svn commit: r487960 - in branches/2018Q4/dns: bind911 bind911/files bind912 bind912/files bind913 bind913/files
Mathieu Arnold
mat at FreeBSD.org
Fri Dec 21 08:29:48 UTC 2018
Author: mat
Date: Fri Dec 21 08:29:43 2018
New Revision: 487960
URL: https://svnweb.freebsd.org/changeset/ports/487960
Log:
MFH: r480174 r480176 r482890 r482891 r483797 r483797 r483798 r483798 r484911 r484916 r484916 r485589 r487359 r487359 r487359
Update to 9.11.5-P1, 9.12.3-P1, 9.13.5.
While there:
- Don't disable symbol table generation when building WITH_DEBUG.
- Try and make sure nullfs can really be used in a more robustt and
centralized way.
- Make sure all changes are sync'ed among all BIND9 ports.
(Also, all the changes in between the previous merge.)
Approved by: ports-secteam (blanket, runtime fixes in these latest versions.)
Modified:
branches/2018Q4/dns/bind911/Makefile
branches/2018Q4/dns/bind911/distinfo
branches/2018Q4/dns/bind911/files/extrapatch-bind-min-override-ttl
branches/2018Q4/dns/bind911/files/named.in
branches/2018Q4/dns/bind911/files/patch-bin_named_include_named_globals.h
branches/2018Q4/dns/bind911/files/patch-configure
branches/2018Q4/dns/bind912/Makefile
branches/2018Q4/dns/bind912/distinfo
branches/2018Q4/dns/bind912/files/extrapatch-bind-min-override-ttl
branches/2018Q4/dns/bind912/files/named.in
branches/2018Q4/dns/bind912/files/patch-bin_named_include_named_globals.h
branches/2018Q4/dns/bind912/files/patch-configure
branches/2018Q4/dns/bind913/Makefile
branches/2018Q4/dns/bind913/distinfo
branches/2018Q4/dns/bind913/files/extrapatch-bind-min-override-ttl
branches/2018Q4/dns/bind913/files/named.in
branches/2018Q4/dns/bind913/files/patch-configure
branches/2018Q4/dns/bind913/pkg-plist
Directory Properties:
branches/2018Q4/ (props changed)
Modified: branches/2018Q4/dns/bind911/Makefile
==============================================================================
--- branches/2018Q4/dns/bind911/Makefile Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind911/Makefile Fri Dec 21 08:29:43 2018 (r487960)
@@ -20,7 +20,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= cpe libedit
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.11.4-P2
+ISCVERSION= 9.11.5-P1
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -30,11 +30,11 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-randomdev=/dev/random \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \
+ --with-gost=no \
--sysconfdir=${ETCDIR}
ETCDIR= ${PREFIX}/etc/namedb
@@ -56,9 +56,8 @@ OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \
MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \
START_LATE TUNING_LARGE TCP_FASTOPEN
-OPTIONS_RADIO= CRYPTO GOSTDEF
+OPTIONS_RADIO= CRYPTO
OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11
-OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1
OPTIONS_GROUP= DLZ
OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \
@@ -80,9 +79,6 @@ DNSTAP_DESC= Provides fast passive logging of DNS mes
FILTER_AAAA_DESC= Enable filtering of AAAA records
FIXED_RRSET_DESC= Enable fixed rrset ordering
GEOIP_DESC= Allow geographically based ACL.
-GOSTDEF_DESC= Enable GOST ciphers, needs SSL
-GOST_ASN1_DESC= GOST using ASN.1
-GOST_DESC= GOST raw keys (new default)
GSSAPI_BASE_DESC= Using Heimdal in base
GSSAPI_HEIMDAL_DESC= Using security/heimdal
GSSAPI_MIT_DESC= Using security/krb5
@@ -131,10 +127,6 @@ FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset
GEOIP_CONFIGURE_WITH= geoip
GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP
-GOST_ASN1_CONFIGURE_ON= --with-gost=asn1
-
-GOST_CONFIGURE_ON= --with-gost
-
GSSAPI_BASE_CONFIGURE_ON=\
--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
GSSAPI_BASE_USES= gssapi
@@ -199,14 +191,16 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
-.if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1}
-CONFIGURE_ARGS+= --without-gost
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
.endif
-.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base
-BROKEN= OpenSSL from the base system does not support GOST, add \
- DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \
- that needs SSL.
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
.endif
post-patch:
Modified: branches/2018Q4/dns/bind911/distinfo
==============================================================================
--- branches/2018Q4/dns/bind911/distinfo Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind911/distinfo Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1537447447
-SHA256 (bind-9.11.4-P2.tar.gz) = a85af7b629109d41285c7adeae1515daac638bbe4d5dc30d1f4b343dff09d811
-SIZE (bind-9.11.4-P2.tar.gz) = 9617963
+TIMESTAMP = 1544687911
+SHA256 (bind-9.11.5-P1.tar.gz) = 6cd6dbf016569f12d4a0ed629e44e895d9ed41c6908274ed2e617666c5491928
+SIZE (bind-9.11.5-P1.tar.gz) = 8814650
Modified: branches/2018Q4/dns/bind911/files/extrapatch-bind-min-override-ttl
==============================================================================
--- branches/2018Q4/dns/bind911/files/extrapatch-bind-min-override-ttl Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind911/files/extrapatch-bind-min-override-ttl Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,6 +1,6 @@
---- bin/named/config.c.orig 2018-06-10 06:06:33 UTC
+--- bin/named/config.c.orig 2018-10-06 01:36:17 UTC
+++ bin/named/config.c
-@@ -176,6 +176,8 @@ options {\n\
+@@ -177,6 +177,8 @@ options {\n\
" max-acache-size 16M;\n\
max-cache-size 90%;\n\
max-cache-ttl 604800; /* 1 week */\n\
@@ -9,9 +9,9 @@
max-clients-per-query 100;\n\
max-ncache-ttl 10800; /* 3 hours */\n\
max-recursion-depth 7;\n\
---- bin/named/server.c.orig 2018-06-10 06:06:33 UTC
+--- bin/named/server.c.orig 2018-10-06 01:36:17 UTC
+++ bin/named/server.c
-@@ -3692,6 +3692,16 @@ configure_view(dns_view_t *view, dns_vie
+@@ -3695,6 +3695,16 @@ configure_view(dns_view_t *view, dns_vie
}
obj = NULL;
@@ -28,20 +28,20 @@
result = ns_config_get(maps, "max-cache-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
view->maxcachettl = cfg_obj_asuint32(obj);
---- lib/dns/include/dns/view.h.orig 2018-06-10 06:06:33 UTC
+--- lib/dns/include/dns/view.h.orig 2018-10-06 01:36:17 UTC
+++ lib/dns/include/dns/view.h
-@@ -150,6 +150,8 @@ struct dns_view {
- isc_boolean_t requestnsid;
- isc_boolean_t sendcookie;
+@@ -152,6 +152,8 @@ struct dns_view {
+ bool requestnsid;
+ bool sendcookie;
dns_ttl_t maxcachettl;
+ dns_ttl_t mincachettl;
+ dns_ttl_t overridecachettl;
dns_ttl_t maxncachettl;
- isc_uint32_t nta_lifetime;
- isc_uint32_t nta_recheck;
---- lib/dns/resolver.c.orig 2018-06-10 06:06:33 UTC
+ uint32_t nta_lifetime;
+ uint32_t nta_recheck;
+--- lib/dns/resolver.c.orig 2018-10-06 01:36:17 UTC
+++ lib/dns/resolver.c
-@@ -5473,6 +5473,18 @@ cache_name(fetchctx_t *fctx, dns_name_t
+@@ -5474,6 +5474,18 @@ cache_name(fetchctx_t *fctx, dns_name_t
}
/*
@@ -60,9 +60,9 @@
* Enforce the configure maximum cache TTL.
*/
if (rdataset->ttl > res->view->maxcachettl) {
---- lib/isccfg/namedconf.c.orig 2018-06-10 06:06:33 UTC
+--- lib/isccfg/namedconf.c.orig 2018-10-06 01:36:17 UTC
+++ lib/isccfg/namedconf.c
-@@ -1770,6 +1770,8 @@ view_clauses[] = {
+@@ -1773,6 +1773,8 @@ view_clauses[] = {
#endif
{ "max-acache-size", &cfg_type_sizenodefault, 0 },
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
Modified: branches/2018Q4/dns/bind911/files/named.in
==============================================================================
--- branches/2018Q4/dns/bind911/files/named.in Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind911/files/named.in Fri Dec 21 08:29:43 2018 (r487960)
@@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
-_openssl_engines="%%LOCALBASE%%/lib/engines"
+_openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@@ -143,19 +143,16 @@ chroot_autoupdate()
fi
fi
- # If OpenSSL from ports, then the engines should be present in the
- # chroot, named loads them after chrooting.
+ # The OpenSSL engines should be present in the chroot, named loads them
+ # after chrooting.
if [ -d ${_openssl_engines} ]; then
- # FIXME when 8.4 is gone see if
- # security.jail.param.allow.mount.nullfs can be used.
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,20 +238,39 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
+}
+
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
}
create_file()
Modified: branches/2018Q4/dns/bind911/files/patch-bin_named_include_named_globals.h
==============================================================================
--- branches/2018Q4/dns/bind911/files/patch-bin_named_include_named_globals.h Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind911/files/patch-bin_named_include_named_globals.h Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,8 +1,8 @@
We reference the pid file as being run/named/pid everywere else.
---- bin/named/include/named/globals.h.orig 2018-06-10 06:06:33 UTC
+--- bin/named/include/named/globals.h.orig 2018-10-06 01:36:17 UTC
+++ bin/named/include/named/globals.h
-@@ -138,7 +138,7 @@ EXTERN isc_boolean_t ns_g_forcelock IN
+@@ -139,7 +139,7 @@ EXTERN bool ns_g_forcelock INIT(false)
#if NS_RUN_PID_DIR
EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR
"/run/named/"
Modified: branches/2018Q4/dns/bind911/files/patch-configure
==============================================================================
--- branches/2018Q4/dns/bind911/files/patch-configure Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind911/files/patch-configure Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,6 +1,6 @@
---- configure.orig 2018-06-10 06:06:33 UTC
+--- configure.orig 2018-10-06 01:36:17 UTC
+++ configure
-@@ -14961,27 +14961,9 @@ done
+@@ -15106,27 +15106,9 @@ done
# problems start to show up.
saved_libs="$LIBS"
for TRY_LIBS in \
@@ -30,7 +30,7 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
$as_echo_n "checking linking as $TRY_LIBS... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -15024,47 +15006,7 @@ $as_echo "no" >&6; } ;;
+@@ -15169,47 +15151,7 @@ $as_echo "no" >&6; } ;;
no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
esac
@@ -79,7 +79,7 @@
DNS_GSSAPI_LIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -23847,7 +23789,7 @@ $as_echo "" >&6; }
+@@ -23938,7 +23880,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
Modified: branches/2018Q4/dns/bind912/Makefile
==============================================================================
--- branches/2018Q4/dns/bind912/Makefile Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind912/Makefile Fri Dec 21 08:29:43 2018 (r487960)
@@ -29,13 +29,11 @@ COMMENT= BIND DNS suite with updated DNSSEC and DNS64
LICENSE= MPL20
LICENSE_FILE= ${WRKSRC}/COPYRIGHT
-BROKEN_powerpc64= fails to link: /usr/bin/ld: cannot find -latomic
-
LIB_DEPENDS= libxml2.so:textproc/libxml2
-USES= cpe libedit
+USES= compiler:c11 cpe libedit
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.12.2-P2
+ISCVERSION= 9.12.3-P1
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -45,11 +43,11 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-randomdev=/dev/random \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \
+ --with-gost=no \
--sysconfdir=${ETCDIR}
ETCDIR= ${PREFIX}/etc/namedb
@@ -72,9 +70,8 @@ OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE
OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \
FIXED_RRSET SIGCHASE IPV6 THREADS
-OPTIONS_RADIO= CRYPTO GOSTDEF
+OPTIONS_RADIO= CRYPTO
OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11
-OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1
.if !defined(BIND_TOOLS_SLAVE)
OPTIONS_DEFAULT+= DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP TCP_FASTOPEN
@@ -101,9 +98,6 @@ DLZ_STUB_DESC= DLZ stub driver
DNSTAP_DESC= Provides fast passive logging of DNS messages
FIXED_RRSET_DESC= Enable fixed rrset ordering
GEOIP_DESC= Allow geographically based ACL.
-GOSTDEF_DESC= Enable GOST ciphers, needs SSL
-GOST_ASN1_DESC= GOST using ASN.1
-GOST_DESC= GOST raw keys (new default)
GSSAPI_BASE_DESC= Using Heimdal in base
GSSAPI_HEIMDAL_DESC= Using security/heimdal
GSSAPI_MIT_DESC= Using security/krb5
@@ -150,10 +144,6 @@ FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset
GEOIP_CONFIGURE_WITH= geoip
GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP
-GOST_ASN1_CONFIGURE_ON= --with-gost=asn1
-
-GOST_CONFIGURE_ON= --with-gost
-
GSSAPI_BASE_CONFIGURE_ON=\
--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
GSSAPI_BASE_USES= gssapi
@@ -220,14 +210,16 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
-.if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1}
-CONFIGURE_ARGS+= --without-gost
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
.endif
-.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base
-BROKEN= OpenSSL from the base system does not support GOST, add \
- DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \
- that needs SSL.
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
.endif
post-patch:
Modified: branches/2018Q4/dns/bind912/distinfo
==============================================================================
--- branches/2018Q4/dns/bind912/distinfo Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind912/distinfo Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1537447540
-SHA256 (bind-9.12.2-P2.tar.gz) = 87027826e98bab90ead31f45ce7653cb3116ebe64ab8202a08b6b64531df693e
-SIZE (bind-9.12.2-P2.tar.gz) = 9422128
+TIMESTAMP = 1544687855
+SHA256 (bind-9.12.3-P1.tar.gz) = 6cb79389d787368af27f01c65a9fa09be1fd062eda37c94819a1a0178d5ded73
+SIZE (bind-9.12.3-P1.tar.gz) = 8625693
Modified: branches/2018Q4/dns/bind912/files/extrapatch-bind-min-override-ttl
==============================================================================
--- branches/2018Q4/dns/bind912/files/extrapatch-bind-min-override-ttl Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind912/files/extrapatch-bind-min-override-ttl Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,6 +1,6 @@
---- bin/named/config.c.orig 2018-07-03 07:08:14 UTC
+--- bin/named/config.c.orig 2018-10-06 05:51:22 UTC
+++ bin/named/config.c
-@@ -182,12 +182,14 @@ options {\n\
+@@ -183,12 +183,14 @@ options {\n\
max-recursion-queries 75;\n\
max-stale-ttl 604800; /* 1 week */\n\
message-compression yes;\n\
@@ -15,9 +15,9 @@
provide-ixfr true;\n\
query-source address *;\n\
query-source-v6 address *;\n\
---- bin/named/server.c.orig 2018-07-03 07:08:14 UTC
+--- bin/named/server.c.orig 2018-10-06 05:51:22 UTC
+++ bin/named/server.c
-@@ -4072,6 +4072,16 @@ configure_view(dns_view_t *view, dns_vie
+@@ -4075,6 +4075,16 @@ configure_view(dns_view_t *view, dns_vie
}
obj = NULL;
@@ -34,20 +34,20 @@
result = named_config_get(maps, "max-cache-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
view->maxcachettl = cfg_obj_asuint32(obj);
---- lib/dns/include/dns/view.h.orig 2018-07-03 07:08:14 UTC
+--- lib/dns/include/dns/view.h.orig 2018-10-06 05:51:22 UTC
+++ lib/dns/include/dns/view.h
-@@ -149,6 +149,8 @@ struct dns_view {
- isc_boolean_t requestnsid;
- isc_boolean_t sendcookie;
+@@ -151,6 +151,8 @@ struct dns_view {
+ bool requestnsid;
+ bool sendcookie;
dns_ttl_t maxcachettl;
+ dns_ttl_t mincachettl;
+ dns_ttl_t overridecachettl;
dns_ttl_t maxncachettl;
- isc_uint32_t nta_lifetime;
- isc_uint32_t nta_recheck;
---- lib/dns/resolver.c.orig 2018-07-03 07:08:14 UTC
+ uint32_t nta_lifetime;
+ uint32_t nta_recheck;
+--- lib/dns/resolver.c.orig 2018-10-06 05:51:22 UTC
+++ lib/dns/resolver.c
-@@ -5756,6 +5756,18 @@ cache_name(fetchctx_t *fctx, dns_name_t
+@@ -5757,6 +5757,18 @@ cache_name(fetchctx_t *fctx, dns_name_t
}
/*
@@ -66,9 +66,9 @@
* Enforce the configure maximum cache TTL.
*/
if (rdataset->ttl > res->view->maxcachettl) {
---- lib/isccfg/namedconf.c.orig 2018-07-03 07:08:14 UTC
+--- lib/isccfg/namedconf.c.orig 2018-10-06 05:51:22 UTC
+++ lib/isccfg/namedconf.c
-@@ -1914,6 +1914,8 @@ view_clauses[] = {
+@@ -1917,6 +1917,8 @@ view_clauses[] = {
{ "max-acache-size", &cfg_type_sizenodefault,
CFG_CLAUSEFLAG_OBSOLETE },
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
Modified: branches/2018Q4/dns/bind912/files/named.in
==============================================================================
--- branches/2018Q4/dns/bind912/files/named.in Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind912/files/named.in Fri Dec 21 08:29:43 2018 (r487960)
@@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
-_openssl_engines="%%LOCALBASE%%/lib/engines"
+_openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@@ -143,19 +143,16 @@ chroot_autoupdate()
fi
fi
- # If OpenSSL from ports, then the engines should be present in the
- # chroot, named loads them after chrooting.
+ # The OpenSSL engines should be present in the chroot, named loads them
+ # after chrooting.
if [ -d ${_openssl_engines} ]; then
- # FIXME when 8.4 is gone see if
- # security.jail.param.allow.mount.nullfs can be used.
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,20 +238,39 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
+}
+
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
}
create_file()
Modified: branches/2018Q4/dns/bind912/files/patch-bin_named_include_named_globals.h
==============================================================================
--- branches/2018Q4/dns/bind912/files/patch-bin_named_include_named_globals.h Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind912/files/patch-bin_named_include_named_globals.h Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,8 +1,8 @@
We reference the pid file as being run/named/pid everywere else.
---- bin/named/include/named/globals.h.orig 2018-06-10 06:06:19 UTC
+--- bin/named/include/named/globals.h.orig 2018-10-06 05:51:22 UTC
+++ bin/named/include/named/globals.h
-@@ -128,7 +128,7 @@ EXTERN isc_boolean_t named_g_forcelock
+@@ -129,7 +129,7 @@ EXTERN bool named_g_forcelock INIT(fals
#if NAMED_RUN_PID_DIR
EXTERN const char * named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR
"/run/named/"
Modified: branches/2018Q4/dns/bind912/files/patch-configure
==============================================================================
--- branches/2018Q4/dns/bind912/files/patch-configure Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind912/files/patch-configure Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,6 +1,6 @@
---- configure.orig 2018-06-10 06:06:19 UTC
+--- configure.orig 2018-10-06 05:51:22 UTC
+++ configure
-@@ -14939,27 +14939,9 @@ done
+@@ -15085,27 +15085,9 @@ done
# problems start to show up.
saved_libs="$LIBS"
for TRY_LIBS in \
@@ -30,7 +30,7 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
$as_echo_n "checking linking as $TRY_LIBS... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -15002,47 +14984,7 @@ $as_echo "no" >&6; } ;;
+@@ -15148,47 +15130,7 @@ $as_echo "no" >&6; } ;;
no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
esac
@@ -79,7 +79,7 @@
DNS_GSSAPI_LIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -23790,7 +23732,7 @@ $as_echo "" >&6; }
+@@ -23886,7 +23828,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
Modified: branches/2018Q4/dns/bind913/Makefile
==============================================================================
--- branches/2018Q4/dns/bind913/Makefile Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind913/Makefile Fri Dec 21 08:29:43 2018 (r487960)
@@ -31,9 +31,9 @@ LICENSE_FILE= ${WRKSRC}/COPYRIGHT
LIB_DEPENDS= libxml2.so:textproc/libxml2
-USES= cpe libedit ssl
+USES= compiler:c11 cpe libedit ssl
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.13.3
+ISCVERSION= 9.13.5
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -43,7 +43,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \
@@ -198,6 +197,18 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large
TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
+
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
+.endif
post-patch:
.if defined(BIND_TOOLS_SLAVE)
Modified: branches/2018Q4/dns/bind913/distinfo
==============================================================================
--- branches/2018Q4/dns/bind913/distinfo Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind913/distinfo Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1537447591
-SHA256 (bind-9.13.3.tar.gz) = 76674cf2a3e61766aed5c7fd1ee6ed3da133a9e331b35b24f40efdf1bbac5b44
-SIZE (bind-9.13.3.tar.gz) = 7805551
+TIMESTAMP = 1544687807
+SHA256 (bind-9.13.5.tar.gz) = bbde0b81c66a7c7f5b074c8f0e714ed8aa235e4b930e28953cab0ae3cae94e4b
+SIZE (bind-9.13.5.tar.gz) = 6309308
Modified: branches/2018Q4/dns/bind913/files/extrapatch-bind-min-override-ttl
==============================================================================
--- branches/2018Q4/dns/bind913/files/extrapatch-bind-min-override-ttl Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind913/files/extrapatch-bind-min-override-ttl Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,13 +1,6 @@
---- bin/named/config.c.orig 2018-09-06 00:15:26 UTC
+--- bin/named/config.c.orig 2018-12-07 18:44:21 UTC
+++ bin/named/config.c
-@@ -174,12 +174,14 @@ options {\n\
- max-recursion-queries 75;\n\
- max-stale-ttl 604800; /* 1 week */\n\
- message-compression yes;\n\
-+ min-cache-ttl 0; /* no minimal, zero is allowed */\n\
- # min-roots <obsolete>;\n\
- minimal-any false;\n\
- minimal-responses no-auth-recursive;\n\
+@@ -179,6 +179,7 @@ options {\n\
notify-source *;\n\
notify-source-v6 *;\n\
nsec3-test-zone no;\n\
@@ -15,9 +8,9 @@
provide-ixfr true;\n\
qname-minimization relaxed;\n\
query-source address *;\n\
---- bin/named/server.c.orig 2018-09-06 00:15:26 UTC
+--- bin/named/server.c.orig 2018-12-07 18:44:21 UTC
+++ bin/named/server.c
-@@ -4074,6 +4074,16 @@ configure_view(dns_view_t *view, dns_vie
+@@ -4154,6 +4154,11 @@ configure_view(dns_view_t *view, dns_vie
}
obj = NULL;
@@ -26,28 +19,22 @@
+ view->overridecachettl = cfg_obj_asuint32(obj);
+
+ obj = NULL;
-+ result = named_config_get(maps, "min-cache-ttl", &obj);
-+ INSIST(result == ISC_R_SUCCESS);
-+ view->mincachettl = cfg_obj_asuint32(obj);
-+
-+ obj = NULL;
result = named_config_get(maps, "max-cache-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
view->maxcachettl = cfg_obj_asuint32(obj);
---- lib/dns/include/dns/view.h.orig 2018-09-06 00:15:26 UTC
+--- lib/dns/include/dns/view.h.orig 2018-12-07 18:44:21 UTC
+++ lib/dns/include/dns/view.h
-@@ -153,6 +153,8 @@ struct dns_view {
+@@ -153,6 +153,7 @@ struct dns_view {
bool requestnsid;
bool sendcookie;
dns_ttl_t maxcachettl;
-+ dns_ttl_t mincachettl;
+ dns_ttl_t overridecachettl;
dns_ttl_t maxncachettl;
- uint32_t nta_lifetime;
- uint32_t nta_recheck;
---- lib/dns/resolver.c.orig 2018-09-06 00:15:26 UTC
+ dns_ttl_t mincachettl;
+ dns_ttl_t minncachettl;
+--- lib/dns/resolver.c.orig 2018-12-07 18:44:21 UTC
+++ lib/dns/resolver.c
-@@ -5758,6 +5758,18 @@ cache_name(fetchctx_t *fctx, dns_name_t
+@@ -5967,6 +5967,12 @@ cache_name(fetchctx_t *fctx, dns_name_t
}
/*
@@ -57,23 +44,16 @@
+ rdataset->ttl = res->view->overridecachettl;
+
+ /*
-+ * Enforce the configure minimum cache TTL.
-+ */
-+ if (rdataset->ttl < res->view->mincachettl)
-+ rdataset->ttl = res->view->mincachettl;
-+
-+ /*
* Enforce the configure maximum cache TTL.
*/
if (rdataset->ttl > res->view->maxcachettl) {
---- lib/isccfg/namedconf.c.orig 2018-09-06 00:15:26 UTC
+--- lib/isccfg/namedconf.c.orig 2018-12-07 18:44:21 UTC
+++ lib/isccfg/namedconf.c
-@@ -1919,6 +1919,8 @@ view_clauses[] = {
+@@ -1900,6 +1900,7 @@ view_clauses[] = {
{ "max-acache-size", &cfg_type_sizenodefault,
CFG_CLAUSEFLAG_OBSOLETE },
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
+ { "override-cache-ttl", &cfg_type_ttlval, 0 },
-+ { "min-cache-ttl", &cfg_type_ttlval, 0 },
{ "max-cache-ttl", &cfg_type_ttlval, 0 },
{ "max-clients-per-query", &cfg_type_uint32, 0 },
{ "max-ncache-ttl", &cfg_type_ttlval, 0 },
Modified: branches/2018Q4/dns/bind913/files/named.in
==============================================================================
--- branches/2018Q4/dns/bind913/files/named.in Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind913/files/named.in Fri Dec 21 08:29:43 2018 (r487960)
@@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
-_openssl_engines="%%LOCALBASE%%/lib/engines"
+_openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@@ -143,19 +143,16 @@ chroot_autoupdate()
fi
fi
- # If OpenSSL from ports, then the engines should be present in the
- # chroot, named loads them after chrooting.
+ # The OpenSSL engines should be present in the chroot, named loads them
+ # after chrooting.
if [ -d ${_openssl_engines} ]; then
- # FIXME when 8.4 is gone see if
- # security.jail.param.allow.mount.nullfs can be used.
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,20 +238,39 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
+}
+
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
}
create_file()
Modified: branches/2018Q4/dns/bind913/files/patch-configure
==============================================================================
--- branches/2018Q4/dns/bind913/files/patch-configure Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind913/files/patch-configure Fri Dec 21 08:29:43 2018 (r487960)
@@ -1,6 +1,6 @@
---- configure.orig 2018-09-06 00:15:26 UTC
+--- configure.orig 2018-12-07 18:44:21 UTC
+++ configure
-@@ -16468,27 +16468,9 @@ done
+@@ -16296,27 +16296,9 @@ done
# problems start to show up.
saved_libs="$LIBS"
for TRY_LIBS in \
@@ -30,7 +30,7 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
$as_echo_n "checking linking as $TRY_LIBS... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -16531,47 +16513,7 @@ $as_echo "no" >&6; } ;;
+@@ -16359,47 +16341,7 @@ $as_echo "no" >&6; } ;;
no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
esac
@@ -79,7 +79,7 @@
DNS_GSSAPI_LIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -21337,7 +21279,7 @@ $as_echo "" >&6; }
+@@ -20933,7 +20875,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
Modified: branches/2018Q4/dns/bind913/pkg-plist
==============================================================================
--- branches/2018Q4/dns/bind913/pkg-plist Fri Dec 21 08:26:12 2018 (r487959)
+++ branches/2018Q4/dns/bind913/pkg-plist Fri Dec 21 08:29:43 2018 (r487960)
@@ -160,8 +160,7 @@ include/isc/fuzz.h
include/isc/hash.h
include/isc/heap.h
include/isc/hex.h
-include/isc/hmacmd5.h
-include/isc/hmacsha.h
+include/isc/hmac.h
include/isc/ht.h
include/isc/httpd.h
include/isc/interfaceiter.h
@@ -175,7 +174,7 @@ include/isc/likely.h
include/isc/list.h
include/isc/log.h
include/isc/magic.h
-include/isc/md5.h
+include/isc/md.h
include/isc/mem.h
include/isc/meminfo.h
include/isc/msgcat.h
@@ -209,12 +208,11 @@ include/isc/resultclass.h
include/isc/rwlock.h
include/isc/safe.h
include/isc/serial.h
-include/isc/sha1.h
-include/isc/sha2.h
include/isc/sockaddr.h
include/isc/socket.h
include/isc/stat.h
include/isc/stats.h
+include/isc/stdatomic.h
include/isc/stdio.h
include/isc/stdtime.h
include/isc/strerr.h
@@ -252,6 +250,7 @@ include/isccfg/log.h
include/isccfg/namedconf.h
include/isccfg/version.h
include/ns/client.h
+include/ns/hooks.h
include/ns/interfacemgr.h
include/ns/lib.h
include/ns/listenlist.h
@@ -275,6 +274,7 @@ include/pkcs11/eddsa.h
include/pkcs11/pkcs11.h
include/pkcs11/pkcs11f.h
include/pkcs11/pkcs11t.h
+lib/filter-aaaa.so
lib/libbind9.a
lib/libdns.a
lib/libirs.a
@@ -308,6 +308,7 @@ man/man8/dnssec-revoke.8.gz
man/man8/dnssec-settime.8.gz
man/man8/dnssec-signzone.8.gz
man/man8/dnssec-verify.8.gz
+man/man8/filter-aaaa.8.gz
man/man8/named-checkconf.8.gz
man/man8/named-checkzone.8.gz
man/man8/named-compilezone.8.gz
More information about the svn-ports-branches
mailing list