* Fail if -r or -n argument is not 7 bit clean unless new -8 switch given.
* Various changes that were inadvertently omitted from the 2.1.0 release.
* Minor fixes.
Sponsored by: Farsight Security, Inc.
Note that the UIDs/GIDs were meaning to add 455 as the ID,
but typed 445 in the patch. I've corrected the IDs to 455.
I've also elided one blank line between the _DEPENDS lines
to please portlint.
Other than that, test builds succeeded on 11.3 (i386, amd64),
12.1 (i386, amd64, mips64, aarch64).
PR: 241426
Submitted by: Colin T. <bugzilla@nulldir.e4ward.com>
Reviewed by: Daniel Engberg
Approved by: samm@ (maintainer timeout, >4 months)
* Code reorganized in order to support new pdns systems (such as dnsdb2
* Many small improvements
* Backwards compatible with older versions
Fix PORTSCOUT.
Sponsored by: Farsight Security, Inc.
March 15, 2020. KDE today announces the release of KDE Frameworks 5.68.0.
KDE Frameworks are over 70 addon libraries to Qt which provide a wide variety
of commonly needed functionality in mature, peer reviewed and well tested
libraries with friendly licensing terms. For an introduction see the KDE
Frameworks web page.
This release is part of a series of planned monthly releases making
improvements available to developers in a quick and predictable manner.
[1] https://kde.org/announcements/kde-frameworks-5.68.0.php
PR: 244824
Exp-run by: antoine
This port incorporates also the proposed bug fix at bug #242367
Major changes:
This release adds cpu affinity. By pinning a server process to a
specific cpu, having a separate network card also for that cpu, and
an interface address also for that server process, the throughput is
increased. This increases performance of the nameserver.
Sparse TSIG signing support is removed, to comply with the latest tsig
standard update draft.
There is a feature to drop update queries, with opcode UPDATE,
with nsd.conf option drop-updates.
4.3.0
=========
FEATURES:
- Fix to use getrandom() for randomness, if available.
- Fix#56: Drop sparse TSIG signing support in NSD.
Sign every axfr packet with TSIG, according to the latest
draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.
- Merge pull request #59 from buddyns: add FreeBSD support
for conf key ip-transparent.
- Add feature to pin server processes to specific cpus.
- Add feature to pin IP addresses to selected server processes.
- Set process title to identify individual processes.
- Merge PR#22: minimise-any: prefer polular and not large RRset,
from Daisuke Higashi.
- Add support for SO_BINDTODEVICE on Linux.
- Add support for SO_SETFIB on FreeBSD.
- Add feature to drop queries with opcode UPDATE.
BUG FIXES:
- Fix fname null check of fname in namedb_read_zonefile.
- Fix implicit cast of size in udb_radnode_array_grow.
- Fix ignore of return value of ssl_printf in remote.c.
- Fix unused check of fd in parent_handle_reload_command.
- Attempt to fix signedness of nscount lookup in ixfr query_process.
- Fix identical branches for ssl_print of errors in remote.c.
- Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
- Fix to separate header and data lines in parse_zone_list_file.
- Fix to define max number of EDNS records we are willing to
spend time on.
- Fix size of string len and capacity type cast in udbradtree.
- Fix to protect rrcount in tsig_find_rr from overflow.
- Annotate radix_find_prefix_node not reachable trail code.
- Fix to protect rrcount in packet_find_notify_serial from overflow.
- Fix to close socket on error in create_tcp_accept_sock.
- Fix to log on failure to chmod for socket for remote control.
- Fix to remove unneeded if in open of socket for remote control.
- Fix to restore input parameter on call failure in create_dirs.
- Please checker by terminating and initialising string read
by remote control.
- Fix to define upper bounds on rr counts read from untrusted packet
data.
- Separate acl_addr_match_range functions for ip4 and ip6, to
please checkers.
- Avoid unused variable warning in new match_range_v4 function.
- Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.
- use-systemd is ignored in nsd.conf, when NSD is compiled with
libsystemd it always signals readiness, if possible.
- Note that use-systemd is not necessary and ignored in man page.
- Fix unreachable code in ssl set options code.
- Fix bad shift in assertion code analyzer complaint.
- Fix responses for IXFR so that the authority section is not echoed
in the response.
- Merge PR#60: Minor portability fixes from michaelforney, with
avoid pointer arithmetic on void* and avoid unnecessary VLA.
- Fix that the retry wait does not exceed one day for zone transfers.
CHANGES:
- Set FD_CLOEXEC on opened sockets.
PR: 244886, 242367[2]
Submitted by: Jaap Akkerhuis <jaap@nlnetlabs.nl> (maintainer)
Reported by: Leo Vandewoestijne <freebsd@dns.company> [2]
Relnotes: https://github.com/NLnetLabs/nsd/blob/NSD_4_3_0_REL/doc/ChangeLog
(Note that these have not yet been re-tested on elfv1.)
While here, pet portlint (e.g. location of BROKEN_*, and, in one case,
USES).
Approved by: portmgr (tier-2 blanket)
The upstream has declared this soon to be EOL. The port is now updated accordingly.
End-of-life announcement: https://www.opendnssec.org/2019/10/
OpenDNSSEC 2.1 was released in February 2017, and in the past
two-and-half year it has proven itself to be stable and viable
upgrade of 1.4, and has additional features and improvements.
Therefore we announce end-of-life of OpenDNSSEC 1.4. One of the steps
towards future releases with better experience and shorter cycles.
Starting today, October 8, 2019, in accordance with our policies,
we will only provide essential fixes and support until 9 October 2020,
after which support will no longer be available. We feel confident
that existing installations can upgrade without much hassle and offer
support to our customers in doing so.
OpenDNSSEC 2.1.4 [1] serves as the replacement for the 1.4 LTS.
The current version is 2.1.6. There is a migration step necessary,
for which you can find a good breakdown at the migration page. [2]
[1] https://svnweb.freebsd.org/ports/head/dns/opendnssec2
[2] https://www.opendnssec.org/migration-from-1-4-to-2-1/
PR: 244610
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
- Force rebuild all consumers to fix potential miscompilations with
1.41.0
- Enable SOURCES by default. The sources are indexed by RLS and
required for it to function properly, so they should be available
by default. This also makes sure we test the option properly.
- Remove implied --config=config.toml from x.py args
- Switch to the upstreamed backtrace crate patches like rust-nightly
- Enable WASM by default [0]
- Strip libraries (D23650) [1]
- Simplify plist generation (D23735) [2]
Changes: https://blog.rust-lang.org/2020/02/27/Rust-1.41.1.html
Submitted by: mikael [0,1,2]
With hat: rust
Differential Revision: https://reviews.freebsd.org/D23835
February 02, 2020. KDE today announces the release of KDE Frameworks 5.67.0.
KDE Frameworks are over 70 addon libraries to Qt which provide a wide variety
of commonly needed functionality in mature, peer reviewed and well tested
libraries with friendly licensing terms. For an introduction see the KDE
Frameworks web page.
This release is part of a series of planned monthly releases making
improvements available to developers in a quick and predictable manner.
Announcement:
https://kde.org/announcements/kde-frameworks-5.67.0.php
PR: 244015
Exp-run by: antoine
This release of 2.1.6 fixes some issues regarding the key list
wrongfully displayed (a regression bug in 2.1.5) as well as a small
leak in the enforcer (which can add up when you bang the enforcer
with a lot of commands. And as well as a serious signing error when
using Combined Signing Keys (CSKs), this is only relevant if you
combine KSK and ZSK in one. Especially users of CSKs need this fix
now. Another nice fix is a reconnect to a MySQL/MariaDB database
you you don't have to tweak database parameters.
PR: 244047
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Relnotes: https://www.opendnssec.org/2019/11/opendnssec-2-1-5/https://www.opendnssec.org/2020/02/opendnssec-2-1-6/
This module allows you to get the public suffix of a domain name using the
Public Suffix List from http://publicsuffix.org
A public suffix is one under which Internet users can directly register names.
Some examples of public suffixes are .com, .co.uk and pvt.k12.wy.us. Accurately
knowing the public suffix of a domain is useful when handling web browser
cookies, highlighting the most important part of a domain name in a user
interface or sorting URLs by web site
WWW: https://github.com/nexb/python-publicsuffix2
- While I'm here, patch setup.py to avoid unnecessary py-requests dependency and network connection during build
PR: 243846
Submitted by: <ml@netfence.it>
- Lint Makefile
- Some configure switches changed from --enable to --with
- Rename FSTRM to DNSTAP
- Add DoH support
- Switch to LuaJIT-Openresty (when LUAJIT is selected instead of LUA)
- Remove unnecessary patch (files/patch-dnsdist-lua-vars.cc)
- Major improvement in the rc script: allowing multiple daemons
- Start using -C and %%ETCDIR%% causing the default path for dnsdist.conf
changes to usually /usr/local/etc/dnsdist/ in which you can store single
or multiple config files, includes, key-files for DNSCrypt, key/certs for
DoH, etc.
Also, change maintainer to Ralf van der Enden.
Changelog:
https://dnsdist.org/changelog.html
PR: 242125
Submitted by: Jørn Åne de Jong, Ralf van der Enden, Leo Vandewoestijne
Reviewed by: cpm@, Sascha Biberhofer, Yann Kerherve
Approved by: maintainer
- Force rebuild all consumers to catch regressions early
- Switch to cross-compiled (from amd64) bootstraps for all
architectures generated with the incoming lang/rust-bootstrap
- Update cargo-c to 0.5.2 to unbreak librav1e build
- Make use of regular MAKE_ENV/TEST_ENV in lang/rust
- Turn on RUST_BACKTRACE in lang/rust and USES=cargo to hopefully
produce more useful failure logs when something panics during
builds
Changes: https://blog.rust-lang.org/2020/01/30/Rust-1.41.0.html
Tested by: mikael, tobik
With hat: rust
Differential Revision: https://reviews.freebsd.org/D23385
4.2.1 release notes:
This release fixes several bugs and makes a few features more robust or
intuitive. It also contains a few performance improvements for API users.
For a full list of changes look here:
https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.1
PR: 242519
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
January 11, 2020. KDE today announces the release of KDE Frameworks 5.66.0.
KDE Frameworks are over 70 addon libraries to Qt which provide a wide variety
of commonly needed functionality in mature, peer reviewed and well tested
libraries with friendly licensing terms. For an introduction see the KDE
Frameworks web page.
This release is part of a series of planned monthly releases making
improvements available to developers in a quick and predictable manner.
Announcement:
https://kde.org/announcements/kde-frameworks-5.66.0.php
PR: 243289
Exp-run by: antoine
Also compress manpages in this location.
As a followup of a discussion which occured in 2017:
https://lists.freebsd.org/pipermail/freebsd-arch/2017-March/018115.html
And following:
https://svnweb.freebsd.org/base?view=revision&revision=315053
and
https://svnweb.freebsd.org/base?view=revision&revision=315142
All the supported FreeBSD version now supports share/man in manpath for
LOCALBASE As a result the ports tree can now accept it for manpage, but
more over migrate to this new path. Resulting in more consistency now the
manpages in base and ports would be in the relative path (under share/)
and a reduced amount of patching needed to port something to FreeBSD
Note1: this has already be done for GNU info pages earlier
Note2: due to the fact that for end user no functionnality will change during
the migration of the manpages to the new location and to avoid massive rebuild
of packages, it has been decided to not bump portrevision when migrating.
Reviewed by: mat (portmgr)
Differential Revision: https://reviews.freebsd.org/D23166
