aboutsummaryrefslogtreecommitdiff
path: root/dns/dnsmasq/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* Clean up some thingsTobias Kortkamp2021-04-151-2/+0
| | | | | | | | | - Remove duplicate variables - Remove nop variables - Sort categories - Remove redundant option descriptions that match the default ones Reported by: portscan
* dns/dnsmasq: security update to v2.85 releaseMatthias Andree2021-04-081-2/+1
| | | | | | | | | | | | | | Changelog: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.85 Configurations where server lines contain a @ character, f.i. server=1.1.1.1@em0 or server=1.1.1.1@192.0.2.1, disabled source port randomization, making cache poisoning attacks possible. v2.85 mitigates this. MFH: 2021Q2 Security: CVE-2021-3448 Security: 5b72b1ff-877c-11eb-bd4f-2f1d57dafe46 (VuXML)
* Remove # $FreeBSD$ from Makefiles.Mathieu Arnold2021-04-061-1/+0
|
* dnsmasq-devel: add test release 2.85rc1Matthias Andree2021-03-181-1/+3
| | | | | | | | | | | | | | | This is to fix a port randomization flaw that subjects dnsmasq to a cache poisoning attack. ChangeLog: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG;h=155fc966f9542259596b41594f4b85775d1f9c9a;hb=023ace8e54c2e83e88082a1073a281d659f2a860#l1 Add CONFLICTS_INSTALL markers. Security: CVE-2021-3448 Security: 5b72b1ff-877c-11eb-bd4f-2f1d57dafe46 Notes: svn path=/head/; revision=568702
* dns/dnsmasq: upgrade to v2.84 (regression fixes)Matthias Andree2021-01-261-2/+3
| | | | | | | | | | | Upstream blessed v2.84 rc2 (which 2.83_1 effectively already was) into v2.84 release, so take it (and patch the upstream bug of leaving "rc2" in the version out). MFH: 2021Q1 (regression fixes for security fix release) Notes: svn path=/head/; revision=562980
* dns/dnsmasq: regression fixes from upstream GitMatthias Andree2021-01-241-2/+3
| | | | | | | | | | | | Apparently there are situations where dnsmasq 2.83 can confuse its peers or sockets, and the upstream Git contains fixes for them. These four fixes essentially take dnsmasq to 2.84test3. Obtained from: Simon Kelley <simon@thekelleys.org.uk>'s Git repository Notes: svn path=/head/; revision=562461
* dns/dnsmasq: security update to 2.83Matthias Andree2021-01-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CHANGELOG of version 2.83: Use the values of --min-port and --max-port in outgoing TCP connections to upstream DNS servers. Fix a remote buffer overflow problem in the DNSSEC code. Any dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 CVE-2020-25687. Be sure to only accept UDP DNS query replies at the address from which the query was originated. This keeps as much entropy in the {query-ID, random-port} tuple as possible, to help defeat cache poisoning attacks. Refer: CVE-2020-25684. Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CVE-2020-25685. Handle multiple identical near simultaneous DNS queries better. Previously, such queries would all be forwarded independently. This is, in theory, inefficent but in practise not a problem, _except_ that is means that an answer for any of the forwarded queries will be accepted and cached. An attacker can send a query multiple times, and for each repeat, another {port, ID} becomes capable of accepting the answer he is sending in the blind, to random IDs and ports. The chance of a succesful attack is therefore multiplied by the number of repeats of the query. The new behaviour detects repeated queries and merely stores the clients sending repeats so that when the first query completes, the answer can be sent to all the clients who asked. Refer: CVE-2020-25686. MFH: 2021Q1 Security: 5b5cf6e5-5b51-11eb-95ac-7f9491278677 Security: CVE-2020-25684 Security: CVE-2020-25685 Security: CVE-2020-25686 Security: CVE-2020-25681 Security: CVE-2020-25682 Security: CVE-2020-25683 Security: CVE-2020-25687 Notes: svn path=/head/; revision=562154
* dns/dnsmasq: update to 2.82 (regression and bug fixes)Matthias Andree2020-07-191-2/+2
| | | | | | | | | | | | | | | Quoting Simon Kelley "This fixes a nasty problem introduced in 2.81 which causes random crashes on systems where there's significant DNS activity over TCP. It also fixes DNSSEC validation problems with zero-TTL DNSKEY and DS records." Changelog: <http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG;h=e6a223119ffcd9ead6cb15153cd49bd3c61e114f;hb=f60fea1fb0a288011f57a25dfb653b8f6f8b46b9#l1> MFH: 2020Q3 (regression and bug fixes) Notes: svn path=/head/; revision=542600
* Bump PORTREVISION for security/nettle shlib changeSunpoet Po-Chuan Hsieh2020-05-161-1/+1
| | | | Notes: svn path=/head/; revision=535391
* dns/dnsmasq: repair damage from UNAUTHORIZED UCL conversion of pkg-messageMatthias Andree2020-04-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The pkg-message contains a security note that is necessary on new installs and on updates alike. Since per the porter's handbook, the UCL does not support enumeration of types, and this is not relevant on removal, the UCL change must be reverted. While here, remove formatting. Failure inducing commit: |------------------------------------------------------------------------ |r508835 | mat | 2019-08-13 18:01:59 +0200 (Tue, 13 Aug 2019) | 2 lines | |Convert to UCL & cleanup pkg-message (categories d) | |------------------------------------------------------------------------ NOTE: The UCL conversion of files/pkg-message.in was not authorized and damaging and no heads-up was sent to the maintainer. portmgr@ MUST act more carefully with sweeping changes and hand them out for review first. Notes: svn path=/head/; revision=531475
* dns/dnsmasq: update to 2.81, unlink dnsmasq-develMatthias Andree2020-04-121-21/+34
| | | | | | | | | | | | | | | | Update dns/dnsmasq to the new upstream version 2.81. The Makefile has been rearranged with portfmt, except the LDFLAGS+=..._intllibs... line that portfmt does not recognize. Changelog: <http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG;h=60b08d015b2d5a979f39b8ad43633b419135cb64;hb=7ddb99d251c3f5870c8c308a98bb8f283c831872#l1> (or see CHANGELOG in the package) Unlink dnsmasq-devel from the build, but keep the sources, and mark it IGNORE and list dnsmasq-devel in MOVED. Notes: svn path=/head/; revision=531473
* dns/dnsmasq: Remove obsolete REINPLACE_CMD line.Matthias Andree2020-02-231-3/+0
| | | | | | | Reported by: swills@ (IRC) Notes: svn path=/head/; revision=526921
* dns/dnsmasq: Fix TFTP regression on recent FreeBSD versions.Matthias Andree2019-10-131-1/+1
| | | | | | | | | | | | | | | | | | Add a patch taken from upstream. Tested successfully on 11.3-RELEASE amd64. The upstream fix is an extended version of a fix proposed by Dave Mueller in the PR. See also: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q4/013412.html PR: 241068 Reported by: Phil Chadwick Obtained from: Simon Kelley, http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=936bd82755e8f75fc09c1e9a67fb390175b157d4 MFH: 2019Q4 Notes: svn path=/head/; revision=514404
* Drop the ipv6 virtual category for d* category as it is not relevant anymoreBaptiste Daroussin2019-10-091-1/+1
| | | | Notes: svn path=/head/; revision=514130
* Update security/nettle to 3.5.1Sunpoet Po-Chuan Hsieh2019-07-091-1/+1
| | | | | | | | | | | | | - Bump PORTREVISION of dependent ports for shlib change - Fix build of devel/pijul [1] Changes: https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS PR: 238991 Exp-run by: antoine Thanks to: tobik [1] Notes: svn path=/head/; revision=506289
* Update dns/libidn2 to 2.1.1Sunpoet Po-Chuan Hsieh2019-02-091-1/+1
| | | | | | | | | - Bump PORTREVISION of dependent ports for shlib change Changes: https://gitlab.com/libidn/libidn2/blob/master/NEWS Notes: svn path=/head/; revision=492534
* Update dns/libidn2 to 2.1.0Sunpoet Po-Chuan Hsieh2019-01-061-1/+1
| | | | | | | | | - Bump PORTREVISION of dependent ports for shlib change Changes: https://gitlab.com/libidn/libidn2/blob/master/NEWS Notes: svn path=/head/; revision=489529
* Upgrade dns/dnsmasq to v2.80.Matthias Andree2018-10-191-3/+3
| | | | | | | | | | | | | | | | | Security: the installed example configuration file shows a way of disabling WPAD hijacking, but leaves it commented out. Extend pkg-message. Changelog: <http://thekelleys.org.uk/dnsmasq/CHANGELOG> Since installing v2.80 isn't a fix against the vulnerability, and fixing it needs administrator intervention on upgrades, I am not marking this in vuxml for now, since we'd need to mark v2.80 vulnerable, too. MFH: 2018Q4 Security: CERT VU#598349 Notes: svn path=/head/; revision=482439
* dns/dnsmasq update to release v2.79Matthias Andree2018-03-191-3/+3
| | | | | | | | Note there are a few incompatible changes. For details, please see the... Changelog: <http://thekelleys.org.uk/dnsmasq/CHANGELOG> Notes: svn path=/head/; revision=465034
* dns/dnsmasq: Security update to 2.78Bernard Spil2017-10-021-2/+2
| | | | | | | | | | PR: 222739 Approved by: ports-secteam MFH: 2017Q4 Security: b77b5646-a778-11e7-ac58-b499baebfeaf Notes: svn path=/head/; revision=451095
* Fix up pxelogic.0 suffix logic.Matthias Andree2017-06-071-1/+1
| | | | | | | | | | | Regression in v2.77 caused by a patch proposed by yours truly. Reported by: Steven Shiau (via upstream dnsmasq-discuss mailing list) Obtained from: Chris Novakovich and Simon Kelley Pointyhat to: mandree@ Notes: svn path=/head/; revision=442888
* Update to new release 2.77.Matthias Andree2017-06-011-10/+11
| | | | | | | Changelog: <http://thekelleys.org.uk/dnsmasq/CHANGELOG> Notes: svn path=/head/; revision=442303
* Correct placement of option helpers.Matthias Andree2017-03-211-2/+2
| | | | | | | | Related to: PR: 217900 Notes: svn path=/head/; revision=436661
* Allow build on PF-less (NO_IPSET) systems.Matthias Andree2017-03-211-5/+5
| | | | | | | | | | | | | This adds a new ports option, IPSET, defaulting to on. Use the opportunity to use the options helpers OPT_CFLAGS[_OFF] on the trivial options. PR: 217900 Submitted by: Oliver Pinter <oliver.pinter@hardenedbsd.org> Notes: svn path=/head/; revision=436660
* Use readelf instead of objdump, unbreaking arm64 build.Matthias Andree2017-02-091-2/+2
| | | | | | | | Submitted by: emaste@ Differential Revision: https://reviews.freebsd.org/D7881 Notes: svn path=/head/; revision=433702
* Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled ↵Dmitry Marakasov2016-05-231-1/+1
| | | | | | | | | by default anyway and don't need to be listed Approved by: portmgr blanket Notes: svn path=/head/; revision=415742
* Update, new upstream feature+bugfix release v2.76Matthias Andree2016-05-181-2/+2
| | | | | | | | | | | | The upstream maintainer's change log is here, and in the installed CHANGELOG file: <http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.76> Drop two patch files that were previously cherry-picked from the post-v2.75 upstream repository and should no longer be needed. Notes: svn path=/head/; revision=415466
* Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.Mathieu Arnold2016-04-011-5/+5
| | | | | | | | With hat: portmgr Sponsored by: Absolight Notes: svn path=/head/; revision=412346
* Bump versions to chase Nettle shared library updateJohan van Selst2016-01-231-1/+1
| | | | Notes: svn path=/head/; revision=407058
* Cherry-pick two upstream fixes for crashers.Matthias Andree2016-01-071-0/+1
| | | | | | | | | | | | | | (But bump PORTREVISION instead of PORTEPOCH ;-)) http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0007ee90646a5a78a96ee729932e89d31c69513a http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=41a8d9e99be9f2cc8b02051dd322cb45e0faac87 Submitted by: garga@ Obtained from: Edwin Török, Simon Kelley Differential Revision: D4813 Notes: svn path=/head/; revision=405491
* Quench unused-parameter warnings during build.Matthias Andree2015-12-291-1/+1
| | | | Notes: svn path=/head/; revision=404736
* Update to 2.75Matthias Andree2015-07-311-1/+1
| | | | | | | Critical bug fix for --dhcp-script Notes: svn path=/head/; revision=393361
* New dnsmasq upstream release 2.74 (bugfixes)Matthias Andree2015-07-301-1/+1
| | | | | | | | | | | | | | | | version 2.74 Fix reversion in 2.73 where --conf-file would attempt to read the default file, rather than no file. Fix inotify code to handle dangling symlinks better and not SEGV in some circumstances. DNSSEC fix. In the case of a signed CNAME generated by a wildcard which pointed to an unsigned domain, the wrong status would be logged, and some necessary checks omitted. Notes: svn path=/head/; revision=393256
* Upgrade dnsmasq to new release 2.73.Matthias Andree2015-06-161-5/+4
| | | | | | | | | | | Changelog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOGDisable dnsmasq-devel (older than stable). Switch to using @sample keyword [1]. PR: 200717 [1] Submitted by: Jimmy Olgeni Notes: svn path=/head/; revision=389788
* - Add a patch to fix CVE-2015-3294Renato Botelho2015-05-061-0/+1
| | | | | | | | | | | | | | - Bump PORTREVISION PR: 199999 Approved by: mandree@ (maintainer) Obtained from: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8 MFH: 2015Q2 Security: CVE-2015-3294 Sponsored by: Netgate Notes: svn path=/head/; revision=385553
* - Add CPE infoDmitry Marakasov2015-04-181-1/+2
| | | | | | | Approved by: portmgr blanket Notes: svn path=/head/; revision=384203
* Update to new upstream version 2.72, disabling dnsmasq-devel again.Matthias Andree2014-09-251-2/+1
| | | | | | | | | | | Remove @dir* stuff from pkg-plist. @sample isn't documented properly and isn't up to handling files with non-.sample suffix, so stay away from that part of pkg-plist. ChangeLog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG Notes: svn path=/head/; revision=369281
* Remove excess output from pre-configure.Matthias Andree2014-09-101-1/+0
| | | | Notes: svn path=/head/; revision=367886
* dns/libidn:Tijl Coosemans2014-08-301-1/+1
| | | | | | | | | | - Add USES=libtool and bump dependent ports - Add INSTALL_TARGET=install-strip - Always install libidn-components.png because it is used by libidn.info - Add -lintl to Libs.private instead of Libs in libidn.pc Notes: svn path=/head/; revision=366659
* Add ldconfig to rc.d script requisites to make sure we can link to,Matthias Andree2014-07-311-0/+1
| | | | | | | | | say, libnettle.so. Submitted by: Allen Hewes Notes: svn path=/head/; revision=363645
* Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS.Adam Weinberger2014-07-151-1/+1
| | | | Notes: svn path=/head/; revision=361941
* Fix build with DNSSEC and without NLS/DBUS options.Matthias Andree2014-05-231-0/+1
| | | | | | | | PR: 190149 Submitted by: Kevin Zheng Notes: svn path=/head/; revision=354963
* Upgrade to new upstream version 2.71. Upstream's changelog:Matthias Andree2014-05-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | version 2.71 Subtle change to error handling to help DNSSEC validation when servers fail to provide NODATA answers for non-existent DS records. Tweak code which removes DNSSEC records from answers when not required. Fixes broken answers when additional section has real records in it. Thanks to Marco Davids for the bug report. Fix DNSSEC validation of ANY queries. Thanks to Marco Davids for spotting that too. Fix total DNS failure and 100% CPU use if cachesize set to zero, regression introduced in 2.69. Thanks to James Hunt and the Ubuntu crowd for assistance in fixing this. Notes: svn path=/head/; revision=354476
* Upgrade to new upstream version 2.70. Upstream changelog:Matthias Andree2014-04-271-2/+1
| | | | | | | | | | | | | | Fix crash, introduced in 2.69, on TCP request when dnsmasq compiled with DNSSEC support, but running without DNSSEC enabled. Thanks to Manish Sing for spotting that one. Fix regression which broke ipset functionality. Thanks to Wang Jian for the bug report. Submitted by: Herbert J. Skuhra Notes: svn path=/head/; revision=352463
* Switch to use lua 5.2Baptiste Daroussin2014-04-211-3/+3
| | | | Notes: svn path=/head/; revision=351724
* Propose local-service option in default .example configuration.Matthias Andree2014-04-151-0/+1
| | | | | | | | PR: ports/188548 Submitted by: Jeroen van der Ham <jeroen@1sand0s.nl> Notes: svn path=/head/; revision=351356
* Update to new upstream 2.69 release. Adds DNSSEC support.Matthias Andree2014-04-101-9/+18
| | | | | | | Full changelog: <http://www.thekelleys.org.uk/dnsmasq/CHANGELOG> Notes: svn path=/head/; revision=350849
* Upgrade dnsmasq to new stable 2.68 release.Matthias Andree2013-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes bind-interfaces with IPv6 on FreeBSD. version 2.68 Use random addresses for DHCPv6 temporary address allocations, instead of algorithmically determined stable addresses. Fix bug which meant that the DHCPv6 DUID was not available in DHCP script runs during the lifetime of the dnsmasq process which created the DUID de-novo. Once the DUID was created and stored in the lease file and dnsmasq restarted, this bug disappeared. Fix bug introduced in 2.67 which could result in erroneous NXDOMAIN returns to CNAME queries. Fix build failures on MacOS X and openBSD. Allow subnet specifications in --auth-zone to be interface names as well as address literals. This makes it possible to configure authoritative DNS when local address ranges are dynamic and works much better than the previous work-around which exempted contructed DHCP ranges from the IP address filtering. As a consequence, that work-around is removed. Under certain circumstances, this change wil break existing configuration: if you're relying on the contructed-range exception, you need to change --auth-zone to specify the same interface as is used to construct your DHCP ranges, probably with a trailing /6 like this: --auth-zone=example.com,eth0/6 to limit the addresses to IPv6 addresses of eth0. Fix problems when advertising deleted IPv6 prefixes. If the prefix is deleted (rather than replaced), it doesn't get advertised with zero preferred time. Thanks to Tsachi for the bug report. Fix segfault with some locally configured CNAMEs. Thanks to Andrew Childs for spotting the problem. Fix memory leak on re-reading /etc/hosts and friends, introduced in 2.67. Check the arrival interface of incoming DNS and TFTP requests via IPv6, even in --bind-interfaces mode. This isn't possible for IPv4 and can generate scary warnings, but as it's always possible for IPv6 (the API always exists) then we should do it always. Tweak the rules on prefix-lengths in --dhcp-range for IPv6. The new rule is that the specified prefix length must be larger than or equal to the prefix length of the corresponding address on the local interface. Notes: svn path=/head/; revision=335916
* Assorted fixes to dependencies on various build options,Matthias Andree2013-10-271-9/+22
| | | | | | | | | | | | | particularly with NLS enabled when libidn was built without NLS. While here, group OPTIONS and clean up things a bit, and print configuration of port and libidn port for debugging. The particular build failure was Reported by: Yuri Vorobyev Notes: svn path=/head/; revision=331782
* Upgrade dnsmasq to new upstream release 2.67.Matthias Andree2013-10-251-3/+6
| | | | | | | | | | | Changelog: <http://www.thekelleys.org.uk/dnsmasq/CHANGELOG> Enable NLS and IPV6 options by default. Use shebangfix on files that need it. Mark dnsmasq-devel (older than release) IGNORE. Notes: svn path=/head/; revision=331639
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 10:25:56 +0000