version 2.71
Subtle change to error handling to help DNSSEC validation
when servers fail to provide NODATA answers for
non-existent DS records.
Tweak code which removes DNSSEC records from answers when
not required. Fixes broken answers when additional section
has real records in it. Thanks to Marco Davids for the bug
report.
Fix DNSSEC validation of ANY queries. Thanks to Marco Davids
for spotting that too.
Fix total DNS failure and 100% CPU use if cachesize set to zero,
regression introduced in 2.69. Thanks to James Hunt and
the Ubuntu crowd for assistance in fixing this.
<yar@FreeBSD.org>: host hub.freebsd.org[8.8.178.136] said: 550 5.1.1
<yar@FreeBSD.org>: Recipient address rejected: User unknown in local
<rud@cs.uni-magdeburg.de>: host mail.cs.uni-magdeburg.de[141.44.21.48] said:
550 5.1.1 <rud@cs.uni-magdeburg.de>... User unknown (in reply to RCPT TO
<stefan@fh-mainz.de>: host srv-eml-pmva-02.fh-mainz.de[143.93.114.189] said:
550 5.1.1 <stefan@fh-mainz.de>: Recipient address rejected: undeliverable
<ocaml-ounit-port@kotka.de>: host kotka.de[62.75.247.120] said: 550 5.1.1
<ocaml-ounit-port@kotka.de>: Recipient address rejected: User unknown in
<toru@tenchi.ne.jp>: host tuna.tenchi.ne.jp[49.212.63.105] said: 550 5.1.1
<toru@tenchi.ne.jp>... User unknown (in reply to RCPT TO command)
<nehe@cruzinternet.com>: host inbound.platinum.ca[69.31.192.27] said: 550
cuda_nsu User [nehe@cruzinternet.com] does not exist (in reply to RCPT TO
<ports@emorific.com>: Host or domain name not found. Name service error for
name=emorific.com type=AAAA: Host not found
<ubique@peterhost.ru>: host mx.mail.corp.hostcomm.ru[89.111.166.49] said: 550
Sorry, no mailbox here by that name (in reply to RCPT TO command)
<ports@brandon.dvalentine.com>: host ASPMX.L.GOOGLE.com[2607:f8b0:400c:c01::1a]
said: 550-5.1.1 The email account that you tried to reach does not exist.
With hat: portmgr
<adam.freebsd@fastmail.fm>: host in1-smtp.messagingengine.com[66.111.4.72]
said: 550 5.1.1 <adam.freebsd@fastmail.fm>: Recipient address rejected:
User unknown in local recipient table (in reply to RCPT TO command)
<dnscheckengine-port@academ.com>: host ASPMX.L.GOOGLE.com[74.125.131.26] said:
550-5.1.1 The email account that you tried to reach does not exist. Please
<kawahara@nlp.kuee.kyoto-u.ac.jp>:
Sorry, no mailbox here by that name. (#5.1.1)
<hnsmaster@h14m.org>: Host or domain name not found. Name service error for
name=h14m.org type=AAAA: Host found but no data record of requested type
<jre@vineyard.net>: Recipient address rejected: User unknown in virtual
mailbox table (in reply to RCPT TO command) (in reply to RCPT TO command)
<gawrilow@math.tu-berlin.de>: host mail.tu-berlin.de[130.149.7.33] said: 550
Recipient verify failed (in reply to RCPT TO command)
<mico@bsd.hu>: host mail.datacast.hu[195.70.49.210] said: 550 5.1.1
<mico@bsd.hu>: Recipient address rejected: User unknown in virtual mailbox
<gogo@cs.uni-sb.de>: host mail.cs.uni-sb.de[134.96.254.200] said: 550 5.1.1
<gogo@cs.uni-sb.de>... User unknown (in reply to RCPT TO command)
<mickey@enforcer.cc>: Host or domain name not found. Name service error for
name=keep.yourmail.yuk type=AAAA: Host not found
<lucio@zetasolucoes.com.br>: host ASPMX.L.GOOGLE.COM[2607:f8b0:400c:c01::1a]
said: 550-5.1.1 The email account that you tried to reach does not exist.
<luke@novum.am.lublin.pl>: Host or domain name not found. Name service error
for name=novum.am.lublin.pl type=AAAA: Host not found
<aihal@users.sourceforge.net>: host mx.sourceforge.net[216.34.181.68] said: 550
unknown user (in reply to RCPT TO command)
With hat: portmgr
Since FreeBSD 8.4 and FreeBSD 9.1 make(1) do support :tu and :tl as a
replacement for :U and :L (which has been marked as deprecated)
bmake which is the default on FreeBSD 10+ only support by default
:tu/:tl a hack has been added at the time to support :U and :L to ease
migration. This hack is now not necessary anymore
Note that this makes the ports tree incompatible with make(1) from
FreeBSD 8.3 or earlier
With hat: portmgr
Added Staging support;
Modern options handling where possible.
Bugfixes:
OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key generation.
OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4 on MySQL. Reported by Mark Elkins <mje@posix.co.za>
Includes the update to 1.4.4:
Updates:
SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-574].
OPENDNSSEC-358: ods-ksmutil: Extend 'key list' command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output.
OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441).
Bugfixes:
SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired [OPENDNSSEC-526].
SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug [OPENDNSSEC-529].
SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace [OPENDNSSEC-520].
SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain dates [OPENDNSSEC-553].
SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
SUPPORT-127: ods-signer: Fix manpage sections.
OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output type parameter to allow only File or DNS.
OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
OPENDNSSEC-531: ods-ksmutil: Exported value of in 'policy export' output could be wrong on MySQL.
OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR request with EDNS.
OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion.
OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
Signer Engine: Fix a race condition when stopping daemon.
PR: 188482
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
Sponsored by: DK Hostmaster A/S
Fix crash, introduced in 2.69, on TCP request when dnsmasq compiled
with DNSSEC support, but running without DNSSEC enabled. Thanks to
Manish Sing for spotting that one.
Fix regression which broke ipset functionality. Thanks to Wang Jian
for the bug report.
Submitted by: Herbert J. Skuhra
Due to the FreeNAS build system being very....simplistic
the deps weren't needed in the port there, however to
work properly in FreeBSD they of course are needed.
Noticed by: swills
Pointyhat to: jpaetzel
a zeising, kwm production, with help from dumbbell, bdrewery:
NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE
This update switches over to use the new xorg stack by default on FreeBSD 9
and 10 stable, on osversions where vt(9) is available.
It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in
/etc/make.conf .
FreeBSD 8-STABLE and released versions of FreeBSD still use
the old version.
A package repository with binary packages for new xorg will
be available soon.
This patch also contains updates of libxcb and related ports, pixman, as well
as some drivers and utilities.
Bump portrevisions for xf86-* ports, as well as virtualbox-ose-additions due
to xserver version change.
Apart from these updates, the way shared libraries are handled has been
changed for all xorg ports, as well as libxml2 and freetype, which means
ltverhack is gone and as a consequence shared libraries have been bumped.
The plan is that this change will make library bumps less likely in the
future.
All affected ports have had their portrevisions bumped as a consequence of
this.
Fix some issues where WITH_NEW_XORG weren't detected properly on CURRENT.
Update instructions, hardware support, and more notes can be found on
https://wiki.freebsd.org/Graphics
Thanks to: all testers, bdrewery and the FreeBSD x11@ team
exp-run by: bdrewery [1]
PR: ports/187602 [1]
Approved by: portmgr (bdrewery), core (jhb)
BIND 9.10 includes a number of changes from earlier releases, including:
- DNS Response-rate limiting (DNS RRL)
- A new "prefetch" option can improve recursive resolver performance
- ACLs can now be specified based on geographic location using the
MaxMind GeoIP databases.
- A new compile-time option, NATIVE_PKCS11 allows the BIND 9
cryptography functions to use the PKCS#11 API natively.
*NOTE*
This is a release candidate, it may contain bugs.
*NOTE*
Changes: https://lists.isc.org/pipermail/bind-announce/2014-April/000906.html
Sponsored by: Absolight
STAGEDIR. The auto_home.c/auto_qmail.c (depending on which conf- file is
used) must be deleted to or else this might not be executed depending on
how quickly build and pre-install run:
./auto-str auto_home `sed 1q conf-home` > auto_home.c
- Move STAGEDIR fixing to post-build with a message explaining the rebuild.
- Bump PORTREVISION as pkg_install packages may have been built without some
files.
Git shortlog between 2.69 rc1 and rc2:
Simon Kelley (7):
Add dnssec-check-unsigned to example config file.
Reorder sanity checks on UDP packet reception, to cope with failed recvfro
SERVFAIL is an expected error return, don't try all servers.
Terminate DS-search when reaching the root via cache entries.
Cache stats availble in CHAOS .bind domain.
Ensure ->sentto is valid for DNSSEC forwards. Otherwise retries SEGV.
Add --dnssec-no-timecheck
Tomas Hozza (2):
Memory leak in error path.
Handle failure of hash_questions()
Wang Jian (1):
Log IPSET actions.
Git shortlog since test release #9:
Speeling.
Strip DNSSEC RRs when query doesn't have DO bit set.
Return INSECURE when validation fails with proved non-existent DS.
Negative caching for DS records.
Check that unsigned replies come from unsigned zones if --dnssec-check-uns
Tidy.
Fix off-by-one overwrite.
Don't free blockdata for negative DS cache entries.
Handle replies with no answers and no NS in validate_reply.
Tweak tuning params.
Don't cache secure replies which we've messsed with.
Mass edit of INSECURE->BOGUS returns for server failure/bad input.
Can have local DS records (trust anchors).
2014-03-10 deskutils/libopensync-plugin-synce: No more public distfiles
2014-03-10 irc/irchat-pj-xemacs21-mule: No more public distfiles
2014-03-10 irc/pure-xemacs21-mule: No more public distfiles
2014-03-10 lang/dice: No more public distfiles
2014-03-10 irc/dcc: No more public distfiles
2014-03-10 sysutils/backupme: No more public distfiles
2014-03-10 net/freeswitch-curl-devel: No more public distfiles
2014-03-10 misc/freeswitch-pizzademo-devel: No more public distfiles
2014-03-10 emulators/cygne-sdl: No more public distfiles
2014-03-10 mail/newmail: No more public distfiles
2014-03-10 x11-toolkits/xscoop: No more public distfiles
2014-03-10 security/didentd: No more public distfiles
2014-03-10 sysutils/wait_on: No more public distfiles
2014-03-10 net/freeswitch-sbc-devel: No more public distfiles
2014-03-10 multimedia/gxanim: No more public distfiles
2014-03-10 www/nd: No more public distfiles
2014-03-10 lang/fbbi: No more public distfiles
2014-03-10 textproc/csv2xml: No more public distfiles
2014-03-10 www/trac-calendar: No more public distfiles
2014-03-10 misc/stan: No more public distfiles
2014-03-10 japanese/gtkicq: No more public distfiles
2014-03-10 net/nc6: No more public distfiles
2014-03-10 net/jpcap: No more public distfiles
2014-03-10 games/quake-extras: No more public distfiles
2014-03-10 net/asfrecorder: No more public distfiles
2014-03-10 sysutils/pyrenamer: No more public distfiles
2014-03-10 palm/synce-sync-engine: No more public distfiles
2014-03-10 www/linux-mplayer-plugin: No more public distfiles
2014-03-10 net-mgmt/airport: No more public distfiles
2014-03-10 textproc/manued.el: No more public distfiles
2014-03-10 sysutils/jailer: No more public distfiles
2014-03-10 sysutils/blimitd: No more public distfiles
2014-03-10 print/abntex: No more public distfiles
2014-03-10 sysutils/monkeytail: No more public distfiles
2014-03-10 dns/dns_mre: No more public distfiles
2014-03-10 japanese/libjcode: No more public distfiles
2014-03-10 sysutils/jailutils: No more public distfiles
2014-03-10 net/freeswitch-vanilla-devel: No more public distfiles
2014-03-10 sysutils/hdup: No more public distfiles
2014-03-10 print/cups-smb-backend: No more public distfiles
2014-03-10 x11/settitle: No more public distfiles
2014-03-10 sysutils/anteater: No more public distfiles
2014-03-10 www/trac-pendingticket: No more public distfiles
2014-03-10 www/admuser: No more public distfiles
2014-03-10 x11-themes/gnome-icons-snowish: No more public distfiles
2014-03-10 www/metacafe_dl: No more public distfiles
2014-03-10 irc/irchat-pj-emacs21: No more public distfiles
2014-03-10 www/horde3-wicked: No more public distfiles
2014-03-10 java/drexelsnmp: No more public distfiles
2014-03-10 mail/sigit: No more public distfiles
2014-03-10 misc/freeswitch-scripts-devel: No more public distfiles
2014-03-10 www/vtiger-customerportal: No more public distfiles
2014-03-10 irc/pure-emacs21: No more public distfiles
2014-03-10 www/extsm: No more public distfiles
2014-03-10 misc/cwish: No more public distfiles
2014-03-10 www/phpscheduleit: No more public distfiles
2014-03-10 palm/synce-serial: No more public distfiles
2014-03-10 palm/synce-vdccm: No more public distfiles
2014-03-10 net/freeswitch-insideout-devel: No more public distfiles
2014-03-10 sysutils/fusefs-fur: No more public distfiles
2014-03-10 mail/clamfilter: No more public distfiles
2014-03-10 textproc/cost: No more public distfiles
2014-03-10 palm/synce-gvfs: No more public distfiles
2014-03-10 net/nxserver: No more public distfiles
2014-03-10 sysutils/throttle: No more public distfiles
2014-03-10 japanese/aterm: No more public distfiles
2014-03-10 mail/teapop: No more public distfiles
2014-03-10 www/eldav.el: No more public distfiles
2014-03-10 graphics/gsnapshot: No more public distfiles
2014-03-10 japanese/zangband: No more public distfiles
2014-03-10 audio/xmms-wma: No more public distfiles
2014-03-10 misc/projectionlib: No more public distfiles
2014-03-07 deskutils/phprojekt: No more public distfiles
2014-03-07 deskutils/libopensync-plugin-synce-legacy: No more public distfiles
2014-03-07 dns/skadns: No more public distfiles
2014-03-07 sysutils/gkrellmwho2: No more public distfiles
2014-03-07 audio/xmms-musepack: No more public distfiles
2014-03-07 archivers/bzip: No more public distfiles
2014-03-07 devel/cvsstat: No more public distfiles
2014-03-07 graphics/enfle: No more public distfiles
2014-03-07 audio/oggsplit: No more public distfiles
2014-03-07 devel/picasm: No more public distfiles
2014-03-07 databases/mysql-udf-preg: No more public distfiles
2014-03-07 devel/py-gitpython: No more public distfiles
2014-03-07 net/mars_nwe: No more public distfiles
2014-03-07 audio/fmio: No more public distfiles
