This update contains a security fix for CVE-2020-14196.
The issue is:
CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction.
In the default configuration the API webserver is not enabled. Only installations using a non-default value for webserver and webserver-address are affected.
As usual, there were also other smaller enhancements and bugfixes. In particular, the 4.3.2 release contains fixes that allow long CNAME chains to resolve properly, where previously they could fail if qname minimization is enabled.
PR: 247707
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
MFH: 2020Q3
Security: 641cd669-bc37-11ea-babf-6805ca2fa271
Sponsored by: Netzkommune GmbH
- Update to git snapshot 99c2f1c
- Remove patches, already merged upstream
- Remove SEARCH_DOMAINS option
- Remove unsupported CONFIGURE_ARGS
- Add WWW entry to pkg-descr
Thanks to Greg V for working with upstream in upstreaming
the patches and additional fixes
PR: 211738
Update to the latest upstream release. While here, remove obsd.isc.org
from MASTER_SITES, since it does not resolve.
Approved by: maintainer (zi@)
Sponsored by: Miles AS
Differential Revision: https://reviews.freebsd.org/D24689
June 06, 2020. KDE today announces the release of KDE Frameworks 5.71.0.
KDE Frameworks are over 70 addon libraries to Qt which provide a wide variety
of commonly needed functionality in mature, peer reviewed and well tested
libraries with friendly licensing terms. For an introduction see the KDE
Frameworks web page.
This release is part of a series of planned monthly releases making
improvements available to developers in a quick and predictable manner.
Announcement:
https://kde.org/announcements/kde-frameworks-5.71.0
Exp-run by: antoine
PR: 247240
These changes largely fall into just two categories:
1. Need textproc/gsed for GNU extensions
2. Extraneous escapes that can go away
For #1, there's a further subdivision into those that require autoconf magic
and those that can get away with BINARY_ALIAS=sed=${LOCALBASE}/bin/gsed.
-CURRENT will soon gain GNU extensions, but these will take longer to get to
all supported releases; we must switch them to gsed to ensure we're actually
properly building them as intended.
For #2, I've fixed these as I can and we should upstream these fixes.
PORTREVISION is bumped for all of the above, because we will almost
certainly build these differently when the replacements actually start
working.
These were all detected by the below-referenced exp-run [1]. The patch
included forbids many ordinary characters from being escaped, since we'll
later imbue those with special meanings. This has had the nice side effect
of picking up various things that we didn't handle properly, e.g. \t and \r
for tab and carriage return.
PR: 229925 [1]
Approved by: koobs (mentor)
Approved by: portmgr (blanket: trivial build fixes)
MFH: no (invasive risk)
Differential Revision: https://reviews.freebsd.org/D25185
- Remove devel/cargo-tree since it is now integrated into cargo
- Add patch to fix build with LibreSSL 3.1.x and 3.2.0 [1]
- Force rebuild all consumers to catch regressions early
Changes: https://blog.rust-lang.org/2020/06/04/Rust-1.44.0.html
PR: 246332 [1]
Tested by: mikael, tobik
With hat: rust
Differential Revision: https://reviews.freebsd.org/D25099
