- Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation
of DNSSEC signatures". An issue has been found in the DNSSEC
validation component of PowerDNS Recursor, allowing an ancestor
delegation NSEC or NSEC3 record to be used to wrongfully prove the
non-existence of a RR below the owner name of that record. This
would allow an attacker in position of man-in-the-middle to send a
NXDOMAIN answer for a name that does exist.
The 4.0.x branch is not vulnerable.
- Add support for algo16 and simplify Lua/LuaJIT engine choice.
PR: 225397
Submitted by: maintainer
Security: CVE-2018-1000003
- Mark CONFLICTS_INSTALL with dns/powerdns-recursor
- Chase shlib change of security/botan2
- Bump PORTREVISION for dependency change
PR: 225178
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
- Mark CONFLICTS_INSTALL with dns/powerdns-recursor40
- Chase shlib change of security/botan2
- Bump PORTREVISION for dependency change
PR: 225177
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
https://kb.isc.org/article/AA-01314/0
Tunes certain compiled-in constants and default settings to
values better suited to large servers with 12/16GB+ of memory.
This can improve performance on such servers, but will consume
more memory and may degrade performance on smaller systems.
PR: 224859
Sponsored by: Absolight
variables deprecation revision
WITHOUT_NLS 2013-12-13 r336337
WITH_/WITHOUT_ 2014-02-24 r345870
NOPORT(DOC|EXAMPLE)S 2014-04-19 r351587
WITH_BDB_VER 2016-05-02 r414444
OVERRIDE_LINUX_BASE_PORT 2016-09-05 r421387
WITH_OPENSSL_(BASE|PORT) 2016-06-16 r416965
While there, add an ERROR variable that works like DEV_ERROR, but for
user facing errors, and move NOPORTDOCS,
NOPORTEXAMPLES and WITHOUT_NLS to it.
Cleanup bsd.sanity.mk a bit.
Fix fallout.
PR: 224613
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D13490
2017-12-31 security/gnupg20: Will reach EOL upstream on 2017-12-31
2018-01-01 dns/dualserver: Please migrate to dns/dnsmasq. Over the years dualserver becomes unmaintenaible.
2018-01-01 devel/p5-Parse-Pidl44: yes
2018-01-01 sysutils/DTraceToolkit: Now maintained as part of the base system
This update replaces the default resolver used by
dnscrypt-proxy (cisco/OpenDNS) by a random one that
does not log entries and supports dnssec.
- Improve pkg-message's.
- Fix MASTER_SITES.
- Reorder Makefile variable's.
- Update WWW.
PR: 223222
Submitted by: Vinícius Zavam <egypcio@googlemail.com>
Reviewed by: dbaio, garga, mat
Approved by: Leo Vandewoestijne <freebsd@dns-lab.com>
(maintainer, previous patch, then timeout)
Differential Revision: https://reviews.freebsd.org/D12775
