.hpp:14:
In file included from /usr/local/include/boost/function_types/components.hpp:61:
/usr/local/include/boost/function_types/detail/class_transform.hpp:26:31: error: expected a qualified name after 'typename'
template<typename T, typename L>
^
./dns.hh:238:11: note: expanded from macro 'L'
#define L theL()
^
PR: 227427
Reported by: antoine (via exp-run)
Obtained from: upstream
In file included from ecs.cc:1:
In file included from ./syncres.hh:43:
In file included from ./recpacketcache.hh:39:
In file included from ./rec-protobuf.hh:24:
In file included from ./protobuf.hh:34:
In file included from /usr/local/include/boost/uuid/uuid_generators.hpp:17:
In file included from /usr/local/include/boost/uuid/random_generator.hpp:19:
In file included from /usr/local/include/boost/tti/has_member_function.hpp:15:
In file included from /usr/local/include/boost/tti/detail/dmem_fun.hpp:11:
In file included from /usr/local/include/boost/function_types/is_member_function_pointer.hpp:14:
In file included from /usr/local/include/boost/function_types/components.hpp:61:
/usr/local/include/boost/function_types/detail/class_transform.hpp:26:31: error: expected a qualified name after 'typename'
template<typename T, typename L>
^
./recursor_cache.hh:43:11: note: expanded from macro 'L'
#define L theL()
^
PR: 227427
Reported by: antoine (via exp-run)
Obtained from: upstream
In file included from lua-recursor4.cc:26:
In file included from ./syncres.hh:42:
In file included from ./recpacketcache.hh:41:
In file included from ./rec-protobuf.hh:24:
In file included from ./protobuf.hh:34:
In file included from /usr/local/include/boost/uuid/uuid_generators.hpp:17:
In file included from /usr/local/include/boost/uuid/random_generator.hpp:19:
In file included from /usr/local/include/boost/tti/has_member_function.hpp:15:
In file included from /usr/local/include/boost/tti/detail/dmem_fun.hpp:11:
In file included from /usr/local/include/boost/function_types/is_member_function_pointer.hpp:14:
In file included from /usr/local/include/boost/function_types/components.hpp:61:
/usr/local/include/boost/function_types/detail/class_transform.hpp:26:31: error: expected a qualified name after 'typename'
template<typename T, typename L>
^
./recursor_cache.hh:45:11: note: expanded from macro 'L'
#define L theL()
^
PR: 227427
Reported by: antoine (via exp-run)
Obtained from: upstream
checking for LIBSSL... no
configure: error: OpenSSL libssl requested but libraries were not found
===> Script "configure" failed unexpectedly.
Please report the problem to cpm@FreeBSD.org [maintainer] and attach the
"/wrkdirs/usr/ports/dns/dnsdist/work/dnsdist-1.3.0/config.log" including the
output of the failure of your make command. Also, it might be a good idea to
provide an overview of all packages installed on your system (e.g. a
/usr/local/sbin/pkg-static info -g -Ea).
*** Error code 1
Stop.
make: stopped in /usr/ports/dns/dnsdist
PR: 227180
Submitted by: Ralf van der Enden <tremere@cainites.net>
MFH: 2018Q2
- Really fix the rc.d script to start using daemon(8) and add the --supervised commandline argument (which suppresses opening up the console)
- Enable DNS-over-TLS (upstream suggests enabling both GnuTLS and OpenSSL backends so you can switch in case of a serious security issue in .ie OpenSSL)
- Add OpenSSL support (enabled by default)
- Add GnuTLS support (enabled by default)
- Add dnstap support (disabled by default)
- Add SNMP support (disabled by default)
- Add support for LuaJIT or whatever you set as your default version in make.conf (disabled by default)
- Bump PORTREVISION
PR: 227175
Submitted by: Ralf van der Enden <tremere@cainites.net>
MFH: 2018Q2
A flexible DNS proxy, with support for modern encrypted DNS protocols such as
DNSCrypt v2 and DNS-over-HTTP/2.
WWW: https://github.com/jedisct1/dnscrypt-proxy
Without a repocopy because it's a new port, rewritten from scratch.
PR: 225821
Submitted by: Vinícius Zavam <egypcio@googlemail.com>
Differential Revision: https://reviews.freebsd.org/D14319
DSC (originally developed by The Measurement Factory and now developed
by DNS-OARC) is a system for collecting and exploring statistics from
busy DNS servers. It uses a distributed architecture with collectors
running on or near nameservers sending their data to one or more
central presenters for display and archiving. Collectors use pcap to
sniff network traffic. They transmit aggregated data to the presenter
as XML data. dsc is configurable to allow the administrator to capture
any kind of data that he or she chooses.
WWW: https://www.dns-oarc.net/dsc/
PR: 226631
Submitted by: Leo Vandewoestijne <freebsd@dns.company>
DNS Statistics Presenter (DSP) is a tool used
for exploring statistics from busy DNS servers
collected by DNS Statistics Collector (DSC).
WWW: https://www.dns-oarc.net/dsc/
PR: 226630
Submitted by: Leo Vandewoestijne <freebsd@dns.company>
Perl Library to extract and graph DNS Statistics Collector (DSC) data
DNS Statistics Presenter (DSP) is a tool used for exploring statistics
from busy DNS servers collected by DNS Statistics Collector (DSC).
This is the Perl library that is used to extract and graph DSC data.
WWW: https://www.dns-oarc.net/dsc/
PR: 226629
Submitted by: Leo Vandewoestijne <freebsd@dns.company>
Features
- auth-zone provides a way to configure RFC7706 from unbound.conf,
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
fallback-enabled: yes and masters or a zonefile with data.
- Aggressive use of NSEC implementation. Use cached NSEC records to
generate NXDOMAIN, NODATA and positive wildcard answers.
- Accept tls-upstream in unbound.conf, the ssl-upstream keyword is
also recognized and means the same. Also for tls-port,
tls-service-key, tls-service-pem, stub-tls-upstream and
forward-tls-upstream.
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
from Manu Bretelle.
This option allows handling multiple cert/key pairs while only
distributing some of them.
In order to reliably match a client magic with a given key without
strong assumption as to how those were generated, we need both key and
cert. Likewise, in order to know which ES version should be used.
On the other hand, when rotating a cert, it can be desirable to only
serve the new cert but still be able to handle clients that are still
using the old certs's public key.
The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
publish the cert as part of the DNS's provider_name's TXT answer.
- Update B root ipv4 address.
- make ip-transparent option work on OpenBSD.
- Fix#2801: Install libunbound.pc.
- ltrace.conf file for libunbound in contrib.
- Fix#3598: Fix swig build issue on rhel6 based system.
configure --disable-swig-version-check stops the swig version check.
Bug Fixes
- Fix#1749: With harden-referral-path: performance drops, due to
circular dependency in NS and DS lookups.
- [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert
duplicates
- Better documentation for cache-max-negative-ttl.
- Fixed libunbound manual typo.
- Fix#1949: [dnscrypt] make provider name mismatch more obvious.
- Fix#2031: Double included headers
- Document that errno is left informative on libunbound config read
fail.
- iana port update.
- Fix#1913: ub_ctx_config is under circumstances thread-safe.
- Fix#2362: TLS1.3/openssl-1.1.1 not working.
- Fix#2034 - Autoconf and -flto.
- Fix#2141 - for libsodium detect lack of entropy in chroot, print
a message and exit.
- Fix#2492: Documentation libunbound.
- Fix#2882: Unbound behaviour changes (wrong) when domain-insecure is
set for stub zone. It no longer searches for DNSSEC information.
- Fix#3299 - forward CNAME daisy chain is not working
- Fix link failure on OmniOS.
- Check whether --with-libunbound-only is set when using --with-nettle
or --with-nss.
- Fix qname-minimisation documentation (A QTYPE, not NS)
- Fix that DS queries with referral replies are answered straight
away, without a repeat query picking the DS from cache.
The correct reply should have been an answer, the reply is fixed
by the scrubber to have the answer in the answer section.
- Fix that expiration date checks don't fail with clang -O2.
- Fix queries being leaked above stub when refetching glue.
- Copy query and correctly set flags on REFUSED answers when cache
snooping is not allowed.
- make depend: code dependencies updated in Makefile.
- Fix#3397: Fix that cachedb could return a partial CNAME chain.
- Fix#3397: Fix that when the cache contains an unsigned DNAME in
the middle of a cname chain, a result without the DNAME could
be returned.
- Fix that unbound-checkconf -f flag works with auto-trust-anchor-file
for startup scripts to get the full pathname(s) of anchor file(s).
- Print fatal errors about remote control setup before log init,
so that it is printed to console.
- Use NSEC with longest ce to prove wildcard absence.
- Only use *.ce to prove wildcard absence, no longer names.
- Fix unfreed locks in log and arc4random at exit of unbound.
- Fix lock race condition in dns cache dname synthesis.
- Fix#3451: dnstap not building when you have a separate build dir.
And removed protoc warning, set dnstap.proto syntax to proto2.
- Added tests with wildcard expanded NSEC records (CVE-2017-15105 test)
- Unit test for auth zone https url download.
- tls-cert-bundle option in unbound.conf enables TLS authentication.
- Fixes for clang static analyzer, the missing ; in
edns-subnet/addrtree.c after the assert made clang analyzer
produce a failure to analyze it.
- Fix#3505: Documentation for default local zones references
wrong RFC.
- Fix#3494: local-zone noview can be used to break out of the view
to the global local zone contents, for queries for that zone.
- Fix for more maintainable code in localzone.
- more robust cachedump rrset routine.
- Save wildcard RRset from answer with original owner for use in
aggressive NSEC.
- Fixup contrib/fastrpz.patch so that it applies.
- Fix compile without threads, and remove unused variable.
- Fix compile with staticexe and python module.
- Fix nettle compile.
- Fix to check define of DSA for when openssl is without deprecated.
- iana port update.
- Fix#3582: Squelch address already in use log when reuseaddr option
causes same port to be used twice for tcp connections.
- Reverted fix for #3512, this may not be the best way forward;
although it could be changed at a later time, to stay similar to
other implementations.
- Fix for windows compile.
- Fixed contrib/fastrpz.patch, even though this already applied
cleanly for me, now also for others.
- patch to log creates keytag queries, from A. Schulze.
- patch suggested by Debian lintian: allow to -> allow one to, from
A. Schulze.
- Attempt to remove warning about trailing whitespace.
- Added documentation for aggressive-nsec: yes.
PR: 226822
Submitted by: jaap@NLnetLabs.nl (maintainer)
* add positivity check for -l
* avoid EPIPE from sort
* catch the case where /bailiwick is specified for -
* display usage errors without help text; instead, tell the user about
the -h option
* notice with -c is used without -A or -B
* replace last remaining fgets with getline
* correct and improve option-incompatibility testing
* add -a for alternative server api prefixes, and -u for alternative
server api syntax
* remove some debugging code
* remove layering violation in the 404 handling
* allow error-body to span several tcp segments (writer_func calls)
Sponsored by: Farsight Security, Inc.
Ports using USES=php:phpize, php:ext, php:zend, and php:pecl are now
flavored. They will automatically get flavors (php56, php70, php71, php72)
depending of the versions they support (set with IGNORE_WITH_PHP). As a
consequence, ports using USES=pear and USES=horde are also flavored.
PR: 226242
Submitted by: mat
Exp-run by: antoine
Approved by: portmgr
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D14208
Port changes:
* Changed to DISTVERSION
* Added USES=ncurses
* Updated the list of stripped files
* Added the patch
PR: 226410
Submitted by: Leo Vandewoestijne <freebsd@dns-lab.com> (maintainer)
Approved by: tcberner (mentor, implicit)
This release fixes memory leaks when reading zonefiles
and processing zone transfers.
4.1.20
================
BUG FIXES:
- Fix memory leak in zone file read of unknown rr formatted RRs.
- Fix memory leak when rehashing nsec3 after axfr or zonefile read,
in the selectively allocated precompiled nsec3 hashes.
Also changed to DISTVERSION
Submitted by: jaap@NLnetLabs.nl (maintainer)
Approved by: tcberner (mentor, implicit)
This is a bug-fix only release, with fixes to the LDAP and MySQL
backends, the pdnsutil tool, and PDNS internals. Enable the MySQL
backend by default.
Bug Fixes
- Backport: forbid label compression in alias wire format
- Include unistd.h for chroot(2) et al. (Florian Obser)
- Auth: fix out of bounds exception in caa processing, fixes#6089
- Add the missing include to mplexer.hh for struct timeval
- Auth: init openssl and libsodium before chrooting in pdnsutil
- Auth: always bind the results array after executing a mysql statement
- Ldap: fix getdomaininfo() to set this as di.backend (Grégory Oestreicher)
- Ldapbackend: fix listing zones incl. axfr (Chris Hofstaedtler)
- Ixfr: correct behavior of dealing with dns name with multiple records (Leon Xu)
PR: 226040
Submitted by: maintainer
This is a pure C program that accesses the DNSDB API server at Farsight
Security. An API key is required for operation. The command syntax was
inspired by a python script called dnsdb_query, but significant departure
has occured, largely inspired by a modern understanding of "time fencing"
and a desire for new features such as CSV output and JSON reprocessing.
Sponsored by: Farsight Security, Inc.
Changelog:
- bugfix when returning an empty bitmap-type in BitMap.php
- added the BIND 9 private record RR (TYPE65534)
- added DNSSEC algorithms 13-16 (ECDSAP256SHA256, ECDSAP384SHA384, ED25519, and ED448).
- added SSHFP algoritm ED25519.
- modified Net_DNS2::sendPacket() to use current()/next() rather than the deprecated each() (deprecated in 7.2).
While here, switch to DISTVERSION
Approved by: mentors (implicit)
