DSC (originally developed by The Measurement Factory and now developed
by DNS-OARC) is a system for collecting and exploring statistics from
busy DNS servers. It uses a distributed architecture with collectors
running on or near nameservers sending their data to one or more
central presenters for display and archiving. Collectors use pcap to
sniff network traffic. They transmit aggregated data to the presenter
as XML data. dsc is configurable to allow the administrator to capture
any kind of data that he or she chooses.
WWW: https://www.dns-oarc.net/dsc/
PR: 226631
Submitted by: Leo Vandewoestijne <freebsd@dns.company>
DNS Statistics Presenter (DSP) is a tool used
for exploring statistics from busy DNS servers
collected by DNS Statistics Collector (DSC).
WWW: https://www.dns-oarc.net/dsc/
PR: 226630
Submitted by: Leo Vandewoestijne <freebsd@dns.company>
Perl Library to extract and graph DNS Statistics Collector (DSC) data
DNS Statistics Presenter (DSP) is a tool used for exploring statistics
from busy DNS servers collected by DNS Statistics Collector (DSC).
This is the Perl library that is used to extract and graph DSC data.
WWW: https://www.dns-oarc.net/dsc/
PR: 226629
Submitted by: Leo Vandewoestijne <freebsd@dns.company>
- iconv is in base in all supported FreeBSD versions
- Fix build with MariaDB 10.2 [2]
- Bump portrevision in dependencies
PR: 226705 [1], 226026 [2]
With hat: apache
Approved by: joneum (apache)
- Change MASTER_SITES from CHEESESHOP to GitHub: PyPI does not have tarball but only .whl
- Update RUN_DEPENDS: use Django metaport (www/py-django)
- Simplify CONFLICTS_INSTALL
Changes: https://github.com/macropin/django-registration/releases
PR: 226779
Submitted by: sunpoet (myself)
Approved by: Kevin Golding <ports@caomhin.org> (maintainer)
- fix plist (install config files using @sample, was broken in patch from PR 226646)
- build only one neural net module: fann or torch
- rspamd has https client - add ca_root_nss dependency
PR: 226802
Submitted by: Anton Yuzhaninov <citrin+pr at citrin.ru>
+ echo Inconsistent kallsyms data
Inconsistent kallsyms data
+ echo Try 'make KALLSYMS_EXTRA_PASS=1' as a workaround
Try make KALLSYMS_EXTRA_PASS=1 as a workaround
+ exit 1
Sponsored by: Absolight
Features
- auth-zone provides a way to configure RFC7706 from unbound.conf,
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
fallback-enabled: yes and masters or a zonefile with data.
- Aggressive use of NSEC implementation. Use cached NSEC records to
generate NXDOMAIN, NODATA and positive wildcard answers.
- Accept tls-upstream in unbound.conf, the ssl-upstream keyword is
also recognized and means the same. Also for tls-port,
tls-service-key, tls-service-pem, stub-tls-upstream and
forward-tls-upstream.
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
from Manu Bretelle.
This option allows handling multiple cert/key pairs while only
distributing some of them.
In order to reliably match a client magic with a given key without
strong assumption as to how those were generated, we need both key and
cert. Likewise, in order to know which ES version should be used.
On the other hand, when rotating a cert, it can be desirable to only
serve the new cert but still be able to handle clients that are still
using the old certs's public key.
The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
publish the cert as part of the DNS's provider_name's TXT answer.
- Update B root ipv4 address.
- make ip-transparent option work on OpenBSD.
- Fix#2801: Install libunbound.pc.
- ltrace.conf file for libunbound in contrib.
- Fix#3598: Fix swig build issue on rhel6 based system.
configure --disable-swig-version-check stops the swig version check.
Bug Fixes
- Fix#1749: With harden-referral-path: performance drops, due to
circular dependency in NS and DS lookups.
- [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert
duplicates
- Better documentation for cache-max-negative-ttl.
- Fixed libunbound manual typo.
- Fix#1949: [dnscrypt] make provider name mismatch more obvious.
- Fix#2031: Double included headers
- Document that errno is left informative on libunbound config read
fail.
- iana port update.
- Fix#1913: ub_ctx_config is under circumstances thread-safe.
- Fix#2362: TLS1.3/openssl-1.1.1 not working.
- Fix#2034 - Autoconf and -flto.
- Fix#2141 - for libsodium detect lack of entropy in chroot, print
a message and exit.
- Fix#2492: Documentation libunbound.
- Fix#2882: Unbound behaviour changes (wrong) when domain-insecure is
set for stub zone. It no longer searches for DNSSEC information.
- Fix#3299 - forward CNAME daisy chain is not working
- Fix link failure on OmniOS.
- Check whether --with-libunbound-only is set when using --with-nettle
or --with-nss.
- Fix qname-minimisation documentation (A QTYPE, not NS)
- Fix that DS queries with referral replies are answered straight
away, without a repeat query picking the DS from cache.
The correct reply should have been an answer, the reply is fixed
by the scrubber to have the answer in the answer section.
- Fix that expiration date checks don't fail with clang -O2.
- Fix queries being leaked above stub when refetching glue.
- Copy query and correctly set flags on REFUSED answers when cache
snooping is not allowed.
- make depend: code dependencies updated in Makefile.
- Fix#3397: Fix that cachedb could return a partial CNAME chain.
- Fix#3397: Fix that when the cache contains an unsigned DNAME in
the middle of a cname chain, a result without the DNAME could
be returned.
- Fix that unbound-checkconf -f flag works with auto-trust-anchor-file
for startup scripts to get the full pathname(s) of anchor file(s).
- Print fatal errors about remote control setup before log init,
so that it is printed to console.
- Use NSEC with longest ce to prove wildcard absence.
- Only use *.ce to prove wildcard absence, no longer names.
- Fix unfreed locks in log and arc4random at exit of unbound.
- Fix lock race condition in dns cache dname synthesis.
- Fix#3451: dnstap not building when you have a separate build dir.
And removed protoc warning, set dnstap.proto syntax to proto2.
- Added tests with wildcard expanded NSEC records (CVE-2017-15105 test)
- Unit test for auth zone https url download.
- tls-cert-bundle option in unbound.conf enables TLS authentication.
- Fixes for clang static analyzer, the missing ; in
edns-subnet/addrtree.c after the assert made clang analyzer
produce a failure to analyze it.
- Fix#3505: Documentation for default local zones references
wrong RFC.
- Fix#3494: local-zone noview can be used to break out of the view
to the global local zone contents, for queries for that zone.
- Fix for more maintainable code in localzone.
- more robust cachedump rrset routine.
- Save wildcard RRset from answer with original owner for use in
aggressive NSEC.
- Fixup contrib/fastrpz.patch so that it applies.
- Fix compile without threads, and remove unused variable.
- Fix compile with staticexe and python module.
- Fix nettle compile.
- Fix to check define of DSA for when openssl is without deprecated.
- iana port update.
- Fix#3582: Squelch address already in use log when reuseaddr option
causes same port to be used twice for tcp connections.
- Reverted fix for #3512, this may not be the best way forward;
although it could be changed at a later time, to stay similar to
other implementations.
- Fix for windows compile.
- Fixed contrib/fastrpz.patch, even though this already applied
cleanly for me, now also for others.
- patch to log creates keytag queries, from A. Schulze.
- patch suggested by Debian lintian: allow to -> allow one to, from
A. Schulze.
- Attempt to remove warning about trailing whitespace.
- Added documentation for aggressive-nsec: yes.
PR: 226822
Submitted by: jaap@NLnetLabs.nl (maintainer)
carbon-relay-ng is a middleware that sit's between graphite capable metrics
collectors and and carbon instances such as databases/go-carbon and
databases/py-carbon. It can do sharding and replication to any carbon
storage.
WWW: https://github.com/graphite-ng/carbon-relay-ng
PR: 226824
Submitted by: Andreas Andersson <a.andersson.thn@gmail.com>
carbonzipper is part of the go implementation of the carbon stack. It sits
between carbonapi and go-carbon
WWW: https://github.com/go-graphite/carbonzipper/
PR: 226818
Submitted by: Andreas Andersson <a.andersson.thn@gmail.com>
carbonapi is a frontend for carbonzipper and can partially replace graphiteweb.
WWW: https://github.com/go-graphite/carbonapi
PR: 226808
Submitted by: Andreas Andersson <a.andersson.thn@gmail.com>
Changelog:
* Fix compilation issues when using CFLAGS=-m64 on some gcc versions
* Re-render current image when toggle_fixed_geometry is input
* Allow arbitrary X11 colors as -B/--image-bg argument (patch by ulteq)
* Improve --image-bg support and transparency handling in --bg-* mode
* Respect --geometry settings in --bg-fill mode
* Add keybinding toggle_auto_zoom (default Z) to toggle --auto-zoom
* Fix filelists specified by -f/--filelist not being reloaded when using
--reload
* Improve performance when using --{max,min}-dimension in slideshow mode
(patch by ulteq)
* Fix crash when using %m format specifier in slideshow mode (introduced
in feh 2.23.1)
Note that the feature with natural sorting of file and directory names is
not enabled since we don't have the strverscmp glibc extension.
Build PSCI monitor and add it to common firmware files for RaspberrPi
platform. This is pre-requisite for migration of sysutils/u-boot-rpi3 to
u-boot-master framework.
Submitted by: gonzo
Reviewed by: bapt
Approved by: bapt
Differential Revision: https://reviews.freebsd.org/D14629