mirror of
https://git.freebsd.org/ports.git
synced 2025-07-17 01:09:24 -04:00
Update to 9.11.5-P1, 9.12.3-P1, 9.13.5.
While there: - Don't disable symbol table generation when building WITH_DEBUG. - Try and make sure nullfs can really be used in a more robustt and centralized way. - Make sure all changes are sync'ed among all BIND9 ports.
This commit is contained in:
parent
380c4cc133
commit
794e28f05a
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=487359
14 changed files with 195 additions and 97 deletions
|
@ -9,7 +9,7 @@ PORTREVISION= 1
|
|||
.else
|
||||
# XXX: correct version
|
||||
# dns/bind9xx here
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 2
|
||||
.endif
|
||||
CATEGORIES= dns net ipv6
|
||||
# XXX: put the ISC master_site
|
||||
|
@ -54,7 +54,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
|
|||
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
|
||||
--disable-symtable \
|
||||
--with-libxml2=${LOCALBASE} \
|
||||
--with-readline="-L${LOCALBASE}/lib -ledit" \
|
||||
--with-dlopen=yes \
|
||||
|
@ -210,6 +209,18 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
|
|||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if defined(WITH_DEBUG)
|
||||
CONFIGURE_ARGS+= --enable-symtable
|
||||
.else
|
||||
CONFIGURE_ARGS+= --disable-symtable
|
||||
.endif
|
||||
|
||||
.if ${SSL_DEFAULT} == base
|
||||
SUB_LIST+= ENGINES=/usr/lib/engines
|
||||
.else
|
||||
SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
|
||||
.endif
|
||||
|
||||
# XXX: Remove
|
||||
post-extract:
|
||||
echo "SRCID=${GL_COMMIT}" > ${WRKSRC}/srcid
|
||||
|
|
|
@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
|
|||
_named_confdirroot="${named_conf%/*}"
|
||||
_named_confdir="${named_chrootdir}${_named_confdirroot}"
|
||||
_named_program_root="${named_program%/sbin/named}"
|
||||
_openssl_engines="%%LOCALBASE%%/lib/engines"
|
||||
_openssl_engines="%%ENGINES%%"
|
||||
|
||||
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
|
||||
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
|
||||
|
@ -143,19 +143,16 @@ chroot_autoupdate()
|
|||
fi
|
||||
fi
|
||||
|
||||
# If OpenSSL from ports, then the engines should be present in the
|
||||
# chroot, named loads them after chrooting.
|
||||
# The OpenSSL engines should be present in the chroot, named loads them
|
||||
# after chrooting.
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
# FIXME when 8.4 is gone see if
|
||||
# security.jail.param.allow.mount.nullfs can be used.
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
if can_mount nullfs ; then
|
||||
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
|
||||
else
|
||||
warn "named chroot: cannot nullfs mount OpenSSL" \
|
||||
"engines into the chroot, will copy the shared" \
|
||||
"libraries instead."
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
|
@ -241,22 +238,41 @@ named_stop()
|
|||
|
||||
named_poststop()
|
||||
{
|
||||
if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
|
||||
if [ -n "${named_chrootdir}" ]; then
|
||||
# if using OpenSSL from ports, unmount OpenSSL engines, if they
|
||||
# were not mounted but only copied, do nothing.
|
||||
if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
if can_mount nullfs; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
umount ${named_chrootdir}/dev 2>/dev/null || true
|
||||
else
|
||||
warn "named chroot:" \
|
||||
"cannot unmount devfs from inside jail!"
|
||||
if [ -c ${named_chrootdir}/dev/null ]; then
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
umount ${named_chrootdir}/dev 2>/dev/null || true
|
||||
else
|
||||
warn "named chroot:" \
|
||||
"cannot unmount devfs from inside jail!"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
can_mount()
|
||||
{
|
||||
local kld
|
||||
kld=$1
|
||||
if ! load_kld $kld; then
|
||||
return 1
|
||||
fi
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
create_file()
|
||||
{
|
||||
if [ -e "$1" ]; then
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
PORTNAME= bind
|
||||
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 0
|
||||
CATEGORIES= dns net ipv6
|
||||
MASTER_SITES= ISC/bind9/${ISCVERSION}
|
||||
PKGNAMESUFFIX= 911
|
||||
|
@ -20,7 +20,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
|
|||
USES= cpe libedit
|
||||
|
||||
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
|
||||
ISCVERSION= 9.11.5
|
||||
ISCVERSION= 9.11.5-P1
|
||||
|
||||
CPE_VENDOR= isc
|
||||
CPE_VERSION= ${ISCVERSION:C/-.*//}
|
||||
|
@ -30,7 +30,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
|
|||
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
|
||||
--disable-symtable \
|
||||
--with-randomdev=/dev/random \
|
||||
--with-libxml2=${LOCALBASE} \
|
||||
--with-readline="-L${LOCALBASE}/lib -ledit" \
|
||||
|
@ -192,6 +191,12 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
|
|||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if defined(WITH_DEBUG)
|
||||
CONFIGURE_ARGS+= --enable-symtable
|
||||
.else
|
||||
CONFIGURE_ARGS+= --disable-symtable
|
||||
.endif
|
||||
|
||||
.if ${SSL_DEFAULT} == base
|
||||
SUB_LIST+= ENGINES=/usr/lib/engines
|
||||
.else
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
TIMESTAMP = 1540325506
|
||||
SHA256 (bind-9.11.5.tar.gz) = a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322
|
||||
SIZE (bind-9.11.5.tar.gz) = 8810710
|
||||
TIMESTAMP = 1544687911
|
||||
SHA256 (bind-9.11.5-P1.tar.gz) = 6cd6dbf016569f12d4a0ed629e44e895d9ed41c6908274ed2e617666c5491928
|
||||
SIZE (bind-9.11.5-P1.tar.gz) = 8814650
|
||||
|
|
|
@ -146,16 +146,13 @@ chroot_autoupdate()
|
|||
# The OpenSSL engines should be present in the chroot, named loads them
|
||||
# after chrooting.
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
if can_mount nullfs ; then
|
||||
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
|
||||
else
|
||||
warn "named chroot: cannot nullfs mount OpenSSL" \
|
||||
"engines into the chroot, will copy the shared" \
|
||||
"libraries instead."
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
|
@ -241,22 +238,41 @@ named_stop()
|
|||
|
||||
named_poststop()
|
||||
{
|
||||
if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
|
||||
if [ -n "${named_chrootdir}" ]; then
|
||||
# if using OpenSSL from ports, unmount OpenSSL engines, if they
|
||||
# were not mounted but only copied, do nothing.
|
||||
if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
if can_mount nullfs; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
umount ${named_chrootdir}/dev 2>/dev/null || true
|
||||
else
|
||||
warn "named chroot:" \
|
||||
"cannot unmount devfs from inside jail!"
|
||||
if [ -c ${named_chrootdir}/dev/null ]; then
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
umount ${named_chrootdir}/dev 2>/dev/null || true
|
||||
else
|
||||
warn "named chroot:" \
|
||||
"cannot unmount devfs from inside jail!"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
can_mount()
|
||||
{
|
||||
local kld
|
||||
kld=$1
|
||||
if ! load_kld $kld; then
|
||||
return 1
|
||||
fi
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
create_file()
|
||||
{
|
||||
if [ -e "$1" ]; then
|
||||
|
|
|
@ -5,10 +5,9 @@ PORTNAME= bind
|
|||
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
|
||||
.if defined(BIND_TOOLS_SLAVE)
|
||||
# dns/bind-tools here
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 0
|
||||
.else
|
||||
# dns/bind912 here
|
||||
PORTREVISION= 2
|
||||
PORTREVISION= 0
|
||||
.endif
|
||||
CATEGORIES= dns net ipv6
|
||||
MASTER_SITES= ISC/bind9/${ISCVERSION}
|
||||
|
@ -33,7 +32,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
|
|||
|
||||
USES= compiler:c11 cpe libedit
|
||||
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
|
||||
ISCVERSION= 9.12.3
|
||||
ISCVERSION= 9.12.3-P1
|
||||
|
||||
CPE_VENDOR= isc
|
||||
CPE_VERSION= ${ISCVERSION:C/-.*//}
|
||||
|
@ -43,7 +42,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
|
|||
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
|
||||
--disable-symtable \
|
||||
--with-randomdev=/dev/random \
|
||||
--with-libxml2=${LOCALBASE} \
|
||||
--with-readline="-L${LOCALBASE}/lib -ledit" \
|
||||
|
@ -211,6 +209,12 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
|
|||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if defined(WITH_DEBUG)
|
||||
CONFIGURE_ARGS+= --enable-symtable
|
||||
.else
|
||||
CONFIGURE_ARGS+= --disable-symtable
|
||||
.endif
|
||||
|
||||
.if ${SSL_DEFAULT} == base
|
||||
SUB_LIST+= ENGINES=/usr/lib/engines
|
||||
.else
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
TIMESTAMP = 1540325569
|
||||
SHA256 (bind-9.12.3.tar.gz) = 0e80762631258e1c193552efa7c56c05ec5e8c2f98e4b2a3b91a61fd8d96b938
|
||||
SIZE (bind-9.12.3.tar.gz) = 8616664
|
||||
TIMESTAMP = 1544687855
|
||||
SHA256 (bind-9.12.3-P1.tar.gz) = 6cb79389d787368af27f01c65a9fa09be1fd062eda37c94819a1a0178d5ded73
|
||||
SIZE (bind-9.12.3-P1.tar.gz) = 8625693
|
||||
|
|
|
@ -146,16 +146,13 @@ chroot_autoupdate()
|
|||
# The OpenSSL engines should be present in the chroot, named loads them
|
||||
# after chrooting.
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
if can_mount nullfs ; then
|
||||
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
|
||||
else
|
||||
warn "named chroot: cannot nullfs mount OpenSSL" \
|
||||
"engines into the chroot, will copy the shared" \
|
||||
"libraries instead."
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
|
@ -241,22 +238,41 @@ named_stop()
|
|||
|
||||
named_poststop()
|
||||
{
|
||||
if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
|
||||
if [ -n "${named_chrootdir}" ]; then
|
||||
# if using OpenSSL from ports, unmount OpenSSL engines, if they
|
||||
# were not mounted but only copied, do nothing.
|
||||
if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
if can_mount nullfs; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
umount ${named_chrootdir}/dev 2>/dev/null || true
|
||||
else
|
||||
warn "named chroot:" \
|
||||
"cannot unmount devfs from inside jail!"
|
||||
if [ -c ${named_chrootdir}/dev/null ]; then
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
umount ${named_chrootdir}/dev 2>/dev/null || true
|
||||
else
|
||||
warn "named chroot:" \
|
||||
"cannot unmount devfs from inside jail!"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
can_mount()
|
||||
{
|
||||
local kld
|
||||
kld=$1
|
||||
if ! load_kld $kld; then
|
||||
return 1
|
||||
fi
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
create_file()
|
||||
{
|
||||
if [ -e "$1" ]; then
|
||||
|
|
|
@ -5,10 +5,10 @@ PORTNAME= bind
|
|||
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
|
||||
.if defined(BIND_TOOLS_SLAVE)
|
||||
# dns/bind-tools here
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 0
|
||||
.else
|
||||
# dns/bind913 here
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 0
|
||||
.endif
|
||||
CATEGORIES= dns net ipv6
|
||||
MASTER_SITES= ISC/bind9/${ISCVERSION}
|
||||
|
@ -33,7 +33,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
|
|||
|
||||
USES= compiler:c11 cpe libedit ssl
|
||||
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
|
||||
ISCVERSION= 9.13.4
|
||||
ISCVERSION= 9.13.5
|
||||
|
||||
CPE_VENDOR= isc
|
||||
CPE_VERSION= ${ISCVERSION:C/-.*//}
|
||||
|
@ -43,7 +43,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
|
|||
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
|
||||
--disable-symtable \
|
||||
--with-libxml2=${LOCALBASE} \
|
||||
--with-readline="-L${LOCALBASE}/lib -ledit" \
|
||||
--with-dlopen=yes \
|
||||
|
@ -199,6 +198,18 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
|
|||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if defined(WITH_DEBUG)
|
||||
CONFIGURE_ARGS+= --enable-symtable
|
||||
.else
|
||||
CONFIGURE_ARGS+= --disable-symtable
|
||||
.endif
|
||||
|
||||
.if ${SSL_DEFAULT} == base
|
||||
SUB_LIST+= ENGINES=/usr/lib/engines
|
||||
.else
|
||||
SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
|
||||
.endif
|
||||
|
||||
post-patch:
|
||||
.if defined(BIND_TOOLS_SLAVE)
|
||||
@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
TIMESTAMP = 1542875991
|
||||
SHA256 (bind-9.13.4.tar.gz) = ea02107ae0b22a5b3df76d4c45bd44414f1d17731fffc07813d8e5b4ce05f95b
|
||||
SIZE (bind-9.13.4.tar.gz) = 6274124
|
||||
TIMESTAMP = 1544687807
|
||||
SHA256 (bind-9.13.5.tar.gz) = bbde0b81c66a7c7f5b074c8f0e714ed8aa235e4b930e28953cab0ae3cae94e4b
|
||||
SIZE (bind-9.13.5.tar.gz) = 6309308
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
--- bin/named/config.c.orig 2018-11-19 17:02:41 UTC
|
||||
--- bin/named/config.c.orig 2018-12-07 18:44:21 UTC
|
||||
+++ bin/named/config.c
|
||||
@@ -182,6 +182,7 @@ options {\n\
|
||||
@@ -179,6 +179,7 @@ options {\n\
|
||||
notify-source *;\n\
|
||||
notify-source-v6 *;\n\
|
||||
nsec3-test-zone no;\n\
|
||||
|
@ -8,9 +8,9 @@
|
|||
provide-ixfr true;\n\
|
||||
qname-minimization relaxed;\n\
|
||||
query-source address *;\n\
|
||||
--- bin/named/server.c.orig 2018-11-19 17:02:41 UTC
|
||||
--- bin/named/server.c.orig 2018-12-07 18:44:21 UTC
|
||||
+++ bin/named/server.c
|
||||
@@ -4116,6 +4116,11 @@ configure_view(dns_view_t *view, dns_vie
|
||||
@@ -4154,6 +4154,11 @@ configure_view(dns_view_t *view, dns_vie
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
|
@ -22,7 +22,7 @@
|
|||
result = named_config_get(maps, "max-cache-ttl", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS);
|
||||
view->maxcachettl = cfg_obj_asuint32(obj);
|
||||
--- lib/dns/include/dns/view.h.orig 2018-11-19 17:02:41 UTC
|
||||
--- lib/dns/include/dns/view.h.orig 2018-12-07 18:44:21 UTC
|
||||
+++ lib/dns/include/dns/view.h
|
||||
@@ -153,6 +153,7 @@ struct dns_view {
|
||||
bool requestnsid;
|
||||
|
@ -32,7 +32,7 @@
|
|||
dns_ttl_t maxncachettl;
|
||||
dns_ttl_t mincachettl;
|
||||
dns_ttl_t minncachettl;
|
||||
--- lib/dns/resolver.c.orig 2018-11-19 17:02:41 UTC
|
||||
--- lib/dns/resolver.c.orig 2018-12-07 18:44:21 UTC
|
||||
+++ lib/dns/resolver.c
|
||||
@@ -5967,6 +5967,12 @@ cache_name(fetchctx_t *fctx, dns_name_t
|
||||
}
|
||||
|
@ -47,9 +47,9 @@
|
|||
* Enforce the configure maximum cache TTL.
|
||||
*/
|
||||
if (rdataset->ttl > res->view->maxcachettl) {
|
||||
--- lib/isccfg/namedconf.c.orig 2018-11-19 17:02:41 UTC
|
||||
--- lib/isccfg/namedconf.c.orig 2018-12-07 18:44:21 UTC
|
||||
+++ lib/isccfg/namedconf.c
|
||||
@@ -1921,6 +1921,7 @@ view_clauses[] = {
|
||||
@@ -1900,6 +1900,7 @@ view_clauses[] = {
|
||||
{ "max-acache-size", &cfg_type_sizenodefault,
|
||||
CFG_CLAUSEFLAG_OBSOLETE },
|
||||
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
|
||||
|
|
|
@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
|
|||
_named_confdirroot="${named_conf%/*}"
|
||||
_named_confdir="${named_chrootdir}${_named_confdirroot}"
|
||||
_named_program_root="${named_program%/sbin/named}"
|
||||
_openssl_engines="%%LOCALBASE%%/lib/engines"
|
||||
_openssl_engines="%%ENGINES%%"
|
||||
|
||||
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
|
||||
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
|
||||
|
@ -143,19 +143,16 @@ chroot_autoupdate()
|
|||
fi
|
||||
fi
|
||||
|
||||
# If OpenSSL from ports, then the engines should be present in the
|
||||
# chroot, named loads them after chrooting.
|
||||
# The OpenSSL engines should be present in the chroot, named loads them
|
||||
# after chrooting.
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
# FIXME when 8.4 is gone see if
|
||||
# security.jail.param.allow.mount.nullfs can be used.
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
if can_mount nullfs ; then
|
||||
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
|
||||
else
|
||||
warn "named chroot: cannot nullfs mount OpenSSL" \
|
||||
"engines into the chroot, will copy the shared" \
|
||||
"libraries instead."
|
||||
mkdir -p ${named_chrootdir}${_openssl_engines}
|
||||
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
|
@ -241,22 +238,41 @@ named_stop()
|
|||
|
||||
named_poststop()
|
||||
{
|
||||
if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
|
||||
if [ -n "${named_chrootdir}" ]; then
|
||||
# if using OpenSSL from ports, unmount OpenSSL engines, if they
|
||||
# were not mounted but only copied, do nothing.
|
||||
if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
if [ -d ${_openssl_engines} ]; then
|
||||
if can_mount nullfs; then
|
||||
umount ${named_chrootdir}${_openssl_engines}
|
||||
fi
|
||||
fi
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
umount ${named_chrootdir}/dev 2>/dev/null || true
|
||||
else
|
||||
warn "named chroot:" \
|
||||
"cannot unmount devfs from inside jail!"
|
||||
if [ -c ${named_chrootdir}/dev/null ]; then
|
||||
# unmount /dev
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
|
||||
umount ${named_chrootdir}/dev 2>/dev/null || true
|
||||
else
|
||||
warn "named chroot:" \
|
||||
"cannot unmount devfs from inside jail!"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
can_mount()
|
||||
{
|
||||
local kld
|
||||
kld=$1
|
||||
if ! load_kld $kld; then
|
||||
return 1
|
||||
fi
|
||||
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
|
||||
[ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
create_file()
|
||||
{
|
||||
if [ -e "$1" ]; then
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
--- configure.orig 2018-11-22 00:20:34 UTC
|
||||
--- configure.orig 2018-12-07 18:44:21 UTC
|
||||
+++ configure
|
||||
@@ -16386,27 +16386,9 @@ done
|
||||
@@ -16296,27 +16296,9 @@ done
|
||||
# problems start to show up.
|
||||
saved_libs="$LIBS"
|
||||
for TRY_LIBS in \
|
||||
|
@ -30,7 +30,7 @@
|
|||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
|
||||
$as_echo_n "checking linking as $TRY_LIBS... " >&6; }
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
@@ -16449,47 +16431,7 @@ $as_echo "no" >&6; } ;;
|
||||
@@ -16359,47 +16341,7 @@ $as_echo "no" >&6; } ;;
|
||||
no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
|
||||
esac
|
||||
|
||||
|
@ -79,7 +79,7 @@
|
|||
DNS_GSSAPI_LIBS="$LIBS"
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
|
||||
@@ -21015,7 +20957,7 @@ $as_echo "" >&6; }
|
||||
@@ -20933,7 +20875,7 @@ $as_echo "" >&6; }
|
||||
# Check other locations for includes.
|
||||
# Order is important (sigh).
|
||||
|
||||
|
|
|
@ -250,6 +250,7 @@ include/isccfg/log.h
|
|||
include/isccfg/namedconf.h
|
||||
include/isccfg/version.h
|
||||
include/ns/client.h
|
||||
include/ns/hooks.h
|
||||
include/ns/interfacemgr.h
|
||||
include/ns/lib.h
|
||||
include/ns/listenlist.h
|
||||
|
@ -273,6 +274,7 @@ include/pkcs11/eddsa.h
|
|||
include/pkcs11/pkcs11.h
|
||||
include/pkcs11/pkcs11f.h
|
||||
include/pkcs11/pkcs11t.h
|
||||
lib/filter-aaaa.so
|
||||
lib/libbind9.a
|
||||
lib/libdns.a
|
||||
lib/libirs.a
|
||||
|
@ -306,6 +308,7 @@ man/man8/dnssec-revoke.8.gz
|
|||
man/man8/dnssec-settime.8.gz
|
||||
man/man8/dnssec-signzone.8.gz
|
||||
man/man8/dnssec-verify.8.gz
|
||||
man/man8/filter-aaaa.8.gz
|
||||
man/man8/named-checkconf.8.gz
|
||||
man/man8/named-checkzone.8.gz
|
||||
man/man8/named-compilezone.8.gz
|
||||
|
|
Loading…
Add table
Reference in a new issue