- Add a patch to fix ECDSA keys (algorithms 13 & 14) for DNSSEC operation;
will be part of RC5.
- Fix CONFIGURE_ARGS for DNSSEC option (was CONFIGURE_FLAGS for some
mysterious reason) so cryptopp is actually compiled in.
Changelog: http://rtfm.powerdns.com/changelog.html#changelog-auth-3-2
PR: ports/175185
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
released version of January 5, 2013.
This also includes performance patches to the BIND9
Response Policy Zones (DNS RPZ), Single Zone Response
Policy Zone (RPZ) Speed Improvement, in the same
patch.
More information: http://ss.vix.su/~vjs/rrlrpz.html
- Use CXXFLAGS, PTHREAD_LIBS during build
- Fix typo in pkg-descr
- Give maintainership to submitter
PR: ports/174005 [1]
Submitted by: Rodrigo (ros) OSORIO <rodrigo@bebik.net>
and no longer seems neccessary.
- Remove superfluous PORTVERSION and space
- Remove COPYING from PORTDOCS since LICENSE is defined
- Drop ABI version from LIB_DEPENDS
- Tab -> space in pkg-descr WWW line
- Remove FreeBSD keyword from pkg-plist
Upstream changes:
Fix regression which broke forwarding of queries sent via
TCP which are not for A and AAAA and which were directed to
non-default servers. Thanks to Niax for the bug report.
Fix failure to build with DHCP support excluded. Thanks to
Gustavo Zacarias for the patch.
Fix nasty regression in 2.64 which completely broke cacheing.
Upstream changes:
TCP which are not for A and AAAA and which were directed to
non-default servers. Thanks to Niax for the bug report.
Fix failure to build with DHCP support excluded. Thanks to
Gustavo Zacarias for the patch.
Fix nasty regression in 2.64 which completely broke cacheing.
For dns/openresolv give proper attribution. This was a copy/paste
mistake the submitter made, which incorrectly gave me attribution
for that file. I did not create it.
BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
vulnerable to a software defect that allows a crafted query to
crash the server with a REQUIRE assertion failure. Remote
exploitation of this defect can be achieved without extensive
effort, resulting in a denial-of-service (DoS) vector against
affected servers.
Security: 2892a8e2-3d68-11e2-8e01-0800273fe665
CVE-2012-5688
Feature safe: yes
Feature safe: yes
Changelog for version 2.64:
Handle DHCP FQDN options with all flag bits zero and --dhcp-client-update set.
Thanks to Bernd Krumbroeck for spotting the problem.
Finesse the check for /etc/hosts names which conflict with DHCP names.
Previously a name/address pair in /etc/hosts which didn't match the
name/address of a DHCP lease would generate a warning. Now that only
happesn if there is not also a match. This allows multiple addresses for
a name in /etc/hosts with one of them assigned via DHCP.
Fix broken vendor-option processing for BOOTP. Thanks to Hans-Joachim
Baader for the bug report.
Don't report spurious netlink errors, regression in 2.63. Thanks to
Vladislav Grishenko for the patch.
Flag DHCP or DHCPv6 in starup logging. Thanks to Vladislav Grishenko for
the patch.
Add SetServersEx method in DBus interface. Thanks to Dan Williams for
the patch.
Add SetDomainServers method in DBus interface. Thanks to Roy Marples for
the patch.
Fix build with later Lua libraries. Thansk to Cristian Rodriguez for the
patch.
Add --max-cache-ttl option. Thanks to Dennis Kaarsemaker for the patch.
Fix breakage of --host-record parsing, resulting in infinte loop at
startup. Regression in 2.63. Thanks to Haim Gelfenbeyn for spotting
this.
Set SO_REUSEADDRESS and SO_V6ONLY options on the DHCPv6 socket, this
allows multiple instances of dnsmasq on a single machine, in the same
way as for DHCPv4. Thanks to Gene Czarcinski and Vladislav Grishenko for
work on this.
Fix DHCPv6 to do access control correctly when it's configured with
--listen-address. Thanks to Gene Czarcinski for sorting this out.
Add a "wildcard" dhcp-range which works for any IPv6 subnet,
--dhcp-range=::,static Useful for Stateless DHCPv6. Thanks to Vladislav
Grishenko for the patch.
Don't include lease-time in DHCPACK replies to DHCPINFORM queries, since
RFC-2131 says we shouldn't. Thanks to Wouter Ibens for pointing this
out.
Makefile tweak to do dependency checking on header files. Thanks to
Johan Peeters for the patch.
Check interface for outgoing unsolicited router advertisements, rather
than relying on interface address configuration. Thanks to Gene
Czarinski for the patch.
Handle better attempts to transmit on interfaces which are still doing
DAD, and specifically do not just transmit without setting source
address and interface, since this can cause very puzzling effects when a
router advertisement goes astray. Thanks again to Gene Czarinski.
Get RA timers right when there is more than one dhcp-range on a subnet.
