The Knot DNS Resolver is a caching full resolver implementation,
including both a resolver library and a daemon.
WWW: https://www.knot-resolver.cz/
PR: 212215
Submitted by: Leo Vandewoestijne <freebsd@dns-lab.com>
from here, also, make the upstream default options default for real.
While there, put back the BIND_TOOLS knobs in bind9-devel.
Sponsored by: Absolight
It appears the previous STORAGE ERROR was a compiler bug that got fixed
between the GCC 6.1 and 6.2 versions of gcc6-aux. Switch it and the
helper port devel/libspark2012 over to it, which are the last two ports
that depend on lang/gcc6-aux.
Submitted by: Andrew Fengler <andrew.fengler@scaleengine.com>
Reviewed by: matthew
Approved by: zi (maintainer)
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D7488
Add gettext-tools to NLS_USES_OFF because otherwise it fails
to configure.
While here, pet portlint by moving PORTREVISION to proper place.
PR: 210342
Submitted by: matthew@reztek.cz
Approved by: maintainer timeout (>1 month)
- Add upstream patch 115f658ee2000a4cdcc13e999da50b3634c6a907
- Patch dns/powerdns-recursor as well
PR: 212016
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Reported by: Ralf van der Enden <tremere@cainites.net> (maintainer)
MFH: 2016Q3
- Portability fix for systems where socklen_t is bigger than int.
- Fix for malicious optimisation of memcpy in test suite, which
causes failure with gcc-4.1.9 -O3. See Debian bug #772718.
- Fix TCP async connect handling. The bug is hidden on Linux and on most
systems where the nameserver is on localhost. If it is not hidden,
adns's TCP support is broken unless adns_if_noautosys is used.
- Fix addr queries (including subqueries, ie including deferencing MX
lookups etc.) not to crash when one of the address queries returns
tempfail. Also, do not return a spurious pointer to the application
when one of the address queries returns a permanent error (although,
the application almost certainly won't use this pointer because the
associated count is zero).
- adnsresfilter: Fix addrtextbuf buffer size. This is not actually a
problem in real compiled code but should be corrected.
- Properly include harness.h in adnstest.c in regress/. Suppresses
a couple of compiler warnings (implicit declaration of Texit, etc.)
- Restore configurable IPV6 option. Upstream integrated fix for issue.
- FEATURES:
* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix#790: size-limit-xfr can stop NSD from downloading infinite zone transfer
data size, from Toshifumi Sakaguchi.
Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.
- BUGFIXES:
* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix#783: Trying to run a root server without having configured it silently
gives wrong answers.
* Fix#782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.
PR: 211693
Submitted by: jaap@NLnetLabs.nl (maintainer)
Security: CVE-2016-6173
Security: https://vuxml.FreeBSD.org/freebsd/7d08e608-5e95-11e6-b334-002590263bf5.html
MFH: 2016Q3
and PLIST for Linux ports. LINUX_RPM_ARCH is the CPU targetted by a
package and LINUX_REPO_ARCH is like our ARCH which is more suitable. This
only affects Centos 6 ports because they are the only ones where
LINUX_REPO_ARCH != LINUX_RPM_ARCH.
- New MASTER_SITES, old one gone
- provide a new web site
- add license (BSD 2 clause)
- take MAINTAINER, currently ports@
- pkg-descr - additions, and reflow
PR: 211412
Submitted by: Chris Hutchinson <portmaster@bsdforge.com>
Man pages are installed to the wrong directory. Consequently, they are not
compressed and also don't work. Fix is simple and attached.
PR: 211294
Submitted by: Nikolai Lifanov <lifanov@mail.lifanov.com>
- python 2.x and python 3.x are now supported from the single codebase,
so kick off all the python version distinction shims
- remove permission safeness bits because they are not needed anymore
(tested both with poudriere generated package and user generated package)
- general clean-up
- Switch to options helpers
This release is primarily focused on ironing out the issues on the migration path from 1.4 to 2.0. Besides that there are no functional changes.
* Fixed crash and linking issue in ods-migrate.
* Fixed case where 2.0.0 could not read backup files from 1.4.10.
* Fixed bug in migration script where key state in the database wasn't transformed properly.
PR: 211403
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
Remove the IPv6 option that is causing builds to fail when it is
disabled. The issue does not affect package users, as it was a default
option.
The issue has been fixed upstream [1] and will be included/renabled
in the next version update.
While I'm here:
* Switch to USES=ssl
* Add --enable-ipv6 in CONNFIGURE_ARGS to ensure it's explicitly enabled
[1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=800
PR: 211303
Reported by: <vfx9as gmail com>
Approved by: maintainer <jaap NLnetLabs nl>
MFH: 2016Q3
everything at once. Sometime, rename post-install into a options helper
target.
I did not fix ports that were such a mess that I could not figure out
what they really wanted to do. I also did not change ports that had
some version of an auto-plist code in post-install, for the same reason.
With hat: portmgr
Sponsored by: Absolight
- Properly respect ${CC}
- Cosmetic fixes
- Mark broken on 9.x due to too long username
PR: 210885
Submitted by: freebsd@toyingwithfate.com (maintainer)
so it was rechristened opendnssec Version 2.
To quote the announcement at <https://www.opendnssec.org>:
"OpenDNSSEC got a entire re-write of the enforcer. This part of
OpenDNSSEC controls changing signing keys in the right way to perform
a roll-over. Before, the enforcer would perform a roll-over according
to a strict paradigm. One scenario in which deviations would not be
possible.
The new enforcer is more aware of the zone changes being propagated in
the Internet. It can therefore decide when it is safe to make changes,
rather than to rely upon a given scenario.
PR: 211018
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
Sponsored by: DK Hostmaster A/S
