- Move bison(1) from BUILD_DEPENDS to USES
- Register CONFLICTS with knot-devel-1.*
- Enable compiler messages in batch (package building) mode
- Add new options (DNSTAP, GOST, LMDB)
- Rename IDNA option to our standard (shared) IDN
- Allow to build against `security/libressl' as OPENSSL_PORT
- Switch to using @sample keyword for knot.sample.conf
- Sort pkg-plist and reformat pkg-descr while I'm at it
- Update files/pkg-message.in to include instructions for both new
and legacy rc systems (e.g. FreeBSD 8.4 has service(8), but no
sysrc(8) utility)
PR: 199298
Submitted by: maintainer
Resolves checksum trouble.
Git shortlog between rc#3 and rc#4:
Simon Kelley (4):
Return INSECURE, rather than BOGUS when DS proved not to exist.
Fix compiler warning when not including DNSSEC.
Fix crash caused by looking up servers.bind when many servers defined.
Fix crash on receipt of certain malformed DNS requests.
Stefan Tomanek (2):
add --tftp-no-fail to ignore missing tftp root
Convert to use MASTER_SIGHTS_FARSIGHT.
Differential Revision: https://reviews.freebsd.org/D2235
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
Python bindings for the dnstable library
Differential Revision: https://reviews.freebsd.org/D2231
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
dnstable implements an encoding format for passive DNS data. It
consists of a C library, libdnstable, and several command line
utilities for creating, querying, and merging dnstable data files.
It stores key-value records in Sorted String Table (SSTable) files
and provides high-level interfaces for querying or iterating over
the stored records. dnstable encodes individual records using a
format tailored for efficiently storing passive DNS data and can
quickly perform both "forward" and "inverse" searches.
Differential Revision: https://reviews.freebsd.org/D2214
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
For example (${OSVERSION} >= 900000 && ${OSVERSION} < 900021) is always true,
as is (${OSVERSION} > 900002 || ${OSVERSION} < 900000 && ${OSVERSION} > 800107).
Regarding patches, when an EXTRA_PATCHES is no longer needed, I remove it, when
it is always needed, I renamed it, in one case, I merged two patches.
Differential Revision: https://reviews.freebsd.org/D2209
This is pywdns, a Python extension module implemented in Cython
for the wdns C library.
Differential Revision: https://reviews.freebsd.org/D2200
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
Changes since rc1 (git shortlog):
+ Don't fail DNSSEC when a signed CNAME dangles into an unsigned zone.
+ Return SERVFAIL when validation abandoned.
+ Protect against broken DNSSEC upstreams.
+ DNSSEC fix for non-ascii characters in labels.
+ Allow control characters in names in the cache, handle when logging.
Changes from previous 2.73test6 (taken from CHANGELOG's Git repo):
Don't reply to DHCPv6 SOLICIT messages if we're not
configured to do stateful DHCPv6. Thanks to Win King Wan
for the patch.
Fix broken DNSSEC validation of ECDSA signatures.
Add --dnssec-timestamp option, which provides an automatic
way to detect when the system time becomes valid after boot
on systems without an RTC, whilst allowing DNS queries before the
clock is valid so that NTP can run. Thanks to
Kevin Darbyshire-Bryant for developing this idea.
Categories: archivers, dns, french, japanese, news, port-mgmt, x11-wm
The sysutils port was setting configure argument, so the text wasn't
removed but the value of PTHREAD_LIBS was changed.
approved by: PTHREAD blanket
include GH_PROJECT/GH_ACCOUNT/GH_TAGNAME. This prevents the distfile
having the same name despite changing one of these values and causing
a bad checksum.
Differential Revision: https://reviews.freebsd.org/D2103
Reviewed by: mat
With hat: bdrewery
conflict with the old scheme and cause a "reroll" or "invalid checksums". This
also avoids clobbering the FreeBSD distcache.
Use a revision in the DISTNAME for USE_GITHUB in case we need to bump this
again for anything. It's more a hint of how to handle it in the future.
Reported by: mat
Discused with: mat, antoine, swills
With hat: portmgr
Using this new scheme allows only setting the _tag_ or _commit hash_ in
GH_TAGNAME and not having to know the hash for a tag. This scheme will
download a tarball that has a different checksum than before due to a changed
directory name for extraction.
The following MASTER_SITES are provided to retain the old checksum and
directory structure (that require GH_COMMIT):
GH -> GHL
GITHUB -> GITHUB_LEGACY
Differential Revision: https://reviews.freebsd.org/D748
Submitted by: amdmi3
Reviewed by: mat, swills, antoine, bdrewery
With hat: portmgr
the period during which the website did not exist, the codebase also appeared
on launchpad.net, so add that as a backup MASTER_SITE.
Pass maintainership to Chris Hutchinson.
PR: 198548
Submitted by: lightside
It is the DNS caching system designed to work with www/awffull so it is
worth keeping this port alive.
Also, switch to USE_BDB=yes instead of 42+.
Drop maintainership of this port. It's stable with no known failures, and
is unlikely to ever see another release.
As long as we're depending on some of the optional modules (Crypt::OpenSSL::Random,
and Digest::BubbleBabble), depend on the rest of the optional modules
(Crypt::OpenSSL::ECDSA and Crypt::OpenSSL::EC).
Changes: https://metacpan.org/changes/distribution/Net-DNS-SEC
- Fix: linking against libev on FreeBSD
- Fix: Let configure report problem on FreeBSD when configuring with
libevent and libunbound <= 1.4.22 is not compiled with libevent.
- Better libcheck detection
- Better portability with UNIX systems
PR: 197560
Submitted by: pi
Approved by: zi (maintainer)
Major Features:
- RFC 7344: CDS and CDNSKEY (read record types).
- per zone statistics with --enable-zone-stats
- Disabled use of SSLv3 in nsd-control.
- Synthesize CNAMEs with same TTL as DNAME.
- nsd-checkconf -f prints out full name of pidfile (with dir). [1]
PR: 197291,
196449 [1]
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>,
Adam Zaleski <adam@zaleski.org> [1]
libasr is a FREE asynchronous DNS resolver.
libasr runs on top of the OpenBSD operating system but also has a portable
version that can build and run on several systems, including:
* Linux
* FreeBSD
* NetBSD
* DragonFly
* MacOSX
This port packages the development snapshots released by OpenSMTPD team.
WWW: https://github.com/OpenSMTPD/libasr
libasr is a FREE asynchronous DNS resolver.
libasr runs on top of the OpenBSD operating system but also has a portable
version that can build and run on several systems, including:
* Linux
* FreeBSD
* NetBSD
* DragonFly
* MacOSX
WWW: https://github.com/OpenSMTPD/libasr
Changes since test3, from CHANGELOG file:
Add --log-queries=extra option, which makes logs easier
to search automatically.
Add --min-cache-ttl option. I've resisted this for a long
time, on the grounds that disbelieving TTLs is never a
good idea, but I've been persuaded that there are
sometimes reasons to do it. (Step forward, GFW).
To avoid misuse, there's a hard limit on the TTL
floor of one hour. Thansk to RinSatsuki for the patch.
Cope with multiple interfaces with the same link-local
address. (IPv6 addresses are scoped, so this is allowed.)
Thanks to Cory Benfield for help with this.
Add --dhcp-hostsdir. This allows addition of new host
configurations to a running dnsmasq instance much more
cheaply than having dnsmasq re-read all its existing
configuration each time.
DNS SRV record command line wrapper
-----------------------------------
wrapsrv adds support for connecting to a network service based on DNS SRV
record lookups to commands that do not support the DNS SRV record. wrapsrv
implements the weighted priority client connection algorithm in RFC 2782.
The specified command line will be invoked one or more times with %h and %p
sequences in the command line substituted for the hostname and port elements
of the selected SRV record.
WWW: https://github.com/farsightsec/wrapsrv
Differential Revision: https://reviews.freebsd.org/D1488
Approved by: mat (mentor)
Sponsored by: Farsight Security, Inc.
Mirror the distfile on LOCAL as a http backup for clients that
can't use https.
Use INSTALL_TARGET=install-strip instead of ${STRIP_CMD}.
Differential Revision: https://reviews.freebsd.org/D1473
Approved by: mat (mentor)
Several ports had rc.d scripts with hardcoded command_interpreter string
as /usr/bin/perl. This symlink is not guaranteed to be in place, and it
isn't even an option for perl 5.20. For affected ports, the interpreter
was changed to localbase.
In one case, the interpreter was correct, but it wasn't surround by
quotes. Since the rc.d script would break if a space was contained in
${PREFIX}, quotes were added in that case.
- Removed FreeBSD 10 check for libevent, because of upstream fixes (as stated in changelog)
- Converted files/patch-Makefile.in to sed patch, which is position independent
PR: 195674
Submitted by: lightside@gmx.com
- To prevent hanging on 10.x systems which ship with unbound and depend on
DNS resolving, start dnscrypt-proxy before unbound.
- Bump PORTREVISION
PR: 194975
Differential Revision: https://reviews.freebsd.org/D1249
Submitted by: Joseph Mingrone <jrm@ftfl.ca>
Approved by: koobs (mentor)
Before, we had:
site_perl : lib/perl5/site_perl/5.18
site_perl/perl_arch : lib/perl5/site_perl/5.18/mach
perl_man3 : lib/perl5/5.18/man/man3
Now we have:
site_perl : lib/perl5/site_perl
site_arch : lib/perl5/site_perl/mach/5.18
perl_man3 : lib/perl5/site_perl/man/man3
Modules without any .so will be installed at the same place regardless of the
Perl version, minimizing the upgrade when the major Perl version is changed.
It uses a version dependent directory for modules with compiled bits.
As PERL_ARCH is no longer needed in plists, it has been removed from
PLIST_SUB.
The USE_PERL5=fixpacklist keyword is removed, the .packlist file is now
always removed, as is perllocal.pod.
The old site_perl and site_perl/arch directories have been kept in the
default Perl @INC for all Perl ports, and will be phased out as these old
Perl versions expire.
PR: 194969
Differential Revision: https://reviews.freebsd.org/D1019
Exp-run by: antoine
Reviewed by: perl@
Approved by: portmgr
gdnsd is an Authoritative-only DNS server. This port tracks the 2.x release.
The initial g stands for Geographic, as gdnsd offers a plugin system for
geographic (or other sorts of) balancing, redirection, and
service-state-conscious failover. If you don't care about that feature,
it's still quite good at being a very fast, lean, and resilient
authoritative-only server for static DNS data.
gdnsd is written in C using libev and pthreads with a focus on high
performance, low latency service. It does not offer any form of caching or
recursive service, and does not support DNSSEC.
WWW: https://github.com/blblack/gdnsd/
* Add persistent timers for slave zones (expire, refresh, and flush)
* Return minimal response for queries with unsupported EDNS version
* Fix DNSSEC compliant processing of letter case in RDATA domain names
* Fix interpretation of Extended RCODE in EDNS
* Fix forced zone retransfer on slave
* Fix zone expiration when transfer is being refused by master
PR: 194795
Submitted by: freebsd@dns-lab.com (maintainer)
New features:
* Support for queries about IPv6 data in all applicable adns
query types (including AAAA, PTR, and adns_r_addr queries).
(Thanks very much to Mark Wooding.)
* Support for transport over IPv6. (Thanks to Mark Wooding again.)
* adns_addr2text and adns_text2addr: Convenient functions for
converting between addresses and address literals.
Bugfixes:
* Fix a crashing bug in adnslogres. (Debian#392102.)
* Do all checks of checked PTR owner name before actually sending the
query, and reject IPv4 PTR owner names whose labels have leading zero
digits or values >255.
Build system fixes and improvements:
* `make clean' removes the pipes.
* Work around bugs in make (Debian #4073, #756123) affecting regress.
* Do not include Makefile and src/config.h in distribution tarball.
Regression test debugging improvements:
* Provide gdbwrap convenience script.
* Honour ADNS_TEST_DEBUG env. var. (Mark Wooding.)
Submitted by: pi (maintainer)
As dns/powerdns was just updated to version 3.4, there was a decision to
be had to disable the -devel version or just remove the port altogether.
Due to the frequency of releases and the manner on how the upcoming
version is tested, it made sense to retire the port (at version 3.3).
PR: 194508
Submitted by: maintainer (Ralf van der Enden)
Alias is a new USES tool that allows DragonFly to masquerade as FreeBSD
by setting CFLAGS+= -D__FreeBSD__. For some ports, this fixes the build
without the need for additional patches.
Approved by: portmgr (bapt, blanket)
Changelog
http://doc.powerdns.com/html/changelog.html#changelog-auth-3.4.0
- Moved remote backend to regular (was experimental)
- Added the GeoIP, LMDB (both experimental) and Bind backend
- Removed Crypto++ support (as suggested by the author)
- Fixed the Luabackend on i386
- Added note to pkg-message about mandatory schema changes for
gmysql, gpgsql and gsqlite3 backends
- Changed the example pdns.conf to include all possible configuration
options when all backends are enabled
PR: 194057
Submitted by: me@nileshgr.com, updated by tremere@cainites.net
Approved by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Bugfixes:
Some specific incoming IXFRs were causing server to crash
Rare sychronization error during reload caused read-after-free
Response synthetization module did not work properly with DNSSEC-enabled zones
If Knot sent AXFR when IXFR was requested, message ID and opcode were wrong
Knot failed to send large messages to remote control (present since 1.5.1)
Version: 1.5.2
Bugfixes:
Some RR parsing corner cases were not handled properly
AXFR-style IXFR was refused and had to be retransfered
Hash character (#) was not properly escaped when storing text zone file
PR: 193969
Submitted by: erwin
Approved by: freebsd@dns-lab.com (maintainer)
- Patch libtool so it uses the same library version specification as on
Darwin, Linux and other systems. Given the version current:revision:age
a library will be given the extension .so.major.age.revision with major
equal to current-age. Before libtool would use .so.current on FreeBSD.
- Patch libtoolize to remove two cases of umask 0 that caused libltdl
files to be copied world writable (--ltdl option)
- Let USES=libtool patch this new version correctly
- Adjust all ports with USES=libtool:build and bump PORTREVISION on their
dependent ports if a library version changed
PR: 194068
Exp-run by: antoine
Approved by: portmgr (antoine)
Remove @dir* stuff from pkg-plist. @sample isn't documented properly
and isn't up to handling files with non-.sample suffix, so stay
away from that part of pkg-plist.
ChangeLog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
The Fedora 10 infrastructure ports have been in use since June 2009 and, while
having served a great deed, have become unsupported upstream and hence affected
by unfixed security vulnerabilities. In addition to that, many recent Linux
binaries need newer libc / stdlibc++ versions.
This commit adds the linux-c6- userland as drop-in replacement for the -f10
infrastructure, as well as upgrading the linux_base-c6 port to CentOS 6.5.
If you want to switch to linux-c6 ports, please define at /etc/make.conf:
OVERRIDE_LINUX_BASE_PORT=c6
OVERRIDE_LINUX_NONBASE_PORTS=c6
Additionally, please add the following line to /etc/sysctl.conf:
compat.linux.osrelease=2.6.18
Upgrading procedures are shown in /usr/ports/UPDATING.
This work has been inspired by Artyom Mirgorodskiy's post to emulation@ in
November 2013, using and extending mav@'s work. It has been tested extensively
and most reported issues were already fixed. Please report any additional bug
or "features" to the emulation mailing list.
Many thanks to: mav@, rene@, allanjude@, netchild@, antoine@, everyone who's
filed Issues and Pull requests on GitHub,
PR: 186820
Differential Revision: https://reviews.freebsd.org/D793
Reviewed by: allanjude, antoine, bapt, rene
Approved by: portmgr (antoine, bapt)
Approved by: koobs (mentor)
Sponsored by: Perceivon Hosting Inc.
+ Fix bug when resulted in NXDOMAIN answers instead of NODATA in some
circumstances.
+ Fix bug which caused dnsmasq to become unresponsive if it failed to
send packets due to a network interface disappearing.
+ Fix problem with --local-service option on big-endian platforms.
the patch must be reworked but this is a time consuming task.
In the meanwhile, I chose to revert updates and go back to the
last working version.
PR: ports/193556
Submitted by: rodrigo
Approved by: bapt (mentor)
The ports the depend on net/libnet10 should have been set to expire on
the same day as net/libnet10. That didn't happen, so postpone the removal
of libnet10 three weeks to afford an opportunity for 12 ports to migrate
to a new libnet.
- Use nsd instead of bind user
This release has new features and bugfixes. In nsd.conf you can
configure database: "" this makes NSD not use the large mmapped nsd.db
file, but instead read and write the zonefiles in text format, which
saves about 50% of the memory usage. Also zonefile reading and
writing has been optimised to be faster, as well as processing time
for zone transfers. NSD writes the (changed) zonefiles every hour.
The new nsd-checkzone tool reports if a zonefile parses so you can check
it before reading it into the daemon.
A bug is fixed where NSD 4 causes rising load average and memory
consumption on Linux systems, which is caused by a bug in Linux that
slowly deteriorates system performance by repeated recursive forks.
Full release notes: http://open.nlnetlabs.nl/pipermail/nsd-users/2014-September/002007.html
PR: 193332
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
Remove patches and hacks that were used to work around the previous
situation
This allows to stage more ports as a regular user
Differential Revision: https://reviews.freebsd.org/D703
Reviewed by and discussed with: bapt
With hat: portmgr
- Add USES=libtool and bump dependent ports
- Add INSTALL_TARGET=install-strip
- Always install libidn-components.png because it is used by libidn.info
- Add -lintl to Libs.private instead of Libs in libidn.pc
- Add USES=libtool and bump dependent ports
- Move variable definitions in front of include bsd.port.options.mk
- Replace patch with USES=pathfix
Approved by: portmgr (implicit, bump unstaged port)
- Mk/bsd.database.mk rewrite, new default to db5.
- db6 is eligible by default only if installed on the system.
- Bump PORTREVISION of all ports that directly depend on BerkeleyDB or
where USE_BDB is found in the port's directory
- Patch a few ports such that they will pick up or work with newer
versions.
- Add UPDATING entry
- Drive-by format fix for pks
- Drop BerkeleyDB option from mail/popular for now, requires more work.
- Exp-run logs linked from the PR below.
- Ports that do not build (IGNORE, BROKEN, etc.) have pro-forma changes
for new Berkeley DB, but are untested.
NOTE: please read UPDATING and the Wiki page before proceeding!
Announcement: http://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-August/000090.html
Wiki reference: https://wiki.freebsd.org/Ports/BerkeleyDBCleanup
PR: 192690
Approved by: portmgr (implicit, PORTREVISION bump on unstaged ports)
rubyforge.org shutdown on May 15, 2014. This commit accounts for that by doing
several things:
- Deprecate ruby that had only rubyforge.org as MASTER_SITES (and so are now
only fetchable via our cache)
- Deprecate ports that depend on those
- Update the WWW pkg-descr line that points to rubyforge.org for rubygem ports
(which are still fetchable from rubygems.org)
The next step will be to remove rubyforge.org from bsd.sites.mk, after these
deprecated ports are deleted.
Phabric: D591
With hat: ruby
Approved by: portmgr (because of committing to unstaged graphics/mingplot port)
to be used with awffull.
Provide a means for storing a history of DNS/Name changes for the IP Addresses
extracted from web log files. The major target being that multiple analyses of
older log files do not require re-lookups of IP Address to FQDNs, and
additionally maintain the accuracy of the lookup as it was then and not as it
is now.
WWW: http://www.stedee.id.au/dnshistory
