13:55 tcberner 

dns/opendnssec: adding EOL message to opendnssec-1.4.14

The upstream has declared this soon to be EOL. The port is now updated
accordingly.

End-of-life announcement: https://www.opendnssec.org/2019/10/

OpenDNSSEC 2.1 was released in February 2017, and in the past
two-and-half year it has proven itself to be stable and viable
upgrade of 1.4, and has additional features and improvements.

Therefore we announce end-of-life of OpenDNSSEC 1.4. One of the steps
towards future releases with better experience and shorter cycles.

Starting today, October 8, 2019, in accordance with our policies,
we will only provide essential fixes and support until 9 October 2020,
after which support will no longer be available. We feel confident
that existing installations can upgrade without much hassle and offer
support to our customers in doing so.

OpenDNSSEC 2.1.4 [1] serves as the replacement for the 1.4 LTS.
The current version is 2.1.6. There is a migration step necessary,
for which you can find a good breakdown at the migration page. [2]

[1] https://svnweb.freebsd.org/ports/head/dns/opendnssec2
[2] https://www.opendnssec.org/migration-from-1-4-to-2-1/

PR:		244610
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

 

14:47 tobik 

Add missing USES={gnome,php,sdl} to the rest

 

18:33 rene 

dns/opendnsssec*: switch to openhsm2 to the HSM option.

 

21:23 swills 

Bump PORTREVISION on ldns consumers

Shared lib version changed in update

Reported by:	sunpoet

 

20:46 gerald 

Bump PORTREVISION for ports depending on the canonical version of GCC
as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3
to GCC 9.1 under most circumstances now after revision 507371.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
   c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, everything INDEX-11 shows with a dependency on lang/gcc9 now.

PR:		238330

 

12:35 pkubaj 

dns/opendnssec: fix build with GCC-based architectures

Since the switch to MySQL 5.7, C11-aware compiler is required:
/usr/bin/ld: cannot find -latomic

Approved by:	mentors (implicit approval)

 

19:29 pi 

dns/opendnssec: update 1.4.12 -> 1.4.14

- OPENDNSSEC-888: Fix up MySQL<->SQLite3 database conversion script.
- OPENDNSSEC-752: Incorrect calculated number of KSKs needed when
  KSK and ZSK have exactly the same parameters. This would prevent
  KSK rollovers.
- OPENDNSSEC-890: Bogus signatures on mismatching TTLs within the same RRset.

PR:		218994
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

 

04:12 miwi 

- Chase ldns shlip bump

PR:		217495

 

09:09 robak 

dns/opendnssec: update 1.4.10 -> 1.4.12

PR:		213610
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH:		2016Q4

 

02:37 marino 

dns/opendnssec: Add SSL flags and honor them

Approved by:	SSL blanket

 

13:25 erwin 

Add conflicts with upcoming opendnssec2

PR:		211019
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:	DK Hostmaster A/S

 

17:09 pi 

dns/opendnssec: 1.4.9 -> 1.4.10

This release fix targets stability issues which have had a history and
have been hard to reproduce.  Issues that have been reported over the
past half year have been fixed that may have even come up earlier as
rare occasions.
Stability should be improved, running OpenDNSSEC as a long term service.

Changes in TTL in the input zone that seem not to be propagated,
notifies to slaves under heavy zone activity load that where not handled
properly and could lead to assertions.
NSEC3PARAM that would appear duplicate in the resulting zone, and
crashes in the signer daemon in seldom race conditions or re-opening due
to a HSM reset.

No migration steps needed when upgrading from OpenDNSSEC 1.4.9.

Also have a look at our OpenDNSSEC 2.0 beta release, its impending
release will help us forward with new development and signal phasing out
historic releases.

Fixes:
- SUPPORT-156 OPENDNSSEC-771: Multiple NSEC3PARAM records in signed
  zone.  After a resalt the signer would fail to remove the old
  NSEC3PARAM RR until a manual resign or incoming transfer.
  Old NSEC3PARAMS are removed when inserting a new record, even if
  they look the same.
- OPENDNSSEC-725: Signer did not properly handle new update while still
  distributing notifies to slaves.
  An AXFR disconnect looked not to be handled gracefully.
- SUPPORT-171: Signer would sometimes hit an assertion using DNS output
  adapter when .ixfr was missing or corrupt but .backup file available.
- Above two issues also in part addresses problems with seemingly
  corrected backup files (SOA serial).  Also an crash on badly
  configured DNS output adapters is averted.
- The signer daemon will now refuse to start when failed to open a
  listen socket for DNS handling.
- OPENDNSSEC-478,750,581 and 582 and SUPPORT-88:
  Segmentation fault in signer daemon when opening and closing HSM
  multiple times. Also addresses other concurrency access by avoiding
  a common context to the HSM (a.k.a. NULL context).
- OPENDNSSEC-798: Improper use of key handles across hsm reopen,
  causing keys not to be available after a re-open.
- SUPPORT-186: IXFR disregards TTL changes, when only TTL of an RR is
  changed.  TTL changes should be treated like any other changes to
  records.
- When OpenDNSSEC now overrides a TTL value, this is now reported in
  the log files.

PR:		209261
Submitted by:	jaap@NLnetLabs.nl (mainainer)

 

16:17 mat 

Move MySQL support from bsd.databases.mk to Uses/mysql.mk.

Also, USE_MYSQL can't happen after bsd.port.pre.mk because it is a USES.

PR:		208971
Submitted by:	mat
Exp-run by:	antoine
With hat:	portmgr
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D5951

 

14:00 mat 

Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.

With hat:	portmgr
Sponsored by:	Absolight

 

13:33 erwin 

Update to 1.4.9

The main motivations for this release are bug fixes related to use
cases with large number of zones (more than 50 zones) in combination
with an XFR based setup. Too much concurrent zone transfers causes new
transfers to be held back. These excess transfers however were not
properly scheduled for later.

No migration steps needed when upgrading from OpenDNSSEC 1.4.8.

Bugfixes:

* Add TCP waiting queue. Fix signer getting 'stuck' when adding many
  zones at once. Thanks to Haavard Eidnes to bringing this to our attention.
* OPENDNSSEC-723: received SOA serial reported as on disk.
* Fix potential locking issue on SOA serial.
* Crash on shutdown. At all times join xfr and dns handler threads.
* Make handling of notifies more consistent. Previous implementation would
  bounce between code paths.

Known Issues:

When using SoftHSM2 compiled with OpenSSL, and libmysql with OpenSSL
as database backend for OpenDNSSEC. "ods-ksmutil key list --verbose"
crashes on exit. This is ultimately a bug in OpenSSL and not new for
this particular release. Make sure you don't use this specific
combination.

From <https://www.opendnssec.org>

PR:             206491
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:   DK Hostmaster A/S

 

13:54 erwin 

Upgrade from version 1.4.7 to 1.4.8.2

NEWS:

    * Support for RFC5011 style KSK rollovers. KSK section in the KASP now
      accepts <RFC5011/> element.
    * Enforcer: New repository option <AllowExtraction/> allows to generate
      keys with CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped
      and extracted from HSM.

Bugfixes:

    * SUPPORT-145: EOF handling an ARM architecture caused signer to hang.
    * Fixed signer hitting assertion on short reply XFR handler.
    * Include revoke bit in keytag calculation.
    * Increased stacksize on some systems (thanks Patrik Lundin!).
    * Stop ods-signerd on SIGINT.

Fixes port problem (reported by *geoffroy desvernay*)

    * Now also installs previous missing migration script convert_database.pl

PR:		203574
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:	DK Hostmaster A/S

 

19:06 tijl 

- Display a stage-qa warning when ports use PREFIX/var instead of /var
- Add --localstatedir=/var to _LATE_CONFIGURE_ARGS (like --mandir) but not
  when CONFIGURE_ARGS already sets it.  (GNU configure scripts set it to
  PREFIX/var when PREFIX != /usr.)
- Add --localstatedir="${PREFIX}/var" to CONFIGURE_ARGS in some ports so
  they aren't affected by this change (for now at least).  This commit is
  meant to ensure that new ports don't make the same mistake.

- games/acm: the configure script in this port is very old; instead of
  patching it more, just replace GNU_CONFIGURE with HAS_CONFIGURE.
- irc/charybdis: it already used /var but adding --localstatedir=/var
  changed the behaviour of the configure script; adjust the port to this.

PR:		199506
Exp-run by:	antoine
Approved by:	portmgr (antoine)

 

15:14 erwin 

Update to 1.4.7 which fixes a bug when using DNS adapters

PR:		195686
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

 

08:40 erwin 

- Fix ownership of var/run/opendnssec
- Fix minor whitespace warning

Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

 

08:30 erwin 

- Fix location of libsofthsm.so [1]
- Fix depency on sqlite with non-default LOCALBASE [2]
- Update to 1.4.6

Updates:
Signer Engine: Print secondary server address when logging notify reply errors.
Build: Fixed various OpenBSD compatibility issues found by Patrik Lundin
<patrik.lundin.swe () gmail.com>.
OPENDNSSEC-621: conf.xml: New options: <PidFile> for both enforcer and signer,
and <SocketFile> for the signer.
New tool: ods-getconf: to retrieve a configuration value from conf.xml given an
expression.

Bugfixes:
OPENDNSSEC-469: ods-ksmutil: 'zone add' command when zonelist.xml.backup can't
be written zone is still added to database, solved it by checking the
zonelist.xml.backup is writable before adding zones, and add error message when
add zone failed.
OPENDNSSEC-617: Signer Engine: Fix DNS Input Adapter to not reject zone the
first time due to RFC 1982 serial arethmetic.
OPENDNSSEC-619: memory leak when signer failed, solved it by add
ldns_rr_free(signature) in libhsm.c
OPENDNSSEC-627: Signer Engine: Unable to update serial after restart when the
backup files has been removed.
OPENDNSSEC-628: Signer Engine: Ingored notifies log level is changed from debug
to info.
OPENDNSSEC-630: Signer Engine: Fix inbound zone transfer for root zone.
libhsm: Fixed a few other memory leaks.
simple-dnskey-mailer.sh: Fix syntax error. (by Patrik Lundin
https://github.com/eest)

PR:		191272 [1], 192021 [2], 192023 [3]
Submitted by:	Andrew Fyfe <andrew@neptune-one.net> [1],
		jhujhiti@adjectivism.org [2],
		Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer) [3]

 

15:09 adamw 

Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS.

 

17:21 miwi 

- Chase database/sqlite3 slib bump

Approved by:	portmgr (myself)

 

18:12 erwin 

Remove explicit showing of pkg-message, it's automatic these days.

Submitted by:	bdrewery

 

15:58 erwin 

Fix some outstanding issues with staging and make it work with both
pkg_install and pkgng.

PR:		189823
Submitted by:	erwin
Prodded by:	swills
Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

 

08:45 erwin 

- Update to 1.4.5

Added Staging support;
Modern options handling where possible.

Bugfixes:

OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key
generation.
OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4 on
MySQL. Reported by Mark Elkins <mje@posix.co.za>

Includes the update to 1.4.4:

Updates:

SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly
if SkipPublicKey is used [OPENDNSSEC-574].
OPENDNSSEC-358: ods-ksmutil: Extend 'key list' command with options to filter on
key type and state. This allows keys in the GENERATE and DEAD state to be
output.
OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals derived
from unsigned delegations (be compatible with servers that are incompatible with
RFC 5155 errata 3441).

Bugfixes:

SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
[OPENDNSSEC-526].
SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
[OPENDNSSEC-529].
SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
[OPENDNSSEC-520].
SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain dates
[OPENDNSSEC-553].
SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
SUPPORT-127: ods-signer: Fix manpage sections.
OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output type
parameter to allow only File or DNS.
OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
OPENDNSSEC-531: ods-ksmutil: Exported value of in 'policy export' output could
be wrong on MySQL.
OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
request with EDNS.
OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation and
alloctaion.
OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
Signer Engine: Fix a race condition when stopping daemon.

PR:		188482
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
Sponsored by:	DK Hostmaster A/S

 

18:28 zeising 

The FreeBSD x11@ and graphics team proudly presents
a zeising, kwm production, with help from dumbbell, bdrewery:

NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE

This update switches over to use the new xorg stack by default on FreeBSD 9
and 10 stable, on osversions where vt(9) is available.
It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in
/etc/make.conf .
FreeBSD 8-STABLE and released versions of FreeBSD still use
the old version.
A package repository with binary packages for new xorg will
be available soon.

This patch also contains updates of libxcb and related ports, pixman, as well
as some drivers and utilities.

Bump portrevisions for xf86-* ports, as well as virtualbox-ose-additions due
to xserver version change.

Apart from these updates, the way shared libraries are handled has been
changed for all xorg ports, as well as libxml2 and freetype, which means
ltverhack is gone and as a consequence shared libraries have been bumped.
The plan is that this change will make library bumps less likely in the
future.
All affected ports have had their portrevisions bumped as a consequence of
this.

Fix some issues where WITH_NEW_XORG weren't detected properly on CURRENT.

Update instructions, hardware support, and more notes can be found on
https://wiki.freebsd.org/Graphics

Thanks to:	all testers, bdrewery and the FreeBSD x11@ team
exp-run by:	bdrewery [1]
PR:		ports/187602 [1]
Approved by:	portmgr (bdrewery), core (jhb)

 

20:25 sunpoet 

- Update to 1.4.3
- While I'm here, add LICENSE and convert to new LIB_DEPENDS format

Changes:	http://www.opendnssec.org/2013/12/04/opendnssec-1-4-3/
PR:		ports/184516
Submitted by:	Jaap Akkerhuis <jaap@nlnetlabs.nl> (maintainer)

 

16:31 bapt 

Add NO_STAGE all over the place in preparation for the staging support (cat:
dns)

 

06:28 bapt 

Convert to new perl framework
Convert from USE_GMAKE to USES=gmake

 

12:17 mat 

Update to 1.4.2

PR:		182012
Submitted by:	mat
Approved by:	maintainer

 

13:12 wg 

dns/opendnssec: update to 1.4.1

- Update to 1.4.1

Changes: http://www.opendnssec.org/2013/06/27/opendnssec-1-4-1/

PR:		ports/180194
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

 

21:00 wg 

dns/opendnssec: fix build with sqlite

- Fix build with non-default LOCALBASE and sqlite

PR:		ports/179606
Submitted by:	Erick Turnquist <jhujhiti@adjectivism.org>
Approved by:	maintainer

 

22:13 wg 

- Update to 1.4.0 [1]
- Add PORTDOCS
- Install extra migration files
- Preserve 1.3.x as dns/opendnssec13

Changes: https://wiki.opendnssec.org/display/DOCS/New+in+OpenDNSSEC+1.4

PR:		ports/178861 [1]
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> [1]
Approved by:	culot (mentor), maintainer

 

14:30 miwi 

- Remove mysql 4X reference

 

00:44 miwi 

- Update to 1.3.13

PR:		176303
Submitted by:	maintainer

 

08:37 rm 

- update to 1.3.12

while here:
- trim Makefile header
- remove trailin dots from options descriptions

PR:		174094
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe:	yes

 

07:58 ak 

- Update ldns to 1.6.15 [1]
- Add an entry to UPDATING about binary incompatibility in previous version of
ldns
- Fix OptionsNG
- Bump PORTREVISION for all ports dependent on dns/ldns
- Remove ABI version numbers from LIB_DEPENDS while I'm here

PR:	ports/173080 [1]
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer) [1]
Approved by:	portmgr (erwin)
Feature safe:	yes

 

12:34 erwin 

Convert to OPTIONSNG

PR:		172903
Submitted by:	me
Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe:	yes

 

07:52 scheidell 

- Update to 1.3.10

PR:		ports/170544
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

12:39 scheidell 

- Update to 1.3.9
- Add GIDs/UIDs 215

PR:             ports/169646
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

04:44 miwi 

- Update to 1.3.7

PR:             166125
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl>(maintainer)
Feature safe:   yes

17:52 jgh 

- Update to 1.3.6

PR:     ports/165216
Submitted by:   maintainer, jaap at NLnetLabs.nl

12:27 culot 

- Update to 1.3.5

Changes:        http://www.opendnssec.org/2012/01/23/opendnssec-1-3-5/
PR:             ports/164628
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

08:54 miwi 

- Update to 1.3.4

PR:             163080
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

07:17 dougb 

Incremental improvements to the rc.d script per
http://lists.freebsd.org/pipermail/cvs-all/2011-July/341217.html

Approved by:    maintainer timeout (2 months)

17:40 dhn 

- Update to 1.3.2

PR:             ports/160828
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

14:40 swills 

- Mark broken with Ruby 1.9

With hat:       ruby@

20:55 jlaffaye 

Update to 1.3.0

PR:             ports/158865
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Approved by:    bapt (mentor)

16:33 dhn 

- Update to 1.2.1

PR:             ports/155889
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

10:49 pav 

- Update to 1.2.0

PR:             ports/154026
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe:   yes

22:48 nivit 

- Add databases/sqlite3 to BUILD_DEPENDS (minimal version required 3.4.2)
- Bump PORTREVISION
- Remove MD5 checksum from distinfo

PR:             ports/152542
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

18:03 araujo 

- Update to 1.1.3.

PR:             ports/150487
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

12:11 sylvio 

- Update to 1.1.2

PR:             ports/150248
Submitted by:   Jaap Akkerhuis <japp@nlnetlabs.nl> (maintainer)

19:19 arved 

Increase minimum required version of dnsruby

PR:             148887
Submitted by:   Ruben van Staveren <ruben@verweg.com>
Approved by:    maitainer

13:34 araujo 

- Update to 1.1.1.

PR:             ports/148476
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

11:47 sylvio 

- Update to 1.1.0

PR:             ports/147134
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

10:33 pav 

- Update to 1.0.0 release

PR:             ports/143712
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

06:25 wen 

OpenDNSSEC was created as an open-source turn-key solution for
DNSSEC. It secures zone data just before it is published in an
authoritative name server.

WWW: http://www.opendnssec.org

PR:             ports/142103
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl>