particularly with NLS enabled when libidn was built without NLS.
While here, group OPTIONS and clean up things a bit, and print
configuration of port and libidn port for debugging.
The particular build failure was
Reported by: Yuri Vorobyev
Changelog: <http://www.thekelleys.org.uk/dnsmasq/CHANGELOG>
Enable NLS and IPV6 options by default.
Use shebangfix on files that need it.
Mark dnsmasq-devel (older than release) IGNORE.
- MKDIR is silent
- ECHO is silent
- INSTALL_* are not silent
- CP/FIND/... are not silent
I fixed a few PORTDOCS misusage, I'll do a second pass.
With Hat: perl@
REVERT: Add --force-fast-ra option. Another thanks to Uwe Schindler.
NEW:
+ Update Spanish transalation. Thanks to Vicente Soriano.
+ Add --ra-param option. Thanks to Vladislav Grishenko for
+ inspiration on this.
+ Add --add-subnet configuration, to tell upstream DNS
+ servers where the original client is. Thanks to DNSthingy
+ for sponsoring this feature.
+ Add --quiet-dhcp, --quiet-dhcp6 and --quiet-ra. Thanks to
+ Kevin Darbyshire-Bryant for the initial patch.
+ Allow A/AAAA records created by --interface-name to be the
+ target of --cname. Thanks to Hadmut Danisch for the
+ suggestion.
+ Avoid treating a --dhcp-host which has an IPv6 address
+ as eligable for use with DHCPv4 on the grounds that it has
+ no address, and vice-versa. Thanks to Yury Konovalov for
+ spotting the problem.
+ Do a better job caching dangling CNAMEs. Thanks to Yves
+ Dorfsman for spotting the problem.
Fix shebang lines of two Perl scripts.
2013-10-10 www/ruby-nora: Does not work with Ruby 1.9
www/aswiki
2013-10-10 textproc/ruby-amrita: Does not work with Ruby 1.9
2013-10-15 security/flowtag: Does not work with Ruby 1.9
2013-10-10 lang/ruby-lua4: Does not work with Ruby 1.9
2013-10-15 dns/dnsdoctor: Does not work with Ruby 1.9
ports unearthed a serious defevt in the original build
process. This changes patches configure file.
There will be a new release of this port which will contain
a new configure file. Until then this patch is needed.
PR: 182183
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
It appears that the -v option (verbose) is handled slightly differently
on DragonFly. FreeBSD appears to be intolerant of where it appears in
the command line while the DragonFly version of "install" insists that
it appear in the early group of options.
In any case, these three ports may be the only ones in the entire ports
collection to use -v switch with ${INSTALL_DATA}, so for the sake of
compatibility and consistency, it is being removed from these
unmaintained ports which also local patches to be removed from DPorts.
on FreeBSD 10, and amd64 on earlier versions.
SSP_UNSAFE is added to disable in a port if it fails to build, but
this should only be used in rare circumstances such as kernel modules.
Otherwise, the port may just be failing due to lack of respecting
LDFLAGS.
On FreeBSD 10, this uses an ldscript in /usr/lib/libc.so to pull in
libssp_nonshared.a to address issues linking on i386 [1].
On earlier FreeBSD versions the WITH_SSP knob will add -lssp_nonshared
to LDFLAGS on i386. This is not needed on amd64. However, several hundred
ports do not currently respect LDFLAGS, so this support is disabled currently
as it causes build failures if a dependency is looking for the stack_chk
symbols.
Many thanks to jlh@ for this as he had many years of patience in getting
all of the necessary pieces [1][2] in.
[1] http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup
PR: ports/138228 [2]
Submitted by: jlh (bsd.ssp.mk based on)
Reviewed by: bapt
With hat: portmgr
exp-runs done: 37 over a month on 91i386,91amd64,10i386,10amd64
Note that the Rate Limiting option has been renamed.
Security Fixes
Previously an error in bounds checking on the private type
'keydata' could be used to deny service through a deliberately
triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
New Features
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
attacks by rate-limiting substantially-identical responses. [RT
#28130]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
with PKCS#11. [RT #33463]
Added logging messages on slave servers when they forward DDNS
updates to a master. [RT #33240]
Changed the logging category for RRL events from 'queries' to
'query-errors'. [RT #33540]
Security Fixes
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]