and strongly-consistent key-value store. It scales horizontally;
survives disk, machine, rack, and even datacenter failures with
minimal latency disruption and no manual intervention; supports
strongly-consistent ACID transactions; and provides a familiar SQL
API for structuring, manipulating, and querying data.
CockroachDB is inspired by Google's Spanner and F1 technologies, and
it's completely open source.
PR: 221635
Submitted by: James Nugent <freebsd@jen20.com>
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D12088
Jackett works as a proxy server: it translates queries from apps
(Sonarr, Radarr, SickRage, CouchPotato, Mylar, etc) into
tracker-site-specific http queries, parses the html response, then sends
results back to the requesting software. This allows for getting recent
uploads (like RSS) and performing searches. Jackett is a single
repository of maintained indexer scraping & translation logic - removing
the burden from other apps.
WWW: https://github.com/Jackett/Jackett
PR: 218458
and the Japan Vulnerability Notes (JVN). NVD and JVN contain security
vulnerabilities according to their CVE identifiers, including exhaustive
information and a risk score. The local copy is generated in sqlite format, and
the tool has a server mode for easy querying.
WWW: https://github.com/kotakanbe/go-cve-dictionary/
PR: 220561
Submitted by: Alexandru Ciobanu <iscandr@gmail.com> (maintainer)
Reviewed by: matthew (mentor), koobs, mat
Approved by: matthew (mentor)
Differential Revision: https://reviews.freebsd.org/D11745
FRRouting (FRR) is an IP routing protocol suite for Linux and Unix platforms
which includes protocol daemons for BGP, IS-IS, OSPF and RIP. FRR has its roots
in the Quagga project.
WWW: https://frrouting.org/
Sponsored by: Orange
Ceph is a distributed object store and file system designed to
provide excellent performance, reliability and scalability.
PR: 217046
Submitted by: Willem Jan Withagen <wjw@digiware.nl>
Reported by: Willem Jan Withagen <wjw@digiware.nl>
Reviewed by: asomers, feld, mat, mmokhi
Approved by: asomers, feld (mentor)
Differential Revision: https://reviews.freebsd.org/D9584
Samhain is an open source file integrity and host-based intrusion
detection system for Linux and Unix. It can run as a daemon process,
and and thus can remember file changes - contrary to a tool that runs
from cron, if a file is modified you will get only one report, while
subsequent checks of that file will ignore the modification as it is
already reported (unless the file is modified again).
Samhain can optionally be used as client/server system to provide
centralized monitoring for multiple host. Logging to a (MySQL or
PostgreSQL) database is supported.
PR: 214623
Submitted by: Nikola Kolev <koue@chaosophia.net>
- enables privilege separation
- removes the build dependency on asciidoctor
- removes the runtime dependency on makeinfo and readline
- add a runtime dependency on libedit
- do not install the HTML documentation (in favour of man pages)
- update the post-install message (pkg-message) in light of privilege separation
- set the permission of /var/db/chrony to the new "chronyd" user and group
PR: 216737
Submitted by: maintainer
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D9570
This update introduces a dedicated user for uwsgi and introduces the
uwsgi_socket_owner setting which by default is set to www:www. The
previous change to socket mode of 600 has been modified to 660 as well.
This change further increases security while restoring compatibility.
MFH: 2017Q1
Differential Revision: https://reviews.freebsd.org/D9398
- Add missing run depends
- Add rc script
- Add example configs
- Add instructions to pkg-message
- Add user for daemon to run as non-root
- Add patch to run with newer nacl
- Take maintainership
Approved by: maintainer (private communications)
Differential Revision: https://reviews.freebsd.org/D9228
Lightdm is a display manager that:
* Is cross-desktop - supports different desktops
* Supports different display technologies
* Is lightweight - low memory usage and fast performance
* Has a comprehensive test suite
WWW: https://www.freedesktop.org/wiki/Software/LightDM/
lightdm-gtk-greeter is the reference GTK+ greeter for LightDM.
WWW: https://launchpad.net/lightdm-gtk-greeter
Approved by: adamw (mentor, implicit)
Horizon is a Django-based project aimed at providing
a complete OpenStack Dashboard along with an extensible framework
for building new dashboards from reusable components.
PR: 215155
Submitted by: Alexander Nusov (alexander.nusov@nfvexpress.com)
Recursive DNS/DNSCurve server and comandline tool to debug DNS/DNSCurve
WWW: https://mojzis.com/software/dq/
PR: 215073
Submitted by: Piotr Kubaj <pkubaj@anongoth.pl>
Please note that this is a development version of nova.
Many features are not available.
Currently nova works on FreeBSD 11 and supports QEMU and Xen.
Common issues:
- Security groups are not implemented
- ARP spoofing, DHCP isolation protection are not implemented
- Nova services work from the root user
- No IPv6 support
QEMU issues:
- Need to enable serialconsole (TCP)
- Need to disable online CPU tracking
- Cannot mount cinder volumes
Xen issues:
- Live snapshots don't work
- No support for cinder volume hot-plugging
- XENBUS delay (5 min) when using qemu driver and COW images
- Some Linux images cannot be booted
For further FreeBSD specific notes please refer to port's pkg-message.
PR: 215151
Submitted by: Alexander Nusov (alexander.nusov@nfvexpress.com)
- Rewrite the rc script with new options that allows users to:
- set config file.
- set datadir.
- set bitcoin limits.
PR: ports/213235
Submitted by: Christopher Hall <hsw@bitmark.com>
Approved by: maintainer timeout (1 month)
- Set permissions properly on ETCDIR
- Add an information on znc user/group to pkg-message
- Pass maintainership to dbaio
PR: 200005
Submitted by: josh+freebsd@zevlag.com, dbaio@bsd.com.br
Nexus Repository Manager OSS provides you with an essential level of control
over the external repositories you use and the internal repositories you create.
It provides infrastructure and services for organizations that use repository
managers to obtain and deliver software. If you create software libraries or
applications for your end users, you can use Nexus Repository Manager OSS to
distribute your software. If your software depends on open source software
components, you can cache software components from remote repositories.
Nexus Repository Manager OSS features:
- Hosting repositories
- Proxy remote repositories
- Repository groups
- Numerous repository formats
- Hosting project websites
- Fine-grained security model
- Flexible LDAP integration
- Component search
- Scheduled rasks
- REST services
- Integration with m2eclipse
WWW: https://www.sonatype.com/nexus-repository-oss
PR: 203074
Submitted by: Dusan Vejnovic <freebsd@dussan.org>, Michael Osipov <1983-01-06@gmx.net> (maintainer)
Reviewed by: feld, junovitch, koobs (mentors)
Approved by: feld, junovitch, koobs (mentors)
FastDFS is an open source high performance distributed file system (DFS).
It's major functions include: file storing, file syncing and file accessing,
and design for high capacity and load balance.
WWW: https://github.com/happyfish100/fastdfs
PR: 213311
Submitted by: Daniel Ylitalo <daniel@blodan.se>
Summary:
Add 'rtg' user and group in UIDs/GIDs.
Use daemon(8) to daemonize rtgpoll.
Add prestart commands to set correct permissions for RTG's files.
Reviewers: swills, allanjude, xmj, andrew.fengler_scaleengine.com, #contributor_reviewers_ports, matthew
Reviewed By: #contributor_reviewers_ports, matthew
Subscribers: matthew, mat
Differential Revision: https://reviews.freebsd.org/D7486
OpenMDNS is a full implementation of MDNS/DNS-SD, it aims to be a light
replacement for Avahi/Bonjour. Currently OpenMDNS is about 10% of the size
of Avahi.
http://www.haesbaert.org/openmdns/
Prometheus is a systems and service monitoring system. It collects metrics
from configured targets at given intervals, evaluates rule expressions,
displays the results, and can trigger alerts if some condition is observed
to be true.
Prometheus' main distinguishing features as compared to other monitoring
systems are:
- a multi-dimensional data model (timeseries defined by metric name and
set of key/value dimensions)
- a flexible query language to leverage this dimensionality
- no dependency on distributed storage; single server nodes are autonomous
- timeseries collection happens via a pull model over HTTP
- pushing timeseries is supported via an intermediary gateway
- targets are discovered via service discovery or static configuration
- multiple modes of graphing and dashboarding support
- support for hierarchical and horizontal federation
WWW: https://prometheus.io/
PR: 212468
Submitted by: Jev Bjoersell <jev@ecadlabs.com>
The Knot DNS Resolver is a caching full resolver implementation,
including both a resolver library and a daemon.
WWW: https://www.knot-resolver.cz/
PR: 212215
Submitted by: Leo Vandewoestijne <freebsd@dns-lab.com>
ufdbGuard is a URL filter for the Squid web proxy. Besides blocking
access from PCs and smartphones to undesired websites, ufdbGuard
has safety features to make browsing safer and to block remote
access. ufdbGuard supports configuration of groups with different
web access policies, SafeSearch enforcement, SSH tunnel detection,
safer HTTPS traffic, time-based access rules and much more.
WWW: https://www.urlfilterdb.com/
PR: 212044
Submitted by: Pavel Timofeev <timp87@gmail.com>
People always go to the end and see that it's 999 and that we must be
out of entries. Now, they'll just have to pick a free entry.
Generated with (should be idempotent):
awk -F: '$3>=100 && $3 < 1000 && $3 != old+1 && !/^#/ {while (old+1 <= $3-1) {old=old+1; print "# free: "old}} /^# free/ {next} {print; old=$3}' UIDs
Discussed with: swills (on irc)
Sponsored by: Absolight
Sndio is a small audio and MIDI framework part of the OpenBSD project.
It provides an lightweight audio & MIDI server and a fully documented
user-space API to access either the server or directly the hardware in
a uniform way. Sndio is designed to work for desktop applications,
but pays special attention to synchronization mechanisms and
reliability required by music applications. Reliability through
simplicity are part of the project goals.
WWW: http://www.sndio.org/
PR: 210124
Submitted by: Tobias Kortkamp <t@tobik.me>
Uchiwa is a simple dashboard for the Sensu monitoring framework.
WWW: http://uchiwa.io/
PR: 210071
Submitted by: Alexander Holte-Davidsen <ports@treg.io>
- Update rc.d script to run as davmail user rather than root
- Update rc.d script to take advantage of daemon(8) rather than hand-rolling
process management
- Update rev info (checksums, refresh patches, etc.)
- Remove .md5 files
- Appease testport by removing empty dirs in STAGEDIR not in plist
UIDs/GIDs: add davmail user
Changes: https://sourceforge.net/p/davmail/code/2427/tree/trunk/releasenotes.txt
PR: 209354
Submitted by: John Hein <z7dr6ut7gs@snkmail.com>
Approved by: maintainer timeout (7 weeks)
Tile38 is an open source (MIT licensed), in-memory geolocation data store,
spatial index, and realtime geofence. It supports a variety of object types
including lat/lon points, bounding boxes, XYZ tiles, Geohashes, and GeoJSON.
Features:
Spatial index with search methods such as NEARBY, WITHIN, and INTERSECTS.
Realtime geofencing through persistent sockets or webhooks.
Object types of lat/lon, bbox, Geohash, GeoJSON, QuadKey, and XYZ tile.
Support for lots of Clients Libraries written in many different langauges.
Variety of client protocols, including http (curl), websockets, telnet,
and the Redis RESP.
Server responses are RESP or JSON.
Full command line interface.
Leader / follower replication.
In-memory database that persists on disk.
WWW: http://tile38.com/
PR: 210147
Submitted by: olevole@olevole.ru
to deploy applications across an infrastructure. Deploy virtualized,
containerized, or standalone application workloads across a fleet of
servers to maximize resource utilization.
https://www.nomadproject.io/
PR: 210456
Submitted by: John Hixson <jhixson@gmail.com>
ntopng is a new generation flexible and feature-rich tool for monitoring and
troubleshooting local area networks. It provides command line and web
interfaces, the latter via an embedded web server. ntop is based on libpcap.
WWW: http://www.ntop.org/products/ntop/
NTP Analyzer is a tool dedicated to analyze the operation of time
servers.
NTP Analyzer works by collecting data from the ntp daemon. Graphs
and web pages can then be generated to visualize the activities of
hosts and peers.
WWW: https://bitbucket.org/anguist/ntpa
PR: 208940
Submitted by: Carsten Larsen <cs at innolan.dk>
MLVPN allow to bond your internet links to increase bandwidth, secure your
internet connection by actively monitoring your links and removing the faulty
ones, without loosing your TCP connections and secure your internet connection
to the aggregation server using cryptography.
WWW: https://zehome.github.io/MLVPN/
Approved by: mat
Differential Revision: https://reviews.freebsd.org/D6034
hfm is an application to run tests in parallel at a high frequency.
If the outcome of the test results in a state change, other commands
can be executed.
It is designed to be a general purpose, loosely-coupled tool, by
having both the tests and the state change commands be executed by
the operating system. For example, one could write the test in
shell or c, and have it called through the exec facility.
In practice, the overhead of spawning a new process per test limits
frequency that can be achieved by the tests, and their results.
Anecdotally, 5ms intervals have been seen to be achievable.
An example application is to poll other network services for health,
and to take actions based on their health status changes.
WWW: https://github.com/derekmarcotte/hfm
PR: 207392
Submitted by: 554b8425@razorfever.net
Graylog is a centralized log server that accepts various structured
and unstructred log data. Logs are stored in Elasticsearch. Graylog
let's you search and analyze logs using a REST HTTP API.
WWW: http://www.graylog.org
PR: 199894
Submitted by: Thomas Bartelmess <thomas@bartelmess.io>
The guacamole-server package is a set of software which forms the
basis of the Guacamole stack. It consists of guacd, libguac, and
several protocol support libraries.
guacd is the Guacamole proxy daemon used by the Guacamole web
application and framework. As JavaScript cannot handle binary
protocols (like VNC and remote desktop) efficiently, a new test-based
protocol was developed which would contain a common superset of the
operations needed for efficient remote desktop access, but would
be easy for JavaScript programs to process. guacd is the proxy which
translates between arbitrary protocols and the Guacamole protocol.
WWW: https://github.com/glyptodon/guacamole-server
PR: 202754
Submitted by: Ultima1252@gmail.com
various devices like: Lights, Switches, various sensors/meters like
Temperature, Rain, Wind, UV, Electra, Gas, Water and much more.
Notifications/Alerts can be sent to any mobile device
WWW: http://www.domoticz.com/
PR: 205583
Submitted by: kiwi@oav.net
Grafana is an open source, feature rich metrics dashboard
and graph editor for Graphite, InfluxDB & OpenTSDB.
WWW: https://github.com/grafana/grafana
PR: 201682
Submitted by: Thomas Bartelmess <thomas@bartelmess.io>, loic.blot@unix-experience.fr
Reviewed by: koobs
titus is a TLS/SSL proxy server (like stunnel or stud) that protects you
from vulnerabilities in the TLS implementation such as Heartbleed (or
worse).
titus requires FreeBSD 10.2 or newer due to PROC_TRACE_CTL which was
introduced at r277322
- Create a separate plist file
- Add @sample option to the sample file
- Rename rc script without .sh suffix
- Switch from postfix user to _rmilter dedicated user
- Add _rmilter:_rmilter to UIDs/GIDs
- Add UPDATING entry
Staging was broken due to touching /root/.java during build
UID and GID was lost in old copy of the review
While here, also fix hardcoded path to ETCDIR
Pointyhat: me
Differential Revision: https://reviews.freebsd.org/D4083
There might be some rough edges with getting it running properly, but
time will tell.
Add UID/GID 158 for pootle.
Differential Revision: https://reviews.freebsd.org/D1234
Riak CS is an object storage system built on top of Riak. It facilitates
storing large objects in Riak and presents an S3-compatible interface. It also
provides multi-tenancy features such as user accounts, authentication, access
control mechanisms, and per account usage reporting.
WWW: https://github.com/basho/riak_cs
Submitted by: Scott Kamp (based on)
Stanchion is an application to enforce the serialization of requests. It
consists of two main parts: a simple HTTP interface and a processing backend
that manages requests and interacts with a local Riak instance.
WWW: https://github.com/basho/stanchion
Submitted by: Scott Kamp (based on)
- now uses UIDs/GIDs
- fix build in certain cases
PR: 198436, 202467
Submitted by: Pavel Nedoshivkin <nedoshivkin@gmail.com>, dim
Approved by: maintainer (timeout)
SOGo is a fully supported and trusted groupware server with a focus on
scalability and open standards. It provides a rich AJAX-based Web
interface and supports multiple native clients through the use of
standard protocols such as CalDAV, CardDAV and GroupDAV.
WWW: http://sogo.nu/
PR: 200750
Submitted by: Euan Thoms <euan@potensol.com>
This is a port of dnscrypt-wrapper, which adds dnscrypt support to any name
resolver. It is the server-side counterpart of dnscrypt-proxy, and is in
fact derived from its source.
PR: 200015
Submitted by: freebsd@toyingwithfate.com
Approved by: feld (mentor)
Differential Revision: https://reviews.freebsd.org/D3535
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is
to be a secure, small, fast and configurable VPN server. It implements
the OpenConnect SSL VPN protocol, and has also (currently experimental)
compatibility with clients using the AnyConnect SSL VPN protocol.
The OpenConnect protocol provides a dual TCP/UDP VPN channel, and
uses the standard IETF security protocols to secure it. Both IPv4
and IPv6 are supported.
Ocserv's main features are security through provilege separation
and sandboxing, accounting, and resilience due to a combined use
of TCP and UDP. Authentication occurs in an isolated security
module process, and each user is assigned an unprivileged worker
process, and a networking (tun) device. That not only eases the
control of the resources of each user or group of users, but also
prevents data leak (e.g., heartbleed-style attacks), and privilege
escalation due to any bug on the VPN handling (worker) process. A
management interface allows for viewing and querying logged-in
users.
WWW: http://www.infradead.org/ocserv/
PR: 202253
Submitted by: Carlos Jacobo Puga Medina <cpm@fbsd.es>
Reviewed by: pi
Change the home directory of the quagga user to /var/empty which prevent QA
First the home does not need to be harcoded to /usr/local/etc/quagga, second
it fixes issues where the home created by the user addition is 755 then the
plist modifies it to 750
Reviewed by: mat
Approved by: mat (maintainer)
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D3135
Vault is a tool for securely accessing secrets. A secret is anything that you
want to tightly control access to, such as API keys, passwords, certificates,
and more. Vault provides a unified interface to any secret, while providing
tight access control and recording a detailed audit log.
WWW: https://vaultproject.io/
An open-source, distributed, time series database with no external dependencies.
WWW: http://influxdb.com
PR: 198073
Submitted by: Stefan Lambrev <cheffo@freebsd-bg.org>
Orthanc aims at providing a simple, yet powerful standalone DICOM
server. It is designed to improve the DICOM flows in hospitals and to
support research about the automated analysis of medical images.
Orthanc can turn any computer running Windows, Linux, FreeBSD or OS X
into a DICOM store (in other words, a mini-PACS system). Its
architecture is lightweight and standalone, meaning that no complex
database administration is required, nor the installation of third-party
dependencies.
What makes Orthanc unique is the fact that it provides a RESTful API.
Thanks to this major feature, it is possible to drive Orthanc from any
computer language. The DICOM tags of the stored medical images can be
downloaded in the JSON file format. Furthermore, standard PNG images can
be generated on-the-fly from the DICOM instances by Orthanc.
Orthanc lets its users focus on the content of the DICOM files, hiding
the complexity of the DICOM format and of the DICOM protocol.
WWW: http://www.orthanc-server.com/
PR: 199146
Submitted by: mp39590@gmail.com
to 3.0.5572.0.
The user and group names have change, but the uid/gid remain the same.
The port will continue to use the old database and user/group names if
they exist, but will default to the new names for new installs.
Instructions are in pkg-message for how to manually migrate things
yourself.
PR: 199093
Submitted by: maintainer (Ben Woods)
Riemann monitors low-latency, transient shared state for systems with many
moving parts.
Riemann aggregates events from your servers and applications with a powerful
stream processing language. Send an email for every exception raised by your
code. Track the latency distribution of your web app. See the top processes
on any host, by memory and CPU. Combine statistics from every Riak node in
your cluster and forward to Graphite. Send alerts when a key process fails
to check in. Know how many users signed up right this second.
WWW: http://riemann.io/
PR: 197403
Submitted by: Dave Cottlehuber <dch@skunkwerks.at>
Media Browser Server is a home media server built on top of other popular
open source technologies such as Service Stack, jQuery, jQuery mobile,
and Mono.
It features a REST-based api with built-in documention to facilitate
client development. We also have client libraries for our api to enable
rapid development.
WWW: http://mediabrowser.tv/
PR: 194634
Submitted by: Ben Woods
Server Density Agent for FreeBSD
Monitor CPU, memory, disk usage, network, Apache, MySQL + more via the
ServerDensity platform.
WWW: https://www.serverdensity.com/
PR: 191562
Submitted by: arcade (b1t.name)
Welcome to Rundeck, the human interface to your operations. Rundeck
features fine-grain access controls, a built-in job scheduler, and the
ability to define workflows that dispatch commands and scripts to your
nodes.
The open source Calendar and Contacts Server project is a standards-compliant
server implementing the CalDAV and CardDAV protocols (RFC 4791, RFC 6352).
It provides a shared location on the network allowing multiple users to store
and edit calendaring and contact information.
WWW: http://www.calendarserver.org
PR: 186201 (with changes)
Submitted by: Axel.Rau Chaos1 de
Kamailio is an open source SIP proxy server that is capable of
handling thousands of up calls in a second. Among the features
it provides, are support for TCP, UDP and SCTP, secure communication
via TLS for VoIP (voice, video), accounting, the most popular open
source databases and much more.
Originally starting out as the SIP Express Router (SER) project by
the Fraunhofer Society in 2001, the design team got together in
2008, merged old and new source code and rebranded SER to Kamailio.
WWW: http://www.kamailio.org/
PR: 181301
Submitted by: Oliver Mahmoudi <olivermahmoudi@gmail.com>
Reviewed by: marino
- Use nsd instead of bind user
This release has new features and bugfixes. In nsd.conf you can
configure database: "" this makes NSD not use the large mmapped nsd.db
file, but instead read and write the zonefiles in text format, which
saves about 50% of the memory usage. Also zonefile reading and
writing has been optimised to be faster, as well as processing time
for zone transfers. NSD writes the (changed) zonefiles every hour.
The new nsd-checkzone tool reports if a zonefile parses so you can check
it before reading it into the daemon.
A bug is fixed where NSD 4 causes rising load average and memory
consumption on Linux systems, which is caused by a bug in Linux that
slowly deteriorates system performance by repeated recursive forks.
Full release notes: http://open.nlnetlabs.nl/pipermail/nsd-users/2014-September/002007.html
PR: 193332
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
- Separate dtv-scan-tables in his own port
- Add XMLTV option
- Create a new user/group for tvheadend
- Improve tvheadend startscript
- Convert manual patching to USES=shebangfix
Submitted by: Dreamcat4 <dreamcat4@gmail.com>
pkg-message suggesting a user to create user and group
manually
- Add uid/gid to the UID and GID files respectively
- Add an UPDATING entry to suggest users of scanlogd to
drop existing users to avoid conflicts
- Bump PORTREVISION
PR: 191948
Submitted by: TEUBEL György
-Utilize opendns if no provider configured to preserve documented behavior
-rc script passes rclint
-Fix the _dnscrypt-proxy user's home directory and add UPDATING entry
PR: 190406
Submitted by: AllanJude
- zetacoind now runs as the zetacoin user
- Fixed stop function in rc.d script
- Minor changes to pkg-message.in, pkg-plist, and rc.d script to use the PORTNAME variable
- Remove patch files: patch-src__serialize.h and patch-src__rpcdump.cpp since they are no longer needed.
- Added user and group "zetacoin" to ports/UIDs and ports/GIDs
- Added update instructions to ports/UPDATING
PR: 188567
Submitted by: daniel@morante.net (maintainer)
