15:42 mat 

Include a patch to fix CVE-2018-5738 in all the BIND9 ports.

MFH:		2018Q2 (blanket)
Security:	CVE-2018-5738
Sponsored by:	Absolight

 

12:43 mat 

Add BIND9 9.13.0.

The ISC changed their release model, they are now doing
odd-unstable/even-stable release numbering.  This is a development
version, consider it alpha/beta quality.  The next stable release will
be 9.14.0.

Changes:	https://kb.isc.org/article/AA-01612
Sponsored by:	Absolight

 

14:13 mat 

Enable the FILTER_AAAA option by default, the feature was made non
optional in recent versions, so might as well do it in older ones.

PR:		226383
Sponsored by:	Absolight

 

11:21 mat 

Update BIND9 ports to 9.9.12, 9.10.7, 9.11.3 and 9.12.1.

Sponsored by:	Absolight

 

14:29 mat 

Teach named where its pid file should be by default, to be consistent
with the default configuration, rc script, man pages...

PR:		225687
Reported by:	John W. O'Brien
Sponsored by:	Absolight

 

10:43 mat 

Catch up with the conflicts lines in the BIND9 ports.

Sponsored by:	Absolight

 

12:32 mat 

Update named.root.

Sponsored by:	People afraid of a nuclear holocaust.

 

07:59 mat 

Update BIND9* to 9.9.11-P1, 9.10.6-P1, 9.11.2-P1 and 9.12.0rc3

MFH:		2018Q1
Security:	CVE-2017-3145
Sponsored by:	Absolight

 

13:38 mat 

Fix altlog_proglist warning when it contains more than the named service.

PR:		224951
Submitted by:	Trix Farrar
Sponsored by:	Absolight

 

13:55 mat 

Add an extra check to make sure syslogd is correctly configured when
using chroot.

Sponsored by:	Absolight

 

15:48 mat 

Make a note that dns/bind99 and dns/bind910 will be unsupported in a few
months.

Sponsored by:	Absolight

 

15:48 mat 

Add a symlink to named's session-keyfile.

Using nsupdate -l, and chroot was broken because nsupdate could not find
the keyfile by itself.

PR:		223403
Submitted by:	Harald Schmalzbauer
Sponsored by:	Absolight

 

13:20 mat 

Enable the PYTHON option by default, it brings a few interesting DNSSEC
tools.

Sponsored by:	Absolight

 

13:24 mat 

Install the mtree file as .sample to allow users to change them.

Sponsored by:	Absolight

 

22:57 mat 

Update BIND9 ports to 9.{9.11,10.6,11.2}.

Sponsored by:	Absolight

 

18:48 mat 

Update to 9.{9.10,10.5,11.1}-P3.

Sponsored by:	Absolight

 

20:51 mat 

Update to 9.{9.10,10.5,11.1}-P2.

Security:	CVE-2017-3142
Security:	CVE-2017-3143
Sponsored by:	Absolight

 

22:54 mat 

Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1.

MFH:		2017Q2
Security:	CVE-2017-3140
Security:	CVE-2017-3141
Sponsored by:	Absolight

 

13:12 mat 

Update to 9.9.10, 9.10.5, 9.11.1 and 9.12 to latest snapshot.

While there:

Make it more maintainable by sorting stuff in the Makefile and removing
vestigial pre 10.3 things.

Refresh the root zone hints.

"Fix" the configuration section telling you to get some top level
zones from f.root-servers.net, which does not allow axfr any more. [1]

PR:		218656 [1]
Reported by:	Thomas Steen Rasmussen / Tykling [1]
MFH:		2017Q2
Sponsored by:	Absolight

 

10:15 mat 

Unbreak rndc calls when using non default rndc.key location.

PR:		218335
Sponsored by:	Absolight

 

04:21 delphij 

Security update to 9.9.9-P8.

Security:	c6861494-1ffb-11e7-934d-d05099c0ae8c
Approved by:	so

 

22:39 mat 

Update to 9.9.9-P6, 9.10.4-P6 and 9.11.0-P3.

While there, remove the RPZ_PATCH for BIND9 9.9, it has not been updated
for years, and, it does not build any more.

MFH:		2017Q1
Security:	CVE-2017-3135
Sponsored by:	Absolight

 

08:15 mat 

Commit the cleanups that should have gone in with the pervious update.

Sponsored by:	Absolight

 

07:28 delphij 

Security update to 9.9.5-P5.

Approved by:	so
Security:	d4c7e9a9-d893-11e6-9b4d-d050996490d0
MFH:		2017Q1

 

15:40 mat 

Cleanup CONFLICTS.

Sponsored by:	Absolight

 

15:02 mat 

Fixup libedit for all BIND9 ports, and fix spurious json dependency by
adding an option.

PR:		215170
Reported by:	sunpoet
Sponsored by:	Absolight

 

06:38 delphij 

Security update:

dns/bind99:  9.9.9-P3  -> 9.9.9-P4
dns/bind910: 9.10.4-P3 -> 9.10.4-P4
dns/bind911: 9.11.0    -> 9.11.0-P1

Security:	CVE-2016-8864
Submitted by:	mat
MFH:		2016Q4

 

14:37 mat 

Remarke MAKE_JOBS_UNSAFE everywhere.

Sponsored by:	Absolight

 

12:44 mat 

So, on 9, it is failing to build it with jobs.

It builds .a before all the .o that are supposed to go in the .a are
built.  Imagine what happens after that...

Reported by:	Craig Leres
Sponsored by:	Absolight

 

12:55 mat 

Remove MAKE_JOBS_UNSAFE for BIND9.

It was added in 2009 in r232247 without the reason it was failing, I've
tried with -J 2-10, and can't have one of the BIND9 port fail.
Feel free to add it back, but please, add the reason why it fails.

Sponsored by:	Absolight

 

16:10 mat 

Update BIND9 to latest versions, 9.9.9-P3, 9.10.4-P3, 9.11.0rc3

MFH:		2016Q3
Security:	CVE-2016-2776
Sponsored by:	Absolight

 

11:59 mat 

The NEWSTATS and RRL options were removed in BIND9 9.10, so remove them
from here, also, make the upstream default options default for real.

While there, put back the BIND_TOOLS knobs in bind9-devel.

Sponsored by:	Absolight

 

12:29 mat 

Convert to USES=ssl.

Sponsored by:	Absolight

 

11:30 mat 

BIND9 update, 9.9.9-P2, 9.10.4-P2, 9.11.0b2 and latest 9.12 snapshot.

MFH:		2016Q3
Security:	CVE-2016-2775
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000996.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000997.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000998.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000999.html
Sponsored by:	Absolight

 

09:47 mat 

Introduce BIND9 9.11.0b1. (beta1)

BIND 9.11 brings many changes to BIND, including a new license
(the Mozilla Public License 2.0 -- you can read about it here:
https://www.isc.org/blogs/bind9-adopts-the-mpl-2-0-license-with-bind-9-11-0/)
and many new features, including:

-  Catalog zones, a new way to provision zones on slave servers
-  dyndb api, a fast new api enabling BIND to serve zones stored
   in a database (Developed by Petr Spacek of RedHat)
-  RNDC showzone, view-only mode and other improvements
-  dnstap query and response logging (Robert Edmonds is the author
   of dnstap, see www.dnstap.info)
-  EDNS Client-subnet (authoritative server functions)
-  DNSSEC key manager, a new utility (Thanks to Sebastian Castro
   for helping with development.)
-  Automatic CDS/CDSKEY generation
-  Negative Trust Anchors for DNSSEC validators
-  IPv6 bias to encourage use of IPv6 DNS servers
-  Minimal response to "any" queries (Thanks to Tony Finch for
   the contribution)
-  DNS Cookies are now enabled by default, using the standardized code point

Changes:	https://lists.isc.org/pipermail/bind-announce/2016-June/000994.html
Sponsored by:	Absolight

 

13:23 mat 

Fix usage of WITH_OPENSSL_BASE, WITH_OPENSSL_PORT and OPENSSL_PORT.

WITH_OPENSSL_* can't be set after bsd.port.pre.mk.
Fold all other usage into using SSL_DEFAULT == foo

PR:		210149
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	The FreeBSD Foundation, Absolight
Differential Revision:	https://reviews.freebsd.org/D6577

 

08:54 mat 

Update to 9.9.9-P1 and 9.10.4-P1.

Sponsored by:	Absolight

 

13:28 mat 

Add --with-dlopen=yes to the default options to allow using third
parties dlz drivers.

While there:
- enable the DLZ_FILESYSTEM option by default
- convert to USES=mysql and USES=bdb

Requested by:	borius i ua
Sponsored by:	Absolight

 

20:35 amdmi3 

Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by
default anyway and don't need to be listed

Approved by:	portmgr blanket

 

10:04 mat 

Update to 9.9.9.

While there, update the root hints file.

Sponsored by:	Absolight

 

13:53 mat 

Stop bringing in OpenSSL from ports, it builds fine with the base one on
9, and WITH_OPENSSL_PORT does not belong in a port's Makefile anyway.

Not bumping PORTREVISION because:
- if you are building with poudriere, it will detect that a dependency
  has changed and rebuild it.
- if you are building from ports, you will have OpenSSL from ports
  installed, and it will choose to use it.

Sponsored by:	Absolight

 

14:00 mat 

Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.

With hat:	portmgr
Sponsored by:	Absolight

 

21:16 mat 

Update to 9.9.8-P4, 9.10.3-P4 and latest snapshot.

MFH:		2016Q1 (obviously)
Security:	CVE-2016-1285
Security:	CVE-2016-1286
Security:	CVE-2016-2088
Sponsored by:	Absolight

 

21:13 mat 

Update bind99 to 9.9.8-P3, bind910 to 9.10.3-P3 and bind9-devel to
latest snapshot.

MFH:		2016Q1
Security:	CVE-2015-8704
Security:	CVE-2015-8705
Sponsored by:	Absolight

 

00:45 mat 

Update BIND9 to the latest patch releases, 9.9.8-P2, 9.10.3-P2, and snapshot.

MFH:		2015Q4
Changes:	https://kb.isc.org/article/AA-01326/81/BIND-9.9.8-P2-Release-Notes.html
Changes:	https://kb.isc.org/article/AA-01328/81/BIND-9.10.3-P2-Release-Notes.html
Security:	CVE-2015-3193
Security:	CVE-2015-8000
Security:	CVE-2015-8461
Sponsored by:	Absolight

 

10:05 mat 

Fix build on -CURRENT. [1]

- Force building with libedit
- Bump PORTREVISION to account for accidental succesful builds

PR:		203273 [1]
Sponsored by:	Absolight

 

22:11 mat 

Fixup gssapi from base.

Submitted by:	hrs
Sponsored by:	Absolight

 

08:12 mat 

Update to bind99 to 9.9.8 & bind910 to 9.10.3.

- Add new QUERYTRACE & FETCHLIMIT.
  Note that QUERYTRACE is for debug purposes, and will eat your
  performances.
- Don't do the PORTREVISION patch if PORTREVISION is 0.
- Regen some patches

Changes:	https://lists.isc.org/pipermail/bind-announce/2015-September/000961.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2015-September/000962.html
Sponsored by:	Absolight

 

20:46 mat 

Update BIND to 9.9.7-P3 and 9.10.2-P4.

MFH:		2015Q3 (Also needs 393161 395660 395703)
Security:	CVE-2015-5722, CVE-2015-5986
Sponsored by:	Absolight

 

16:43 mat 

Add an option for embedding PORTREVISION in the server's version string.

Sponsored by:	Absolight

 

10:06 mat 

When not using OpenSSL from ports, do not try to unmount the chrooted
engines directory.

PR:		201423 (based on)
Submitted by:	girgen
Sponsored by:	Absolight

 

14:36 mat 

Add an option to enable the bind min override ttl patch.

Requested by:	Laurent Frigault
Sponsored by:	Absolight

 

22:21 mat 

Update BIND9.

- 9.9 -> 9.9.7-P2
- 9.10 -> 9.10.2-P3

Security:	CVE-2015-5477
Sponsored by:	Absolight

 

22:15 mat 

Update BIND 9.9 to 9.9.7-P1 and 9.10 to 9.10.2-P2.

MFH:		2015Q3
Security:	CVE-2015-4620
Sponsored by:	Absolight

 

10:13 mat 

Make BIND start a bit later (and really *after* ldconfig.) [1]
Add an option to have it start way later.

PR:		200375 [1]
Sponsored by:	Absolight

 

11:41 mat 

Allow BIND 9.10 users to select the old key format when using GOST.[1]

While there, reword the options a bit, and the pkg-help files.

PR:		200031 [1]
Submitted by:	 Leo Vandewoestijne [1]
Sponsored by:	Absolight

 

14:43 mat 

When named.conf was placed somewhere else than %%ETCDIR%%, rndc would stop
working.

PR:		199384
Submitted by:	Curtis Villamizar
Sponsored by:	Absolight

 

22:36 marino 

dns/bind99, dns/bind910: support no-base option on DragonFly

Approved by:	mat (maintainer)

 

15:03 mat 

Enhance the error message when running from a jail without devfs.

Sponsored by:	Absolight

 

15:22 mat 

Add chroot back to BIND's startup script.

Differential Revision:	https://reviews.freebsd.org/D1952
Sponsored by:	Absolight

 

02:03 mat 

Update dns/bind99 to 9.9.7 and dns/bind910 to 9.10.2.

On 8 and 9, use the same configuration path than on 10+, ${PREFIX}/etc/namedb/.

Sponsored by:	Absolight

 

22:37 mat 

Update BIND 9.9 and 9.10 to the latest security patch.

Sponsored by:	Absolight

 

21:56 mat 

Add a patch for CVE-2015-1349 while I work on updating both ports to the new
version.

Security:	CVE-2015-1349
Sponsored by:	Absolight

 

15:04 mat 

Generate the RPZ patch filename from ISCVERSION directly.

Sponsored by:	Absolight

 

15:01 mat 

Add a note about running the right BIND daemon on 8 and 9.

Sponsored by:	Absolight

 

23:54 mat 

Really remove BIND_DESTETC.

Noticed by:	wblock, Matt Mullins
Sponsored by:	Absolight

 

17:44 mat 

Retire REPLACE_BASE option.

While there, reduce changes from bind99 and bind910 ports.

Sponsored by:	Absolight

 

17:29 mat 

Security update of BIND9 to 9.9.6-P1 and 9.10.1-P1.

Security:	CVE-2014-8500 CVE-2014-8680
Sponsored by:	Absolight

 

17:41 mat 

Fix three ports forgotten by the USE_PGSQL removal.  (Fix a typo in devel/upp.)

Sponsored by:	Absolight

 

17:51 mat 

Install the bind.keys file with the root and dlv.isc.org keys.

Sponsored by:	Absolight

 

10:25 mat 

Note REPLACE_BASE will get removed.

Sponsored by:	Absolight

 

13:25 mat 

Update to 9.9.6.

Sponsored by:	Absolight

 

10:24 mat 

configure no longer has problems detecting our arch like it had in bind95's
time, so remove ARCH modification, which leads to other problems, like [1]

PR:		193359 [1]
Submitted by:	dinoex [1]
Sponsored by:	Absolight

 

22:16 mat 

Enable RRL by default.

Requested by:	so many my head hurts
Sponsored by:	Absolight

 

18:34 tijl 

net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample

databases/libgdamm:
- Drop :keepla
- USES=tar:bzip2
- Use INSTALL_TARGET=install-strip

databases/libgdamm5:
- Add INSTALL_TARGET=install-strip
- Drop --enable-static (inherited from old repocopy)

devel/anjuta x11-toolkits/py-gnome-extras:
- Drop :keepla

dns/powerdns dns/powerdns-devel:
- Convert to USES=libtool
- Add INSTALL_TARGET=install-strip
- Disable static modules
- Stop creating library symlinks with .0 suffix, not needed for dynamically
  opened modules

mail/dovecot2:
- Add USES=libtool

mail/dovecot2-pigeonhole:
- Drop CONFIGURE_TARGET (incorrect for Dragonfly)
- Add USES=libtool and INSTALL_TARGET=install-strip

math/gnumeric:
- USES=libtool tar:xz

Approved by:	portmgr (implicit, bump unstaged ports)

 

15:38 mat 

And it's supposed to be lower case.

Sponsored by:	Absolight

 

15:28 mat 

Add CPE to BIND9.

Sponsored by:	Absolight

 

15:15 mat 

Add a PYTHON option to bind99 and bind910, it installs a couple of dnssec
related utilities.
Use bind's own Makefiles for installation in bind-tools.

Sponsored by:	Absolight

 

12:23 mat 

Fix dns/bind-tools after the gssapi update.

Also, move it from BIND 9.9 to 9.10, and add delv and nsupdate.

Sponsored by:	Absolight

 

17:16 mat 

Remove test bits.

Pointy hat to:	mat
Sponsored by:	Absolight

 

15:01 mat 

Convert dns/bind9* to USES=gssapi.

Sponsored by:	Absolight

 

13:14 mat 

Correct local path for rpz* patchs.

Sponsored by:	Absolight

 

14:18 mat 

Update to 9.9.5-P1.

Changes:	https://lists.isc.org/pipermail/bind-announce/2014-June/000913.html
Sponsored by:	Absolight

 

10:24 mat 

Unbreak, it seems not everybody as switched to pkg yet...

Sponsored by:	Absolight

 

10:59 mat 

Don't install rndc.conf

It is generated by the rc script during the first startup.  And if
the file is present, it messes up the rndc.key generation.

Poked by:	Alain Audebert
Sponsored by:	Absolight

 

21:30 mat 

Fix build with GOST (on 10, base OpenSSL doesn't have it)
Make sure OpenSSL from ports is used < 10.

Sponsored by:	Absolight

 

03:13 mat 

Ok, revert r354129, it was a bad idea.

Poked by:	many
Sponsored by:	Absolight

 

14:12 mat 

Try and fix the plist for bind9* ports when <10.

Poked by:	swills
Sponsored by:	Absolight

 

23:59 mat 

Make GOST in BIND 9.* optional

Test Plan: Currently testing in poudriere

Differential Revision: https://phabric.freebsd.org/D12

 

16:43 mat 

Fix the rc script reload command.

Noticed by:	David Samms
Sponsored by:	Absolight

 

18:28 zeising 

The FreeBSD x11@ and graphics team proudly presents
a zeising, kwm production, with help from dumbbell, bdrewery:

NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE

This update switches over to use the new xorg stack by default on FreeBSD 9
and 10 stable, on osversions where vt(9) is available.
It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in
/etc/make.conf .
FreeBSD 8-STABLE and released versions of FreeBSD still use
the old version.
A package repository with binary packages for new xorg will
be available soon.

This patch also contains updates of libxcb and related ports, pixman, as well
as some drivers and utilities.

Bump portrevisions for xf86-* ports, as well as virtualbox-ose-additions due
to xserver version change.

Apart from these updates, the way shared libraries are handled has been
changed for all xorg ports, as well as libxml2 and freetype, which means
ltverhack is gone and as a consequence shared libraries have been bumped.
The plan is that this change will make library bumps less likely in the
future.
All affected ports have had their portrevisions bumped as a consequence of
this.

Fix some issues where WITH_NEW_XORG weren't detected properly on CURRENT.

Update instructions, hardware support, and more notes can be found on
https://wiki.freebsd.org/Graphics

Thanks to:	all testers, bdrewery and the FreeBSD x11@ team
exp-run by:	bdrewery [1]
PR:		ports/187602 [1]
Approved by:	portmgr (bdrewery), core (jhb)

 

20:43 mat 

Two changes to the RC script
- Add a dependency on ldconfig
- Allow people to change the pidfile

PR:		188439
Submitted by:	Oliver Lehmann
Sponsored by:	Absolight

 

14:14 mat 

- Add a patch to install missing man page
- Add dnssec-* tools to bind-tools[1]

Requested by:	many [1]
Sponsored by:	Absolight

 

13:30 mat 

- Fix startup script
- Fix whitespace

PR:		188011
Submitted by:	takefu
Sponsored by:	Absolight

 

17:25 mat 

Finaly pet rclint.

With help from:	crees
Sponsored by:	Absolight

 

15:46 mat 

Remove GSSAPI from the default options.

Almost nobody needs it, and people keep having a hard time building BIND
because of this.

Sponsored by:	Absolight

 

18:46 mat 

- Use SUB_FILES for named.conf and the rc script
- Fix some package installation warnings

Sponsored by:	Absolight

 

17:31 mat 

Always depend on libxml[1]
Add XML newstats support to bind99[2]

PR:		186890[1], 186791[2]
Submitted by:	Jason Mann[1], Matthew Seaman[2]
Sponsored by:	Absolight

 

17:12 mat 

Try and have BIND start earlier.

Sponsored by:	Absolight

 

17:37 mat 

Actually commit what I tested.

Sponsored by:	Absolight