Commit graph

261317 commits

Author SHA1 Message Date
fhajny
d87194f2f4 Import powerdns-odbc 4.0.3.
This packages provides the ODBC backend module to PowerDNS.
2017-03-09 13:52:34 +00:00
fhajny
b3d4cfdf6b Import powerdns-geoip 4.0.3.
This packages provides the GeoIP backend module to PowerDNS.
2017-03-09 13:50:07 +00:00
fhajny
78511da612 Reset PKGREVISION after parent package update 2017-03-09 13:44:50 +00:00
fhajny
aa9e0f90c5 Update net/powerdns-recursor to 4.0.4.
PowerDNS Recursor 4.0.4
=======================

Change highlights include:

- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Don't parse spurious RRs in queries when we don't need them
  (Security Advisory 2016-02)
- Add 'max-recursion-depth' to limit the number of internal recursion
- Wait until after daemonizing to start the RPZ and protobuf threads
- On RPZ customPolicy, follow the resulting CNAME
- Make the negcache forwarded zones aware
- Cache records for zones that were delegated to from a forwarded zone
- DNSSEC: don't go bogus on zero configured DSs
- DNSSEC: NSEC3 optout and Bogus insecure forward fixes
- DNSSEC: Handle CNAMEs at the apex of secure zones to other secure
  zones

PowerDNS Recursor 4.0.3
=======================

Bug fixes
- Call gettag() for TCP queries
- Fix the use of an uninitialized filtering policy
- Parse query-local-address before lua-config-file
- Fix accessing an empty policyCustom, policyName from Lua
- ComboAddress: don't allow invalid ports
- Fix RPZ default policy not being applied over IXFR
- DNSSEC: Actually follow RFC 7646 §2.1
- Add boost context ldflags so freebsd builds can find the libs
- Ignore NS records in a RPZ zone received over IXFR
- Fix build with OpenSSL 1.1.0 final
- Don't validate when a Lua hook took the query
- Fix a protobuf regression (requestor/responder mix-up)

Additions and Enhancements
- Support Boost 1.61+ fcontext
- Add Lua binding for DNSRecord::d_place

PowerDNS Recursor 4.0.2
=======================

Bug fixes
- Set dq.rcode before calling postresolve
- Honor PIE flags.
- Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is
  irrelevant
- Don't shuffle CNAME records. (thanks to Gert van Dijk for the
  extensive bug report!)
- Fix delegation-only

Additions and enhancements
- Respect the timeout when connecting to a protobuf server
- allow newDN to take a DNSName in; document missing methods
- expose SMN toString to lua
- Anonymize the protobuf ECS value as well (thanks to Kai Storbeck of
  XS4All for finding this)
- Allow Lua access to the result of the Policy Engine decision, skip
  RPZ, finish RPZ implementation
- Remove unused DNSPacket::d_qlen
- RPZ: Use query-local-address(6) by default (thanks to Oli Schacher
  of switch.ch for the feature request)
- Move the root DNSSEC data to a header file

PowerDNS Recursor 4.0.1
=======================

Bug fixes
- Improve DNSSEC record skipping for non dnssec queries (Kees
  Monshouwer)
- Don't validate zones from the local auth store, go one level down
  while validating when there is a CNAME
- Don't go bogus on islands of security
- Check all possible chains for Insecures
- Don't go Bogus on a CNAME at the apex
- RPZ: default policy should also override local data RRs
- Fix a crash when the next name in a chained query is empty and
  rec_control current-queries is invoked

Improvements
- OpenSSL 1.1.0 support (Christian Hofstaedtler)
- Fix warnings with gcc on musl-libc (James Taylor)
- Also validate on +DO
- Fail to start when the lua-dns-script does not exist
- Add more Netmask methods for Lua (Aki Tuomi)
- Validate DNSSEC for security polling
- Turn on root-nx-trust by default and log-common-errors=off
- Allow for multiple trust anchors per zone
- Fix compilation warning when building without Protobuf

PowerDNS Recursor 4.0.0
=======================

- Moved to C++ 2011, a cleaner more powerful version of C++ that has
  allowed us to improve the quality of implementation in many places.
- Implemented dedicated infrastructure for dealing with DNS names that
  is fully "DNS Native" and needs less escaping and unescaping.
- Switched to binary storage of DNS records in all places.
- Moved ACLs to a dedicated Netmask Tree.
- Implemented a version of RCU for configuration changes
- Instrumented our use of the memory allocator, reduced number of
  malloc calls substantially.
- The Lua hook infrastructure was redone using LuaWrapper; old scripts
  will no longer work, but new scripts are easier to write under the
  new interface.
- DNSSEC processing: if you ask for DNSSEC records, you will get them.
- DNSSEC validation: if so configured, PowerDNS perform DNSSEC
  validation of your answers.
- Completely revamped Lua scripting API that is "DNSName" native and
  therefore far less error prone, and likely faster for most commonly
  used scenarios.
- New asynchronous per-domain, per-ip address, query engine.
- RPZ (from file, over AXFR or IXFR) support.
- All caches can now be wiped on suffixes, because of canonical
  ordering.
- Many, many more relevant performance metrics, including upstream
  authoritative performance measurements.
- EDNS Client Subnet support, including cache awareness of
  subnet-varying answers.
2017-03-09 13:43:49 +00:00
fhajny
8791799143 Update net/powerdns to 4.0.3.
pkgsrc changes:

- Remove options for cryptopp and geoip (the latter to go into a
  separate package).
- Clean up a lot of patches that do not seem to be needed anymore.

PowerDNS Authoritative Server 4.0.3
===================================

- Revert "In 'Bind2Backend::lookup()', use the 'zoneId' when we have it"

PowerDNS Authoritative Server 4.0.2

Security issues fixed:

- 2016-02: Crafted queries can cause abnormal CPU usage
- 2016-03: Denial of service via the web server
- 2016-04: Insufficient validation of TSIG signatures
- 2016-05: Crafted zone record can cause a denial of service

Other highlights:

- Don't parse spurious RRs in queries when we don't need them (Security
  Advisory 2016-02)
- Don't exit if the webserver can't accept a connection (Security
  Advisory 2016-03)
- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Correctly check unknown record content size (Security Advisory
  2016-05)
- ODBC backend: actually prepare statements
- Improve root-zone performance
- Plug memory leak in postgresql backend (Christian Hofstaedtler)
- calidns: Don't crash if we don't have enough 'unknown' queries
  remaining
- Improve PacketCache cleaning (Kees Monshouwer)
- Bind backend: update status message on reload, keep the existing zone
  on failure
- Fix TSIG for single thread distributor (Kees Monshouwer)
- Change default for any-to-tcp to yes (Kees Monshouwer)
- Don't look up the packet cache for TSIG-enabled queries
- Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler)
- pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo)

PowerDNS Authoritative Server 4.0.1
===================================

Bug fixes
- Wait for the connection to the carbon server to be established
- Don't try to deallocate empty PG statements
- Send the correct response when queried for an NSEC directly (Kees
  Monshouwer)
- Don't include bind files if length <= 2 or > sizeof(filename)
- Catch runtime_error when parsing a broken MNAME

Improvements
- Make DNSPacket return a ComboAddredd for local and remote (Aki Tuomi)
- OpenSSL 1.1.0 support (Christian Hofstaedtler)
- Fix typos in a logmessage and exception (Christian Hofsteadtler)
- pdnsutil: Remove checking of ctime and always diff the changes (Hannu
  Ylitalo)
- dnsreplay: Only add Client Subnet stamp when asked
- Use toLogString() for ringAccount (Kees Monshouwer)

Additions
- Add limits to the size of received {A,I}XFR
- Add used filedescriptor statistic (Kees Monshouwer)

PowerDNS Authoritative Server 4.0.0
===================================

- Moved to C++ 2011, a cleaner more powerful version of C++ that has
  allowed us to improve the quality of implementation in many places.
- Implemented dedicated infrastructure for dealing with DNS names that
  is fully "DNS Native" and needs less escaping and unescaping.
- Due to this, the PowerDNS Authoritative Server can now serve
  DNSSEC-enabled root-zones.
- All backends derived from the Generic SQL backend use prepared
  statements.
- Both the server and pdns_control do the right thing when chroot'ed.
- Caches are now fully canonically ordered, which means entries can be
  wiped on suffix in all places
- A revived and supported ODBC backend (godbc).
- A revived and supported LDAP backend (ldap).
- Support for CDS/CDNSKEY and RFC 7344 key-rollovers.
- Support for the ALIAS record.
- The webserver and API are no longer experimental.
- The API-path has moved to /api/v1
- DNSUpdate is no longer experimental.
- ECDSA (algorithm 13 and 14) supported without in-tree cryptographic
  libraries (provided by OpenSSL).
- Experimental support for ed25519 DNSSEC signatures (when compiled with
  libsodium support).
- Many new pdnsutil commands.
- GeoIP backend has gained many features, and can now e.g. run based on
  explicit netmasks not present in the GeoIP databases
- Removed support for LMDB.
- Removed the Geo backened (use the improved GeoIP instead).
- pdnssec has been renamed to pdnsutil.
- Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic
  libraries have been dropped in favor of the (faster) OpenSSL libcrypto
  (except for GOST, which is still provided by Botan).
- ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when
  securing zones.
- The PowerDNS Authoritative Server now listens by default on all IPv6
  addresses.
- Several superfluous queries have been dropped from the Generic SQL
  backends.
- The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are
  marked as deprecated and will be removed in 4.1.0
2017-03-09 13:32:54 +00:00
ryoon
f8ede25922 Updated pkgtools/x11-links to 1.05 2017-03-09 13:06:16 +00:00
ryoon
a55a40b5bf Update to 1.05
* Include native X.org libraries in recent NetBSD-current
2017-03-09 13:05:33 +00:00
jperkin
5a54b7be2f Fix library build on SunOS. 2017-03-09 12:45:56 +00:00
wiz
89e9989c52 Updated misc/dpkg to 1.18.23nb1 2017-03-09 11:52:37 +00:00
wiz
f6f06d7a2f Updated dpkg to 1.18.23nb1.
Set TAR so that GNU tar is found.
Enable start-stop-daemon now that it builds on NetBSD.
Add a test dependency.
2017-03-09 11:52:26 +00:00
jperkin
6778294363 Updated graphics/GraphicsMagick to 1.3.25nb2 2017-03-09 10:47:33 +00:00
jperkin
fd89552cd1 Make pkg-config a runtime dependency so GraphicsMagick*config work.
Bump PKGREVISION.
2017-03-09 10:47:24 +00:00
jperkin
847c6a94f3 Disable llvm option on SunOS, it doesn't build. 2017-03-09 09:51:04 +00:00
maya
9ea1db5357 Updated net/tcpdump to 4.9.0nb2 2017-03-09 03:59:35 +00:00
maya
d52b27fce4 tcpdump: bump PKGREVISION for previous.
I think the package might be created and can be built, but isn't possible
to pkg_add. paranoid bump just in case.
2017-03-09 03:59:17 +00:00
maya
108c3d4b86 tcpdump: create _tcpdump user (and group) properly.
fix build failure when a _tcpdump user did not exist already.

from Michael-John Turner in PR pkg/52051
2017-03-09 03:01:54 +00:00
minskim
4fca1aba3b Added security/ruby-rex-struct2 version 0.1.0 2017-03-08 22:39:32 +00:00
minskim
bde7c4f6b3 Add ruby-rex-struct2 2017-03-08 22:39:01 +00:00
minskim
b37e616195 Import ruby-rex-struct2-0.1.0 as security/ruby-rex-struct2
Ruby Exploitation (Rex) library for generating/manipulating C-Style
structs.
2017-03-08 22:38:12 +00:00
hauke
3a06816e46 suse131_32_binutils -> suse131_binutils -- thanks, leot@! 2017-03-08 20:07:21 +00:00
wiz
8df2d7aa1e Add bl3.mk file. 2017-03-08 16:51:36 +00:00
jperkin
0828e0c3e8 Ensure PBULK_CACHE_DIRECTORY exists before writing into it. 2017-03-08 16:16:40 +00:00
jperkin
56095c43fb Use local Docbook DTDs. Fixes issue where xmllint --nonet doesn't actually
work.
2017-03-08 16:09:15 +00:00
wiz
1d91063827 Updated net/syncthing to 0.14.24 2017-03-08 15:47:04 +00:00
wiz
c4f8b27efa Updated syncthing to 0.14.24.
This is a regularly scheduled stable release.

Resolved issues since v0.12.23:

    #3884: lib/sync: Fix a race in unlocker logging
    #3976: Links and log messages refer to https instead of http where possible

Also:

    As of this release, symlinks are no longer supported on Windows.
    The default number of parallel file processing routines per
    folder is now two (previously one), and the number of simultaneously
    outstanding network requests has been increased.
    The GUI now contains buttons to pause or resume all folders
    with a single action.
2017-03-08 15:46:52 +00:00
wiz
bcbb8212ff + modular-xorg-server-1.19.2 [distfile is missing some autoconf files]. 2017-03-08 15:30:00 +00:00
jperkin
e4d1b9920a Mark SunOS as _INCOMPAT_CURSES, there are lots of issues with the recent work
to use the curses framework and this is the simplest solution for now.
2017-03-08 15:26:51 +00:00
wiz
971f3d65a0 Added textproc/lowdown version 0.1.9 2017-03-08 15:05:25 +00:00
wiz
0874686b8f + lowdown. 2017-03-08 15:05:14 +00:00
wiz
c27d27402c Import lowdown-0.1.9 as textproc/lowdown.
lowdown is just another Markdown translator. It can output traditional
HTML or a document for your troff type-setter of choice, such as
groff(1), Heirloom troff, or even mandoc(1). lowdown doesn't require
XSLT, Python, or even Perl - it's just clean, secure, open source
C code with no dependencies.
2017-03-08 15:05:02 +00:00
wiz
fa6b1ae7bd Added archivers/py-zstandard version 0.7.0 2017-03-08 14:54:48 +00:00
wiz
0f0a4e8cbb + py-zstandard 2017-03-08 14:54:34 +00:00
wiz
4368fb5db2 Import py-zstandard-0.7.0 as archivers/py-zstandard.
This project provides Python bindings for interfacing with the
Zstandard compression library. A C extension and CFFI interface are
provided.

The primary goal of the project is to provide a rich interface to
the underlying C API through a Pythonic interface while not sacrificing
performance. This means exposing most of the features and flexibility
of the C API while not sacrificing usability or safety that Python
provides.
2017-03-08 14:54:26 +00:00
wiz
397962750d Updated graphics/graphviz to 2.40.1 2017-03-08 14:52:10 +00:00
wiz
3e3177bdc7 Updated graphviz to 2.40.1.
December 21, 2016
	- Remove usage of ast_common.h
December 20, 2016
    - Release 2.40.0
        - network-simplex fixes and optimization (Stephen North)
	- built-in tred tool now available in the various swig generated
	language bindings (John Ellson)
	- number rounding added to SVG renderer (same as PS and TK rounding)
	to aid regression testing. (John Ellson)
	- additional regressson test framework, used in Travis CI builds. (Erwin Janssen)
	- PHP7 support (requires swig-3.0.11 or later). (John Ellson)
	- Allow user to specify clustering algorithm in gvmap. (Emden Gansner)
	- Add Sierpinski graph generator to gvgen. (Emden Gansner)
	- Extensive code cleanup (Erwin Janssen)
	- Removal of libgd source - use vanilla libgd from separate install
	- Windows builds (Erwin Janssen)
	- Appveyor CI for automated Windows build testing (Erwin Janssen)
	- Travis CI for Fedora/Centos builds (Erwin Janssen)
	- Added JSON output format, -Tjson  (Emden Gansner)
	- New curved arrowhead, cylinder node shape.
	- Resolves bugs: 2599, 1172
June 18, 2016
	- Experimenting with Travis CI
February 13, 2016
	- Add cylinder shape for databases.
	- Free installed plugins
	- Update makefile for dot so that the using libpanco_C in the static build include PANGOFT2
        as well as PANGOCAIRO_LIBS (needed for some versions of Ubuntu)
February 1, 2016
	- Add json output format
April 26, 2015
	- output class value in svg files
September 9, 2014
	- Add plain shape for use with HTML-like labels.
August 12, 2014
	- Add icurve arrowhead.
July 28, 2014
	- Revert to old, translate to origin semantics in neato, etc. Add flag notranslate if that is
          what the user desires.
2017-03-08 14:51:56 +00:00
jperkin
bb9c8d2f50 Remove bogus SYSV section, fixes build on SunOS. 2017-03-08 14:48:30 +00:00
jperkin
a755e996e3 Pull in upstream fix for mkostemp issue, should fix SunOS and PR#52035. 2017-03-08 14:38:34 +00:00
jperkin
166ff53aae Update patch for current define naming. Fixes SunOS build. 2017-03-08 13:37:55 +00:00
wiz
fdd0171068 Updated time/p5-DateTime-Locale to 1.14 2017-03-08 11:49:58 +00:00
wiz
22c7f1a101 Updated p5-DateTime-Locale to 1.14.
1.14     2017-03-05

- Codes with just a language and script code were not parsed correctly,
  leading to bugs in their data, so that they did not report a script_code,
  nor did their name reflect the script. So for example "bs-Latn" was just
  "Bosnian" instead of "Bosnian Latin".


1.13     2017-03-05

- Fixed a regression bug where providing a locale's English name or native
  name to DateTime::Locale->load no longer worked. Fixed by Sergey. GH #13.
2017-03-08 11:49:45 +00:00
wiz
2b3a4db4c9 Updated devel/p5-Moo to 2.003001 2017-03-08 11:48:02 +00:00
wiz
57f2a6094a Updated p5-Moo to 2.003001.
2.003001 - 2017-03-06
  - fix +attributes replacing builder subs if parent attribute was defined with
    builder => $subref
  - fix trigger with a default value and init_arg of undef
2017-03-08 11:47:50 +00:00
wiz
cbcedfa25f Updated www/p5-libwww to 6.23 2017-03-08 11:46:23 +00:00
wiz
3137636df0 Updated p5-libwww to 6.23.
6.23      2017-03-06
    - Fix bug where Protocol::NNTP called undef on a variable before being done
      using it. (GH PR #121)
    - Ran perltidy on LWP::Protocol::NNTP
    - Re-organized current documentation set.
2017-03-08 11:46:09 +00:00
wiz
c09de25db1 + binutils-2.28, openvpn-2.4.0 [pkg/52044], p5-DateTime-Locale-1.14,
p5-Moo-2.003001, p5-libwww-6.23, phoronix-7.0, py-gevent-1.2.1.
2017-03-08 11:43:44 +00:00
wiz
3644577271 Updated mail/mutt to 1.8.0nb1 2017-03-08 10:05:47 +00:00
wiz
14134565a1 Rename mutt-mmdf(5) back to mmdf(5), to reduce diffs with upstream.
Conflict with tin was solved by renaming tin's man page.

Requested by Michael-John Turner in PR 52046.

Bump PKGREVISION.
2017-03-08 10:05:34 +00:00
wiz
b974d92b9a Updated x11/xf86-video-openchrome to 0.6.0 2017-03-08 09:13:59 +00:00
wiz
4924b256d1 Updated xf86-video-openchrome to 0.6.0.
Finally figured out how to use the X.Org automatic submission
script after realizing that I had to change the script in order for
OpenChrome DDX to build in the first place.

OpenChrome DDX Version 0.6 has added the following new features.

- First official support for CX700, VX700, and VX800 chipsets
  integrated TMDS transmitter (i.e., DVI support)
- Initial support for Silicon Image SiI 164 TMDS transmitter


OpenChrome DDX Version 0.6 has the following improvements.

- Improved FP reinitialization when resuming from standby
  (HP 2133 Mini-Note, FIC CE260 / CE261 based netbooks like
   Everex CloudBook and Sylvania g netbook)
- Improved automatic detection of display resources
- Improved X Server stability in dual monitor mode
- Automatic active steering of the display controller channel to the
  correct display output device


OpenChrome DDX Version 0.6 fixes the following bugs.

- Fix for the disruption of the VT (Virtual Terminal) screen bug
  introduced in Version 0.5
- Fix for HP 2133 Mini-Note's PCIe WLAN getting turned off
  inadvertently bug introduced in Version 0.5
2017-03-08 09:13:45 +00:00
sevan
b970197822 Tabs vs spaces!
Unbreak with the Python 3 versions of the package.
Heads up by Daniel Jakots.
2017-03-08 01:09:00 +00:00