Detect and enable xchacha20 via autoconf.
PR: 249506
Submitted by: Felix Hanley <felix@userspace.com.au>
Approved by: Will <freebsd@toyingwithfate.com> (maintainer)
This release fixes a number of bugs. It fixes a number of corner
case differences for the output more similar to Bind. The configure
sources are compatible with the new autoconf 2.70.
PR: 253026
Submitted by: jaap@NLnetLabs.nl (maintainer)
Upstream blessed v2.84 rc2 (which 2.83_1 effectively already was)
into v2.84 release, so take it (and patch the upstream bug of
leaving "rc2" in the version out).
MFH: 2021Q1 (regression fixes for security fix release)
Apparently there are situations where dnsmasq 2.83 can confuse
its peers or sockets, and the upstream Git contains fixes for them.
These four fixes essentially take dnsmasq to 2.84test3.
Obtained from: Simon Kelley <simon@thekelleys.org.uk>'s Git repository
CHANGELOG of version 2.83:
Use the values of --min-port and --max-port in outgoing
TCP connections to upstream DNS servers.
Fix a remote buffer overflow problem in the DNSSEC code. Any
dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
CVE-2020-25687.
Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much entropy
in the {query-ID, random-port} tuple as possible, to help defeat
cache poisoning attacks. Refer: CVE-2020-25684.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.
Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded
independently. This is, in theory, inefficent but in practise
not a problem, _except_ that is means that an answer for any
of the forwarded queries will be accepted and cached.
An attacker can send a query multiple times, and for each repeat,
another {port, ID} becomes capable of accepting the answer he is
sending in the blind, to random IDs and ports. The chance of a
succesful attack is therefore multiplied by the number of repeats
of the query. The new behaviour detects repeated queries and
merely stores the clients sending repeats so that when the
first query completes, the answer can be sent to all the
clients who asked. Refer: CVE-2020-25686.
MFH: 2021Q1
Security: 5b5cf6e5-5b51-11eb-95ac-7f9491278677
Security: CVE-2020-25684
Security: CVE-2020-25685
Security: CVE-2020-25686
Security: CVE-2020-25681
Security: CVE-2020-25682
Security: CVE-2020-25683
Security: CVE-2020-25687
January 09, 2021. KDE today announces the release of KDE Frameworks 5.78.0.
KDE Frameworks are 83 addon libraries to Qt which provide a wide variety of
commonly needed functionality in mature, peer reviewed and well tested
libraries with friendly licensing terms. For an introduction see the KDE
Frameworks release announcement.
This release is part of a series of planned monthly releases making
improvements available to developers in a quick and pred
Full Changelog:
https://kde.org/announcements/kde-frameworks-5.78.0
PR: 252591
Exp-run by: antoine
In file included from /usr/include/openssl/bn.h:20,
from /usr/include/openssl/engine.h:18,
from /wrkdirs/usr/ports/dns/yadifa/work/yadifa-2.4.1-9916/lib/dnscore/include/dnscore/digest.h:53,
from /wrkdirs/usr/ports/dns/yadifa/work/yadifa-2.4.1-9916/lib/dnscore/include/dnscore/dnskey.h:50,
from /wrkdirs/usr/ports/dns/yadifa/work/yadifa-2.4.1-9916/lib/dnscore/include/dnscore/tsig.h:48,
from /wrkdirs/usr/ports/dns/yadifa/work/yadifa-2.4.1-9916/lib/dnscore/include/dnscore/message.h:64,
from src/acl.c:57:
/usr/include/openssl/crypto.h:322: error: expected ')' before '__attribute__'
/usr/include/openssl/crypto.h:322: error: expected identifier or '(' before ')' token
MFH: 2021Q1
Resolv is a thread-aware DNS resolver library written in Ruby. Resolv can handle
multiple DNS requests concurrently without blocking the entire Ruby interpreter.
WWW: https://github.com/ruby/resolv
Exceptions are:
- mail/mailman, our listservers still use it
- www/chromium, solely because of popular demand,
upstream is (slowly) working on porting it to Python 3
- ports that have actual patches for Python 3 against
them (Cinnamon and a few unrelated other ports)
- llvm70 and qt5-webengine because they seem to have a lot
of dependencies which need further analysis
- sysutils/uefi-edk2-bhyve because bhyve seems to use them
- python2 and python27 themselves
I'm sure there will be complaints, but the nice thing about
a version control system is that we can revert and adjust things.
2020-12-31 audio/ardour: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 audio/mixxx21: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 audio/xmms2: Uses Python 2.7 which is EOLed upstream
2020-12-31 chinese/sunpinyin: Uses Python 2.7 which is EOLed upstream
2020-12-31 databases/arangodb32: Uses Python 2.7 which is EOLed upstream
2020-12-31 databases/arangodb33: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/bzr: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/chromium-gn: Uses deprecated version of python, use devel/gn instead
2020-12-31 devel/electron4: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/electron5: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/electron6: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/electron7: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/gnatpython: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/godot2: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 devel/godot2-tools: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 devel/libhid: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/libosmocore: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/llvm60: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/mongo-cxx-driver: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-06-30 devel/p5-Log-Any-Adapter-Callback: Use devel/p5-Log-Any (Log::Any::Adapter::Capture) instead
2020-12-31 devel/py-backports.functools_lru_cache: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/py-backports.os: Python 2 is EOL upstream
2020-12-31 devel/py-backports.shutil_get_terminal_size: Python 2 is EOL upstream
2020-12-31 devel/py-backports_abc: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/py-cheetah: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/py-dis3: Python 2 only, backport of Python 3
2020-12-31 devel/py-enum34: Will be removed along with python27
2020-12-31 devel/py-functools32: Python 2 only, backport of Python 3
2020-12-31 devel/py-futures: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/py-more-itertools5: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/py-pathlib: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/py-selectors2: Python 2 is EOL upstream
2020-12-31 devel/py-should_dsl: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/py-singledispatch: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/py-subprocess32: Python 2 only, following EOL of lang/python27
2020-12-31 devel/py-total-ordering: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/py-typing: Python 2 only, backport of Python 3
2020-12-31 devel/py-weakrefmethod: Python 2 only, backport of Python 3
2020-12-31 devel/rbtools: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/subversion-lts: Uses Python 2.7 which is EOLed upstream
2020-12-31 devel/viewvc: Uses Python 2.7 which is EOLed upstream
2020-12-31 dns/py-dns: Uses Python 2.7 which is EOLed upstream
2020-12-31 editors/atom: Uses Python 2.7 which is EOLed upstream
2020-12-31 emulators/fceux: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 emulators/gem5: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 emulators/nonpareil: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 games/0ad: Uses deprecated version of python
2020-12-31 games/dangerdeep: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 games/freera: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 games/glob2: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 games/marsnomercy: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 games/netpanzer: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 games/pingus: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 games/renpy: Uses deprecated version of python
2020-12-31 graphics/goxel: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 graphics/py-pillow6: Uses Python 2.7 which is EOLed upstream
2020-12-31 graphics/sk1libs: Uses Python 2.7 which is EOLed upstream
2020-12-31 graphics/uniconvertor: Uses deprecated version of python
2020-12-31 lang/julia10: Uses Python 2.7 which is EOLed upstream
2020-12-31 lang/pypy: Uses Python 2.7 which is EOLed upstream
2020-12-31 lang/pypy3: Uses Python 2.7 which is EOLed upstream
2020-12-31 lang/spidermonkey185: Uses Python 2.7 which is EOLed upstream
2020-12-31 lang/spidermonkey24: Uses Python 2.7 which is EOLed upstream
2020-12-31 lang/spidermonkey52: Uses Python 2.7 which is EOLed upstream
2020-12-31 lang/spidermonkey60: Requires python2 to build
2020-12-31 lang/tolua++: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 mail/getmail: Uses deprecated version of python
2020-12-31 math/gringo: Uses Python 2.7 which is EOLed upstream
2020-12-31 multimedia/ffmpeg2theora: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 multimedia/mimms: Uses Python 2.7 which is EOLed upstream
2020-12-31 net/py-ipaddress: Uses Python 2.7 which is EOLed upstream
2020-12-31 net-p2p/linuxdcpp: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 security/broccoli: Depends lang/python27 which is EOLed upstream
2020-12-31 security/orthrus: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 security/py-backports.ssl_match_hostname: Uses Python 2.7 which is EOLed upstream
2020-12-31 security/sandsifter: Uses deprecated version of python, see https://github.com/rigred/sandsifter/issues/10
2020-12-31 sysutils/cinnamon-control-center: Uses Python 2.7 which is EOLed upstream
2020-12-31 sysutils/ori: Uses Python 2.7 version of scons, and Python 2.7 which is EOLed upstream
2020-12-31 sysutils/osquery: Uses Python 2.7 which is EOLed upstream
2020-12-31 sysutils/py-shutilwhich: Python 2 only, backport of Python 3
2020-12-31 sysutils/uefi-edk2-bhyve-csm: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/cliqz: Uses deprecated version of python
2020-12-31 www/iridium: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/moinmoin: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/node10: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/node12: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-OhlohWidgetsMacro: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-TracGoogleAnalytics: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-accountmanager: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-advancedticketworkflow: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-autocomplete: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-ccselector: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-customfieldadmin: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-datefield: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-defaultcc: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-devel: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-discussion: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-downloads: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-email2trac: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-email2trac-postfix: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-estimator: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-fivestarvote: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-fullblog: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-fullblognotification: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-graphviz: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-iniadmin: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-keywords: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-keywordsecretticket: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-ldap: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-ldapauthstore: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-math: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-mercurial: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-navadd: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-permredirect: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-privatetickets: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-pydotorgtheme: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-scrumburndown: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-spam-filter: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-subtickets: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-tags: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-themeengine: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-ticketimport: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-tickettemplate: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-timingandestimation: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-tocmacro: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-tweakui: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-vote: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-wikigoodies: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-wikinotification: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-wikitemplates: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-wikitopdf: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-wysiwyg: Uses Python 2.7 which is EOLed upstream
2020-12-31 www/trac-xmlrpc: Uses Python 2.7 which is EOLed upstream
* YADIFA 2.4.1-public:
- Fixes an issue in dnscore where a DNS TCP query would not return the real
DNS error code.
- Fixes an issue that could happen when a network model isn't supported.
- Fixes the propagation of sendmmsg/recvmmsg function availability detection.
- Fixes an issue where yadifad would issue a warning when a key with
algorithm > 7 is used with an NSEC zone.
- Fixes an issue that will occur on a chrooted environment where a
managed-path would be used incorrectly.
- Fixes CNAME answers not following the aliases chain.
- Fixes CNAME recursion not returning the same answer as named in NXDOMAIN
cases (reported by https://github.com/SivaKesava1, see
https://github.com/yadifa/yadifa/issues/11)
- Adds patch for musl support
- Adds stack size fix for musl support (the default size is way too small)
- Now imports a custom version of stdatomic.h for systems where it is
missing, located in dnscore/thirdpary/stdatomic.h. Made for CentOS 7 and
any other release where that file is missing. The import is only active if
strictly needed and will only be visible during the build. At the moment,
it is not being installed with the other headers.
* YAKEYROLLD 2.4.1:
- Fixes the handling of incomplete TCP queries.
- Fixes a possible race-condition when initialising the keyroll context error
codes.
- The keyroll now has another automatic recovery layer where it completely
restarts the handling of a domain, generating a one-step update to put the
zone in the expected state.
Full changelog at https://github.com/yadifa/yadifa/blob/master/ChangeLog
And while here, reformat Makefile according to portfmt and portclippy
PR: 252107
Submitted by: Leo Vandewoestijne <freebsd@dns.company> (maintainer)
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D27808
Since r558913 Python 3.8 incorporates BPO-42604 [1] which changed the
shared libs naming scheme. This means "EXT_SUFFIX" is now derived from
SOABI and yields with Python 3.8 to ".cpython-38.so" instead of ".so".
The affected ports strip the libaries in the "post-install" target via
hardcoded path(s) and the build fails at the end because the new extension
is not expected at this place.
Remedy the issue by adding wildcards to these paths. This should also
prepare the ports for future Python releases, which will use the new shared
libs naming scheme.
[1] https://bugs.python.org/issue42604
PR: 252057
Reported by: John Kennedy
Reviewed by: fluffy, koobs
Approved by: koobs (python)
* This release drops GSS/TSIG support, please see
PowerDNS Security Advisory 2020-06.
* New features:
- the LMDB backend now supports long record content, making it production
ready for everybody
- the SVCB and HTTPS record types are supported, with limited additional
processing transaction handling in the 2136 handler and the HTTP API was
again improved a lot, avoiding various spurious issues users may have
noticed if they do a lot of changes a new setting (consistent-backends)
offers a roughly 30% speedup, subject to conditions
- we finally emit Prometheus metrics!
* Improvements:
- don’t log trusted-notification-proxy notify at error level
- Stop using incbin and use od & sed to generate constant string data.
* Bug Fixes:
- clear the LMDB set state when performing a new lookup or list to prevent
corruption cases
- SVCB: Correctly parse and print unknown params
- fix direct-dnskey in AXFR-out
Please make sure to read the upgrade notes before upgrading:
https://doc.powerdns.com/authoritative/upgrading.html
PR: 251945
Submitted by: Ralf van der Enden (maintainer)
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Security: 61d89849-43cb-11eb-aba5-00a09858faf5
Differential Revision: https://reviews.freebsd.org/D27680
- Improvements:
- Use the non-cryptographic variant of the boost::uuid.
- Keep a cached, valid entry over a fresher Bogus one.
- Ensure socket-dir matches runtime directory on old systemd
- Move to several distinct Bogus states, for easier debugging.
- Do not chase CNAME during qname minimization step 4.
- Bug Fixes:
- Untangle the validation/resolving qnames and qtypes.
- APL records: fix endianness problem.
PR: 251923
Submitted by: Ralf van der Enden (maintainer)
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D27679
December 12, 2020. KDE today announces the release of KDE Frameworks 5.77.0.
KDE Frameworks are 83 addon libraries to Qt which provide a wide variety of
commonly needed functionality in mature, peer reviewed and well tested
libraries with friendly licensing terms. For an introduction see the KDE
Frameworks release announcement.
This release is part of a series of planned monthly releases making
improvements available to developers in a quick and predictable manner.
Announcement:
https://kde.org/announcements/kde-frameworks-5.77.0/
PR: 251792
Exp-run by: antoine
