23:15 Matthias Andree (mandree) 

dns/dnsmasq: security update to 2.90 (fixes dnssec validation DoS)

ChangeLog:	https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.90
Security:       21a854cc-cac1-11ee-b7a7-353f1e043d9a
Security:       CVE-2023-50387
Security:       CVE-2023-50868
MFH:		2024Q1

    af6c144

22:00 Matthias Andree (mandree) 

dns/dnsmasq*: update to v2.89, and disable -devel port

Changelog:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.89

MFH:		2023Q1

    156fb7b

19:48 Matthias Andree (mandree) 

dns/dnsmasq*: update to 2.88, and ignore -devel port

ChangeLog:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.88

    e5e31e3

16:20 Matthias Andree (mandree) 

dns/dnsmasq*: update to v2.87

and set dnsmasq-devel port to IGNORE.

Changelog:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.87
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg16445.html

MFH:		2022Q3

    7bf80ce

15:48 Matthias Andree (mandree) 

dns/dnsmasq: update to v2.86, ignore dnsmasq-devel

Changelog:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.86

    d8ba062

21:54 Matthias Andree (mandree) 

dns/dnsmasq: security update to v2.85 release

Changelog:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.85

Configurations where server lines contain a @ character,
f.i. server=1.1.1.1@em0 or server=1.1.1.1@192.0.2.1, disabled
source port randomization, making cache poisoning attacks possible.
v2.85 mitigates this.

MFH:		2021Q2
Security:	CVE-2021-3448
Security:	5b72b1ff-877c-11eb-bd4f-2f1d57dafe46 (VuXML)

    e0a4c5c

19:19 mandree 

dns/dnsmasq: upgrade to v2.84 (regression fixes)

Upstream blessed v2.84 rc2 (which 2.83_1 effectively already was)
into v2.84 release, so take it (and patch the upstream bug of
leaving "rc2" in the version out).

MFH:		2021Q1 (regression fixes for security fix release)

 

19:20 mandree 

dns/dnsmasq: security update to 2.83

CHANGELOG of version 2.83:

        Use the values of --min-port and --max-port in outgoing
        TCP connections to upstream DNS servers.

        Fix a remote buffer overflow problem in the DNSSEC code. Any
        dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
        referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
        CVE-2020-25687.

        Be sure to only accept UDP DNS query replies at the address
        from which the query was originated. This keeps as much entropy
        in the {query-ID, random-port} tuple as possible, to help defeat
        cache poisoning attacks. Refer: CVE-2020-25684.

        Use the SHA-256 hash function to verify that DNS answers
        received are for the questions originally asked. This replaces
        the slightly insecure SHA-1 (when compiled with DNSSEC) or
        the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.

        Handle multiple identical near simultaneous DNS queries better.
        Previously, such queries would all be forwarded
        independently. This is, in theory, inefficent but in practise
        not a problem, _except_ that is means that an answer for any
        of the forwarded queries will be accepted and cached.
        An attacker can send a query multiple times, and for each repeat,
        another {port, ID} becomes capable of accepting the answer he is
        sending in the blind, to random IDs and ports. The chance of a
        succesful attack is therefore multiplied by the number of repeats
        of the query. The new behaviour detects repeated queries and
        merely stores the clients sending repeats so that when the
        first query completes, the answer can be sent to all the
        clients who asked. Refer: CVE-2020-25686.
MFH:		2021Q1
Security:	5b5cf6e5-5b51-11eb-95ac-7f9491278677
Security:	CVE-2020-25684
Security:	CVE-2020-25685
Security:	CVE-2020-25686
Security:	CVE-2020-25681
Security:	CVE-2020-25682
Security:	CVE-2020-25683
Security:	CVE-2020-25687

 

23:07 mandree 

dns/dnsmasq: update to 2.82 (regression and bug fixes)

Quoting Simon Kelley "This fixes a nasty problem
introduced in 2.81 which causes random crashes on systems where there's
significant DNS activity over TCP. It also fixes DNSSEC validation
problems with zero-TTL DNSKEY and DS records."

Changelog:
<http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG;h=e6a223119ffcd9ead6cb15153cd49bd3c61e114f;hb=f60fea1fb0a288011f57a25dfb653b8f6f8b46b9#l1>

MFH:		2020Q3 (regression and bug fixes)

 

01:59 mandree 

dns/dnsmasq: update to 2.81, unlink dnsmasq-devel

Update dns/dnsmasq to the new upstream version 2.81.
The Makefile has been rearranged with portfmt, except the
LDFLAGS+=..._intllibs... line that portfmt does not recognize.

Changelog:
<http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG;h=60b08d015b2d5a979f39b8ad43633b419135cb64;hb=7ddb99d251c3f5870c8c308a98bb8f283c831872#l1>
(or see CHANGELOG in the package)

Unlink dnsmasq-devel from the build, but keep the sources,
and mark it IGNORE and list dnsmasq-devel in MOVED.

 

17:47 mandree 

Upgrade dns/dnsmasq to v2.80.

Security: the installed example configuration file shows a way of
disabling WPAD hijacking, but leaves it commented out. Extend pkg-message.

Changelog: 	<http://thekelleys.org.uk/dnsmasq/CHANGELOG>

Since installing v2.80 isn't a fix against the vulnerability, and fixing
it needs administrator intervention on upgrades, I am not marking this in
vuxml for now, since we'd need to mark v2.80 vulnerable, too.

MFH:		2018Q4
Security:	CERT VU#598349

 

21:10 mandree 

dns/dnsmasq update to release v2.79

Note there are a few incompatible changes. For details, please see the...
Changelog: <http://thekelleys.org.uk/dnsmasq/CHANGELOG>

 

18:40 brnrd 

dns/dnsmasq: Security update to 2.78

PR:		222739
Approved by:	ports-secteam
MFH:		2017Q4
Security:	b77b5646-a778-11e7-ac58-b499baebfeaf

 

17:55 mandree 

Update to new release 2.77.

Changelog: <http://thekelleys.org.uk/dnsmasq/CHANGELOG>

 

22:17 mandree 

Update, new upstream feature+bugfix release v2.76

The upstream maintainer's change log is here, and in the installed
CHANGELOG file:
<http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob_plain;f=CHANGELOG;hb=v2.76>

Drop two patch files that were previously cherry-picked from the
post-v2.75 upstream repository and should no longer be needed.

 

17:43 mandree 

Update to 2.75

Critical bug fix for --dhcp-script

 

18:47 mandree 

New dnsmasq upstream release 2.74 (bugfixes)

version 2.74
            Fix reversion in 2.73 where --conf-file would attempt to
            read the default file, rather than no file.

            Fix inotify code to handle dangling symlinks better and
            not SEGV in some circumstances.

            DNSSEC fix. In the case of a signed CNAME generated by a
            wildcard which pointed to an unsigned domain, the wrong
            status would be logged, and some necessary checks omitted.

 

00:48 mandree 

Upgrade dnsmasq to new release 2.73.

Changelog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOGDisable dnsmasq-devel
(older than stable).
Switch to using @sample keyword [1].

PR:           200717 [1]
Submitted by: Jimmy Olgeni

 

18:27 mandree 

Update to new upstream version 2.72, disabling dnsmasq-devel again.

Remove @dir* stuff from pkg-plist.  @sample isn't documented properly
and isn't up to handling files with non-.sample suffix, so stay
away from that part of pkg-plist.

ChangeLog:	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

 

22:17 mandree 

Upgrade to new upstream version 2.71.  Upstream's changelog:

version 2.71
            Subtle change to error handling to help DNSSEC validation
	    when servers fail to provide NODATA answers for
	    non-existent DS records.

	    Tweak code which removes DNSSEC records from answers when
	    not required. Fixes broken answers when additional section
	    has real records in it. Thanks to Marco Davids for the bug
	    report.

	    Fix DNSSEC validation of ANY queries. Thanks to Marco Davids
	    for spotting that too.

	    Fix total DNS failure and 100% CPU use if cachesize set to zero,
	    regression introduced in 2.69. Thanks to James Hunt and
	    the Ubuntu crowd for assistance in fixing this.

 

21:05 mandree 

Upgrade to new upstream version 2.70. Upstream changelog:

   Fix crash, introduced in 2.69, on TCP request when dnsmasq compiled
   with DNSSEC support, but running without DNSSEC enabled. Thanks to
   Manish Sing for spotting that one.

   Fix regression which broke ipset functionality. Thanks to Wang Jian
   for the bug report.

Submitted by:	Herbert J. Skuhra

 

20:44 mandree 

Update to new upstream 2.69 release. Adds DNSSEC support.

Full changelog: <http://www.thekelleys.org.uk/dnsmasq/CHANGELOG>

 

18:05 mandree 

Upgrade dnsmasq to new stable 2.68 release.

Fixes bind-interfaces with IPv6 on FreeBSD.

version 2.68
            Use random addresses for DHCPv6 temporary address
            allocations, instead of algorithmically determined stable
            addresses.

    Fix bug which meant that the DHCPv6 DUID was not available
    in DHCP script runs during the lifetime of the dnsmasq
    process which created the DUID de-novo. Once the DUID was
    created and stored in the lease file and dnsmasq
    restarted, this bug disappeared.

    Fix bug introduced in 2.67 which could result in erroneous
    NXDOMAIN returns to CNAME queries.

    Fix build failures on MacOS X and openBSD.

    Allow subnet specifications in --auth-zone to be interface
    names as well as address literals. This makes it possible
    to configure authoritative DNS when local address ranges
    are dynamic and works much better than the previous
    work-around which exempted contructed DHCP ranges from the
    IP address filtering. As a consequence, that work-around
    is removed. Under certain circumstances, this change wil
    break existing configuration: if you're relying on the
    contructed-range exception, you need to change --auth-zone
    to specify the same interface as is used to construct your
    DHCP ranges, probably with a trailing /6 like this:
    --auth-zone=example.com,eth0/6 to limit the addresses to
    IPv6 addresses of eth0.

    Fix problems when advertising deleted IPv6 prefixes. If
    the prefix is deleted (rather than replaced), it doesn't
    get advertised with zero preferred time. Thanks to Tsachi
    for the bug report.

    Fix segfault with some locally configured CNAMEs. Thanks
    to Andrew Childs for spotting the problem.

    Fix memory leak on re-reading /etc/hosts and friends,
    introduced in 2.67.

    Check the arrival interface of incoming DNS and TFTP
    requests via IPv6, even in --bind-interfaces mode. This
    isn't possible for IPv4 and can generate scary warnings,
    but as it's always possible for IPv6 (the API always
    exists) then we should do it always.

    Tweak the rules on prefix-lengths in --dhcp-range for
    IPv6. The new rule is that the specified prefix length
    must be larger than or equal to the prefix length of the
    corresponding address on the local interface.

 

22:27 mandree 

Upgrade dnsmasq to new upstream release 2.67.
Changelog: <http://www.thekelleys.org.uk/dnsmasq/CHANGELOG>
Enable NLS and IPV6 options by default.
Use shebangfix on files that need it.

Mark dnsmasq-devel (older than release) IGNORE.

 

17:49 mandree 

Update to new upstream release 2.66.
New DHCPv6 stuff, ability to act as authoritative server for local data.

Changelog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

Feature safe: yes

 

16:33 mandree 

Update to new upstream release 2.65.

Upstream changes:

    TCP which are not for A and AAAA and which were directed to
    non-default servers. Thanks to Niax for the bug report.

    Fix failure to build with DHCP support excluded. Thanks to
    Gustavo Zacarias for the patch.

    Fix nasty regression in 2.64 which completely broke cacheing.

 

22:29 mandree 

Update to new upstream release 2.64.

Feature safe:	yes

Changelog for version 2.64:

Handle DHCP FQDN options with all flag bits zero and --dhcp-client-update set.
Thanks to Bernd Krumbroeck for spotting the problem.

Finesse the check for /etc/hosts names which conflict with DHCP names.
Previously a name/address pair in /etc/hosts which didn't match the
name/address of a DHCP lease would generate a warning. Now that only
happesn if there is not also a match. This allows multiple addresses for
a name in /etc/hosts with one of them assigned via DHCP.

Fix broken vendor-option processing for BOOTP. Thanks to Hans-Joachim
Baader for the bug report.

Don't report spurious netlink errors, regression in 2.63. Thanks to
Vladislav Grishenko for the patch.

Flag DHCP or DHCPv6 in starup logging. Thanks to Vladislav Grishenko for
the patch.

Add SetServersEx method in DBus interface. Thanks to Dan Williams for
the patch.

Add SetDomainServers method in DBus interface. Thanks to Roy Marples for
the patch.

Fix build with later Lua libraries. Thansk to Cristian Rodriguez for the
patch.

Add --max-cache-ttl option. Thanks to Dennis Kaarsemaker for the patch.

Fix breakage of --host-record parsing, resulting in infinte loop at
startup. Regression in 2.63. Thanks to Haim Gelfenbeyn for spotting
this.

Set SO_REUSEADDRESS and SO_V6ONLY options on the DHCPv6 socket, this
allows multiple instances of dnsmasq on a single machine, in the same
way as for DHCPv4. Thanks to Gene Czarcinski and Vladislav Grishenko for
work on this.

Fix DHCPv6 to do access control correctly when it's configured with
--listen-address. Thanks to Gene Czarcinski for sorting this out.

Add a "wildcard" dhcp-range which works for any IPv6 subnet,
--dhcp-range=::,static Useful for Stateless DHCPv6. Thanks to Vladislav
Grishenko for the patch.

Don't include lease-time in DHCPACK replies to DHCPINFORM queries, since
RFC-2131 says we shouldn't. Thanks to Wouter Ibens for pointing this
out.

Makefile tweak to do dependency checking on header files.  Thanks to
Johan Peeters for the patch.

Check interface for outgoing unsolicited router advertisements, rather
than relying on interface address configuration. Thanks to Gene
Czarinski for the patch.

Handle better attempts to transmit on interfaces which are still doing
DAD, and specifically do not just transmit without setting source
address and interface, since this can cause very puzzling effects when a
router advertisement goes astray. Thanks again to Gene Czarinski.

Get RA timers right when there is more than one dhcp-range on a subnet.

 

20:33 mandree 

Update to 2.63.

Changelog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

14:34 mandree 

Update to bug-fix release 2.62.
Changelog: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

Convert to OptionsNG.

20:38 mandree 

Update to new upstream release 2.61. Changes are, per Simon Kelley:

Re-write interface discovery code on *BSD to use getifaddrs. This
is more portable, more straightforward, and allows us to find the
prefix length for IPv6 addresses.

Add ra-names, ra-stateless and slaac keywords for DHCPv6.  Dnsmasq
can now synthesise AAAA records for dual-stack hosts which get IPv6
addresses via SLAAC. It is also now possible to use SLAAC and
stateless DHCPv6, and to tell clients to use SLAAC addresses as
well as DHCP ones.  Thanks to Dave Taht for help with this.

Add --dhcp-duid to allow DUID-EN uids to be used.

Explicity send DHCPv6 replies to the correct port, instead of relying
on clients to send requests with the correct source address, since
at least one client in the wild gets this wrong. Thanks to Conrda
Kostecki for help tracking this down.

Send a preference value of 255 in DHCPv6 replies when --dhcp-authoritative
is in effect. This tells clients not to wait around for other DHCP
servers.

Better logging of DHCPv6 options.

Add --host-record. Thanks to Rob Zwissler for the suggestion.

Invoke the DHCP script with action "tftp" when a TFTP file transfer
completes. The size of the file, address to which it was sent and
complete pathname are supplied. Note that version 2.60 introduced
some script incompatibilties associated with DHCPv6, and this is a
further change. To be safe, scripts should ignore unknown actions,
and if not IPv6-aware, should exit if the environment variable
DNSMASQ_IAID is set. The use-case for this is to track netboot/install.
Suggestion from Shantanu Gadgil.

Update contrib/port-forward/dnsmasq-portforward to reflect the
above.

Set the environment variable DNSMASQ_LOG_DHCP when running the
script id --log-dhcp is in effect, so that script can taylor their
logging verbosity. Suggestion from Malte Forkel.

Arrange that addresses specified with --listen-address work even
if there is no interface carrying the address. This is chiefly
useful for IPv4 loopback addresses, where any address in 127.0.0.0/8
is a valid loopback address, but normally only 127.0.0.1 appears
on the lo interface. Thanks to Mathieu Trudel-Lapierre for the idea
and initial patch.

Fix crash, introduced in 2.60, when a DHCPINFORM is received from
a network which has no valid dhcp-range.  Thanks to Stephane Glondu
for the bug report.

Add a new DHCP lease time keyword, "deprecated" for --dhcp-range.
This is only valid for IPv6, and sets the preffered lease time for
both DHCP and RA to zero. The effect is that clients can continue
to use the address for existing connections, but new connections
will use other addresses, if they exist. This makes hitless renumbering
at least possible.

Fix bug in address6_available() which caused DHCPv6 lease aquisition
to fail if more than one dhcp-range in use.

Provide RDNSS and DNSSL data in router advertisements, using the
settings provided for DHCP options option6:domain-search and
option6:dns-server.

Tweak logo/favicon.ico to add some transparency. Thanks to SamLT
for work on this.

Don't cache data from non-recursive nameservers, since it may
erroneously look like a valid CNAME to a non-exitant name. Thanks
to Ben Winslow for finding this.

Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP on exactly
one interface and --bind-interfaces is set. This makes the OpenStack
use-case of one dnsmasq per virtual interface work. This is only
available on Linux; it's not supported on other platforms. Thanks
to Vishvananda Ishaya and the OpenStack team for the suggestion.

Updated French translation. Thanks to Gildas Le Nadan.

Give correct from-cache answers to explict CNAME queries.  Thanks
to Rob Zwissler for spotting this.

Add --tftp-lowercase option. Thanks to Oliver Rath for the patch.

Ensure that the DBus DhcpLeaseUpdated events are generated when a
lease goes through INIT_REBOOT state, even if the dhcp-script is
not in use. thanks to Antoaneta-Ecaterina Ene for the patch.

Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks to Brad
Smith for spotting this.

23:59 mandree 

Update to new upstream release 2.60.  Notable new features are:
- The LUA port option enables Lua support for DHCP lease-change scripts
- DHCPv6 support
- IPv6 Router Advertisement support

Changelog:    http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
Feature safe: yes

22:24 mandree 

Fix BUILD_DEPENDS (use += not =) creation in port.

Upgrade to new upstream regression fix release 2.59:

            Fix regression in 2.58 which caused failure to start up
            with some combinations of dnsmasq config and IPv6 kernel
            network config. Thanks to Brielle Bruns for the bug
            report.

            Improve dnsmasq's behaviour when network interfaces are
            still doing duplicate address detection (DAD). Previously,
            dnsmasq would wait up to 20 seconds at start-up for the
            DAD state to terminate. This is broken for bridge
            interfaces on recent Linux kernels, which don't start DAD
            until the bridge comes up, and so can take arbitrary
            time. The new behaviour lets dnsmasq poll for an arbitrary
            time whilst providing service on other interfaces. Thanks
            to Stephen Hemminger for pointing out the problem.

Note the 2.59.tar.lzma tarball causes the startup banner to print
2.59rc1 which I deem harmless.

22:32 mandree 

Update to new upstream release 2.58
Changes: http://thekelleys.org.uk/dnsmasq/CHANGELOG

Suggested by: Loic Pefferkorn.

08:50 mandree 

Upgrade to new upstream release 2.57.

Remove support for FreeBSD releases 6.X.

Allow build with IDN but without NLS (this requires that dns/libidn
is also built WITHOUT_NLS) to expose an upstream change. Useful for embedded
devices.

Warn user if this is requested but libidn needs NLS libraries
because in that case dnsmasq inherits the NLS dependencies from libidn.

Remove files/patch-aa, it was a preview patch from a 2.57 test release,
fixing a regression in 2.56 that caused hex constants to be rejected in
the configuratino if they contained the '*' wildcard.

Further upstream changes:
- use own header for DNS protocol, rather than using arpa/nameser.h
- correct ctype.h function argument casts (isdigit(), isxdigit(), etc.)
- Accept extra empty arguments on command line to avoid libvirt breakage.

21:49 mandree 

Update to new upstream release 2.56.
Replace uni-paderborn.de master site by MASTER_SITE_LOCAL.
Add LICENSE=GPLv2.
Changelog:
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

20:01 mandree 

Upgrade to upstream bugfix release 2.55, removing version hack.

Note this version fixes two crashes on startup.

Approved by: garga (mentor)

12:11 mandree 

Upgrade to new upstream release dnsmasq 2.53/2.54.

This release was inadvertently dubbed 2.54 in its logging by Simon Kelley,
so adjust our PORTVERSION to match that, but still build the 2.53 tarball.
Simon will treat 2.53 and 2.54 the same and release 2.55 next time.
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2010q2/004105.html
Check work/dnsmasq-2.53/src/config.h for VERSION after "make extract" to see.

Approved by: garga (mentor)

08:09 pav 

- Introduce a new USE_XZ knob that handles lzma/xz compressed distfiles
- Convert a bunch of ports to use it

PR:             ports/146329
Submitted by:   mm
With hat:       portmgr

11:24 mandree 

Change MAINTAINER to my FreeBSD address.
Update to new upstream release 2.52. Changelog excerpt below the approval.

Approved by: miwi (mentor)

Upstream changelog excerpt (omitting Linux, Solaris and MacOS X specifics):
[...] Re-read the set of network interfaces when re-loading /etc/resolv.conf
  if --bind-interfaces is not set. This handles the case that loopback
  interfaces do not exist when dnsmasq is first started.

  Tweak the PXE code to support port 4011. This should reduce broadcasts and
  make things more reliable when other servers are around. It also improves
  inter-operability with certain clients.

  Make a pxe-service configuration with no filename or boot service type legal:
  this does a local boot. eg.  pxe-service=x86PC, "Local boot"

  Be more conservative in detecting "A for A" queries. Dnsmasq checks if the
  name in a type=A query looks like a dotted-quad IP address and answers the
  query itself if so, rather than forwarding it. Previously dnsmasq relied in
  the library function inet_addr() to convert addresses, and that will accept
  some things which are confusing in this context, like 1.2.3 or even just
  1234. Now we only do A for A processing for four decimal numbers delimited by
  dots.
[...]
  Increased the default limit on number of leases to 1000 (from 150). This is
  mainly a defence against DoS attacks, and for the average "one for two class
  C networks" installation, IP address exhaustion does that just as well.
  Making the limit greater than the number of IP addresses available in such an
  installation removes a surprise which otherwise can catch people out.

  Removed extraneous trailing space in the value of the DNSMASQ_TIME_REMAINING
  DNSMASQ_LEASE_LENGTH and DNSMASQ_LEASE_EXPIRES environment variables. Thanks
  to Gildas Le Nadan for spotting this.

  Provide the network-id tags for a DHCP transaction to the lease-change script
  in the environment variable DNSMASQ_TAGS. A good suggestion from Gildas Le
  Nadan.

  Add support for RFC3925 "Vendor-Identifying Vendor Options". The syntax looks
  like this:
  --dhcp-option=vi-encap:<enterprise number>, .........

  Add support to --dhcp-match to allow matching against RFC3925
  "Vendor-Identifying Vendor Classes". The syntax looks like this:
  --dhcp-match=tag,vi-encap<enterprise number>, <value>

  Add some application specific code to assist in implementing the Broadband
  forum TR069 CPE-WAN specification. The details are in contrib/CPE-WAN/README

  Increase the default DNS packet size limit to 4096, as recommended by RFC5625
  section 4.4.3. This can be reconfigured using --edns-packet-max if needed.
  Thanks to Francis Dupont for pointing this out.

  Rewrite query-ids even for DNSSEC signed packets, since this is allowed by
  RFC5625 section 4.5.
[...]
  Fix link error when including Dbus but excluding DHCP.
  Thanks to Oschtan for the bug report.

  Updated French translation. Thanks to Gildas Le Nadan.

  Updated Polish translation. Thanks to Jan Psota.

  Updated Spanish translation. Thanks to Chris Chatham.

10:34 miwi 

- Update to 2.51

PR:             139583
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)

16:35 wxs 

- Update to 2.51rc1
- Add pkg-message
- Add NLS and IDN option (currently linked together in one option, this will
  be changed in future releases hopefully)
- Properly handle example configuration files

PR:             ports/139273
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)

12:18 miwi 

- Update to 2.50

PR:             138415
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)
Security:      
http://www.freebsd.org/ports/portaudit/80aa98e0-97b4-11de-b946-0030843d3802.html

21:07 miwi 

- Update to 2.49

PR:             135525
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)

23:14 amdmi3 

- Update to 2.48

PR:             135270
Submitted by:   Matthias Andree <matthias.andree@gmx.de> (maintainer)

22:58 miwi 

- Update to 2.47

Approved by:    maintainer implicit

22:53 miwi 

- Update to 2.46

Approved by:    maintainer implicit

12:32 miwi 

- Update to 2.45

Approved by:    maintainer implicit

13:21 miwi 

- Update to 2.43

Approved by:    maintainer implicit

22:05 miwi 

- Update to 2.42

Approved by:    maintainer implicit

22:59 miwi 

- Update to 2.41

Approved by:    maintainer implicit

22:30 miwi 

- Update to 2.40

Approved by:    maintainer implicit

12:51 miwi 

- Update to 2.39

Approved by:    maintainer implicit

12:06 miwi 

- Update to 2.38

Approved by:    maintainer (implicit)

11:39 miwi 

- Update to 2.37

Approved by:    maintainer (implicit)

13:07 miwi 

- Update to 2.36

Approved by:    maintainer (implicit)

22:36 miwi 

- Update to 2.35

PR:             ports/105013
Submitted by:   Babak Farrokhi (maintainer)
Sponsored by:   FreeBSD Bug-a-thon #2

09:16 miwi 

- update to 2.34

PR:             ports/104527
Submitted by:   Babak Farrokhi <babak@farrokhi.net> (maintainer)

07:48 rafan 

- Update to 2.33

PR:             ports/101745
Submitted by:   Babak Farrokhi <babak at farrokhi.net> (maintainer)

18:25 rafan 

- Update to 2.32
- Pass maintainership to submitter

PR:             ports/100207
Submitted by:   Babak Farrokhi <babak farrokhi.net>

11:01 anray 

Update to 2.26

PR:             ports/92246
Submitted by:   Jeffrey H. Johnson <CPE1704TKS@bellsouth.net>
Approved by:    Steven Honson (maintainer)

08:31 edwin 

SHA256ify

Approved by:    krion@

01:36 mnag 

Update to 2.23
Fix IPv6 build. Thanks to Richard Hirner

PR:             87867
Submitted by:   Steven Honson <steven@honson.org> (maintainer)

15:18 leeym 

- update to 2.22

PR:             79563
Submitted by:   maintainer

17:12 vs 

Update to 2.20

PR:             ports/77502
Submitted by:   maintainer

16:59 krion 

Update to version 2.19

PR:             ports/75505
Submitted by:   maintainer

01:12 sem 

- Update to 2.18

PR:             ports/74704
Submitted by:   maintainer

12:53 vs 

Update to 2.17

PR:             ports/74032
Submitted by:   maintainer

09:16 sergei 

- Update to 2.15 (major bug fix)

PR:             ports/71973
Submitted by:   Steven Honson (maintainer)

While I'm here:
- Shorten long lines in Makefile to avoid wrapping

11:49 krion 

Update to 2.13

PR:             ports/70448
Submitted by:   maintainer

14:12 leeym 

- update to version 2.11, fixes FreeBSD builds under -CURRENT
- add minor cosmetic fix

PR:             69999
Submitted by:   Steven Honson <steven@honson.org>

13:28 sem 

Update to version 2.10

PR:             ports/69841
Submitted by:   maintainer

07:14 krion 

Update to 2.9

PR:             ports/68491
Submitted by:   maintainer

08:24 krion 

- Update to version 2.7

PR:             ports/65930
Submitted by:   maintainer

13:57 pav 

- Update to 2.6

PR:             ports/65159
Submitted by:   Steven Honson <steven@honson.org> (maintainer)

09:16 krion 

- Update to version 2.5

PR:             ports/64407
Submitted by:   maintainer

23:50 pav 

- Update to 2.2

PR:             ports/62231
Submitted by:   Steven Honson <steven@honson.org> (maintainer)

14:01 arved 

Update to 2.1

PR:             62083
Submitted by:   Steven Honson <steven@honson.org>

13:26 leeym 

Update to version 1.18

PR:             59099
Submitted by:   Steven Honson <shonson@isoproplex.net>

19:36 krion 

- Update to version 1.17

PR:             57919 57882
Submitted by:   maintainer, Matt Peterson <matt@peterson.org>