1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-06 01:57:40 +00:00
Commit Graph

155 Commits

Author SHA1 Message Date
Bernard Spil
1656d43b8d dns/unbound: SIGSEGV fix
PR:		251821
Submitted by:	delphij
Approved by:	Jaap Akkerhuis (maintainer)
Obtained from:	https://github.com/NLnetLabs/unbound/issues/376
MFH:		2020Q4
2020-12-17 09:38:40 +00:00
Bernard Spil
bc4ad88aa7 dns/unbound: Security update to 1.13.0
* Sort options and port_docs while here

PR:		251563
Submitted by:	Jaap Akkerhuis <jaap nlnetlabs nl> (maintainer)
Approved by:	maintainer (implicit)
MFH:		2020Q4
Security:	388ebb5b-3c95-11eb-929d-d4c9ef517024
2020-12-12 16:54:41 +00:00
Renato Botelho
de291228c5 dns/unbound: Update to 1.12.0
PR:		250199
Submitted by:	maintainer
Sponsored by:	Rubicon Communications, LLC (Netgate)
2020-10-12 15:33:45 +00:00
Li-Wen Hsu
fb535b164b dns/unbound: Update to 1.11.0
PR:		248808
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
2020-08-21 14:17:23 +00:00
Alexey Dokuchaev
de7897ccea Unbreak the build with FILTER_AAAA option.
PR:	246648
2020-07-10 09:37:23 +00:00
Sunpoet Po-Chuan Hsieh
cb333cf1ec Move devel/swig30 to devel/swig and update to 4.0.1
- Do not silence installation message
- Update dependent ports:
  - Fix build with swig 4.0.1
  - Update *_DEPENDS
  - Remove BINARY_ALIAS

Changes:	http://www.swig.org/news.php
PR:		246613
Exp-run by:	antoine
2020-06-17 18:17:45 +00:00
Xin LI
1471e1425b dns/unbound: update to 1.10.1.
PR:		246569
Submitted by:	Jaap Akkerhuis (maintainer)
MFH:		2020Q2
Security:	CVE-2020-12662, CVE-2020-12663
2020-05-19 19:02:46 +00:00
Kurt Jaeger
ebc9d2ab49 dns/unbound: update 1.9.6 -> 1.10.0
PR:		244244
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Relnotes:	https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244244#c0
2020-02-22 13:59:26 +00:00
Jochen Neumeister
a97bcac77e Update to 1.9.6
PR:		242603
Sponsored by:	Netzkommune GmbH
2019-12-16 09:44:06 +00:00
Jochen Neumeister
843fa07cf4 Update to 1.9.5
Changelog: https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module

PR:		242075
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH:		2019Q4
Sponsored by:	Netzkommune GmbH
2019-11-23 12:54:16 +00:00
Sunpoet Po-Chuan Hsieh
b0b95dc527 Update to 1.9.4
Changes:	https://github.com/NLnetLabs/unbound/blob/master/doc/Changelog
PR:		241033
Reported by:	C <cm@appliedprivacy.net>
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Security:	108a4be3-e612-11e9-9963-5f1753e0aca0
MFH:		2019Q4
2019-10-03 19:28:47 +00:00
Steve Wills
839e465ee8 dns/unbound: update to 1.9.3
Whil here, improve rc script

PR:		240163
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
2019-09-02 16:31:02 +00:00
Jan Beich
f18538b989 devel/libevent2: update to 2.1.11
Changes:	https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable
ABI:		https://abi-laboratory.pro/tracker/timeline/libevent/
PR:		239599
Reported by:	GitHub (watch releases)
Approved by:	zeising (maintainer)
MFH:		2019Q3 (maybe security, partially restores 2.1.8 ABI)
Differential Revision:	https://reviews.freebsd.org/D21133
2019-08-02 13:30:40 +00:00
Jochen Neumeister
bdd8e5ee4c Update to 1.9.2
PR:		238651
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:	Netzkommune GmbH
2019-06-19 04:56:30 +00:00
Steve Wills
8b4b41dee5 dns/unbound: update to 1.9.1
PR:		236575
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
2019-03-18 11:35:49 +00:00
Renato Botelho
6256c3a0d1 dns/unbound: Import patch to fix hostname verification with OpenSSL 1.0.2
PR:		235571
Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Obtained from:	https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206#c5
		af2c493a0d
Sponsored by:	Rubicon Communications, LLC (Netgate)
2019-02-11 13:58:08 +00:00
Sunpoet Po-Chuan Hsieh
7466d5363d Update to 1.9.0
Changes:	https://www.nlnetlabs.nl/svn/unbound/tags/release-1.9.0/doc/Changelog
PR:		235522
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
2019-02-05 14:27:03 +00:00
Steve Wills
a8ebb52566 dns/unbound: Update to 1.8.3
PR:		233933
Submitted by:	jaap@NLnetLabs.nl
2018-12-26 22:20:22 +00:00
Steve Wills
4c65375869 dns/unbound: fix DNSTAP build failure
PR:		233891
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Reported by:	O. Hartmann <ohartmann@walstatt.org>
2018-12-10 16:20:21 +00:00
Steve Wills
7099d60e46 dns/unbound: Update to 1.8.2
PR:		233796
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2018-12-09 01:06:25 +00:00
Steve Wills
851dc05ce4 dns/unbound upgrade to 1.8.1
PR:		232070
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2018-10-08 17:29:32 +00:00
Steve Wills
555eb7159c dns/unbound: remove unnecessary LIBEVENT_USES
PR:		231488
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2018-10-01 23:33:41 +00:00
Steve Wills
ad6cb4b025 dns/unbound: Fix configure in some cases
Fix configure by adding missing pkgconfig to uses

PR:		231488
Submitted by:	leres (solution, via email), mfechner (patch)
Reported by:	leres, mfechner
Approved by:	jaap@NLnetLabs.nl (maintainer)
2018-09-20 14:42:34 +00:00
Steve Wills
82828f53b1 dns/unbound: Fix OPTIONS_DEFINE reference
Missed in previous commit

PR:		231283
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Pointyhat to:	swills
2018-09-18 18:28:42 +00:00
Steve Wills
17425abd3c dns/unbound: update to 1.8.0
Bump PORTREVISION on consumers due to library major version change

PR:		231283
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2018-09-18 18:24:05 +00:00
Sunpoet Po-Chuan Hsieh
633968a463 Update to 1.7.3
Changes:	https://www.nlnetlabs.nl/svn/unbound/tags/release-1.7.3/doc/Changelog
PR:		229202
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
2018-06-21 21:12:11 +00:00
Steve Wills
a2e2da7fcb dns/unbound: upgrade to 1.7.2
PR:		228889
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2018-06-14 23:22:21 +00:00
Bernard Spil
133b662b0c dns/unbound: Bump portrevision
- Follow-up of r470572

PR:		228390
Reported by:	adamw
MFH:		2018Q2
2018-05-22 16:42:54 +00:00
Martin Wilke
c79bac1a54 - Update to 2.5.9
- Update WWW

PR:	227949
Submitted by:	maintainer
Sponsored by:     iXsystems Inc.
2018-05-10 14:50:19 +00:00
Kurt Jaeger
f12a0eaf7e dns/unbound: upgrade 1.6.8 -> 1.7.0
Features
- auth-zone provides a way to configure RFC7706 from unbound.conf,
  eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
  fallback-enabled: yes and masters or a zonefile with data.
- Aggressive use of NSEC implementation. Use cached NSEC records to
  generate NXDOMAIN, NODATA and positive wildcard answers.
- Accept tls-upstream in unbound.conf, the ssl-upstream keyword is
  also recognized and means the same.  Also for tls-port,
  tls-service-key, tls-service-pem, stub-tls-upstream and
  forward-tls-upstream.
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
  from Manu Bretelle.
  This option allows handling multiple cert/key pairs while only
  distributing some of them.
  In order to reliably match a client magic with a given key without
  strong assumption as to how those were generated, we need both key and
  cert. Likewise, in order to know which ES version should be used.
  On the other hand, when rotating a cert, it can be desirable to only
  serve the new cert but still be able to handle clients that are still
  using the old certs's public key.
  The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
  publish the cert as part of the DNS's provider_name's TXT answer.
- Update B root ipv4 address.
- make ip-transparent option work on OpenBSD.
- Fix #2801: Install libunbound.pc.
- ltrace.conf file for libunbound in contrib.
- Fix #3598: Fix swig build issue on rhel6 based system.
  configure --disable-swig-version-check stops the swig version check.

Bug Fixes
- Fix #1749: With harden-referral-path: performance drops, due to
  circular dependency in NS and DS lookups.
- [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert
  duplicates
- Better documentation for cache-max-negative-ttl.
- Fixed libunbound manual typo.
- Fix #1949: [dnscrypt] make provider name mismatch more obvious.
- Fix #2031: Double included headers
- Document that errno is left informative on libunbound config read
  fail.
- iana port update.
- Fix #1913: ub_ctx_config is under circumstances thread-safe.
- Fix #2362: TLS1.3/openssl-1.1.1 not working.
- Fix #2034 - Autoconf and -flto.
- Fix #2141 - for libsodium detect lack of entropy in chroot, print
  a message and exit.
- Fix #2492: Documentation libunbound.
- Fix #2882: Unbound behaviour changes (wrong) when domain-insecure is
  set for stub zone.  It no longer searches for DNSSEC information.
- Fix #3299 - forward CNAME daisy chain is not working
- Fix link failure on OmniOS.
- Check whether --with-libunbound-only is set when using --with-nettle
  or --with-nss.
- Fix qname-minimisation documentation (A QTYPE, not NS)
- Fix that DS queries with referral replies are answered straight
  away, without a repeat query picking the DS from cache.
  The correct reply should have been an answer, the reply is fixed
  by the scrubber to have the answer in the answer section.
- Fix that expiration date checks don't fail with clang -O2.
- Fix queries being leaked above stub when refetching glue.
- Copy query and correctly set flags on REFUSED answers when cache
  snooping is not allowed.
- make depend: code dependencies updated in Makefile.
- Fix #3397: Fix that cachedb could return a partial CNAME chain.
- Fix #3397: Fix that when the cache contains an unsigned DNAME in
  the middle of a cname chain, a result without the DNAME could
  be returned.
- Fix that unbound-checkconf -f flag works with auto-trust-anchor-file
  for startup scripts to get the full pathname(s) of anchor file(s).
- Print fatal errors about remote control setup before log init,
  so that it is printed to console.
- Use NSEC with longest ce to prove wildcard absence.
- Only use *.ce to prove wildcard absence, no longer names.
- Fix unfreed locks in log and arc4random at exit of unbound.
- Fix lock race condition in dns cache dname synthesis.
- Fix #3451: dnstap not building when you have a separate build dir.
  And removed protoc warning, set dnstap.proto syntax to proto2.
- Added tests with wildcard expanded NSEC records (CVE-2017-15105 test)
- Unit test for auth zone https url download.
- tls-cert-bundle option in unbound.conf enables TLS authentication.
- Fixes for clang static analyzer, the missing ; in
  edns-subnet/addrtree.c after the assert made clang analyzer
  produce a failure to analyze it.
- Fix #3505: Documentation for default local zones references
  wrong RFC.
- Fix #3494: local-zone noview can be used to break out of the view
  to the global local zone contents, for queries for that zone.
- Fix for more maintainable code in localzone.
- more robust cachedump rrset routine.
- Save wildcard RRset from answer with original owner for use in
  aggressive NSEC.
- Fixup contrib/fastrpz.patch so that it applies.
- Fix compile without threads, and remove unused variable.
- Fix compile with staticexe and python module.
- Fix nettle compile.
- Fix to check define of DSA for when openssl is without deprecated.
- iana port update.
- Fix #3582: Squelch address already in use log when reuseaddr option
  causes same port to be used twice for tcp connections.
- Reverted fix for #3512, this may not be the best way forward;
  although it could be changed at a later time, to stay similar to
  other implementations.
- Fix for windows compile.
- Fixed contrib/fastrpz.patch, even though this already applied
  cleanly for me, now also for others.
- patch to log creates keytag queries, from A. Schulze.
- patch suggested by Debian lintian: allow to -> allow one to, from
  A. Schulze.
- Attempt to remove warning about trailing whitespace.
- Added documentation for aggressive-nsec: yes.

PR:		226822
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2018-03-21 17:00:23 +00:00
Mathieu Arnold
37677d32e3 Switch some MASTER_SITES from http/ftp to https.
Also some cleanup of dead entries.

PR:		226203
Submitted by:	Sam H
Sponsored by:	Absolight
2018-02-27 13:03:48 +00:00
Antoine Brodin
f7455240e3 Reduce dependency on the python2 metaport
PR:		225752
Submitted by:	Yasuhiro KIMURA
2018-02-19 11:10:43 +00:00
Adam Weinberger
e48d09c803 Bump PORTREVISION after r459983 2018-01-31 00:28:30 +00:00
Danilo G. Baio
b7f258b03a dns/unbound: Update to 1.6.8, Fixes security vulnerability
PR:		225313
Submitted by:	jaap@NLnetLabs.nl (maintainer)
MFH:		2018Q1
Security:	8d3bae09-fd28-11e7-95f2-005056925db4
2018-01-19 16:27:07 +00:00
Tijl Coosemans
46dc3b5f41 After r452629 also bump ports that optionally depend on libsodium.
PR:		223192
2017-10-26 18:42:11 +00:00
Danilo G. Baio
0e31c2371d dns/unbound: Update to 1.6.7
Changes:	http://www.unbound.net/pipermail/unbound-users/2017-October/004972.html

PR:		222941
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2017-10-12 14:44:18 +00:00
Danilo G. Baio
04be785c4e dns/unbound: Update to 1.6.6
Changes:	http://www.unbound.net/pipermail/unbound-users/2017-September/004936.html

PR:		222503
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2017-09-22 00:51:01 +00:00
Steve Wills
54f580aebe dns/unbound: Upgrade to 1.6.5
PR:		221692
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2017-08-21 21:45:28 +00:00
Sunpoet Po-Chuan Hsieh
e57b185318 Fix typo
Approved by:	portmgr (blanket)
2017-07-23 14:16:08 +00:00
Eugene Grosbein
1d6f3b3dbd Base system contains unbound without libevent support enabled.
Enable libevent by default for the port dns/unbound for performance reasons.

PR:		220733
Submitted by:	Dmitry Luhtionov
Approved by:	jaap (maintainer), az (mentor)
2017-07-23 14:03:52 +00:00
Danilo G. Baio
b0d3c55ea2 dns/unbound: Update to 1.6.4
Changes:	http://www.unbound.net/pipermail/unbound-users/2017-June/004818.html

PR:		220673
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Approved by:	garga (mentor, implicit)
2017-07-12 22:44:53 +00:00
Adam Weinberger
a155d15ea3 Update unbound to 1.6.3.
This release fixes a spurious assertion failure when unbound receives a
malformed packet with 0x20 enabled.

Bug Fixes
- Fix #1280: Unbound fails assert when response from authoritative
  contains malformed qname. When 0x20 caps-for-id is enabled, when
  assertions are not enabled the malformed qname is handled correctly.

PR:		219958
Submitted by:	maintainer (jaap NLnetLabs nl)
2017-06-13 20:37:06 +00:00
Larry Rosenman
e138a6dbf8 Correct typo in DNSCRYPT option description
PR:	219052
Submitted by: greenreaper@hotmail.com
Reportee by:
Approved by:	adamw (mentor, implicit)
2017-05-04 01:49:21 +00:00
Kurt Jaeger
04078721f0 dns/unbound: update 1.6.1 -> 1.6.2
PR:		218872
Changes:	http://www.unbound.net/pipermail/unbound-users/2017-April/004762.html
Submitted by:	jaap@NLnetLabs.nl (maintainer)
2017-04-29 20:59:34 +00:00
Wen Heping
a300cdae9c - Update to 1.6.1
PR:		217614
Submitted by:	jaap@NLnetLabs.nl(maintainer)
2017-03-08 01:48:33 +00:00
Martin Wilke
6d14406a13 - Chase ldns shlip bump
PR:		217495
2017-03-03 04:12:20 +00:00
Jan Beich
a9425224f1 devel/libevent2: drop historical suffix after r362796
PR:		216777
Approved by:	mm (maintainer)
2017-02-20 02:57:04 +00:00
Jan Beich
21a7215c9a devel/libevent2: update to 2.1.8 and cleanup
- DEFAULT_VERSIONS += ssl=openssl-devel is now supported
- devel/py-event and devel/p5-Event-Lib are marked BROKEN

Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/whatsnew-2.1.txt
Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/ChangeLog
PR:		216527
Exp-run by:	antoine
Approved by:	mm (maintainer)
2017-02-04 07:56:59 +00:00
Dmitry Marakasov
8244fe99bc - Remove always-true/false conditions after FreeBSD 9, 10.1, 10.2 EOL
Approved by:	portmgr blanket
2017-01-11 10:08:38 +00:00
Sunpoet Po-Chuan Hsieh
c1dd9659ec - Update to 1.6.0
- Do not silence installation message
- While I'm here:
  - Move LIB_DEPENDS upwards
  - Use = instead of += for CONFIGURE_ARGS and USES
  - Convert to options helper
  - Use TEST_TARGET

Changes:	https://unbound.nlnetlabs.nl/pipermail/unbound-users/2016-December/004587.html
PR:		215322
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
2016-12-17 13:20:19 +00:00