1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-26 00:55:14 +00:00
Commit Graph

32 Commits

Author SHA1 Message Date
Matthias Andree
dbeab6dea0 Upgrade to new upstream release candidate #rc4.
Fixes ipset logging patch.

Known issue: The executable identifies as #rc3.
2014-03-31 20:19:29 +00:00
Matthias Andree
0febb81409 Update to new upstream release candidate #2.
Git shortlog between 2.69 rc1 and rc2:

Simon Kelley (7):
      Add dnssec-check-unsigned to example config file.
      Reorder sanity checks on UDP packet reception, to cope with failed recvfro
      SERVFAIL is an expected error return, don't try all servers.
      Terminate DS-search when reaching the root via cache entries.
      Cache stats availble in CHAOS .bind domain.
      Ensure ->sentto is valid for DNSSEC forwards. Otherwise retries SEGV.
      Add --dnssec-no-timecheck

Tomas Hozza (2):
      Memory leak in error path.
      Handle failure of hash_questions()

Wang Jian (1):
      Log IPSET actions.
2014-03-30 00:42:43 +00:00
Matthias Andree
b9207f1d4f Upgrade to release candidate #1. 2014-03-22 22:06:07 +00:00
Matthias Andree
ae7708b169 Upgrade to new upstream test release #11.
Git shortlog since test release #9:

      Speeling.
      Strip DNSSEC RRs when query doesn't have DO bit set.
      Return INSECURE when validation fails with proved non-existent DS.
      Negative caching for DS records.
      Check that unsigned replies come from unsigned zones if --dnssec-check-uns
      Tidy.
      Fix off-by-one overwrite.
      Don't free blockdata for negative DS cache entries.
      Handle replies with no answers and no NS in validate_reply.
      Tweak tuning params.
      Don't cache secure replies which we've messsed with.
      Mass edit of INSECURE->BOGUS returns for server failure/bad input.
      Can have local DS records (trust anchors).
2014-03-10 17:01:14 +00:00
Matthias Andree
d230d75106 Update to new test9 release.
Relevant excerpt from git shortlog between test8 and test9:

      Add RFC-6605 ECDSA DNSSEC verification.
      Don't mess with the TTL of DNSSEC RRs.
      No CD in forwarded queries unless dnssec-debug for TCP too.
      Log BOGUS validation result when upstream sends SERVFAIL.
      --rev-server option. Syntactic sugar for PTR queries.
      Omit ECC from DNSSEC if nettle library is old.
      Add --servers-file option.
      NSEC3 validation. First pass.
      Check signer name in RRSIGs.
      An NSEC record cannot attest to its own non-existance!
2014-02-27 22:55:27 +00:00
Matthias Andree
b49cb6994c Upgrade to test8 release, bringing these upstream fixes:
ee41586 Use DS records as trust anchors, not DNSKEYs.
83349b8 Further tidying of AD and DO bit handling.
7fa836e Handle validation when more one key is needed.
1633e30 Fix Byte-order botch: broke DNSSEC on big-endian platforms.
c8ca33f Fix DNSSEC caching problems: incomplete RRSIG RRsets.
e243c07 AD bit in queries handled as RFC6840 p5.7
2014-02-12 21:12:37 +00:00
Matthias Andree
d72d4d13a8 Move all the way to the test7 release that has other bugfixes.
Note the +AD flag may now be missing on the first response for a given domain,
re-querying within the cache TTL would deliver it.  Bug has been reported.
2014-02-07 08:48:01 +00:00
Matthias Andree
6df2dd2ca5 really add the promised AD flag patch.
Pointy hat to: yours truly
2014-02-07 08:35:23 +00:00
Matthias Andree
8b51e2e0ff Add Simon's patch from Git for AD flag treatment (dig ... +ad). 2014-02-07 08:30:33 +00:00
Matthias Andree
71582d29b3 Upgrade to test6, which adds DNSSEC validation and caching support.
Note that this requires configuration (see dnsmasq.conf.example for
hints) and has a few rough edges with regard to caching.
2014-02-05 01:49:52 +00:00
Matthias Andree
9c8d34d613 Update to new upstream 2.69test3 release, with these noteworthy changes:
- Implement dynamic interface discovery on *BSD
- Fix endless loop with some bogu-nxdomain. Another F_CONFIG botch.
- Ignore ",," in dhcp-host, rather than treating it as ",0,"

Invent an additional .0 so we can later have 2.69rc... releases without
touching PORTEPOCH.
2014-01-01 23:06:40 +00:00
Matthias Andree
02da201c86 Upgrade dnsmasq to new stable 2.68 release.
Fixes bind-interfaces with IPv6 on FreeBSD.

version 2.68
            Use random addresses for DHCPv6 temporary address
            allocations, instead of algorithmically determined stable
            addresses.

    Fix bug which meant that the DHCPv6 DUID was not available
    in DHCP script runs during the lifetime of the dnsmasq
    process which created the DUID de-novo. Once the DUID was
    created and stored in the lease file and dnsmasq
    restarted, this bug disappeared.

    Fix bug introduced in 2.67 which could result in erroneous
    NXDOMAIN returns to CNAME queries.

    Fix build failures on MacOS X and openBSD.

    Allow subnet specifications in --auth-zone to be interface
    names as well as address literals. This makes it possible
    to configure authoritative DNS when local address ranges
    are dynamic and works much better than the previous
    work-around which exempted contructed DHCP ranges from the
    IP address filtering. As a consequence, that work-around
    is removed. Under certain circumstances, this change wil
    break existing configuration: if you're relying on the
    contructed-range exception, you need to change --auth-zone
    to specify the same interface as is used to construct your
    DHCP ranges, probably with a trailing /6 like this:
    --auth-zone=example.com,eth0/6 to limit the addresses to
    IPv6 addresses of eth0.

    Fix problems when advertising deleted IPv6 prefixes. If
    the prefix is deleted (rather than replaced), it doesn't
    get advertised with zero preferred time. Thanks to Tsachi
    for the bug report.

    Fix segfault with some locally configured CNAMEs. Thanks
    to Andrew Childs for spotting the problem.

    Fix memory leak on re-reading /etc/hosts and friends,
    introduced in 2.67.

    Check the arrival interface of incoming DNS and TFTP
    requests via IPv6, even in --bind-interfaces mode. This
    isn't possible for IPv4 and can generate scary warnings,
    but as it's always possible for IPv6 (the API always
    exists) then we should do it always.

    Tweak the rules on prefix-lengths in --dhcp-range for
    IPv6. The new rule is that the specified prefix length
    must be larger than or equal to the prefix length of the
    corresponding address on the local interface.
2013-12-08 18:05:35 +00:00
Matthias Andree
e2d14fe96e Upgrade to upstream -rc5, fixing binding to IPv6 interfaces with
non-local addresses. Important upstream changes between -rc4 and -rc5:

-     Don't overwrite errno before generating message.
-     Garbage collect listening sockets when their address is deleted.
-     Only set scope_id in addresses to bind() for linklocal addresses.
-     Check arrival interface of IPv6 requests, even in --bind-interfaces.
-     Relax rules in prefix length in (IPv6) dhcp-range.
2013-12-04 09:54:09 +00:00
Matthias Andree
1648447792 Update to new release candidate #4.
Upstream changes:
- Add missing malloc() return-code check.
- Do immediate RA when a prefix goes from old->current.
- Fixes to various compiler warnings.
2013-11-26 23:41:05 +00:00
Matthias Andree
7ceafc017e Update to new upstream release candidate #3, with three changes since RC1:
2543906 Segfault with some CNAMEs. Also memory leak on reload of /etc/hosts.
241fa9c Remove arc4random, we have a good RNG and it's a portability problem.
e142a83 Merge messages to .po files.
2013-11-25 22:46:28 +00:00
Matthias Andree
d1485713ef Update to new release candidate #1 for 2.68.
Changes: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q4/007808.html
2013-11-21 22:27:54 +00:00
Matthias Andree
75cdf011ff Upgrade dnsmasq to new upstream release 2.67.
Changelog: <http://www.thekelleys.org.uk/dnsmasq/CHANGELOG>
Enable NLS and IPV6 options by default.
Use shebangfix on files that need it.

Mark dnsmasq-devel (older than release) IGNORE.
2013-10-25 22:27:59 +00:00
Matthias Andree
3c1e8025be Upgrade to rc4, changes over rc3 (-: removed, +: added)
REVERT:     Add --force-fast-ra option. Another thanks to Uwe Schindler.

NEW:
+	    Update Spanish transalation. Thanks to Vicente Soriano.
+	    Add --ra-param option. Thanks to Vladislav Grishenko for
+	    inspiration on this.
+	    Add --add-subnet configuration, to tell upstream DNS
+	    servers where the original client is. Thanks to DNSthingy
+	    for sponsoring this feature.
+	    Add --quiet-dhcp, --quiet-dhcp6 and --quiet-ra. Thanks to
+	    Kevin Darbyshire-Bryant for the initial patch.
+	    Allow A/AAAA records created by --interface-name to be the
+	    target of --cname. Thanks to Hadmut Danisch for the
+	    suggestion.
+	    Avoid treating a --dhcp-host which has an IPv6 address
+	    as eligable for use with DHCPv4 on the grounds that it has
+	    no address, and vice-versa. Thanks to Yury Konovalov for
+	    spotting the problem.
+	    Do a better job caching dangling CNAMEs. Thanks to Yves
+	    Dorfsman for spotting the problem.

Fix shebang lines of two Perl scripts.
2013-10-17 23:24:21 +00:00
Matthias Andree
a333dde226 Update to 2.67 release candidate #3.
While here, support staging.

Changelog for RC1:
<http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q4/007572.html>

Git commit log with newer rc2/rc3 tags:
<http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=shortlog>
2013-10-06 21:56:53 +00:00
Baptiste Daroussin
24a1652ff4 Add NO_STAGE all over the place in preparation for the staging support (cat: dns) 2013-09-20 16:31:57 +00:00
Matthias Andree
ab28ac5c2a Mark IGNORE. 2013-09-04 17:40:25 +00:00
Alex Kozlov
d4041784dc - Remove MAKE_JOBS_SAFE variable
Approved by:	portmgr (bdrewery)
2013-08-14 22:35:50 +00:00
Alex Kozlov
83f02b963c - Convert USE_GETTEXT to USES (part 4)
Approved by:	portmgr (bapt)
2013-04-26 10:44:28 +00:00
Baptiste Daroussin
3bc475b29f Convert dns to USES=pkgconfig 2013-04-23 07:24:02 +00:00
Matthias Andree
eb479105c2 DNSMasq 2.66rc5 fixes a DHCPv6 issue where dnsmasq 2.66rc2 spoils its own
leases file for IPv6 records. The closest evidence to a changelog is
the mailing list message at
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q2/007028.html
(and a few prior messages in that same thread).

PR:		ports/177788
Approved by:	portmgr (bdrewery)
2013-04-15 15:24:54 +00:00
Matthias Andree
c75e48fcb9 Update to new upstream release candidate 2.66rc2. 2013-03-23 14:02:52 +00:00
Matthias Andree
2f90573870 Update to new upstream release candidate #3 to 2.64.
Feature safe: yes
2012-12-03 21:20:37 +00:00
Matthias Andree
579255392d Update to new release candidate v2.64rc1 (after portscout complaint).
Feature safe:	yes (leaf port)
2012-11-15 21:38:50 +00:00
Matthias Andree
0d9f10ff48 Demote USE_PKGCONFIG to =build (was =yes). 2012-08-20 20:40:29 +00:00
Matthias Andree
e310d5d221 Update to rc6, which became the formal release. 2012-08-20 20:32:42 +00:00
Matthias Andree
b1f133991c Update to rc3 to avoid nag questions.
Now uses .tar.xz suffix.
2012-08-09 19:38:52 +00:00
Matthias Andree
3db34ff5cb Add new dnsmasq-devel version, for development/test/release candidate versions.
This port is based on dns/dnsmasq 2.62_1,1 and has been updated to 2.63rc2.

Description (by Simon Kelley, the upstream maintainer):
Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server.
It is designed to provide DNS and, optionally, DHCP, to a small network. It
can serve the names of local machines which are not in the global DNS. The
DHCP server integrates with the DNS server and allows machines with
DHCP-allocated addresses to appear in the DNS with names configured either
in each host or in a central configuration file. Dnsmasq supports static and
dynamic DHCP leases and BOOTP/TFTP/PXE for network booting of diskless
machines.
2012-08-07 22:22:11 +00:00