Remove expired ports:
2019-05-31 multimedia/gmerlin-avdecoder: unused in the ports tree and depends on
vulnerable multimedia/ffmpeg0
2019-05-31 security/racoon2-legacy: No longer supported upstream, use
security/racoon2
2019-05-31 www/pivotx: inactive upstream and does not work with PHP 7
2019-05-31 dns/bind912: Support ends, please move to dns/bind914.
2019-05-31 multimedia/vdr-plugin-softhddevice: unmaintained and depends on
vulnerable multimedia/ffmpeg0

Update to BIND9 9.12.4-P1.

MFH:		2019Q2
Security:	CVE-2018-5743, CVE-2019-6467

Remove conflicts from bind-tools and the server ports.

All servers now depend on the same bind-tools, from the latest BIND9
release.

Chase dependencies to make sure they now depend on the correct port.

Differential Revision:	https://reviews.freebsd.org/D19922

BIND9 9.12 is EOL at the end of May 2019.

Move bind-tools from 9.12 to 9.14.

It was forgotten during the 9.14 release process.

Make WITH_DEBUG actually build and be as helpful as possible.

Update WWW.

PR:		236196
Submitted by:	Leonid Nevecherya

Add BIND 9.14.0 first release candidate.

Update to 9.12.4.

Update to 9.12.3-P4.

MFH:		2019Q1 (blanket)
Security:	CVE-2018-5744 CVE-2018-5745 CVE-2019-6465

Update dns/libidn2 to 2.1.1

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://gitlab.com/libidn/libidn2/blob/master/NEWS

Remove GeoIP-related options. Where possible, replace GeoIP 1 defaults
with GeoIP 2.

Also, as suggested by zi, add an UPDATING note about this.

Update dns/libidn2 to 2.1.0

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://gitlab.com/libidn/libidn2/blob/master/NEWS

Update to 9.11.5-P1, 9.12.3-P1, 9.13.5.

While there:
- Don't disable symbol table generation when building WITH_DEBUG.
- Try and make sure nullfs can really be used in a more robustt and
  centralized way.
- Make sure all changes are sync'ed among all BIND9 ports.

Bump PORTREVISION for ports depending on the canonical version of GCC
defined via Mk/bsd.default-versions.mk which has moved from GCC 7.4 t
GCC 8.2 under most circumstances.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
   c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, as a double check, everything INDEX-11 showed depending on lang/gcc7.

PR:		231590

Make sure gost is really disabled.

It may get picked up from the base OpenSSL and break startup.
While there, make sure the correct engines are used.

Reported by:	Kevin P. Neal (on ports@)

Now builds on powerpc64.

Approved by:	portmgr (tier-2 blanket)

Remove GOST support from BIND9 9.11 and 9.12.

It was never (widely|really) used, and support for it has been dropped
in OpenSSL starting at 1.1, and BIND9 starting at 9.13.

PR:		231980
Reported by:	mfechner

Fix build on powerpc64.

PR:		231786
Submitted by:	Piotr Kubaj

Update to 9.12.3.

Update to 9.12.2-P2

Switch to libidn2 for idn.

Various cleanup & fixes post-DOCS/EXAMPLES cleanup.

PR:		230864
Submitted by:	mat
exp-runs by:	antoine

Update devel/json-c to 0.13.1

- Add my LOCAL to MASTER_SITES
- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://github.com/json-c/json-c/blob/master/ChangeLog
PR:		231007
Exp-run by:	antoine

Permit using allow-new-zones, LMDB, and a chrooted environment.

Fixes this obscure and not at all helpful message:
mdb_env_open of '_default.nzd' failed: No such file or directory

PR:		229125
Reported by:	Tomas Ciernik
MFH:		2018Q3

Update to 9.11.4-P1 and 9.12.2-P1.

Security:	CVE-2018-5740
Sponsored by:	Absolight

Update BIND9 ports to 9.11.4, 9.12.2 and 9.13.2.

Sponsored by:	Absolight

Include a patch to fix CVE-2018-5738 in all the BIND9 ports.

MFH:		2018Q2 (blanket)
Security:	CVE-2018-5738
Sponsored by:	Absolight

Fix build with LibreSSL 2.7.

PR:		226903
Submitted by:	Charlie Li
Reported by:	Piotr Kubaj
Sponsored by:	Absolight

Move things around a bit to be more handbook compliant.

Sponsored by:	Absolight

Mark as broken on powerpc64.

Approved by:	portmgr (tier-2 blanket)

Add BIND9 9.13.0.

The ISC changed their release model, they are now doing
odd-unstable/even-stable release numbering.  This is a development
version, consider it alpha/beta quality.  The next stable release will
be 9.14.0.

Changes:	https://kb.isc.org/article/AA-01612
Sponsored by:	Absolight

Add PY_FLAVOR to Python module dependencies.

Sponsored by:	Absolight

Security update to 9.12.1P2.

MFH:		2018Q2
Security:	94599fe0-5ca3-11e8-8be1-d05099c0ae8c
Security:	CVE-2018-5736, CVE-2018-5737

Fix build when LOCALBASE!=/usr/local.

PR:		227554
Submitted by:	John Hein
Sponsored by:	Absolight

Update BIND9 ports to 9.9.12, 9.10.7, 9.11.3 and 9.12.1.

Sponsored by:	Absolight

Teach named where its pid file should be by default, to be consistent
with the default configuration, rc script, man pages...

PR:		225687
Reported by:	John W. O'Brien
Sponsored by:	Absolight

Note that this is no longer a development version.

Sponsored by:	Absolight

TCP_FASTOPEN only concerns named, not the tools.

Reported by:	sunpoet
Sponsored by:	Absolight

Add a TCP_FASTOPEN option (default on) to allow not building it in. [1]

It is annoying because it outputs one line saying it cannot enable
TCP_FASTOPEN when the deamon starts.

While there, discover that FILTER_AAAA is always enabled in 9.12+ and no
longer an option, so remove it.

PR:		217288 [1] (based on)
Reported by:	doktornotor mailinator com
Sponsored by:	Absolight

Catch up with the conflicts lines in the BIND9 ports.

Sponsored by:	Absolight

Update to 9.12.0.

Sponsored by:	Absolight

Update named.root.

Sponsored by:	People afraid of a nuclear holocaust.

Update BIND9* to 9.9.11-P1, 9.10.6-P1, 9.11.2-P1 and 9.12.0rc3

MFH:		2018Q1
Security:	CVE-2017-3145
Sponsored by:	Absolight

Add a TUNING_LARGE option.

https://kb.isc.org/article/AA-01314/0

Tunes certain compiled-in constants and default settings to
values better suited to large servers with 12/16GB+ of memory.
This can improve performance on such servers, but will consume
more memory and may degrade performance on smaller systems.

PR:		224859
Sponsored by:	Absolight

Fix altlog_proglist warning when it contains more than the named service.

PR:		224951
Submitted by:	Trix Farrar
Sponsored by:	Absolight

Update devel/json-c to 0.13

- Add TEST_TARGET
- While I'm here, fix shebang for net/opensips
- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://github.com/json-c/json-c/blob/master/ChangeLog
PR:		224675
Exp-run by:	antoine

Update to 9.12.0rc1.

Sponsored by:	Absolight

Add an extra check to make sure syslogd is correctly configured when
using chroot.

Sponsored by:	Absolight

Update to 9.12.0b2.

Sponsored by:	Absolight

Add a symlink to named's session-keyfile.

Using nsupdate -l, and chroot was broken because nsupdate could not find
the keyfile by itself.

PR:		223403
Submitted by:	Harald Schmalzbauer
Sponsored by:	Absolight

Update license of ports using MPL (without version)

All ports now should use MPL[10|11|20] license.

Approved by:	portmgr (blanket)

Enable the PYTHON option by default, it brings a few interesting DNSSEC
tools.

Sponsored by:	Absolight

Add BIND9 9.12, currently in beta 1.

Changes:	https://lists.isc.org/pipermail/bind-announce/2017-October/001068.html
Sponsored by:	Absolight