- Add notice that support for nsd3 will stop in the future
FEATURES:
- Support for CAA RR type (RFC6844).
- EUI48 and EUI64 RR types (RFC7043) enabled by default.
BUG FIXES:
- Bugfix #509: USE_ZONE_STATS used initialised memory for statistics data.
- Bugfix #510: USE_ZONE_STATS use a different zone stats file per process.
- Bugfix #542: Match RRSIG TTL with SOA TTL in negative response.
PR: ports/186307
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
- Cleanup rc script
FEATURES:
- recognizes ip-address and interface as synonyms for convenience.
- Support for EUI48 and EUI64 RR types enabled by default (RFC 7043).
- Support for CAA RRtype (RFC 6844).
- NSID can be set with "ascii_somestring" in ascii.
BUG FIXES:
- Fix xfrd when zone transfer TCP contains zero length packets.
- Fix for NSEC3 zones where parent zone is co-hosted, also NSEC3,
because AXFRs overwrote nsec3 administration in the child zone.
- Fix that bad IXFR updates do not result in double SOA records,
and that an AXFR is started (attempted) when the zone state seems
to be inconsistent with the master's zone state.
- Log ip address for sendto and sendmmsg failures.
- Fix segfaults after read of zones with rr type WKS from zonefile.
- Seed PRNG for openssl at start of daemon, fixes SSL connection issue.
- Bugfix #534: IXFR query loop over UDP for zones that are unchanged.
- (same as in 3.2.16): fix wildcard cname to nxdomain repeated rrset.
- (same as in 3.2.16): Bugfix #542: Match RRSIG TTL with SOA TTL in
negative response.
- Check if configure in srcdir collides with outofdir build.
- Fix#546: output format errors in nsd_munin_ (Thanks Tom Hendrikx).
- Fix printout of high-chars in TXT on NetBSD.
PR: ports/186308
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Note the +AD flag may now be missing on the first response for a given domain,
re-querying within the cache TTL would deliver it. Bug has been reported.
while here
- Add stage support
- Remove the indefinite article from COMMENT
- Convert LICENSE from BSD to BSD3CLAUSE
- Convert USE_GMAKE to USES
PR: ports/185787
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
20140130 multimedia/kino: Not developed since 2009, declared dead 05.08.2013 on there website.
2014-01-31 x11-drivers/xf86-video-imstt: Broken, unsupported and unmaintained upstream.
2014-01-31 x11-drivers/xf86-video-via: Broken, not supported upstream.
2014-01-31 multimedia/vdr-plugin-softdevice: Broken after ffmpeg update (not sure it ever worked)
2014-01-31 sysutils/mbmon: Use sysutils/xmbmon instead. This port will be removed soon
2014-01-31 dns/bind96: EOL in January 2014, consider moving to Bind 9.8 or 9.9
2014-01-31 x11-drivers/xf86-video-nouveau: Not supported, missing kernel support. use the nvidia driver.
- Add some experimental backends
while here
- Convert USE_LUA to USES
PR: ports/185824
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
- Add some experimental backends
while here
- Convert USE_LUA to USES
PR: ports/185824
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
dns/bin99 port in these cases. That fixes an error on the FreeBSD package
build server.
2. Support staging.
3. Support LICENSE framework.
PR: ports/185267
Submitted by: Frank Behrens <frank@harz2014.behrens.de> (maintainer)
- Implement dynamic interface discovery on *BSD
- Fix endless loop with some bogu-nxdomain. Another F_CONFIG botch.
- Ignore ",," in dhcp-host, rather than treating it as ",0,"
Invent an additional .0 so we can later have 2.69rc... releases without
touching PORTEPOCH.
From the PR:
When submitting PR 183682 I was unaware the patch as in PR 182792 wasn't
committed yet. So to my amazing I just noticed the startup problem still
exists.
Enclosed patch is basicly the same as the uncommited one, but besides the
removal of the -w option, knotd now starts by default as a daemon (-d) in
stead of interactive (-i). So I could simplify the startup script a lot.
PR: ports/183891
Submitted by: Leo Vandewoestijne <freebsd@dns-lab.com> (maintainer)
URPL::Prepare is a Perl module that prepares hostname for URBL domain lookup
and is used by Net::DNSBL::MultiDaemon
WWW: http://search.cpan.org/dist/URBL-Prepare/
PR: ports/185089
Submitted by: Kurt Jaeger <fbsd-ports opsec.eu>
Setuptools is the preferred method to manage Python distributions after
many changes to the packaging ecosystem over the past couple of years.
Only ports using USE_PYDISTUTILS= yes are affected by this commit, ports using
USE_PYDISTUTILS= easy_install remains the same however this usage is now
deprecated and should be converted to USE_PYDISTUTILS= yes.
Some Python distributions do not work with setuptools out of the box because
they extend the install command from distutils and not setuptools, and
so they need to be patched accordingly.
pip (which leverages setuptools) works around the issue by using eggs, however
we want to get rid of those as well, as support for "flat" installation is
unavailable or has other issues associated with it.
This work allows us to unify how python packages are built, ensure that Python
distributions are installed consistently, reduces complexity for Python port
maintainers and paves the way for simplifying the Python ports framework in
the future.
With hat on: python
Reviewed by: koobs, antoine
Exp-run: bdrewery
Approved by: bdrewery (portmgr)
Sync LEGAL for djb related ports. I chose not to mark these ports as RESTRICTED
due to the mixed opinions of putting something into the public domain.
Approved by: portmgr (implicit)
- Remove non needed directory creation in stage
- Fix exec line in pkg-plist, ETCDIR already contains
installation prefix and portname directory in etc
PR: ports/184583 [1]
Submitted by: maintainer
Fixes bind-interfaces with IPv6 on FreeBSD.
version 2.68
Use random addresses for DHCPv6 temporary address
allocations, instead of algorithmically determined stable
addresses.
Fix bug which meant that the DHCPv6 DUID was not available
in DHCP script runs during the lifetime of the dnsmasq
process which created the DUID de-novo. Once the DUID was
created and stored in the lease file and dnsmasq
restarted, this bug disappeared.
Fix bug introduced in 2.67 which could result in erroneous
NXDOMAIN returns to CNAME queries.
Fix build failures on MacOS X and openBSD.
Allow subnet specifications in --auth-zone to be interface
names as well as address literals. This makes it possible
to configure authoritative DNS when local address ranges
are dynamic and works much better than the previous
work-around which exempted contructed DHCP ranges from the
IP address filtering. As a consequence, that work-around
is removed. Under certain circumstances, this change wil
break existing configuration: if you're relying on the
contructed-range exception, you need to change --auth-zone
to specify the same interface as is used to construct your
DHCP ranges, probably with a trailing /6 like this:
--auth-zone=example.com,eth0/6 to limit the addresses to
IPv6 addresses of eth0.
Fix problems when advertising deleted IPv6 prefixes. If
the prefix is deleted (rather than replaced), it doesn't
get advertised with zero preferred time. Thanks to Tsachi
for the bug report.
Fix segfault with some locally configured CNAMEs. Thanks
to Andrew Childs for spotting the problem.
Fix memory leak on re-reading /etc/hosts and friends,
introduced in 2.67.
Check the arrival interface of incoming DNS and TFTP
requests via IPv6, even in --bind-interfaces mode. This
isn't possible for IPv4 and can generate scary warnings,
but as it's always possible for IPv6 (the API always
exists) then we should do it always.
Tweak the rules on prefix-lengths in --dhcp-range for
IPv6. The new rule is that the specified prefix length
must be larger than or equal to the prefix length of the
corresponding address on the local interface.
adjust OSVERSION evaluation in ports that specifically use '100050N'.
Approved by: affected maintainers (implicit)
Sponsored by: The FreeBSD Foundation
non-local addresses. Important upstream changes between -rc4 and -rc5:
- Don't overwrite errno before generating message.
- Garbage collect listening sockets when their address is deleted.
- Only set scope_id in addresses to bind() for linklocal addresses.
- Check arrival interface of IPv6 requests, even in --bind-interfaces.
- Relax rules in prefix length in (IPv6) dhcp-range.
Upstream changes:
- Add missing malloc() return-code check.
- Do immediate RA when a prefix goes from old->current.
- Fixes to various compiler warnings.
2543906 Segfault with some CNAMEs. Also memory leak on reload of /etc/hosts.
241fa9c Remove arc4random, we have a good RNG and it's a portability problem.
e142a83 Merge messages to .po files.
- USES=gmake
- Stagify
- Use OPTIONS_SUB
- Install whatever docs would be installed by the installer.
Ruby 1.9 is encoding aware, and it can't open a non US-ASCII file if LANG is
unset (or if LANG mismatches the encoding of the file.)
maintainer timeout.
PR: ports/183413
Submitted by: mat
For all new features, see
http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_0_0_REL/doc/NSD-4-features
This version replaces the nsdc control program with nsd-control.
This requires some manual setup with nsd-control-setup and editing
of the config files. nsd-control is incompatible with nsdc so when
that is used in scripts, these should be adapted.
NSD 3 is still supported as dns/nsd3.
PR: 183888
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
On FreeBSD 10.0, all configuration is installed under
/usr/local/etc/namedb and installs its own rc script in
$PREFIX, which no longer support chroot installations.
LINKS and REPLACE_BASE options are not supported on 10.0
for obvious reasons.
Note for FreeBSD 9.x and earlier users, LINKS is no longer
the default option, though still supported.
On FreeBSD 10.0, all configuration is installed under
/usr/local/etc/namedb and installs its own rc script in
$PREFIX, which no longer support chroot installations.
LINKS and REPLACE_BASE options are not supported on 10.0
for obvious reasons.
Note for FreeBSD 9.x and earlier users, LINKS is no longer
the default option, though still supported.
An UPDATING entry will follow after bind99 is fixed
as well.
On FreeBSD 10.0, all configuration is installed under
/usr/local/etc/namedb and installs its own rc script in
$PREFIX, which no longer support chroot installations.
LINKS and REPLACE_BASE options are not supported on 10.0
for obvious reasons.
Note for FreeBSD 9.x and earlier users, LINKS is no longer
the default option, though still supported.
An UPDATING entry will follow after bind96 and bind99 are fixed
as well.
- Use options helpers to simplify the Makefile
- Remove SQLITE2 option as it was dropped from powerdns on 2012
PR: ports/182902
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) [1]
particularly with NLS enabled when libidn was built without NLS.
While here, group OPTIONS and clean up things a bit, and print
configuration of port and libidn port for debugging.
The particular build failure was
Reported by: Yuri Vorobyev
Changelog: <http://www.thekelleys.org.uk/dnsmasq/CHANGELOG>
Enable NLS and IPV6 options by default.
Use shebangfix on files that need it.
Mark dnsmasq-devel (older than release) IGNORE.
- MKDIR is silent
- ECHO is silent
- INSTALL_* are not silent
- CP/FIND/... are not silent
I fixed a few PORTDOCS misusage, I'll do a second pass.
With Hat: perl@
REVERT: Add --force-fast-ra option. Another thanks to Uwe Schindler.
NEW:
+ Update Spanish transalation. Thanks to Vicente Soriano.
+ Add --ra-param option. Thanks to Vladislav Grishenko for
+ inspiration on this.
+ Add --add-subnet configuration, to tell upstream DNS
+ servers where the original client is. Thanks to DNSthingy
+ for sponsoring this feature.
+ Add --quiet-dhcp, --quiet-dhcp6 and --quiet-ra. Thanks to
+ Kevin Darbyshire-Bryant for the initial patch.
+ Allow A/AAAA records created by --interface-name to be the
+ target of --cname. Thanks to Hadmut Danisch for the
+ suggestion.
+ Avoid treating a --dhcp-host which has an IPv6 address
+ as eligable for use with DHCPv4 on the grounds that it has
+ no address, and vice-versa. Thanks to Yury Konovalov for
+ spotting the problem.
+ Do a better job caching dangling CNAMEs. Thanks to Yves
+ Dorfsman for spotting the problem.
Fix shebang lines of two Perl scripts.
2013-10-10 www/ruby-nora: Does not work with Ruby 1.9
www/aswiki
2013-10-10 textproc/ruby-amrita: Does not work with Ruby 1.9
2013-10-15 security/flowtag: Does not work with Ruby 1.9
2013-10-10 lang/ruby-lua4: Does not work with Ruby 1.9
2013-10-15 dns/dnsdoctor: Does not work with Ruby 1.9
ports unearthed a serious defevt in the original build
process. This changes patches configure file.
There will be a new release of this port which will contain
a new configure file. Until then this patch is needed.
PR: 182183
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
It appears that the -v option (verbose) is handled slightly differently
on DragonFly. FreeBSD appears to be intolerant of where it appears in
the command line while the DragonFly version of "install" insists that
it appear in the early group of options.
In any case, these three ports may be the only ones in the entire ports
collection to use -v switch with ${INSTALL_DATA}, so for the sake of
compatibility and consistency, it is being removed from these
unmaintained ports which also local patches to be removed from DPorts.
on FreeBSD 10, and amd64 on earlier versions.
SSP_UNSAFE is added to disable in a port if it fails to build, but
this should only be used in rare circumstances such as kernel modules.
Otherwise, the port may just be failing due to lack of respecting
LDFLAGS.
On FreeBSD 10, this uses an ldscript in /usr/lib/libc.so to pull in
libssp_nonshared.a to address issues linking on i386 [1].
On earlier FreeBSD versions the WITH_SSP knob will add -lssp_nonshared
to LDFLAGS on i386. This is not needed on amd64. However, several hundred
ports do not currently respect LDFLAGS, so this support is disabled currently
as it causes build failures if a dependency is looking for the stack_chk
symbols.
Many thanks to jlh@ for this as he had many years of patience in getting
all of the necessary pieces [1][2] in.
[1] http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup
PR: ports/138228 [2]
Submitted by: jlh (bsd.ssp.mk based on)
Reviewed by: bapt
With hat: portmgr
exp-runs done: 37 over a month on 91i386,91amd64,10i386,10amd64
Note that the Rate Limiting option has been renamed.
Security Fixes
Previously an error in bounds checking on the private type
'keydata' could be used to deny service through a deliberately
triggerable REQUIRE failure (CVE-2013-4854). [RT #34238]
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
New Features
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
attacks by rate-limiting substantially-identical responses. [RT
#28130]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e
with PKCS#11. [RT #33463]
Added logging messages on slave servers when they forward DDNS
updates to a master. [RT #33240]
Changed the logging category for RRL events from 'queries' to
'query-errors'. [RT #33540]
Security Fixes
Prevents exploitation of a runtime_check which can crash named
when satisfying a recursive query for particular malformed zones.
(CVE-2013-3919) [RT #33690]
Feature Changes
rndc status now also shows the build-id. [RT #20422]
Improved OPT pseudo-record processing to make it easier to support
new EDNS options. [RT #34414]
"configure" now finishes by printing a summary of optional BIND
features and whether they are active or inactive. ("configure
--enable-full-report" increases the verbosity of the summary.)
[RT #31777]
Addressed compatibility issues with newer versions of Microsoft
Visual Studio. [RT #33916]
Improved the 'rndc' man page. [RT #33506]
'named -g' now no longer works with an invalid logging configuration.
[RT #33473]
The default (and minimum) value for tcp-listen-queue is now 10
instead of 3. This is a subtle control setting (not applicable
to all OS environments). When there is a high rate of inbound
TCP connections, it controls how many connections can be queued
before they are accepted by named. Once this limit is exceeded,
new TCP connections will be rejected. Note however that a value
of 10 does not imply a strict limit of 10 queued TCP connections
- the impact of changing this configuration setting will be
OS-dependent. Larger values for tcp-listen queue will permit
more pending tcp connections, which may be needed where there
is a high rate of TCP-based traffic (for example in a dynamic
environment where there are frequent zone updates and transfers).
For most production servers the new default value of 10 should
be adequate. [RT #33029]
"--with-libiconv=${LOCALBASE}" at systems pre OSVERSION 100043 and "" (null)
otherwise;
. convert all ports which has CONFIGURE_ARGS=--with-libiconv=${LOCALBASE}.
Approved by: portmgr (bapt, implicit)
after r254273
- Fix a bunch of ports to properly work after this
- Mark converters/libiconv as IGNORE for systems with iconv in libc
Reviewed by: bapt
Approved by: portmgr (bapt)
Discussed with: bapt, bsam (who both contributed ideas and code)
- Depend on Botan 1.10 and make it new default
- Both Botan and Crypto++ can be compiled in now
- Support MySQL forks like MariaDB
- Ability to choose embedded or system-installed PolarSSL
- Convert USE_GMAKE to USES
- Use EXAMPLES OPTION in plce of NOPORTEXAMPLES
Changelog: http://rtfm.powerdns.com/changelog.html#changelog-auth-3-3
PR: ports/180875
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
https://kb.isc.org/article/AA-01015/0
9.9.3-p1 -> 9.9.3-P2
9.8.5-p1 -> 9.8.5-P2
9.6.x is not affected, neither is 10.x.
Security: CVE-2013-4854 Remote DOS
- Add EUI_RRTYPES option
While here:
- Remove leading article from COMMENT
- Convert tab to space in WWW: line
PR: ports/180741
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
changelog:
- 1.11.0 is mostly a bug fix release, but two new features are support
for the $GENERATE syntax and the TLSA RR type.
- A number of bugs have been fixed as well.
- Python 2.4 or later is required.