Add a qa hint about needing, or not, USES=ssl.
Fix ports doing silly things, like including bsd.openssl.mk directly.
PR: 210322
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D6866
This only affects "Created by" lines with one exception: devel/uclcmd. There the maintainer is changed. This was overlooked in r416918.
Approved by: junovitch (mentor)
WITH_OPENSSL_* can't be set after bsd.port.pre.mk.
Fold all other usage into using SSL_DEFAULT == foo
PR: 210149
Submitted by: mat
Exp-run by: antoine
Sponsored by: The FreeBSD Foundation, Absolight
Differential Revision: https://reviews.freebsd.org/D6577
of a domain and discover non-contiguous IP blocks.
OPERATIONS:
Get the host's address (A record).
Get the nameservers (threaded).
Get the MX record (threaded).
Perform axfr queries on nameservers and
get BIND VERSION (threaded).
Get extra names and subdomains via google
scraping (google query = "allinurl: -www site:domain").
Brute force subdomains from file, can also
perform recursion on subdomain that have NS records (all threaded).
Calculate C class domain network ranges
and perform whois queries on them (threaded).
Perform reverse lookups on netranges
( C class or/and whois netranges) (threaded).
Write to domain_ips.txt file
ip-blocks.
WWW:https://github.com/fwaeytens/dnsenum
PR: 208950
Submitted by: Rihaz Jerrin <rihaz.jerrin@gmail.com>
Check all NS Records for Zone Transfers.
Enumerate General DNS Records for a given
Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
Perform common SRV Record Enumeration.
Top Level Domain (TLD) Expansion.
Check for Wildcard Resolution.
Brute Force subdomain and host A
and AAAA records given a domain and a wordlist.
Perform a PTR Record lookup for a given IP Range or CIDR.
Check a DNS Server Cached records for A, AAAA and
CNAME Records provided a list of host records in a text file to check.
Enumerate Common mDNS records in the Local
Network Enumerate Hosts and Subdomains using Google.
WWW: https://github.com/darkoperator/dnsrecon
PR: 208975
Submitted by: Rihaz Jerrin <rihaz.jerrin@gmail.com>
parties dlz drivers.
While there:
- enable the DLZ_FILESYSTEM option by default
- convert to USES=mysql and USES=bdb
Requested by: borius i ua
Sponsored by: Absolight
Changes in upstream Git between releases (git shortlog):
Sergey Nechaev (1):
Stricter command line args validation to dhcp_release6.
Simon Kelley (4):
Fix error in PXE arch names and add ARM32 and ARM64.
Tweak CSAs affected by UEFI PXE workaround code.
Tweak UEFI workaround code.
Merge messages into translation files.
Upstream CHANGELOG diff since rc #1:
Swap the values if BC_EFI and x86-64_EFI in --pxe-service.
These were previously wrong due to an error in RFC 4578.
If you're using BC_EFI to boot 64-bit EFI machines, you
will need to update your config.
Add ARM32_EFI and ARM64_EFI as valid architectures in
--pxe-service.
Changes since test#13:
+ Move the dhcp_release and dhcp_lease_time tools from
+ contrib/wrt to contrib/lease-tools.
+
+ Add dhcp_release6 to contrib/lease-tools. Many thanks
+ to Sergey Nechaev for this code.
+
+ To avoid filling logs in configurations which define
+ many upstream nameservers, don't log more that 30 servers.
+ The number to be logged can be changed as SERVERS_LOGGED
+ in src/config.h.
Changelog since v2.75 at:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=8628cd603fd0c55c7d41b84488446db44f58ff5b
make it compile on 9.x and silences a compiler warning.
A new "Dynamic DNS Mode has been added, but is only slightly tested by
the author of gen6dns (Holger.Zuleger(at)hznet.de), who would appreciate
any feedback on this feature.
Approved by: antoine (mentor, implicit)
using Stateless Address Autoconfig (SLAAC). If you have a list of hostnames,
mac addresses and ipv6 subnets gen6dns generates the appropriate AAAA and
PTR records for you. It supports different scopes and the generation of
view (split) specific files.
WWW: http://www.hznet.de/tools.html
Approved by: antoine
This release fix targets stability issues which have had a history and
have been hard to reproduce. Issues that have been reported over the
past half year have been fixed that may have even come up earlier as
rare occasions.
Stability should be improved, running OpenDNSSEC as a long term service.
Changes in TTL in the input zone that seem not to be propagated,
notifies to slaves under heavy zone activity load that where not handled
properly and could lead to assertions.
NSEC3PARAM that would appear duplicate in the resulting zone, and
crashes in the signer daemon in seldom race conditions or re-opening due
to a HSM reset.
No migration steps needed when upgrading from OpenDNSSEC 1.4.9.
Also have a look at our OpenDNSSEC 2.0 beta release, its impending
release will help us forward with new development and signal phasing out
historic releases.
Fixes:
- SUPPORT-156 OPENDNSSEC-771: Multiple NSEC3PARAM records in signed
zone. After a resalt the signer would fail to remove the old
NSEC3PARAM RR until a manual resign or incoming transfer.
Old NSEC3PARAMS are removed when inserting a new record, even if
they look the same.
- OPENDNSSEC-725: Signer did not properly handle new update while still
distributing notifies to slaves.
An AXFR disconnect looked not to be handled gracefully.
- SUPPORT-171: Signer would sometimes hit an assertion using DNS output
adapter when .ixfr was missing or corrupt but .backup file available.
- Above two issues also in part addresses problems with seemingly
corrected backup files (SOA serial). Also an crash on badly
configured DNS output adapters is averted.
- The signer daemon will now refuse to start when failed to open a
listen socket for DNS handling.
- OPENDNSSEC-478,750,581 and 582 and SUPPORT-88:
Segmentation fault in signer daemon when opening and closing HSM
multiple times. Also addresses other concurrency access by avoiding
a common context to the HSM (a.k.a. NULL context).
- OPENDNSSEC-798: Improper use of key handles across hsm reopen,
causing keys not to be available after a re-open.
- SUPPORT-186: IXFR disregards TTL changes, when only TTL of an RR is
changed. TTL changes should be treated like any other changes to
records.
- When OpenDNSSEC now overrides a TTL value, this is now reported in
the log files.
PR: 209261
Submitted by: jaap@NLnetLabs.nl (mainainer)
Upstream's CHANGELOG since test12:
* Check return-code of inet_pton() when parsing dhcp-option. Bad
addresses could fail to generate errors and result in garbage
dhcp-options being sent. Thanks to Marc Branchaud for spotting this.
* Fix wrong value for EDNS UDP packet size when using --servers-file to
define upstream DNS servers. Thanks to Scott Bonar for the bug report.
