Git shortlog since release candidate #4:
Moshe Levi (1):
Check IP address command line arg in dhcp_release.c
Simon Kelley (7):
Fix crash in auth code with odd configuration.
Auth: correct replies to NS and SOA in .arpa zones.
Note CVE-2015-3294
Log domain when reporting DNSSEC validation failure.
Revert 61b838dd574c51d96fef100285a0d225824534f9 and just quieten log inste
Handle domain names with '.' or /000 within labels.
Tweaks to previous, DNS label charset commit.
Stefan Tomanek (1):
Fix (srk induced) crash in new tftp_no_fail code.
- Add --localstatedir=/var to _LATE_CONFIGURE_ARGS (like --mandir) but not
when CONFIGURE_ARGS already sets it. (GNU configure scripts set it to
PREFIX/var when PREFIX != /usr.)
- Add --localstatedir="${PREFIX}/var" to CONFIGURE_ARGS in some ports so
they aren't affected by this change (for now at least). This commit is
meant to ensure that new ports don't make the same mistake.
- games/acm: the configure script in this port is very old; instead of
patching it more, just replace GNU_CONFIGURE with HAS_CONFIGURE.
- irc/charybdis: it already used /var but adding --localstatedir=/var
changed the behaviour of the configure script; adjust the port to this.
PR: 199506
Exp-run by: antoine
Approved by: portmgr (antoine)
AnyEvent::CacheDNS provides a very simple DNS resolver that caches its results
and can improve the connection times to remote hosts.
WWW: http://search.cpan.org/dist/AnyEvent-CacheDNS/
- Move bison(1) from BUILD_DEPENDS to USES
- Register CONFLICTS with knot-devel-1.*
- Enable compiler messages in batch (package building) mode
- Add new options (DNSTAP, GOST, LMDB)
- Rename IDNA option to our standard (shared) IDN
- Allow to build against `security/libressl' as OPENSSL_PORT
- Switch to using @sample keyword for knot.sample.conf
- Sort pkg-plist and reformat pkg-descr while I'm at it
- Update files/pkg-message.in to include instructions for both new
and legacy rc systems (e.g. FreeBSD 8.4 has service(8), but no
sysrc(8) utility)
PR: 199298
Submitted by: maintainer
Resolves checksum trouble.
Git shortlog between rc#3 and rc#4:
Simon Kelley (4):
Return INSECURE, rather than BOGUS when DS proved not to exist.
Fix compiler warning when not including DNSSEC.
Fix crash caused by looking up servers.bind when many servers defined.
Fix crash on receipt of certain malformed DNS requests.
Stefan Tomanek (2):
add --tftp-no-fail to ignore missing tftp root
Convert to use MASTER_SIGHTS_FARSIGHT.
Differential Revision: https://reviews.freebsd.org/D2235
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
Python bindings for the dnstable library
Differential Revision: https://reviews.freebsd.org/D2231
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
dnstable implements an encoding format for passive DNS data. It
consists of a C library, libdnstable, and several command line
utilities for creating, querying, and merging dnstable data files.
It stores key-value records in Sorted String Table (SSTable) files
and provides high-level interfaces for querying or iterating over
the stored records. dnstable encodes individual records using a
format tailored for efficiently storing passive DNS data and can
quickly perform both "forward" and "inverse" searches.
Differential Revision: https://reviews.freebsd.org/D2214
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
For example (${OSVERSION} >= 900000 && ${OSVERSION} < 900021) is always true,
as is (${OSVERSION} > 900002 || ${OSVERSION} < 900000 && ${OSVERSION} > 800107).
Regarding patches, when an EXTRA_PATCHES is no longer needed, I remove it, when
it is always needed, I renamed it, in one case, I merged two patches.
Differential Revision: https://reviews.freebsd.org/D2209
This is pywdns, a Python extension module implemented in Cython
for the wdns C library.
Differential Revision: https://reviews.freebsd.org/D2200
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
Changes since rc1 (git shortlog):
+ Don't fail DNSSEC when a signed CNAME dangles into an unsigned zone.
+ Return SERVFAIL when validation abandoned.
+ Protect against broken DNSSEC upstreams.
+ DNSSEC fix for non-ascii characters in labels.
+ Allow control characters in names in the cache, handle when logging.
Changes from previous 2.73test6 (taken from CHANGELOG's Git repo):
Don't reply to DHCPv6 SOLICIT messages if we're not
configured to do stateful DHCPv6. Thanks to Win King Wan
for the patch.
Fix broken DNSSEC validation of ECDSA signatures.
Add --dnssec-timestamp option, which provides an automatic
way to detect when the system time becomes valid after boot
on systems without an RTC, whilst allowing DNS queries before the
clock is valid so that NTP can run. Thanks to
Kevin Darbyshire-Bryant for developing this idea.
Categories: archivers, dns, french, japanese, news, port-mgmt, x11-wm
The sysutils port was setting configure argument, so the text wasn't
removed but the value of PTHREAD_LIBS was changed.
approved by: PTHREAD blanket
include GH_PROJECT/GH_ACCOUNT/GH_TAGNAME. This prevents the distfile
having the same name despite changing one of these values and causing
a bad checksum.
Differential Revision: https://reviews.freebsd.org/D2103
Reviewed by: mat
With hat: bdrewery
conflict with the old scheme and cause a "reroll" or "invalid checksums". This
also avoids clobbering the FreeBSD distcache.
Use a revision in the DISTNAME for USE_GITHUB in case we need to bump this
again for anything. It's more a hint of how to handle it in the future.
Reported by: mat
Discused with: mat, antoine, swills
With hat: portmgr
Using this new scheme allows only setting the _tag_ or _commit hash_ in
GH_TAGNAME and not having to know the hash for a tag. This scheme will
download a tarball that has a different checksum than before due to a changed
directory name for extraction.
The following MASTER_SITES are provided to retain the old checksum and
directory structure (that require GH_COMMIT):
GH -> GHL
GITHUB -> GITHUB_LEGACY
Differential Revision: https://reviews.freebsd.org/D748
Submitted by: amdmi3
Reviewed by: mat, swills, antoine, bdrewery
With hat: portmgr
the period during which the website did not exist, the codebase also appeared
on launchpad.net, so add that as a backup MASTER_SITE.
Pass maintainership to Chris Hutchinson.
PR: 198548
Submitted by: lightside
It is the DNS caching system designed to work with www/awffull so it is
worth keeping this port alive.
Also, switch to USE_BDB=yes instead of 42+.
Drop maintainership of this port. It's stable with no known failures, and
is unlikely to ever see another release.
As long as we're depending on some of the optional modules (Crypt::OpenSSL::Random,
and Digest::BubbleBabble), depend on the rest of the optional modules
(Crypt::OpenSSL::ECDSA and Crypt::OpenSSL::EC).
Changes: https://metacpan.org/changes/distribution/Net-DNS-SEC
- Fix: linking against libev on FreeBSD
- Fix: Let configure report problem on FreeBSD when configuring with
libevent and libunbound <= 1.4.22 is not compiled with libevent.
- Better libcheck detection
- Better portability with UNIX systems
PR: 197560
Submitted by: pi
Approved by: zi (maintainer)
Major Features:
- RFC 7344: CDS and CDNSKEY (read record types).
- per zone statistics with --enable-zone-stats
- Disabled use of SSLv3 in nsd-control.
- Synthesize CNAMEs with same TTL as DNAME.
- nsd-checkconf -f prints out full name of pidfile (with dir). [1]
PR: 197291,
196449 [1]
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>,
Adam Zaleski <adam@zaleski.org> [1]
libasr is a FREE asynchronous DNS resolver.
libasr runs on top of the OpenBSD operating system but also has a portable
version that can build and run on several systems, including:
* Linux
* FreeBSD
* NetBSD
* DragonFly
* MacOSX
This port packages the development snapshots released by OpenSMTPD team.
WWW: https://github.com/OpenSMTPD/libasr
libasr is a FREE asynchronous DNS resolver.
libasr runs on top of the OpenBSD operating system but also has a portable
version that can build and run on several systems, including:
* Linux
* FreeBSD
* NetBSD
* DragonFly
* MacOSX
WWW: https://github.com/OpenSMTPD/libasr
Changes since test3, from CHANGELOG file:
Add --log-queries=extra option, which makes logs easier
to search automatically.
Add --min-cache-ttl option. I've resisted this for a long
time, on the grounds that disbelieving TTLs is never a
good idea, but I've been persuaded that there are
sometimes reasons to do it. (Step forward, GFW).
To avoid misuse, there's a hard limit on the TTL
floor of one hour. Thansk to RinSatsuki for the patch.
Cope with multiple interfaces with the same link-local
address. (IPv6 addresses are scoped, so this is allowed.)
Thanks to Cory Benfield for help with this.
Add --dhcp-hostsdir. This allows addition of new host
configurations to a running dnsmasq instance much more
cheaply than having dnsmasq re-read all its existing
configuration each time.
DNS SRV record command line wrapper
-----------------------------------
wrapsrv adds support for connecting to a network service based on DNS SRV
record lookups to commands that do not support the DNS SRV record. wrapsrv
implements the weighted priority client connection algorithm in RFC 2782.
The specified command line will be invoked one or more times with %h and %p
sequences in the command line substituted for the hostname and port elements
of the selected SRV record.
WWW: https://github.com/farsightsec/wrapsrv
Differential Revision: https://reviews.freebsd.org/D1488
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
Mirror the distfile on LOCAL as a http backup for clients that
can't use https.
Use INSTALL_TARGET=install-strip instead of ${STRIP_CMD}.
Differential Revision: https://reviews.freebsd.org/D1473
Approved by: mat (mentor)
Several ports had rc.d scripts with hardcoded command_interpreter string
as /usr/bin/perl. This symlink is not guaranteed to be in place, and it
isn't even an option for perl 5.20. For affected ports, the interpreter
was changed to localbase.
In one case, the interpreter was correct, but it wasn't surround by
quotes. Since the rc.d script would break if a space was contained in
${PREFIX}, quotes were added in that case.
- Removed FreeBSD 10 check for libevent, because of upstream fixes (as stated in changelog)
- Converted files/patch-Makefile.in to sed patch, which is position independent
PR: 195674
Submitted by: lightside@gmx.com
- To prevent hanging on 10.x systems which ship with unbound and depend on
DNS resolving, start dnscrypt-proxy before unbound.
- Bump PORTREVISION
PR: 194975
Differential Revision: https://reviews.freebsd.org/D1249
Submitted by: Joseph Mingrone <jrm@ftfl.ca>
Approved by: koobs (mentor)
Before, we had:
site_perl : lib/perl5/site_perl/5.18
site_perl/perl_arch : lib/perl5/site_perl/5.18/mach
perl_man3 : lib/perl5/5.18/man/man3
Now we have:
site_perl : lib/perl5/site_perl
site_arch : lib/perl5/site_perl/mach/5.18
perl_man3 : lib/perl5/site_perl/man/man3
Modules without any .so will be installed at the same place regardless of the
Perl version, minimizing the upgrade when the major Perl version is changed.
It uses a version dependent directory for modules with compiled bits.
As PERL_ARCH is no longer needed in plists, it has been removed from
PLIST_SUB.
The USE_PERL5=fixpacklist keyword is removed, the .packlist file is now
always removed, as is perllocal.pod.
The old site_perl and site_perl/arch directories have been kept in the
default Perl @INC for all Perl ports, and will be phased out as these old
Perl versions expire.
PR: 194969
Differential Revision: https://reviews.freebsd.org/D1019
Exp-run by: antoine
Reviewed by: perl@
Approved by: portmgr
gdnsd is an Authoritative-only DNS server. This port tracks the 2.x release.
The initial g stands for Geographic, as gdnsd offers a plugin system for
geographic (or other sorts of) balancing, redirection, and
service-state-conscious failover. If you don't care about that feature,
it's still quite good at being a very fast, lean, and resilient
authoritative-only server for static DNS data.
gdnsd is written in C using libev and pthreads with a focus on high
performance, low latency service. It does not offer any form of caching or
recursive service, and does not support DNSSEC.
WWW: https://github.com/blblack/gdnsd/
* Add persistent timers for slave zones (expire, refresh, and flush)
* Return minimal response for queries with unsupported EDNS version
* Fix DNSSEC compliant processing of letter case in RDATA domain names
* Fix interpretation of Extended RCODE in EDNS
* Fix forced zone retransfer on slave
* Fix zone expiration when transfer is being refused by master
PR: 194795
Submitted by: freebsd@dns-lab.com (maintainer)
New features:
* Support for queries about IPv6 data in all applicable adns
query types (including AAAA, PTR, and adns_r_addr queries).
(Thanks very much to Mark Wooding.)
* Support for transport over IPv6. (Thanks to Mark Wooding again.)
* adns_addr2text and adns_text2addr: Convenient functions for
converting between addresses and address literals.
Bugfixes:
* Fix a crashing bug in adnslogres. (Debian#392102.)
* Do all checks of checked PTR owner name before actually sending the
query, and reject IPv4 PTR owner names whose labels have leading zero
digits or values >255.
Build system fixes and improvements:
* `make clean' removes the pipes.
* Work around bugs in make (Debian #4073, #756123) affecting regress.
* Do not include Makefile and src/config.h in distribution tarball.
Regression test debugging improvements:
* Provide gdbwrap convenience script.
* Honour ADNS_TEST_DEBUG env. var. (Mark Wooding.)
Submitted by: pi (maintainer)
As dns/powerdns was just updated to version 3.4, there was a decision to
be had to disable the -devel version or just remove the port altogether.
Due to the frequency of releases and the manner on how the upcoming
version is tested, it made sense to retire the port (at version 3.3).
PR: 194508
Submitted by: maintainer (Ralf van der Enden)
Alias is a new USES tool that allows DragonFly to masquerade as FreeBSD
by setting CFLAGS+= -D__FreeBSD__. For some ports, this fixes the build
without the need for additional patches.
Approved by: portmgr (bapt, blanket)
Changelog
http://doc.powerdns.com/html/changelog.html#changelog-auth-3.4.0
- Moved remote backend to regular (was experimental)
- Added the GeoIP, LMDB (both experimental) and Bind backend
- Removed Crypto++ support (as suggested by the author)
- Fixed the Luabackend on i386
- Added note to pkg-message about mandatory schema changes for
gmysql, gpgsql and gsqlite3 backends
- Changed the example pdns.conf to include all possible configuration
options when all backends are enabled
PR: 194057
Submitted by: me@nileshgr.com, updated by tremere@cainites.net
Approved by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Bugfixes:
Some specific incoming IXFRs were causing server to crash
Rare sychronization error during reload caused read-after-free
Response synthetization module did not work properly with DNSSEC-enabled zones
If Knot sent AXFR when IXFR was requested, message ID and opcode were wrong
Knot failed to send large messages to remote control (present since 1.5.1)
Version: 1.5.2
Bugfixes:
Some RR parsing corner cases were not handled properly
AXFR-style IXFR was refused and had to be retransfered
Hash character (#) was not properly escaped when storing text zone file
PR: 193969
Submitted by: erwin
Approved by: freebsd@dns-lab.com (maintainer)
- Patch libtool so it uses the same library version specification as on
Darwin, Linux and other systems. Given the version current:revision:age
a library will be given the extension .so.major.age.revision with major
equal to current-age. Before libtool would use .so.current on FreeBSD.
- Patch libtoolize to remove two cases of umask 0 that caused libltdl
files to be copied world writable (--ltdl option)
- Let USES=libtool patch this new version correctly
- Adjust all ports with USES=libtool:build and bump PORTREVISION on their
dependent ports if a library version changed
PR: 194068
Exp-run by: antoine
Approved by: portmgr (antoine)
Remove @dir* stuff from pkg-plist. @sample isn't documented properly
and isn't up to handling files with non-.sample suffix, so stay
away from that part of pkg-plist.
ChangeLog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
The Fedora 10 infrastructure ports have been in use since June 2009 and, while
having served a great deed, have become unsupported upstream and hence affected
by unfixed security vulnerabilities. In addition to that, many recent Linux
binaries need newer libc / stdlibc++ versions.
This commit adds the linux-c6- userland as drop-in replacement for the -f10
infrastructure, as well as upgrading the linux_base-c6 port to CentOS 6.5.
If you want to switch to linux-c6 ports, please define at /etc/make.conf:
OVERRIDE_LINUX_BASE_PORT=c6
OVERRIDE_LINUX_NONBASE_PORTS=c6
Additionally, please add the following line to /etc/sysctl.conf:
compat.linux.osrelease=2.6.18
Upgrading procedures are shown in /usr/ports/UPDATING.
This work has been inspired by Artyom Mirgorodskiy's post to emulation@ in
November 2013, using and extending mav@'s work. It has been tested extensively
and most reported issues were already fixed. Please report any additional bug
or "features" to the emulation mailing list.
Many thanks to: mav@, rene@, allanjude@, netchild@, antoine@, everyone who's
filed Issues and Pull requests on GitHub,
PR: 186820
Differential Revision: https://reviews.freebsd.org/D793
Reviewed by: allanjude, antoine, bapt, rene
Approved by: portmgr (antoine, bapt)
Approved by: koobs (mentor)
Sponsored by: Perceivon Hosting Inc.
+ Fix bug when resulted in NXDOMAIN answers instead of NODATA in some
circumstances.
+ Fix bug which caused dnsmasq to become unresponsive if it failed to
send packets due to a network interface disappearing.
+ Fix problem with --local-service option on big-endian platforms.
