aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--www/dtse/Makefile2
-rw-r--r--www/dtse/distinfo1
-rw-r--r--www/dtse/pkg-descr3
3 files changed, 2 insertions, 4 deletions
diff --git a/www/dtse/Makefile b/www/dtse/Makefile
index 48abbc478caf..2cd01f9c6a6e 100644
--- a/www/dtse/Makefile
+++ b/www/dtse/Makefile
@@ -15,6 +15,8 @@ DISTNAME= ${PORTNAME}-${PORTVERSION}-src
MAINTAINER= douglas@douglasthrift.net
COMMENT= An indexing search engine for use on small websites
+LICENSE= ASL
+
.if defined(WITH_OPENSSL)
USE_OPENSSL= yes
CONFIGURE_ARGS+= --with-openssl=${OPENSSLBASE}
diff --git a/www/dtse/distinfo b/www/dtse/distinfo
index edcbe0031a89..15b0d918e458 100644
--- a/www/dtse/distinfo
+++ b/www/dtse/distinfo
@@ -1,3 +1,2 @@
-MD5 (dtse-1.3-src.tar.bz2) = 71073a012897661189d4998b53fa1a5d
SHA256 (dtse-1.3-src.tar.bz2) = f2460ce788017d6b38edf8bef8a3b031694d1bf17eb461d65ac0a60a31046c72
SIZE (dtse-1.3-src.tar.bz2) = 89603
diff --git a/www/dtse/pkg-descr b/www/dtse/pkg-descr
index c0b9012273ae..a1d76e14211a 100644
--- a/www/dtse/pkg-descr
+++ b/www/dtse/pkg-descr
@@ -5,6 +5,3 @@ indexing, it supports both the Robots Exclusion Protocol and the Robots META
Tag as specified at http://www.robotstxt.org/wc/exclusion.html.
WWW: http://computers.douglasthrift.net/searchengine/
-
-- Douglas Thrift
-douglas@douglasthrift.net
generated by cgit (git 2.34.1) at 2024-11-23 19:02:27 +0800
class='column1'>| | | | | | | | | Using nsupdate -l, and chroot was broken because nsupdate could not find the keyfile by itself. PR: 223403 Submitted by: Harald Schmalzbauer Sponsored by: Absolight * Enable the PYTHON option by default, it brings a few interesting DNSSECmat2018-02-041-2/+2 | | | | | | tools. Sponsored by: Absolight * Install the mtree file as .sample to allow users to change them.mat2018-02-042-5/+5 | | | | Sponsored by: Absolight * Update BIND9 ports to 9.{9.11,10.6,11.2}.mat2018-02-043-10/+10 | | | | Sponsored by: Absolight * Update to 9.{9.10,10.5,11.1}-P3.mat2017-07-112-4/+4 | | | | Sponsored by: Absolight * Update to 9.{9.10,10.5,11.1}-P2.mat2017-06-302-4/+4 | | | | | | Security: CVE-2017-3142 Security: CVE-2017-3143 Sponsored by: Absolight * Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1.mat2017-06-152-4/+4 | | | | | | | MFH: 2017Q2 Security: CVE-2017-3140 Security: CVE-2017-3141 Sponsored by: Absolight * Remove special handling for testing and documentation domains, per RFCmat2017-06-152-10/+10 | | | | | | | | | | | | 6761 recommendations. While there: - Fix invalid syntax in sample slave config. - Add a message about having syslogd working with BIND9 chroot. PR: 217915 Reported by: eserte12 yahoo de Sponsored by: Absolight * Update to 9.9.10, 9.10.5, 9.11.1 and 9.12 to latest snapshot.mat2017-04-208-122/+141 | | | | | | | | | | | | | | | | | While there: Make it more maintainable by sorting stuff in the Makefile and removing vestigial pre 10.3 things. Refresh the root zone hints. "Fix" the configuration section telling you to get some top level zones from f.root-servers.net, which does not allow axfr any more. [1] PR: 218656 [1] Reported by: Thomas Steen Rasmussen / Tykling [1] MFH: 2017Q2 Sponsored by: Absolight * Unbreak rndc calls when using non default rndc.key location.mat2017-04-132-13/+18 | | | | | PR: 218335 Sponsored by: Absolight * Security update to 9.9.9-P8.delphij2017-04-132-4/+4 | | | | | Security: c6861494-1ffb-11e7-934d-d05099c0ae8c Approved by: so * Update to 9.9.9-P6, 9.10.4-P6 and 9.11.0-P3.mat2017-02-092-12/+6 | | | | | | | | | While there, remove the RPZ_PATCH for BIND9 9.9, it has not been updated for years, and, it does not build any more. MFH: 2017Q1 Security: CVE-2017-3135 Sponsored by: Absolight * Commit the cleanups that should have gone in with the pervious update.mat2017-01-125-85/+26 | | | | Sponsored by: Absolight * Security update to 9.9.5-P5.delphij2017-01-122-7/+6 | | | | | | Approved by: so Security: d4c7e9a9-d893-11e6-9b4d-d050996490d0 MFH: 2017Q1 * Cleanup CONFLICTS.mat2016-12-091-1/+1 | | | | Sponsored by: Absolight * Fixup libedit for all BIND9 ports, and fix spurious json dependency bymat2016-12-091-2/+2 | | | | | | | | adding an option. PR: 215170 Reported by: sunpoet Sponsored by: Absolight * Security update:delphij2016-11-023-12/+12 | | | | | | | | | | dns/bind99: 9.9.9-P3 -> 9.9.9-P4 dns/bind910: 9.10.4-P3 -> 9.10.4-P4 dns/bind911: 9.11.0 -> 9.11.0-P1 Security: CVE-2016-8864 Submitted by: mat MFH: 2016Q4 * Remarke MAKE_JOBS_UNSAFE everywhere.mat2016-10-041-4/+2 | | | | Sponsored by: Absolight * So, on 9, it is failing to build it with jobs.mat2016-09-301-0/+4 | | | | | | | | It builds .a before all the .o that are supposed to go in the .a are built. Imagine what happens after that... Reported by: Craig Leres Sponsored by: Absolight * Remove MAKE_JOBS_UNSAFE for BIND9.mat2016-09-281-2/+0 | | | | | | | | It was added in 2009 in r232247 without the reason it was failing, I've tried with -J 2-10, and can't have one of the BIND9 port fail. Feel free to add it back, but please, add the reason why it fails. Sponsored by: Absolight * Update BIND9 to latest versions, 9.9.9-P3, 9.10.4-P3, 9.11.0rc3mat2016-09-282-7/+7 | | | | | | MFH: 2016Q3 Security: CVE-2016-2776 Sponsored by: Absolight * The NEWSTATS and RRL options were removed in BIND9 9.10, so remove themmat2016-08-311-3/+4 | | | | | | | | from here, also, make the upstream default options default for real. While there, put back the BIND_TOOLS knobs in bind9-devel. Sponsored by: Absolight * Convert to USES=ssl.mat2016-08-081-1/+1 | | | | Sponsored by: Absolight * Add distfile missed in last commit.mat2016-07-191-1/+3 | * BIND9 update, 9.9.9-P2, 9.10.4-P2, 9.11.0b2 and latest 9.12 snapshot.mat2016-07-192-6/+4 | | | | | | | | | | MFH: 2016Q3 Security: CVE-2016-2775 Changes: https://lists.isc.org/pipermail/bind-announce/2016-July/000996.html Changes: https://lists.isc.org/pipermail/bind-announce/2016-July/000997.html Changes: https://lists.isc.org/pipermail/bind-announce/2016-July/000998.html Changes: https://lists.isc.org/pipermail/bind-announce/2016-July/000999.html Sponsored by: Absolight * Introduce BIND9 9.11.0b1. (beta1)mat2016-07-041-2/+2 | | | | | | | | | | | | | | | | | | | | | | | | | | BIND 9.11 brings many changes to BIND, including a new license (the Mozilla Public License 2.0 -- you can read about it here: https://www.isc.org/blogs/bind9-adopts-the-mpl-2-0-license-with-bind-9-11-0/) and many new features, including: - Catalog zones, a new way to provision zones on slave servers - dyndb api, a fast new api enabling BIND to serve zones stored in a database (Developed by Petr Spacek of RedHat) - RNDC showzone, view-only mode and other improvements - dnstap query and response logging (Robert Edmonds is the author of dnstap, see www.dnstap.info) - EDNS Client-subnet (authoritative server functions) - DNSSEC key manager, a new utility (Thanks to Sebastián Castro for helping with development.) - Automatic CDS/CDSKEY generation - Negative Trust Anchors for DNSSEC validators - IPv6 bias to encourage use of IPv6 DNS servers - Minimal response to “any” queries (Thanks to Tony Finch for the contribution) - DNS Cookies are now enabled by default, using the standardized code point Changes: https://lists.isc.org/pipermail/bind-announce/2016-June/000994.html Sponsored by: Absolight * Fix usage of WITH_OPENSSL_BASE, WITH_OPENSSL_PORT and OPENSSL_PORT.mat2016-06-161-2/+2 | | | | | | | | | | | WITH_OPENSSL_* can't be set after bsd.port.pre.mk. Fold all other usage into using SSL_DEFAULT == foo PR: 210149 Submitted by: mat Exp-run by: antoine Sponsored by: The FreeBSD Foundation, Absolight Differential Revision: https://reviews.freebsd.org/D6577 * Update to 9.9.9-P1 and 9.10.4-P1.mat2016-05-262-6/+7 | | | | Sponsored by: Absolight * Add --with-dlopen=yes to the default options to allow using thirdmat2016-05-251-4/+5 | | | | | | | | | | | parties dlz drivers. While there: - enable the DLZ_FILESYSTEM option by default - convert to USES=mysql and USES=bdb Requested by: borius i ua Sponsored by: Absolight * Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled ↵amdmi32016-05-241-1/+1 | | | | | | by default anyway and don't need to be listed Approved by: portmgr blanket * Update to 9.9.9.mat2016-04-295-21/+21 | | | | | | While there, update the root hints file. Sponsored by: Absolight * Stop bringing in OpenSSL from ports, it builds fine with the base one onmat2016-04-061-7/+9 | | | | | | | | | | | | 9, and WITH_OPENSSL_PORT does not belong in a port's Makefile anyway. Not bumping PORTREVISION because: - if you are building with poudriere, it will detect that a dependency has changed and rebuild it. - if you are building from ports, you will have OpenSSL from ports installed, and it will choose to use it. Sponsored by: Absolight * Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.mat2016-04-011-2/+2 | | | | | With hat: portmgr Sponsored by: Absolight * Update to 9.9.8-P4, 9.10.3-P4 and latest snapshot.mat2016-03-103-11/+11 | | | | | | | | MFH: 2016Q1 (obviously) Security: CVE-2016-1285 Security: CVE-2016-1286 Security: CVE-2016-2088 Sponsored by: Absolight * Update bind99 to 9.9.8-P3, bind910 to 9.10.3-P3 and bind9-devel tomat2016-01-203-18/+20 | | | | | | | | | latest snapshot. MFH: 2016Q1 Security: CVE-2015-8704 Security: CVE-2015-8705 Sponsored by: Absolight * Update BIND9 to the latest patch releases, 9.9.8-P2, 9.10.3-P2, and snapshot.mat2015-12-163-10/+10 | | | | | | | | | | MFH: 2015Q4 Changes: https://kb.isc.org/article/AA-01326/81/BIND-9.9.8-P2-Release-Notes.html Changes: https://kb.isc.org/article/AA-01328/81/BIND-9.10.3-P2-Release-Notes.html Security: CVE-2015-3193 Security: CVE-2015-8000 Security: CVE-2015-8461 Sponsored by: Absolight * Fix build WITH=DLZ_BDB.mat2015-10-081-6/+15 | | | | | PR: 201715 Sponsored by: Absolight * Fix build on -CURRENT. [1]mat2015-09-251-1/+5 | | | | | | | | - Force building with libedit - Bump PORTREVISION to account for accidental succesful builds PR: 203273 [1] Sponsored by: Absolight * Fixup gssapi from base.mat2015-09-192-14/+84 | | | | | Submitted by: hrs Sponsored by: Absolight * Update to bind99 to 9.9.8 & bind910 to 9.10.3.mat2015-09-164-30/+31 | | | | | | | | | | | | - Add new QUERYTRACE & FETCHLIMIT. Note that QUERYTRACE is for debug purposes, and will eat your performances. - Don't do the PORTREVISION patch if PORTREVISION is 0. - Regen some patches Changes: https://lists.isc.org/pipermail/bind-announce/2015-September/000961.html Changes: https://lists.isc.org/pipermail/bind-announce/2015-September/000962.html Sponsored by: Absolight * Update BIND to 9.9.7-P3 and 9.10.2-P4.mat2015-09-032-6/+6 | | | | | | MFH: 2015Q3 (Also needs 393161 395660 395703) Security: CVE-2015-5722, CVE-2015-5986 Sponsored by: Absolight * Add an option for embedding PORTREVISION in the server's version string.mat2015-09-011-2/+8 | | | | Sponsored by: Absolight * When not using OpenSSL from ports, do not try to unmount the chrootedmat2015-08-312-5/+5 | | | | | | | | engines directory. PR: 201423 (based on) Submitted by: girgen Sponsored by: Absolight * Add an option to enable the bind min override ttl patch.mat2015-07-292-2/+82 | | | | | Requested by: Laurent Frigault Sponsored by: Absolight * Update BIND9.mat2015-07-292-6/+6 | | | | | | | | - 9.9 -> 9.9.7-P2 - 9.10 -> 9.10.2-P3 Security: CVE-2015-5477 Sponsored by: Absolight * Update BIND 9.9 to 9.9.7-P1 and 9.10 to 9.10.2-P2.mat2015-07-082-5/+5 | | | | | | MFH: 2015Q3 Security: CVE-2015-4620 Sponsored by: Absolight * Make BIND start a bit later (and really *after* ldconfig.) [1]mat2015-06-013-4/+16 | | | | | | | Add an option to have it start way later. PR: 200375 [1] Sponsored by: Absolight * Allow BIND 9.10 users to select the old key format when using GOST.[1]mat2015-05-182-9/+9 | | | | | | | | While there, reword the options a bit, and the pkg-help files. PR: 200031 [1] Submitted by: Leo Vandewoestijne [1] Sponsored by: Absolight * When named.conf was placed somewhere else than %%ETCDIR%%, rndc would stopmat2015-04-302-4/+18 | | | | | | | | working. PR: 199384 Submitted by: Curtis Villamizar Sponsored by: Absolight * dns/bind99, dns/bind910: support no-base option on DragonFlymarino2015-04-021-2/+2 | | | | Approved by: mat (maintainer) * Enhance the error message when running from a jail without devfs.mat2015-03-312-6/+7 | | | | Sponsored by: Absolight * Add chroot back to BIND's startup script.mat2015-03-246-55/+274 | | | | | Differential Revision: https://reviews.freebsd.org/D1952 Sponsored by: Absolight * Update dns/bind99 to 9.9.7 and dns/bind910 to 9.10.2.mat2015-02-263-15/+18 | | | | | | On 8 and 9, use the same configuration path than on 10+, ${PREFIX}/etc/namedb/. Sponsored by: Absolight * Update BIND 9.9 and 9.10 to the latest security patch.mat2015-02-193-60/+8 | | | | Sponsored by: Absolight * Add a patch for CVE-2015-1349 while I work on updating both ports to the new ↵mat2015-02-192-1/+53 | | | | | | | version. Security: CVE-2015-1349 Sponsored by: Absolight * Generate the RPZ patch filename from ISCVERSION directly.mat2015-01-061-1/+1 | | | | Sponsored by: Absolight * Add a note about running the right BIND daemon on 8 and 9.mat2015-01-062-2/+8 | | | | Sponsored by: Absolight * Really remove BIND_DESTETC.mat2015-01-063-169/+169 | | | | | Noticed by: wblock, Matt Mullins Sponsored by: Absolight * Retire REPLACE_BASE option.mat2015-01-064-173/+156 | | | | | | While there, reduce changes from bind99 and bind910 ports. Sponsored by: Absolight * Security update of BIND9 to 9.9.6-P1 and 9.10.1-P1.mat2014-12-093-7/+8 | | | | | Security: CVE-2014-8500 CVE-2014-8680 Sponsored by: Absolight * Fix three ports forgotten by the USE_PGSQL removal. (Fix a typo in devel/upp.)mat2014-11-251-1/+1 | | | | Sponsored by: Absolight * Install the bind.keys file with the root and dlv.isc.org keys.mat2014-11-182-10/+6 | | | | Sponsored by: Absolight * Note REPLACE_BASE will get removed.mat2014-10-071-0/+4 | | | | Sponsored by: Absolight * Update to 9.9.6.mat2014-09-237-90/+54 | | | | Sponsored by: Absolight * configure no longer has problems detecting our arch like it had in bind95'smat2014-09-071-4/+0 | | | | | | | | time, so remove ARCH modification, which leads to other problems, like [1] PR: 193359 [1] Submitted by: dinoex [1] Sponsored by: Absolight * Enable RRL by default.mat2014-07-301-2/+2 | | | | | Requested by: so many my head hurts Sponsored by: Absolight * net/openldap24-*:tijl2014-07-251-1/+1 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Convert to USES=libtool and bump dependent ports - Avoid USE_AUTOTOOLS - Don't use PTHREAD_LIBS - Use MAKE_CMD databases/glom: - Drop :keepla - Add INSTALL_TARGET=install-strip databases/libgda4* databases/libgda5*: - Convert to USES=libtool and bump dependent ports - USES=tar:xz - Use INSTALL_TARGET=install-strip - Use @sample databases/libgdamm: - Drop :keepla - USES=tar:bzip2 - Use INSTALL_TARGET=install-strip databases/libgdamm5: - Add INSTALL_TARGET=install-strip - Drop --enable-static (inherited from old repocopy) devel/anjuta x11-toolkits/py-gnome-extras: - Drop :keepla dns/powerdns dns/powerdns-devel: - Convert to USES=libtool - Add INSTALL_TARGET=install-strip - Disable static modules - Stop creating library symlinks with .0 suffix, not needed for dynamically opened modules mail/dovecot2: - Add USES=libtool mail/dovecot2-pigeonhole: - Drop CONFIGURE_TARGET (incorrect for Dragonfly) - Add USES=libtool and INSTALL_TARGET=install-strip math/gnumeric: - USES=libtool tar:xz Approved by: portmgr (implicit, bump unstaged ports) * And it's supposed to be lower case.mat2014-07-111-1/+1 | | | | Sponsored by: Absolight * Add CPE to BIND9.mat2014-07-111-0/+8 | | | | Sponsored by: Absolight * Add a PYTHON option to bind99 and bind910, it installs a couple of dnssecmat2014-06-243-4/+27 | | | | | | | related utilities. Use bind's own Makefiles for installation in bind-tools. Sponsored by: Absolight * Fix dns/bind-tools after the gssapi update.mat2014-06-181-11/+3 | | | | | | Also, move it from BIND 9.9 to 9.10, and add delv and nsupdate. Sponsored by: Absolight * Remove test bits.mat2014-06-181-4/+1 | | | | | Pointy hat to: mat Sponsored by: Absolight * Convert dns/bind9* to USES=gssapi.mat2014-06-172-16/+39 | | | | Sponsored by: Absolight * Correct local path for rpz* patchs.mat2014-06-131-1/+1 | | | | Sponsored by: Absolight * Update to 9.9.5-P1.mat2014-06-122-11/+9 | | | | | Changes: https://lists.isc.org/pipermail/bind-announce/2014-June/000913.html Sponsored by: Absolight * Unbreak, it seems not everybody as switched to pkg yet...mat2014-06-092-18/+15 | | | | Sponsored by: Absolight * Don't install rndc.confmat2014-06-062-3/+2 | | | | | | | | It is generated by the rc script during the first startup. And if the file is present, it messes up the rndc.key generation. Poked by: Alain Audebert Sponsored by: Absolight * Fix build with GOST (on 10, base OpenSSL doesn't have it)mat2014-05-182-2/+17 | | | | | | Make sure OpenSSL from ports is used < 10. Sponsored by: Absolight * Ok, revert r354129, it was a bad idea.mat2014-05-162-2/+2 | | | | | Poked by: many Sponsored by: Absolight * Try and fix the plist for bind9* ports when <10.mat2014-05-152-2/+2 | | | | | Poked by: swills Sponsored by: Absolight * Make GOST in BIND 9.* optionalmat2014-05-151-3/+6 | | | | | | Test Plan: Currently testing in poudriere Differential Revision: https://phabric.freebsd.org/D12 * Fix the rc script reload command.mat2014-04-182-2/+9 | | | | | Noticed by: David Samms Sponsored by: Absolight * The FreeBSD x11@ and graphics team proudly presentszeising2014-04-171-1/+1 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a zeising, kwm production, with help from dumbbell, bdrewery: NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE This update switches over to use the new xorg stack by default on FreeBSD 9 and 10 stable, on osversions where vt(9) is available. It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in /etc/make.conf . FreeBSD 8-STABLE and released versions of FreeBSD still use the old version. A package repository with binary packages for new xorg will be available soon. This patch also contains updates of libxcb and related ports, pixman, as well as some drivers and utilities. Bump portrevisions for xf86-* ports, as well as virtualbox-ose-additions due to xserver version change. Apart from these updates, the way shared libraries are handled has been changed for all xorg ports, as well as libxml2 and freetype, which means ltverhack is gone and as a consequence shared libraries have been bumped. The plan is that this change will make library bumps less likely in the future. All affected ports have had their portrevisions bumped as a consequence of this. Fix some issues where WITH_NEW_XORG weren't detected properly on CURRENT. Update instructions, hardware support, and more notes can be found on https://wiki.freebsd.org/Graphics Thanks to: all testers, bdrewery and the FreeBSD x11@ team exp-run by: bdrewery [1] PR: ports/187602 [1] Approved by: portmgr (bdrewery), core (jhb) * Use @sample for my port, cleanup an etc/PORTNAME into ETCDIR.mat2014-04-131-6/+2 | | | | Sponsored by: Absolight * Two changes to the RC scriptmat2014-04-112-5/+5 | | | | | | | | | - Add a dependency on ldconfig - Allow people to change the pidfile PR: 188439 Submitted by: Oliver Lehmann Sponsored by: Absolight * Remove noop patch.mat2014-04-101-12/+0 | | | | Sponsored by: Absolight * - Add a patch to install missing man pagemat2014-04-093-1/+19 | | | | | | | - Add dnssec-* tools to bind-tools[1] Requested by: many [1] Sponsored by: Absolight * - Fix startup scriptmat2014-03-272-4/+4 | | | | | | | | - Fix whitespace PR: 188011 Submitted by: takefu Sponsored by: Absolight * Finaly pet rclint.mat2014-03-262-23/+16 | | | | | With help from: crees Sponsored by: Absolight * Remove GSSAPI from the default options.mat2014-03-251-2/+2 | | | | | | | Almost nobody needs it, and people keep having a hard time building BIND because of this. Sponsored by: Absolight * - Use SUB_FILES for named.conf and the rc scriptmat2014-03-184-12/+8 | | | | | | - Fix some package installation warnings Sponsored by: Absolight * Always depend on libxml[1]mat2014-03-071-7/+8 | | | | | | | | Add XML newstats support to bind99[2] PR: 186890[1], 186791[2] Submitted by: Jason Mann[1], Matthew Seaman[2] Sponsored by: Absolight * Try and have BIND start earlier.mat2014-03-072-2/+3 | | | | Sponsored by: Absolight * Actually commit what I tested.mat2014-03-051-1/+2 | | | | Sponsored by: Absolight * Don't polute isc-config.sh with gssapi flags.mat2014-03-053-9/+36 | | | | | Submitted by: hrs Sponsored by: Absolight * Change the BIND ports to use PKGNAMESUFFIX.mat2014-02-281-2/+3 | | | | Sponsored by: Absolight * Add back the RPZ speed improvements patch.mat2014-02-072-1/+8 | | | | | Many thanks to: Vernon Schryver Sponsored by: Absolight * Update to 9.9.5.mat2014-01-313-6/+12 | | | | | Changes: https://lists.isc.org/pipermail/bind-announce/2014-January/000896.html Sponsored by: Absolight * Revert r341073, static libs are not supposed to be PICgarga2014-01-271-1/+0 | * Add -fPIC to CFLAGS for amd64, this fix static librariesgarga2014-01-261-0/+1 | | | | Approved by: mat@ (maintainer) * Security update to fix CVE-2014-0591 as reported atmat2014-01-142-5/+4 | | | | | | | | | | https://kb.isc.org/article/AA-01078/74/ 9.9.4 -> 9.9.4-P2 9.8.6 -> 9.8.6-P2 9.6-ESV-R10 -> 9.6-ESV-R10-P2 Security: CVE-2014-0591 Remote DOS * Fixup rndc.conf.sample installationmat2014-01-092-4/+7 | | | | Spotted by: antoine * There's always a default value for named_conf now, so no need toerwin2014-01-072-9/+2 | | | | | | | check for it, and espcially not for a wrong value. Noticed by: Stefan Bethke <stb@lassitu.de> Approved by: mat (maintainer) * Yet another round of fixes.mat2014-01-072-27/+26 | | | | | This time, it seems all of REPLACE_BASE, not REPLACE_BASE and post Bind removal from base seem to work consistently. * Fix yet another bug, they're creeping like crazy...mat2014-01-072-2/+2 | * Fix gssapi options knob.mat2014-01-071-2/+2 | * Fix build with LINKS.mat2014-01-062-6/+5 | * Convert to staging and new options.mat2014-01-063-159/+200 | * Add the DOCS option to OPTIONS_DEFAULT.mat2014-01-051-2/+2 | * Hand the BIND ports to a new volunteer.erwin2014-01-021-1/+1 | * Fix build with GSSAPI option without Kerberoserwin2013-12-101-0/+4 | | | | | PR: 184560 Submitted by: Dewayne <dewayne@heuristicsystems.com.au> * bind(96,98,99): Couple OSVERSION with OPSYSmarino2013-12-091-4/+4 | | | | | | OSVERSION is platform-specific and must be used with OPSYS. Approved by: maintainer (erwin) * To prevent fallout of lowering __FreeBSD_version in releng/10.0 branch,gjb2013-12-071-4/+4 | | | | | | | adjust OSVERSION evaluation in ports that specifically use '100050N'. Approved by: affected maintainers (implicit) Sponsored by: The FreeBSD Foundation * Install named.conf as named.conf.sample and don't overwrite on upgradeerwin2013-12-052-4/+8 | | | | | Bullet hole in foot: joeld Pointy hat: erwin * Fix build with GSSAPIerwin2013-12-041-0/+1 | | | | Submitted by: sunpoet * - Respect BIND_DESTETC and PREFIXsunpoet2013-11-231-2/+2 | | | | | Submitted by: sunpoet (myself) Approved by: erwin (maintainer) * Fix startup script.erwin2013-11-222-10/+16 | | | | | | PR: 184159 [1] Submitted by: Pawel Biernacki <pawel.biernacki@gmail.com> [1], Trond Endrestoel <Trond.Endrestol@ximalas.info> (private email) * Support FreeBSD 10.0.erwin2013-11-128-6/+737 | | | | | | | | | | | | On FreeBSD 10.0, all configuration is installed under /usr/local/etc/namedb and installs its own rc script in $PREFIX, which no longer support chroot installations. LINKS and REPLACE_BASE options are not supported on 10.0 for obvious reasons. Note for FreeBSD 9.x and earlier users, LINKS is no longer the default option, though still supported. * Drop support for REPLACE_BIND option after BIND was removed from base,erwin2013-11-041-1/+4 | | | | there's nothing to replace. * Add an option for filter-aaaaerwin2013-09-231-1/+6 | | | | Submitted by: Matej Gregr <matej.gregr@gmail.com> * Add NO_STAGE all over the place in preparation for the staging support (cat: ↵bapt2013-09-211-0/+1 | | | | dns) * Update to 9.9.4erwin2013-09-203-11/+10 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note that the Rate Limiting option has been renamed. Security Fixes Previously an error in bounds checking on the private type 'keydata' could be used to deny service through a deliberately triggerable REQUIRE failure (CVE-2013-4854). [RT #34238] Prevents exploitation of a runtime_check which can crash named when satisfying a recursive query for particular malformed zones. (CVE-2013-3919) [RT #33690] New Features Added Response Rate Limiting (RRL) functionality to reduce the effectiveness of DNS as an amplifier for reflected denial-of-service attacks by rate-limiting substantially-identical responses. [RT #28130] Feature Changes rndc status now also shows the build-id. [RT #20422] Improved OPT pseudo-record processing to make it easier to support new EDNS options. [RT #34414] "configure" now finishes by printing a summary of optional BIND features and whether they are active or inactive. ("configure --enable-full-report" increases the verbosity of the summary.) [RT #31777] Addressed compatibility issues with newer versions of Microsoft Visual Studio. [RT #33916] Improved the 'rndc' man page. [RT #33506] 'named -g' now no longer works with an invalid logging configuration. [RT #33473] The default (and minimum) value for tcp-listen-queue is now 10 instead of 3. This is a subtle control setting (not applicable to all OS environments). When there is a high rate of inbound TCP connections, it controls how many connections can be queued before they are accepted by named. Once this limit is exceeded, new TCP connections will be rejected. Note however that a value of 10 does not imply a strict limit of 10 queued TCP connections - the impact of changing this configuration setting will be OS-dependent. Larger values for tcp-listen queue will permit more pending tcp connections, which may be needed where there is a high rate of TCP-based traffic (for example in a dynamic environment where there are frequent zone updates and transfers). For most production servers the new default value of 10 should be adequate. [RT #33029] Added support for OpenSSL versions 0.9.8y, 1.0.0k, and 1.0.1e with PKCS#11. [RT #33463] Added logging messages on slave servers when they forward DDNS updates to a master. [RT #33240] Changed the logging category for RRL events from 'queries' to 'query-errors'. [RT #33540] * Make GSSAPI support optionalerwin2013-09-171-1/+7 | | | | | PR: 182122 Submitted by: Uwe Doering <gemini@geminix.org> * . introduce ICONV_CONFIGURE_BASE variable at Mk/Uses/iconv.mk. It's value isbsam2013-09-061-1/+2 | | | | | | | | "--with-libiconv=${LOCALBASE}" at systems pre OSVERSION 100043 and "" (null) otherwise; . convert all ports which has CONFIGURE_ARGS=--with-libiconv=${LOCALBASE}. Approved by: portmgr (bapt, implicit) * Update the RPZ+RL patches for both versions.roberto2013-07-282-3/+3 | | | | Approved by: erwin * Put back the two patches for RPZ-RL that were removed during the previousroberto2013-07-271-0/+2 | | | | update. * Security update to fix CVE-2013-4854 as reported atroberto2013-07-272-6/+4 | | | | | | | | | | | https://kb.isc.org/article/AA-01015/0 9.9.3-p1 -> 9.9.3-P2 9.8.5-p1 -> 9.8.5-P2 9.6.x is not affected, neither is 10.x. Security: CVE-2013-4854 Remote DOS * Update to 9.9.3-P1erwin2013-06-052-7/+7 | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security Fixes Prevents exploitation of a runtime_check which can crash named when satisfying a recursive query for particular malformed zones. (CVE-2013-3919) [RT #33690] Now supports NAPTR regular expression validation on all platforms, and avoids memory exhaustion compiling pathological regular expressions. (CVE-2013-2266) [RT #32688] Prevents named from aborting with a require assertion failure on servers with DNS64 enabled. These crashes might occur as a result of specific queries that are received. (CVE-2012-5688) [RT #30792 / #30996] Prevents an assertion failure in named when RPZ and DNS64 are used together. (CVE-2012-5689) [RT #32141] See release notes for further features and bug fixes: https://kb.isc.org/article/AA-00970/0/BIND-9.9.3-P1-Extended-Support-Version-Release-Notes.html Security: CVE-2013-3919 CVE-2013-2266 CVE-2012-5688 CVE-2012-5689 * Update to 9.9.3erwin2013-05-313-7/+8 | * Update RPZ and RRL patch set:erwin2013-05-312-3/+3 | | | | | | | | | | | | | | - address the issue raised by Bob Harold. RRL on recursive servers applies rate limits after waiting for recursion except on sub-domains of domains for which the server is authoritative. - fix the bug reported by Roy Arends in which "slipped" NXDOMAIN responses had rcode values of 0 (NoError) instead of 3 (NXDOMAIN). - move reports of RRL drop and slip actions from the "queries" log category to the "query-errors" category. Because they are not in the "queres" category, enabling or disabling query logging no longer affects them. * Fix typo in RPZRRL_PATCHerwin2013-05-061-1/+1 | | | | Submitted by: Alexander Yerenkow <yerenkow@gmail.com> * Readd dns/bind-tools.zeising2013-04-241-9/+22 | | | | | | | | | This is done in a similar manner as the old bind-tools, but uses bind99 instead of bind97 as master port. Change bind99 to facilitate the bind-tools slave, in a simlar way as was done for bind97. Approved by: erwin (maintainer) * Make pkg-message and pkg-install a local file to the bind98 and bind99erwin2013-04-233-2/+31 | | | | | ports and not include the one from the deprecated bind97 port, which is to be removed. * Update RPZ+RRL patchset to the latest version.erwin2013-04-172-3/+3 | | | | | | | | | | | | | The change makes "slip 1;" send only truncated (TC=1) responses. Without the change, "slip 1;" is the same as the default of "slip 2;". That default, which alternates truncated with dropped responses when the rate limit is exceeded, is better for authoritative DNS servers, because it further reduces the amplification of an attack from about 1X to about 0.5X. DNS RRL is not recommended for recursive servers. Feature safe: yes * Update to 9.9.2-P2erwin2013-03-272-4/+4 | | | | | | | | | Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [RT #32688] Security: CVE-2013-2266 * Update the RPZ+RRL patch files which removeerwin2013-03-152-3/+3 | | | | | | | | working files that should not have been in the patches[1] Also move to a versioned filename for the patches[2] Submitted by: Robert Sargent <robtsgt@gmail.com> [1], Vernon Schryver <vjs@rhyolite.com> [2] * Update RPZ+RRL patch to 028.23erwin2013-02-051-2/+2 | | | | | | | | | | | | | | | A serious Multiple Zone Response Policy Zone (RPZ2) Speed Improvement bug has been fixed. `./configure --enable-rpz-nsip --enable-rpz-nsdname` is now the default. Responses affected by the all-per-second parameter are always dropped. The slip value has no effect on them. There are improved log messages for responses that are dropped or "slipped," because they would require an excessive identical referral. * Reduce lenght of the option description for RPZRRL_PATCH toerwin2013-01-101-1/+1 | | | | | | avoid problems with the older dialog(1) on FreeBSD 8.x Noticed by: Terry Kennedy <terry@tmk.com> * Update the response rate limiting patch to the latesterwin2013-01-092-7/+7 | | | | | | | | | | | released version of January 5, 2013. This also includes performance patches to the BIND9 Response Policy Zones (DNS RPZ), Single Zone Response Policy Zone (RPZ) Speed Improvement, in the same patch. More information: http://ss.vix.su/~vjs/rrlrpz.html * Add LICENSE.erwin2013-01-041-0/+2 | * Add experimental option for Response Rate Limiting patch.erwin2013-01-042-1/+9 | * - Use new OPTIONS_GROUP for DLZ options.[1]erwin2012-12-141-3/+3 | | | | | | | | - This also allows more than one DLZ option to be set.[2] Submitted by: bapt [1] (as RADIO) Suggested by: az [2] (thus GROUP instead) * Update to the latest patch level from ISC:erwin2012-12-052-6/+4 | | | | | | | | | | | | | BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a denial-of-service (DoS) vector against affected servers. Security: 2892a8e2-3d68-11e2-8e01-0800273fe665 CVE-2012-5688 Feature safe: yes * Improve the SSL option descriptionerwin2012-12-031-1/+1 | | | | | Submitted by: Kazunori Fujiwara <fujiwara@jprs.co.jp> Feature safe: yes * Remove gpg signature checking that in itself does noterwin2012-12-031-5/+0 | | | | | | provide any additional security. Feature safe: yes * - Update CONFLICTSerwin2012-11-271-4/+19 | | | | | | | | | | - Fix a typo in the OPTIONSNG conversion - Add FIXED_RRSET option - Add RPZ options (9.8 and 9.8 only) PR: 172586 Submitted by: Craig Leres <leres@ee.lbl.gov> Feature safe: yes * Reduce lenght of the option description for DLZ_MYSQL toerwin2012-10-261-1/+1 | | | | | | | avoid problems with the older dialog(1) on FreeBSD 8.x Noticed by: Terry Kennedy <terry@tmk.com> Feature safe: yes * - Convert to OPTIONSNGerwin2012-10-251-37/+39 | | | | | | - Turn on IPv6 support by default Feature safe: yes * Force python off to disable build time detection of python.erwin2012-10-191-1/+2 | | | | | Submitted by: zeising Feature safe: yes * Update to 9.9.2erwin2012-10-193-6/+8 | | | | Feature safe: yes * Upgrade to the latest BIND patch level:erwin2012-10-102-6/+6 | | | | | | | A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. Security: http://www.vuxml.org/freebsd/57a700f9-12c0-11e2-9f86-001d923933b6.html * Take maintainership of the BIND ports while I'm working on the latesterwin2012-10-101-1/+1 | | | | security releases. * Throw my ports back in the pool, and make my intentions clear for thedougb2012-10-081-7/+1 | | | | | | | | various ports that I've created. I bid fond fare well A chapter closes for me What opens for you? * Upgrade to the latest BIND patch level:dougb2012-09-192-11/+9 | | | | | | | | | | | | | | | | | | | Prevents a crash when queried for a record whose RDATA exceeds 65535 bytes. Prevents a crash when validating caused by using "Bad cache" data before it has been initialized. ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. For more information: https://kb.isc.org/article/AA-00788 * Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion Failuredougb2012-07-252-8/+7 | | | | | | | | | | | in BIND9 High numbers of queries with DNSSEC validation enabled can cause an assertion failure in named, caused by using a "bad cache" data structure before it has been initialized. CVE: CVE-2012-3817 Posting date: 24 July, 2012 * Upgrade to 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, and 9.9.1-P1, the latestdougb2012-06-052-6/+6 | | | | | | | | | | | | | | | | from ISC. These patched versions contain a critical bugfix: Processing of DNS resource records where the rdata field is zero length may cause various issues for the servers handling them. Processing of these records may lead to unexpected outcomes. Recursive servers may crash or disclose some portion of memory to the client. Secondary servers may crash on restart after transferring a zone containing these records. Master servers may corrupt zone data if the zone option "auto-dnssec" is set to "maintain". Other unexpected problems that are not listed here may also be encountered. All BIND users are strongly encouraged to upgrade. * Upgrade to BIND versions 9.9.1, 9.8.3, 9.7.6, and 9.6-ESV-R7,dougb2012-05-233-7/+7 | | | | | | | | | | | | | | | | | | | | the latest from ISC. These versions all contain the following: Feature Change * BIND now recognizes the TLSA resource record type, created to support IETF DANE (DNS-based Authentication of Named Entities) [RT #28989] Bug Fix * The locking strategy around the handling of iterative queries has been tuned to reduce unnecessary contention in a multi- threaded environment. Each version also contains other critical bug fixes. All BIND users are encouraged to upgrade to these latest versions. * Remove patch that is incorporated into version 9.9.1dougb2012-05-231-11/+0 | * Switch to using the PORTDOCS macrodougb2012-04-052-51/+1 | | | | Feature safe: yes * Add a patch from ISC slated for 9.9.1 which fixes an assertion failuredougb2012-03-172-0/+12 | | | | Feature safe: yes * Release version of 9.9.0. Code is identical to rc4.dougb2012-03-012-7/+6 | * Upgrade to rc4, rndc and dlz fixes, including DNSSEC key maintenance timerdougb2012-02-242-6/+6 | * Upgrade to 9.9.0rc3, various small bug fixesdougb2012-02-192-6/+6 | * Update to 9.9.0rc2, which addresses mostly in-line signing bugsdougb2012-02-012-6/+6 |