dns/bind9-devel: update to latest commit

2025-06-01 02:46:27 -04:00 · 2021-09-20 19:21:51 +02:00 · 2021-09-20 19:21:51 +02:00 · 4a91cc902b
commit 4a91cc902b
parent 41dc4521fa
11 changed files with 43 additions and 96 deletions
--- a/dns/bind-tools/pkg-plist-devel
+++ b/dns/bind-tools/pkg-plist-devel
@ -17,19 +17,19 @@ bin/nsec3hash
 bin/nslookup
 bin/nsupdate
 lib/bind-tools/libbind9.so
-lib/bind-tools/libbind9-9.17.15.so
+lib/bind-tools/libbind9-9.17.18.so
 lib/bind-tools/libdns.so
-lib/bind-tools/libdns-9.17.15.so
+lib/bind-tools/libdns-9.17.18.so
 lib/bind-tools/libirs.so
-lib/bind-tools/libirs-9.17.15.so
+lib/bind-tools/libirs-9.17.18.so
 lib/bind-tools/libisc.so
-lib/bind-tools/libisc-9.17.15.so
+lib/bind-tools/libisc-9.17.18.so
 lib/bind-tools/libisccc.so
-lib/bind-tools/libisccc-9.17.15.so
+lib/bind-tools/libisccc-9.17.18.so
 lib/bind-tools/libisccfg.so
-lib/bind-tools/libisccfg-9.17.15.so
+lib/bind-tools/libisccfg-9.17.18.so
 lib/bind-tools/libns.so
-lib/bind-tools/libns-9.17.15.so
+lib/bind-tools/libns-9.17.18.so
 man/man1/arpaname.1.gz
 man/man1/delv.1.gz
 man/man1/dig.1.gz
--- a/dns/bind9-devel/Makefile
+++ b/dns/bind9-devel/Makefile
@ -49,13 +49,13 @@ RUN_DEPENDS=	bind-tools>0:dns/bind-tools
 # XXX: remove tar:bz2
 USES=		autoreconf compiler:c11 cpe libedit libtool pkgconfig ssl tar:bz2
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.17.15a0.2021.07.06
+ISCVERSION=	9.17.18a0.2021.09.20
 # XXX: Remove gitlab
 USE_GITLAB=	yes
 GL_SITE=	https://gitlab.isc.org
 GL_ACCOUNT=	isc-projects
 GL_PROJECT=	bind9
-GL_COMMIT=	f663701b1deab34415f86cfef4172ac71e164edc
+GL_COMMIT=	be99fc92b63ef2463cadb2f90162982ed3ed289d

 CPE_VENDOR=	isc
 CPE_VERSION=	${ISCVERSION:C/-.*//}
@ -98,9 +98,6 @@ OPTIONS_DEFINE=		DNSTAP DOCS FIXED_RRSET GEOIP IDN JSON LARGE_FILE LMDB \
 			MANPAGES OVERRIDECACHE PORTREVISION QUERYTRACE \
 			START_LATE TCP_FASTOPEN

-OPTIONS_RADIO=		CRYPTO
-OPTIONS_RADIO_CRYPTO=	NATIVE_PKCS11
-
 OPTIONS_GROUP=		DLZ
 OPTIONS_GROUP_DLZ=	DLZ_BDB DLZ_FILESYSTEM DLZ_LDAP DLZ_MYSQL \
 			DLZ_POSTGRESQL DLZ_STUB
@ -133,7 +130,6 @@ GSSAPI_NONE_DESC=	Disable
 LARGE_FILE_DESC=	64-bit file support
 LMDB_DESC=		Use LMDB for zone management
 OVERRIDECACHE_DESC=	Use the override-cache patch
-NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
 PORTREVISION_DESC=	Show PORTREVISION in the version string
 QUERYTRACE_DESC=	Enable the very verbose query tracelogging
 START_LATE_DESC=	Start BIND late in the boot process (see help)
@ -198,8 +194,6 @@ MANPAGES_BUILD_DEPENDS=	sphinx-build:textproc/py-sphinx

 OVERRIDECACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl

-NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
-
 QUERYTRACE_CONFIGURE_ENABLE=	querytrace

 START_LATE_SUB_LIST=		NAMED_BEFORE="LOGIN" \
--- a/dns/bind9-devel/distinfo
+++ b/dns/bind9-devel/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1625573711
-SHA256 (isc-projects-bind9-f663701b1deab34415f86cfef4172ac71e164edc_GL0.tar.gz) = 6e07498a88a5c1525570e777501d96cbad3e9bf7d997fdb4a4da25183bec5663
-SIZE (isc-projects-bind9-f663701b1deab34415f86cfef4172ac71e164edc_GL0.tar.gz) = 6222198
+TIMESTAMP = 1632153636
+SHA256 (isc-projects-bind9-be99fc92b63ef2463cadb2f90162982ed3ed289d_GL0.tar.gz) = 5bdcd0999fb97f70c8622b90270665cccba9467d943984ce06845545ef5c605f
+SIZE (isc-projects-bind9-be99fc92b63ef2463cadb2f90162982ed3ed289d_GL0.tar.gz) = 6192681
--- a/dns/bind9-devel/files/extrapatch-bind-min-override-ttl
+++ b/dns/bind9-devel/files/extrapatch-bind-min-override-ttl
@ -1,8 +1,8 @@
 Add the override-cache-ttl feature.

--- bin/named/config.c.orig	2021-07-06 05:53:30 UTC
+--- bin/named/config.c.orig	2021-09-17 07:10:48 UTC
 +++ bin/named/config.c
-@@ -179,6 +179,7 @@ options {\n\
+@@ -182,6 +182,7 @@ options {\n\
 	notify-source *;\n\
 	notify-source-v6 *;\n\
 	nsec3-test-zone no;\n\
@ -10,9 +10,9 @@ Add the override-cache-ttl feature.
 	parental-source *;\n\
 	parental-source-v6 *;\n\
 	provide-ixfr true;\n\
--- bin/named/server.c.orig	2021-07-06 05:53:30 UTC
+--- bin/named/server.c.orig	2021-09-17 07:10:48 UTC
 +++ bin/named/server.c
-@@ -4497,6 +4497,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl
+@@ -4498,6 +4498,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl
 	}
 
 	obj = NULL;
@ -24,7 +24,7 @@ Add the override-cache-ttl feature.
 	result = named_config_get(maps, "max-cache-ttl", &obj);
 	INSIST(result == ISC_R_SUCCESS);
 	view->maxcachettl = cfg_obj_asduration(obj);
--- lib/dns/include/dns/view.h.orig	2021-07-06 05:53:30 UTC
+--- lib/dns/include/dns/view.h.orig	2021-09-17 07:10:48 UTC
 +++ lib/dns/include/dns/view.h
@@ -154,6 +154,7 @@ struct dns_view {
 	bool		      requestnsid;
@ -34,9 +34,9 @@ Add the override-cache-ttl feature.
 	dns_ttl_t	      maxncachettl;
 	dns_ttl_t	      mincachettl;
 	dns_ttl_t	      minncachettl;
--- lib/dns/resolver.c.orig	2021-07-06 05:53:30 UTC
+--- lib/dns/resolver.c.orig	2021-09-17 07:10:48 UTC
 +++ lib/dns/resolver.c
-@@ -6386,6 +6386,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_mes
+@@ -6382,6 +6382,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_mes
 		}
 
 		/*
@ -49,9 +49,9 @@ Add the override-cache-ttl feature.
 		 * Enforce the configure maximum cache TTL.
 		 */
 		if (rdataset->ttl > res->view->maxcachettl) {
--- lib/isccfg/namedconf.c.orig	2021-07-06 05:53:30 UTC
+--- lib/isccfg/namedconf.c.orig	2021-09-17 07:10:48 UTC
 +++ lib/isccfg/namedconf.c
-@@ -2029,6 +2029,7 @@ static cfg_clausedef_t view_clauses[] = {
+@@ -2050,6 +2050,7 @@ static cfg_clausedef_t view_clauses[] = {
 #endif /* ifdef HAVE_LMDB */
 	{ "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
 	{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
--- a/dns/bind9-devel/files/extrapatch-bind-tools
+++ b/dns/bind9-devel/files/extrapatch-bind-tools
@ -1,6 +1,6 @@
 Only select the "tools" part of bind for building.

--- Makefile.am.orig	2020-07-20 08:13:37 UTC
+--- Makefile.am.orig	2021-09-17 07:10:48 UTC
 +++ Makefile.am
@@ -8,8 +8,6 @@ CLEANFILES = bind.keys.h
 bind.keys.h: bind.keys Makefile
@ -11,17 +11,16 @@ Only select the "tools" part of bind for building.
 .PHONY: doc
 
 EXTRA_DIST = 			\
--- bin/Makefile.am.orig	2020-07-20 08:13:37 UTC
+--- bin/Makefile.am.orig	2021-09-17 07:10:48 UTC
 +++ bin/Makefile.am
-@@ -1,4 +1,4 @@
+@@ -1 +1 @@
 -SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins
 +SUBDIRS = dig delv dnssec tools nsupdate
- 
- if HAVE_PKCS11
- SUBDIRS += pkcs11
--- bin/tools/Makefile.am.orig	2020-07-20 08:13:37 UTC
+-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins
+SUBDIRS = dig delv dnssec tools nsupdate
+--- bin/tools/Makefile.am.orig	2021-09-17 07:10:48 UTC
 +++ bin/tools/Makefile.am
-@@ -11,7 +11,6 @@ LDADD =				\
+@@ -11,7 +11,6 @@ LDADD +=			\
 bin_PROGRAMS =			\
 	arpaname		\
 	mdig			\
--- a/dns/bind9-devel/files/extrapatch-no-bind-tools
+++ b/dns/bind9-devel/files/extrapatch-no-bind-tools
@ -1,16 +1,13 @@
 Exclude the "tools" from building and installing.

--- bin/Makefile.am.orig	2021-01-04 06:21:13 UTC
+--- bin/Makefile.am.orig	2021-09-17 07:10:48 UTC
 +++ bin/Makefile.am
-@@ -1,4 +1,4 @@
+@@ -1 +1 @@
 -SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins
 +SUBDIRS = named rndc tools check confgen tests plugins
- 
- if HAVE_PKCS11
- SUBDIRS += pkcs11
--- bin/tools/Makefile.am.orig	2021-01-04 06:21:13 UTC
+--- bin/tools/Makefile.am.orig	2021-09-17 07:10:48 UTC
 +++ bin/tools/Makefile.am
-@@ -9,11 +9,7 @@ LDADD =				\
+@@ -9,11 +9,7 @@ LDADD +=			\
 	$(LIBISC_LIBS)
 
 bin_PROGRAMS =			\
--- a/dns/bind9-devel/files/named.in
+++ b/dns/bind9-devel/files/named.in
@ -21,7 +21,6 @@
 # named_wait_host (str):	    Hostname to check if named_wait is enabled
 # named_auto_forward (str):	    Set up forwarders from /etc/resolv.conf
 # named_auto_forward_only (str):    Do "forward only" instead of "forward first"
-%%NATIVE_PKCS11%%# named_pkcs11_engine (str):	    Path to the PKCS#11 library to use.
 #

 . /etc/rc.subr
@ -52,7 +51,6 @@ named_wait=${named_wait:-"NO"}
 named_wait_host=${named_wait_host:-"localhost"}
 named_auto_forward=${named_auto_forward:-"NO"}
 named_auto_forward_only=${named_auto_forward_only:-"NO"}
-%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""}

 # Not configuration variables but having them here keeps rclint happy
 required_dirs="${named_chrootdir}"
@ -334,16 +332,6 @@ named_prestart()

 	command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}"

-%%NATIVE_PKCS11%%	if [ -z "${named_pkcs11_engine}"]; then
-%%NATIVE_PKCS11%%		err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use"
-%%NATIVE_PKCS11%%	elif [ ! -f ${named_pkcs11_engine} ]; then
-%%NATIVE_PKCS11%%		err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist"
-%%NATIVE_PKCS11%%	else
-%%NATIVE_PKCS11%%		mkdir -p ${named_chrootdir}${named_pkcs11_engine%/*}
-%%NATIVE_PKCS11%%		cp -p ${named_pkcs11_engine} ${named_chrootdir}${named_pkcs11_engine}
-%%NATIVE_PKCS11%%		command_args="-E ${named_pkcs11_engine} ${command_args}"
-%%NATIVE_PKCS11%%	fi
-
 	local line nsip firstns

 	# Is the user using a sandbox?
--- a/dns/bind9-devel/files/patch-bin_named_include_named_globals.h
+++ b/dns/bind9-devel/files/patch-bin_named_include_named_globals.h
@ -1,8 +1,8 @@
 We reference the pid file as being run/named/pid everywere else.

--- bin/named/include/named/globals.h.orig	2021-02-08 02:55:31 UTC
+--- bin/named/include/named/globals.h.orig	2021-09-17 07:10:48 UTC
 +++ bin/named/include/named/globals.h
-@@ -130,7 +130,7 @@ EXTERN bool named_g_forcelock		   INIT(false);
+@@ -133,7 +133,7 @@ EXTERN bool named_g_forcelock		   INIT(false);
 
 #if NAMED_RUN_PID_DIR
 EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named/"
--- a/dns/bind9-devel/files/patch-configure.ac
+++ b/dns/bind9-devel/files/patch-configure.ac
@ -1,8 +1,8 @@
 automake has warnings, it is ok here.

--- configure.ac.orig	2021-04-26 07:17:12 UTC
+--- configure.ac.orig	2021-09-17 07:10:48 UTC
 +++ configure.ac
-@@ -63,7 +63,7 @@ AC_CANONICAL_HOST
+@@ -46,7 +46,7 @@ AC_CANONICAL_HOST
 AC_CANONICAL_TARGET
 
 AC_CONFIG_SRCDIR([bin/named/main.c])
--- a/dns/bind9-devel/pkg-help
+++ b/dns/bind9-devel/pkg-help
@ -1,19 +1,3 @@
-                       NATIVE_PKCS11
-When using the NATIVE_PKCS11 option, BIND will use the PKCS#11
-engine specified by the named_pkcss11_engine variable in
-/etc/rc.conf for *all* crypto operations.
-
-This is primarily intended to be used in an authoritative
-case.
-
-If BIND is also operating as a validating resolver,
-NATIVE_PKCS11 should not be used, because the HSM will be
-used for all crypto, including DNSSEC validations, and the
-HSM is likely to be slower than the CPU for this purpose.
-Additionally, the HSM might not support all of the PKCS#11
-API functions needed for signature verification.
-
-
                            GOST
 If using a chrooted instance of BIND on FreeBSD 8.x and 9.x,
 the OpenSSL engines MUST be accessible from within the chroot.
--- a/dns/bind9-devel/pkg-plist
+++ b/dns/bind9-devel/pkg-plist
@ -4,10 +4,6 @@ bin/named-checkzone
 bin/named-compilezone
 bin/named-journalprint
 %%LMDB%%bin/named-nzd2nzf
-%%NATIVE_PKCS11%%bin/pkcs11-destroy
-%%NATIVE_PKCS11%%bin/pkcs11-keygen
-%%NATIVE_PKCS11%%bin/pkcs11-list
-%%NATIVE_PKCS11%%bin/pkcs11-tokens
@sample etc/mtree/BIND.chroot.dist.sample
@sample etc/mtree/BIND.chroot.local.dist.sample
 %%ETCDIR%%/bind.keys
@ -163,7 +159,6 @@ include/isc/interfaceiter.h
 include/isc/iterated_hash.h
 include/isc/lang.h
 include/isc/lex.h
-include/isc/lib.h
 include/isc/likely.h
 include/isc/list.h
 include/isc/log.h
@ -256,28 +251,22 @@ include/ns/stats.h
 include/ns/types.h
 include/ns/update.h
 include/ns/xfrout.h
-include/pk11/constants.h
-include/pk11/internal.h
-include/pk11/pk11.h
-include/pk11/result.h
-include/pk11/site.h
-include/pkcs11/pkcs11.h
 lib/bind/filter-a.so
 lib/bind/filter-aaaa.so
 lib/libbind9.so
-lib/libbind9-9.17.15.so
+lib/libbind9-9.17.18.so
 lib/libdns.so
-lib/libdns-9.17.15.so
+lib/libdns-9.17.18.so
 lib/libirs.so
-lib/libirs-9.17.15.so
+lib/libirs-9.17.18.so
 lib/libisc.so
-lib/libisc-9.17.15.so
+lib/libisc-9.17.18.so
 lib/libisccc.so
-lib/libisccc-9.17.15.so
+lib/libisccc-9.17.18.so
 lib/libisccfg.so
-lib/libisccfg-9.17.15.so
+lib/libisccfg-9.17.18.so
 lib/libns.so
-lib/libns-9.17.15.so
+lib/libns-9.17.18.so
@comment man/man1/arpaname.1.gz
@comment man/man1/delv.1.gz
@comment man/man1/dig.1.gz
@ -302,10 +291,6 @@ lib/libns-9.17.15.so
@comment man/man1/nsec3hash.1.gz
@comment man/man1/nslookup.1.gz
@comment man/man1/nsupdate.1.gz
-%%MANPAGES%%%%NATIVE_PKCS11%%man/man1/pkcs11-destroy.1.gz
-%%MANPAGES%%%%NATIVE_PKCS11%%man/man1/pkcs11-keygen.1.gz
-%%MANPAGES%%%%NATIVE_PKCS11%%man/man1/pkcs11-list.1.gz
-%%MANPAGES%%%%NATIVE_PKCS11%%man/man1/pkcs11-tokens.1.gz
 %%MANPAGES%%man/man5/named.conf.5.gz
 %%MANPAGES%%man/man5/rndc.conf.5.gz
 %%MANPAGES%%man/man8/ddns-confgen.8.gz