- Add selection for mysql or pgsql backend
- Pass maintainership to submitter
PR: ports/131035
Submitted by: Edmondas Girkantas <eg@fbsd.lt>
Approved by: maintainer timeout (no activity since 2005)
- turn devel/py-twisted into a meta port.
- Update USE_TWISTED{,_BUILD,_RUN} in bsd.python.mk:
* Remove flow, pair, xish, which are deprecated
(but still update them to latest release in the tree)
* Remove USE_TWISTED=13 (no port uses this)
* Fix typos in twisted components _DEPENDS
PR: ports/130001
Submitted by: lwhsu
Approved by: maintainer timeout
the fix for the following vulnerability: https://www.isc.org/node/373
Description:
Return values from OpenSSL library functions EVP_VerifyFinal()
and DSA_do_verify() were not checked properly.
Impact:
It is theoretically possible to spoof answers returned from
zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6).
In short, if you're not using DNSSEC to verify signatures you have
nothing to worry about.
While I'm here, address the issues raised in the PR by adding a knob
to disable building with OpenSSL altogether (which eliminates DNSSEC
capability), and fix the configure arguments to better deal with the
situation where the user has ssl bits in both the base and LOCALBASE.
PR: ports/126297
Submitted by: Ronald F.Guilmette <rfg@tristatelogic.com>
improvements, including, "Additional support for query port randomization
including performance improvement and port range specification."
When building on amd64 ports' configure doesn't properly recognize our
arch, so help it along a bit. [1]
Submitted by: ivan jr sy <ivan_jr@yahoo.com> [1]
- Remove EXTRACT_SUFX as it uses USE_ZIP which automatically sets EXTRACT_SUFX
- Bump PORTREVISION
PR: ports/129812
Submitted by: Joseph S. Atkinson <jsatkinson at embarqmail.com>
Approved by: Alex Samorukov <samm at os2.kiev.ua> (maintainer)
Add a note to pkg-message indicating that ISC declared this version EOL
as of 1 December, but that we will support the port through the RELENG_6
lifetime.
lookups for the .local domain and self assigned IP addresses, rejecting
others. This can be used to speed up the resolution of non mdns registered
host names.
PR: ports/128107
Submitted by: Andrew <andrew@ugh.net.au>
Approved by: Ashish Shukla <wahjava@gmail.com> (maintainer)
traffic. It normally produces binary data in pcap(3) format, either
on standard output or in successive dump files (based on the -w
command line option.) This utility is similar to tcpdump(1), but
has finer grained packet recognition tailored to DNS transactions
and protocol options. dnscap is expected to be used for gathering
continuous research or audit traces.
WWW: https://www.dns-oarc.net/tools/dnscap
PR: ports/127433
Submitted by: Edwin Groothuis <edwin@mavetju.org>
Updates dns/nss_mdns port to v0.10 and changes MAINTAINER
field (as per bms's suggestion). This PR fixes the issue
reported in PR ports/123169, so that PR can be closed.
PR: ports/126952
Submitted by: Ashish Shukla <wahjava@gmail.com>
Approved by: bms@
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.
To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.
To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.
Changes to Mk/*:
- Add runtime detection magic in bsd.port.mk
- Remove CONFIGURE_TARGET hack in various bsd.*.mk
- USE_GNOME=gnometarget is now an no-op
Changes to individual ports, other than removing the CONFIGURE_TARGET hack:
= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
- comms/gnuradio
- science/abinit
- science/elmer-fem
- science/elmer-matc
- science/elmer-meshgen2d
- science/elmerfront
- science/elmerpost
= use x86_64 as ARCH
- devel/g-wrap
= other changes
- print/magicfilter
GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf
Total # of ports modified: 1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)
PR: 126524 (obsoletes 52917)
Submitted by: rafan
Tested on: two pointyhat 7-amd64 exp runs (by pav)
Approved by: portmgr (pav)
ZKT is a tool to manage keys and signatures for DNSSEC-zones.
The Zone Key Tool consists of two commands:
- dnssec-zkt to create and list dnssec zone keys and
- dnssec-signer to sign a zone and manage the lifetime of
the zone signing keys
See: http://www.hznet.de/dns/zkt/
PR: ports/126296
Submitted by: Frank Behrens <frank+ports@ilse.behrens.de>
DNS Server Cache. By sending many queries to a DNS server along with fake
replies, an attacker can successfuly writes a fake new entry in the DNS
cache.
WWW: http://www.securebits.org/dnsmre.html
PR: ports/126189
Submitted by: Tomoyuki Sakurai <cherry at trombik.org>
- Pet portlint
- Remove support for FreeBSD < 5
- Remove file leftover from repocopy
- Bump portepoch
NOTE: Version numbering changed back to 2.9.x instead of 3.x
PR: ports/126270
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
- performance improvement over the P1 releases, namely
+ significantly remedying the port allocation issues
+ allowing TCP queries and zone transfers while issuing as many
outstanding UDP queries as possible
+ additional security of port randomization at the same level as P1
- also includes fixes for several bugs in the 9.5.0 base code
