Add gettext-tools to NLS_USES_OFF because otherwise it fails
to configure.
While here, pet portlint by moving PORTREVISION to proper place.
PR: 210342
Submitted by: matthew@reztek.cz
Approved by: maintainer timeout (>1 month)
- Add upstream patch 115f658ee2000a4cdcc13e999da50b3634c6a907
- Patch dns/powerdns-recursor as well
PR: 212016
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Reported by: Ralf van der Enden <tremere@cainites.net> (maintainer)
MFH: 2016Q3
- Portability fix for systems where socklen_t is bigger than int.
- Fix for malicious optimisation of memcpy in test suite, which
causes failure with gcc-4.1.9 -O3. See Debian bug #772718.
- Fix TCP async connect handling. The bug is hidden on Linux and on most
systems where the nameserver is on localhost. If it is not hidden,
adns's TCP support is broken unless adns_if_noautosys is used.
- Fix addr queries (including subqueries, ie including deferencing MX
lookups etc.) not to crash when one of the address queries returns
tempfail. Also, do not return a spurious pointer to the application
when one of the address queries returns a permanent error (although,
the application almost certainly won't use this pointer because the
associated count is zero).
- adnsresfilter: Fix addrtextbuf buffer size. This is not actually a
problem in real compiled code but should be corrected.
- Properly include harness.h in adnstest.c in regress/. Suppresses
a couple of compiler warnings (implicit declaration of Texit, etc.)
- Restore configurable IPV6 option. Upstream integrated fix for issue.
- FEATURES:
* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix#790: size-limit-xfr can stop NSD from downloading infinite zone transfer
data size, from Toshifumi Sakaguchi.
Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.
- BUGFIXES:
* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix#783: Trying to run a root server without having configured it silently
gives wrong answers.
* Fix#782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.
PR: 211693
Submitted by: jaap@NLnetLabs.nl (maintainer)
Security: CVE-2016-6173
Security: https://vuxml.FreeBSD.org/freebsd/7d08e608-5e95-11e6-b334-002590263bf5.html
MFH: 2016Q3
and PLIST for Linux ports. LINUX_RPM_ARCH is the CPU targetted by a
package and LINUX_REPO_ARCH is like our ARCH which is more suitable. This
only affects Centos 6 ports because they are the only ones where
LINUX_REPO_ARCH != LINUX_RPM_ARCH.
- New MASTER_SITES, old one gone
- provide a new web site
- add license (BSD 2 clause)
- take MAINTAINER, currently ports@
- pkg-descr - additions, and reflow
PR: 211412
Submitted by: Chris Hutchinson <portmaster@bsdforge.com>
Man pages are installed to the wrong directory. Consequently, they are not
compressed and also don't work. Fix is simple and attached.
PR: 211294
Submitted by: Nikolai Lifanov <lifanov@mail.lifanov.com>
- python 2.x and python 3.x are now supported from the single codebase,
so kick off all the python version distinction shims
- remove permission safeness bits because they are not needed anymore
(tested both with poudriere generated package and user generated package)
- general clean-up
- Switch to options helpers
This release is primarily focused on ironing out the issues on the migration path from 1.4 to 2.0. Besides that there are no functional changes.
* Fixed crash and linking issue in ods-migrate.
* Fixed case where 2.0.0 could not read backup files from 1.4.10.
* Fixed bug in migration script where key state in the database wasn't transformed properly.
PR: 211403
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
Remove the IPv6 option that is causing builds to fail when it is
disabled. The issue does not affect package users, as it was a default
option.
The issue has been fixed upstream [1] and will be included/renabled
in the next version update.
While I'm here:
* Switch to USES=ssl
* Add --enable-ipv6 in CONNFIGURE_ARGS to ensure it's explicitly enabled
[1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=800
PR: 211303
Reported by: <vfx9as gmail com>
Approved by: maintainer <jaap NLnetLabs nl>
MFH: 2016Q3
everything at once. Sometime, rename post-install into a options helper
target.
I did not fix ports that were such a mess that I could not figure out
what they really wanted to do. I also did not change ports that had
some version of an auto-plist code in post-install, for the same reason.
With hat: portmgr
Sponsored by: Absolight
- Properly respect ${CC}
- Cosmetic fixes
- Mark broken on 9.x due to too long username
PR: 210885
Submitted by: freebsd@toyingwithfate.com (maintainer)
so it was rechristened opendnssec Version 2.
To quote the announcement at <https://www.opendnssec.org>:
"OpenDNSSEC got a entire re-write of the enforcer. This part of
OpenDNSSEC controls changing signing keys in the right way to perform
a roll-over. Before, the enforcer would perform a roll-over according
to a strict paradigm. One scenario in which deviations would not be
possible.
The new enforcer is more aware of the zone changes being propagated in
the Internet. It can therefore decide when it is safe to make changes,
rather than to rely upon a given scenario.
PR: 211018
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
Sponsored by: DK Hostmaster A/S
2016-07-04 security/openpgpsdk: Broken for more than 6 months
2016-07-04 security/radiusniff: Broken for more than 6 months
2016-07-04 security/pear-Auth_OpenID: Broken for more than 6 months
2016-07-04 security/sshit: Broken for more than 6 months
2016-07-04 security/ifd-slb_rf60: Broken for more than 6 months
2016-07-04 security/rainbowcrack: Broken for more than 6 months
2016-07-04 security/vlog: Broken for more than 6 months
2016-07-04 security/cryptstring: Broken for more than 6 months
2016-07-04 x11/libdnd: Broken for more than 6 months
2016-07-04 x11/xlupe: Broken for more than 6 months
2016-07-04 x11/xco: Broken for more than 6 months
2016-07-04 x11/xclick: Broken for more than 6 months
2016-07-04 devel/ocfpcsc: Broken for more than 6 months
2016-07-04 devel/dits: Broken for more than 6 months
2016-07-04 devel/ruby-cache: Broken for more than 6 months
2016-07-04 devel/rapidsvn: Broken for more than 6 months
2016-07-04 devel/svnkit: Broken for more than 6 months
2016-07-04 devel/py-EnthoughtBase: Broken for more than 6 months
2016-07-04 devel/cl-uffi: Broken for more than 6 months
2016-07-04 devel/ruby-event-loop: Broken for more than 6 months
2016-07-04 devel/libqxt: Broken for more than 6 months
2016-07-04 devel/dasm: Broken for more than 6 months
2016-07-04 devel/libopendaap: Broken for more than 6 months
2016-07-04 devel/cl-uffi-sbcl: Depends on expiring devel/cl-uffi
2016-07-04 devel/cvs2p4: Broken for more than 6 months
2016-07-04 devel/bufferpool: Broken for more than 6 months
2016-07-04 devel/ifd-test: Broken for more than 6 months
2016-07-04 devel/eric4: Broken for more than 6 months
2016-07-04 devel/uclmmbase: Broken for more than 6 months
2016-07-04 devel/obfuscatejs: Broken for more than 6 months
2016-07-04 devel/oniguruma: Broken for more than 6 months
2016-07-04 devel/libbnr: Broken for more than 6 months
2016-07-04 devel/c4: Broken for more than 6 months
2016-07-04 devel/memcheck: Broken for more than 6 months
2016-07-04 devel/liblcfg: Broken for more than 6 months
2016-07-04 devel/omake: Broken for more than 6 months
2016-07-04 devel/svndelta: Broken for more than 6 months
2016-07-04 devel/papp: Broken for more than 6 months
2016-07-04 devel/mk: Broken for more than 6 months
2016-07-04 devel/avltree: Broken for more than 6 months
2016-07-04 devel/cbind: Broken for more than 6 months
2016-07-04 devel/tclgetopts: Broken for more than 6 months
2016-07-04 devel/antlrworks: Broken for more than 6 months
2016-07-04 devel/acme: Broken for more than 6 months
2016-07-04 devel/libopensync022: Broken for more than 6 months
2016-07-04 archivers/epkg: Broken for more than 6 months
2016-07-04 print/enscriptfonts: Broken for more than 6 months
2016-07-04 print/mup: Broken for more than 6 months
2016-07-04 lang/lua-mode.el: Broken for more than 6 months
2016-07-04 lang/s9fes: Broken for more than 6 months
2016-07-04 lang/alisp: Broken for more than 6 months
2016-07-04 lang/intel2gas: Broken for more than 6 months
2016-07-04 lang/stalin: Broken for more than 6 months
2016-07-04 french/eric4: Depends on expiring devel/eric4
2016-07-04 textproc/exslt: Broken for more than 6 months
2016-07-04 textproc/xt: Broken for more than 6 months
2016-07-04 textproc/ssddiff: Broken for more than 6 months
2016-07-04 textproc/xslint: Broken for more than 6 months
2016-07-04 textproc/cbedic: Broken for more than 6 months
2016-07-04 textproc/tralics: Broken for more than 6 months
2016-07-04 textproc/docbookide.el: Broken for more than 6 months
2016-07-04 textproc/glpi-plugins-AdditionalReports: Broken for more than 6 months
2016-07-04 textproc/tdhkit: Broken for more than 6 months
2016-07-04 textproc/p5-Groonga-API: Broken for more than 6 months
2016-07-04 textproc/glpi-plugins-DataInjection: Broken for more than 6 months
2016-07-04 dns/ldnsm: Broken for more than 6 months
2016-07-04 japanese/guesswork-classic: Broken for more than 6 months
2016-07-04 japanese/texinfo: Broken for more than 6 months
2016-07-04 japanese/jyuroku: Broken for more than 6 months
2016-07-04 japanese/mtools: Broken for more than 6 months
2016-07-04 palm/pdbar: Broken for more than 6 months
2016-07-04 graphics/gplot: Broken for more than 6 months
2016-07-04 graphics/white_dune: Broken for more than 6 months
2016-07-04 graphics/whirlgif: Broken for more than 6 months
2016-07-04 graphics/libaux: Broken for more than 6 months
2016-07-04 graphics/import-pictures: Broken for more than 6 months
2016-07-04 math/xgobi: Broken for more than 6 months
2016-07-04 math/fricas: Broken for more than 6 months
2016-07-04 math/dcdflib: Broken for more than 6 months
2016-07-04 math/libneural: Broken for more than 6 months
2016-07-04 math/open-axiom: Broken for more than 6 months
2016-07-04 irc/nefarious: Broken for more than 6 months
2016-07-04 irc/slirc: Broken for more than 6 months
2016-07-04 irc/ratbox-respond: Broken for more than 6 months
2016-07-04 irc/qwebirc: Broken for more than 6 months
2016-07-04 biology/platon: Broken for more than 6 months
2016-07-04 news/slnr: Broken for more than 6 months
2016-07-04 science/jmol: Broken for more than 6 months
2016-07-04 net/nstxd: Broken for more than 6 months
2016-07-04 net/sprinkle: Broken for more than 6 months
2016-07-04 editors/ssam: Broken for more than 6 months
2016-07-04 editors/fb: Broken for more than 6 months
2016-07-04 misc/quotes: Broken for more than 6 months
2016-07-04 misc/boxquote.el: Broken for more than 6 months
2016-07-04 misc/pypanda: Broken for more than 6 months
2016-07-04 misc/cuecat: Broken for more than 6 months
2016-07-04 deskutils/displaycalibrator: Broken for more than 6 months
2016-07-04 german/eric4: Depends on expiring devel/eric4
2016-07-04 multimedia/vic: Depends on expiring devel/uclmmbase
2016-07-04 multimedia/ggrab: Broken for more than 6 months
2016-07-04 emulators/dynamips: Broken for more than 6 months
2016-07-04 emulators/dynamips-devel: Broken for more than 6 months
2016-07-04 emulators/sim6811: Broken for more than 6 months
2016-07-04 emulators/minivmac: Broken for more than 6 months
2016-07-04 cad/qcad-partslib: Broken for more than 6 months
2016-07-04 comms/dump1090_mr: Broken for more than 6 months
2016-07-04 x11-fm/asfiles: Depends on expiring x11/libdnd
2016-07-04 x11-fonts/fonts-te: Broken for more than 6 months
2016-07-04 sysutils/rsyncmanager: Broken for more than 6 months
2016-07-04 sysutils/jfbterm: Broken for more than 6 months
2016-07-04 sysutils/daedalus: Broken for more than 6 months
2016-07-04 sysutils/pcfclock: Broken for more than 6 months
2016-07-04 sysutils/vlogger: Broken for more than 6 months
2016-07-04 sysutils/bontmia: Broken for more than 6 months
2016-07-04 mail/pop3gwd: Broken for more than 6 months
2016-07-04 mail/mailtray: Broken for more than 6 months
2016-07-04 mail/pflogstats: Broken for more than 6 months
2016-07-04 mail/exact: Broken for more than 6 months
2016-07-04 mail/wmpop3: Broken for more than 6 months
2016-07-04 mail/qmail-conf: Broken for more than 6 months
2016-07-04 mail/gld: Broken for more than 6 months
2016-07-04 mail/dsbl-testers: Broken for more than 6 months
2016-07-04 mail/vqregister: Broken for more than 6 months
2016-07-04 mail/atmail: Broken for more than 6 months
2016-07-04 mail/ml: Broken for more than 6 months
2016-07-04 net-im/icb: Broken for more than 6 months
2016-07-04 net-im/cicquin: Broken for more than 6 months
2016-07-04 net-im/pidgin-manualsize: Broken for more than 6 months
2016-07-04 net-im/pidgin-rhythmbox: Broken for more than 6 months
2016-07-04 russian/eric4: Depends on expiring devel/eric4
2016-07-04 russian/fortune-bashorgru: Broken for more than 6 months
2016-07-04 www/xpi-clearfields: Broken for more than 6 months
2016-07-04 www/pecl-varnish: Broken for more than 6 months
2016-07-04 www/py-requests-oauth-hook: Broken for more than 6 months
2016-07-04 www/hudson: Broken for more than 6 months
2016-07-04 www/xpi-mldonkey: Broken for more than 6 months
2016-07-04 www/xpi-cookiesafe: Broken for more than 6 months
2016-07-04 www/trac-mastertickets: Broken for more than 6 months
2016-07-04 www/dotclear: Broken for more than 6 months
2016-07-04 www/ruby-wgettsv: Broken for more than 6 months
2016-07-04 www/wwwstat: Broken for more than 6 months
2016-07-04 www/xpi-prism: Broken for more than 6 months
2016-07-04 www/xpi-fasterfox: Broken for more than 6 months
2016-07-04 www/siteframe: Broken for more than 6 months
2016-07-04 www/py-urljr: Broken for more than 6 months
2016-07-04 www/reviewboard: Broken for more than 6 months
2016-07-04 www/xpi-tabletools: Broken for more than 6 months
2016-07-04 www/wikindx: Broken for more than 6 months
2016-07-04 www/typolight: Broken for more than 6 months
2016-07-04 www/varnish-libvmod-header: Broken for more than 6 months
2016-07-04 www/xpi-gbrain: Broken for more than 6 months
2016-07-04 www/trac-robotstxt: Broken for more than 6 months
2016-07-04 www/simplog: Broken for more than 6 months
2016-07-04 www/chtml: Broken for more than 6 months
2016-07-04 databases/postgresql_autodoc: Broken for more than 6 months
2016-07-04 databases/oracle_odbc_driver: Broken for more than 6 months
2016-07-04 databases/mysql-xql: Broken for more than 6 months
2016-07-04 databases/mysql-udf-sys: Broken for more than 6 months
2016-07-04 games/lucidlife: Broken for more than 6 months
2016-07-04 games/gma: Broken for more than 6 months
2016-07-04 games/smiley: Broken for more than 6 months
2016-07-04 games/noegnud-littlehack: Broken for more than 6 months
2016-07-04 games/sdlquake2: Broken for more than 6 months
2016-07-04 games/daimonin: Depends on expiring games/daimonin-music
2016-07-04 games/noegnud-nethack: Broken for more than 6 months
2016-07-04 games/xbomber: Broken for more than 6 months
2016-07-04 games/xwelltris: Broken for more than 6 months
2016-07-04 games/ftjava: Broken for more than 6 months
2016-07-04 games/daimonin-music: Broken for more than 6 months
2016-07-04 games/gno3dtet: Broken for more than 6 months
2016-07-04 games/qtv: Broken for more than 6 months
2016-07-04 games/xwordpy: Broken for more than 6 months
2016-07-04 games/netris: Broken for more than 6 months
2016-07-04 games/rt2-demo: Broken for more than 6 months
2016-07-04 games/noegnud-addons: Broken for more than 6 months
2016-07-04 games/noegnud-nethack-deet: Broken for more than 6 months
2016-07-04 games/live-f1: Broken for more than 6 months
2016-07-04 games/xonix: Broken for more than 6 months
2016-07-04 games/fgkicker: Broken for more than 6 months
2016-07-04 games/tank: Depends on expiring graphics/libaux
2016-07-04 games/linux-nwserver: Broken for more than 6 months
2016-07-04 games/quake2-zaero: Broken for more than 6 months
2016-07-04 games/pyching: Broken for more than 6 months
2016-07-04 games/thevalley: Broken for more than 6 months
2016-07-04 games/xroads: Broken for more than 6 months
2016-07-04 games/fxsudoku: Broken for more than 6 months
2016-07-04 games/sudoku: Broken for more than 6 months
2016-07-04 games/kmancala: Broken for more than 6 months
2016-07-04 games/plonx: Broken for more than 6 months
2016-07-04 games/wmminichess: Broken for more than 6 months
2016-07-04 games/noegnud-slashem: Broken for more than 6 months
2016-07-04 games/latrine: Broken for more than 6 months
2016-07-04 games/pysycache-themes: Broken for more than 6 months
2016-07-04 games/nibbles: Broken for more than 6 months
2016-07-04 games/hlstatsx: Broken for more than 6 months
2016-07-04 audio/streamtuner: Broken for more than 6 months
2016-07-04 audio/mangler: Broken for more than 6 months
2016-07-04 audio/hawkvoice: Broken for more than 6 months
2016-07-04 audio/alac: Broken for more than 6 months
2016-07-04 x11-wm/e-module-mpdule: Broken for more than 6 months
2016-07-04 x11-wm/e-module-tclock: Broken for more than 6 months
2016-07-04 x11-wm/musca: Broken for more than 6 months
2016-07-04 x11-wm/e-module-places: Broken for more than 6 months
2016-07-04 x11-wm/e-module-forecasts: Broken for more than 6 months
2016-07-04 x11-wm/e-module-net: Broken for more than 6 months
2016-07-04 x11-wm/e-module-penguins: Broken for more than 6 months
2016-07-04 ftp/fget: Broken for more than 6 months
2016-07-04 net-mgmt/netmond: Broken for more than 6 months
2016-07-04 net-mgmt/ipfm: Broken for more than 6 months
BIND 9.11 brings many changes to BIND, including a new license
(the Mozilla Public License 2.0 -- you can read about it here:
https://www.isc.org/blogs/bind9-adopts-the-mpl-2-0-license-with-bind-9-11-0/)
and many new features, including:
- Catalog zones, a new way to provision zones on slave servers
- dyndb api, a fast new api enabling BIND to serve zones stored
in a database (Developed by Petr Spacek of RedHat)
- RNDC showzone, view-only mode and other improvements
- dnstap query and response logging (Robert Edmonds is the author
of dnstap, see www.dnstap.info)
- EDNS Client-subnet (authoritative server functions)
- DNSSEC key manager, a new utility (Thanks to Sebastián Castro
for helping with development.)
- Automatic CDS/CDSKEY generation
- Negative Trust Anchors for DNSSEC validators
- IPv6 bias to encourage use of IPv6 DNS servers
- Minimal response to “any” queries (Thanks to Tony Finch for
the contribution)
- DNS Cookies are now enabled by default, using the standardized code point
Changes: https://lists.isc.org/pipermail/bind-announce/2016-June/000994.html
Sponsored by: Absolight
Add a qa hint about needing, or not, USES=ssl.
Fix ports doing silly things, like including bsd.openssl.mk directly.
PR: 210322
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D6866
This only affects "Created by" lines with one exception: devel/uclcmd. There the maintainer is changed. This was overlooked in r416918.
Approved by: junovitch (mentor)
WITH_OPENSSL_* can't be set after bsd.port.pre.mk.
Fold all other usage into using SSL_DEFAULT == foo
PR: 210149
Submitted by: mat
Exp-run by: antoine
Sponsored by: The FreeBSD Foundation, Absolight
Differential Revision: https://reviews.freebsd.org/D6577
of a domain and discover non-contiguous IP blocks.
OPERATIONS:
Get the host's address (A record).
Get the nameservers (threaded).
Get the MX record (threaded).
Perform axfr queries on nameservers and
get BIND VERSION (threaded).
Get extra names and subdomains via google
scraping (google query = "allinurl: -www site:domain").
Brute force subdomains from file, can also
perform recursion on subdomain that have NS records (all threaded).
Calculate C class domain network ranges
and perform whois queries on them (threaded).
Perform reverse lookups on netranges
( C class or/and whois netranges) (threaded).
Write to domain_ips.txt file
ip-blocks.
WWW:https://github.com/fwaeytens/dnsenum
PR: 208950
Submitted by: Rihaz Jerrin <rihaz.jerrin@gmail.com>
Check all NS Records for Zone Transfers.
Enumerate General DNS Records for a given
Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
Perform common SRV Record Enumeration.
Top Level Domain (TLD) Expansion.
Check for Wildcard Resolution.
Brute Force subdomain and host A
and AAAA records given a domain and a wordlist.
Perform a PTR Record lookup for a given IP Range or CIDR.
Check a DNS Server Cached records for A, AAAA and
CNAME Records provided a list of host records in a text file to check.
Enumerate Common mDNS records in the Local
Network Enumerate Hosts and Subdomains using Google.
WWW: https://github.com/darkoperator/dnsrecon
PR: 208975
Submitted by: Rihaz Jerrin <rihaz.jerrin@gmail.com>
parties dlz drivers.
While there:
- enable the DLZ_FILESYSTEM option by default
- convert to USES=mysql and USES=bdb
Requested by: borius i ua
Sponsored by: Absolight
Changes in upstream Git between releases (git shortlog):
Sergey Nechaev (1):
Stricter command line args validation to dhcp_release6.
Simon Kelley (4):
Fix error in PXE arch names and add ARM32 and ARM64.
Tweak CSAs affected by UEFI PXE workaround code.
Tweak UEFI workaround code.
Merge messages into translation files.
Upstream CHANGELOG diff since rc #1:
Swap the values if BC_EFI and x86-64_EFI in --pxe-service.
These were previously wrong due to an error in RFC 4578.
If you're using BC_EFI to boot 64-bit EFI machines, you
will need to update your config.
Add ARM32_EFI and ARM64_EFI as valid architectures in
--pxe-service.
Changes since test#13:
+ Move the dhcp_release and dhcp_lease_time tools from
+ contrib/wrt to contrib/lease-tools.
+
+ Add dhcp_release6 to contrib/lease-tools. Many thanks
+ to Sergey Nechaev for this code.
+
+ To avoid filling logs in configurations which define
+ many upstream nameservers, don't log more that 30 servers.
+ The number to be logged can be changed as SERVERS_LOGGED
+ in src/config.h.
Changelog since v2.75 at:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=8628cd603fd0c55c7d41b84488446db44f58ff5b
make it compile on 9.x and silences a compiler warning.
A new "Dynamic DNS Mode has been added, but is only slightly tested by
the author of gen6dns (Holger.Zuleger(at)hznet.de), who would appreciate
any feedback on this feature.
Approved by: antoine (mentor, implicit)
using Stateless Address Autoconfig (SLAAC). If you have a list of hostnames,
mac addresses and ipv6 subnets gen6dns generates the appropriate AAAA and
PTR records for you. It supports different scopes and the generation of
view (split) specific files.
WWW: http://www.hznet.de/tools.html
Approved by: antoine
This release fix targets stability issues which have had a history and
have been hard to reproduce. Issues that have been reported over the
past half year have been fixed that may have even come up earlier as
rare occasions.
Stability should be improved, running OpenDNSSEC as a long term service.
Changes in TTL in the input zone that seem not to be propagated,
notifies to slaves under heavy zone activity load that where not handled
properly and could lead to assertions.
NSEC3PARAM that would appear duplicate in the resulting zone, and
crashes in the signer daemon in seldom race conditions or re-opening due
to a HSM reset.
No migration steps needed when upgrading from OpenDNSSEC 1.4.9.
Also have a look at our OpenDNSSEC 2.0 beta release, its impending
release will help us forward with new development and signal phasing out
historic releases.
Fixes:
- SUPPORT-156 OPENDNSSEC-771: Multiple NSEC3PARAM records in signed
zone. After a resalt the signer would fail to remove the old
NSEC3PARAM RR until a manual resign or incoming transfer.
Old NSEC3PARAMS are removed when inserting a new record, even if
they look the same.
- OPENDNSSEC-725: Signer did not properly handle new update while still
distributing notifies to slaves.
An AXFR disconnect looked not to be handled gracefully.
- SUPPORT-171: Signer would sometimes hit an assertion using DNS output
adapter when .ixfr was missing or corrupt but .backup file available.
- Above two issues also in part addresses problems with seemingly
corrected backup files (SOA serial). Also an crash on badly
configured DNS output adapters is averted.
- The signer daemon will now refuse to start when failed to open a
listen socket for DNS handling.
- OPENDNSSEC-478,750,581 and 582 and SUPPORT-88:
Segmentation fault in signer daemon when opening and closing HSM
multiple times. Also addresses other concurrency access by avoiding
a common context to the HSM (a.k.a. NULL context).
- OPENDNSSEC-798: Improper use of key handles across hsm reopen,
causing keys not to be available after a re-open.
- SUPPORT-186: IXFR disregards TTL changes, when only TTL of an RR is
changed. TTL changes should be treated like any other changes to
records.
- When OpenDNSSEC now overrides a TTL value, this is now reported in
the log files.
PR: 209261
Submitted by: jaap@NLnetLabs.nl (mainainer)
Upstream's CHANGELOG since test12:
* Check return-code of inet_pton() when parsing dhcp-option. Bad
addresses could fail to generate errors and result in garbage
dhcp-options being sent. Thanks to Marc Branchaud for spotting this.
* Fix wrong value for EDNS UDP packet size when using --servers-file to
define upstream DNS servers. Thanks to Scott Bonar for the bug report.
2016-04-30 textproc/rubygem-gherkin3: Use textproc/rubygem-gherkin instead
2016-04-30 dns/odsclient: ODS shuts service down, so client is probably useless
Most notably, this version of rrdtools.so is thread safe, so the
rrdtools_th.so library is removed.
Bump portrevision for depending ports due to shlib version bump.
For full changelog: http://oss.oetiker.ch/rrdtool/pub/CHANGES
Reviewed by: kwm
Differential Revision: D6168
