- performance improvement over the P1 releases, namely
+ significantly remedying the port allocation issues
+ allowing TCP queries and zone transfers while issuing as many
outstanding UDP queries as possible
+ additional security of port randomization at the same level as P1
- also includes fixes for several bugs in the 9.5.0 base code
- Change default OpenLDAP version to 2.4
- Remove OpenLDAP 2.2 support, the port has been gone for some time now
- Add -DDEPRECATED to CFLAGS for all OpenLDAP using ports
PR: ports/123602, ports/124115, ports/125605
Submitted by: delphij, Jens Rehsack <rehsack@web.de>,
Yuri Pankov <yuri.pankov@gmail.com>
- Remove USE_GTK, it's no longer used
PR: ports/123528
Submitted by: mezz
- Use PATCH_WRKSRC instead of WRKSRC in do-patch target
PR: ports/124169
Submitted by: Max Brazhnikov <makc@issp.ac.ru>
- Remove USE_XPM, it's been replaced by USE_XORG+=xpm
PR: ports/124506
Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua>
- Minor fixups for bsd.port.mk
PR: ports/122675
Submitted by: linimon
- Remove stale comment about USE_GETOPT_LONG
PR: ports/124521
Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua>
- Correct comment about default fetch arguments
PR: ports/125334
Submitted by: Gary Palmer <freebsd-gnats@in-addr.com>
of the UDP query-source ports. The server will still use the same query
port for the life of the process, so users for whom the issue of cache
poisoning is highly significant may wish to periodically restart their
server using /etc/rc.d/named restart, or other suitable method.
In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] option.
The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.
Also please note, this issue applies only to UDP query ports. A random
ephemeral port is always chosen for TCP queries.
This issue applies primarily to name servers whose main purpose is to
resolve random queries (sometimes referred to as "caching" servers, or
more properly as "resolving" servers), although even an "authoritative"
name server will make some queries, primarily at startup time.
This update addresses issues raised in:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447http://www.kb.cert.org/vuls/id/800113http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
Some of the important features of BIND 9 are:
DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests)
IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA)
Experimental IPv6 Resolver Library
DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0
Improved standards conformance
Views: One server process can provide multiple "views" of the DNS namespace,
e.g. an "inside" view to certain clients, and an "outside" view to others.
Multiprocessor Support, including working threads in this version
BIND 9.5 has a number of new features over previous versions, including:
GSS-TSIG support (RFC 3645), DHCID support
Experimental http server and statistics support for named via xml
More detailed statistics counters, compatible with the ones supported in BIND 8
Faster ACL processing
Efficient LRU cache cleaning mechanism.
NSID support (RFC 5001).
Rink Springer also asked me if he could maintain his own ports. Change
maitainership of games/sudsol, net/freedbd and net/kissd to Rink.
Approved by: philip (mentor), rink
<joe@joeholden.co.uk>
(reason: 553 5.3.5 system config error)
----- Transcript of session follows -----
553 5.3.5 127.0.0.1. config error: mail loops back to me (MX problem?)
554 5.3.5 Local configuration error
The affected ports are the ones with gettext as a run-dependency
according to ports/INDEX-7 (5007 of them) and the ones with USE_GETTEXT
in Makefile (29 of them).
PR: ports/124340
Submitted by: edwin@
Approved by: portmgr (pav)
