sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 01:39:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update to 9.11.5-P1, 9.12.3-P1, 9.13.5.

Browse source 
While there:
- Don't disable symbol table generation when building WITH_DEBUG.
- Try and make sure nullfs can really be used in a more robustt and
  centralized way.
- Make sure all changes are sync'ed among all BIND9 ports.
This commit is contained in:
Mathieu Arnold 2018-12-13 09:06:50 +00:00
parent 380c4cc133
commit 794e28f05a
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=487359
14 changed files with 195 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
dns/bind9-devel/Makefile
View file

@ -9,7 +9,7 @@ PORTREVISION= 1
.else .else
# XXX: correct version # XXX: correct version
# dns/bind9xx here # dns/bind9xx here
PORTREVISION= 1 PORTREVISION= 2
.endif .endif
CATEGORIES= dns net ipv6 CATEGORIES= dns net ipv6
# XXX: put the ISC master_site # XXX: put the ISC master_site
@ -54,7 +54,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
--disable-symtable \
--with-libxml2=${LOCALBASE} \ --with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \ --with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \ --with-dlopen=yes \
@ -210,6 +209,18 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk> .include <bsd.port.pre.mk>
.if defined(WITH_DEBUG)
CONFIGURE_ARGS+= --enable-symtable
.else
CONFIGURE_ARGS+= --disable-symtable
.endif
.if ${SSL_DEFAULT} == base
SUB_LIST+= ENGINES=/usr/lib/engines
.else
SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
.endif
# XXX: Remove # XXX: Remove
post-extract: post-extract:
echo "SRCID=${GL_COMMIT}" > ${WRKSRC}/srcid echo "SRCID=${GL_COMMIT}" > ${WRKSRC}/srcid

34
dns/bind9-devel/files/named.in
View file

@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}" _named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}" _named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}" _named_program_root="${named_program%/sbin/named}"
_openssl_engines="%%LOCALBASE%%/lib/engines" _openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used # Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@ -143,19 +143,16 @@ chroot_autoupdate()
fi fi
fi fi
# If OpenSSL from ports, then the engines should be present in the # The OpenSSL engines should be present in the chroot, named loads them
# chroot, named loads them after chrooting. # after chrooting.
if [ -d ${_openssl_engines} ]; then if [ -d ${_openssl_engines} ]; then
# FIXME when 8.4 is gone see if
# security.jail.param.allow.mount.nullfs can be used.
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
mkdir -p ${named_chrootdir}${_openssl_engines} mkdir -p ${named_chrootdir}${_openssl_engines}
if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else else
warn "named chroot: cannot nullfs mount OpenSSL" \ warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \ "engines into the chroot, will copy the shared" \
"libraries instead." "libraries instead."
mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi fi
fi fi
@ -241,12 +238,15 @@ named_stop()
named_poststop() named_poststop()
{ {
if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they # if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing. # were not mounted but only copied, do nothing.
if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then if [ -d ${_openssl_engines} ]; then
if can_mount nullfs; then
umount ${named_chrootdir}${_openssl_engines} umount ${named_chrootdir}${_openssl_engines}
fi fi
fi
if [ -c ${named_chrootdir}/dev/null ]; then
# unmount /dev # unmount /dev
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
umount ${named_chrootdir}/dev 2>/dev/null || true umount ${named_chrootdir}/dev 2>/dev/null || true
@ -255,6 +255,22 @@ named_poststop()
"cannot unmount devfs from inside jail!" "cannot unmount devfs from inside jail!"
fi fi
fi fi
fi
}
can_mount()
{
local kld
kld=$1
if ! load_kld $kld; then
return 1
fi
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
[ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
return 0
fi
return 1
} }
create_file() create_file()

11
dns/bind911/Makefile
View file

@ -3,7 +3,7 @@
PORTNAME= bind PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
PORTREVISION= 1 PORTREVISION= 0
CATEGORIES= dns net ipv6 CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION} MASTER_SITES= ISC/bind9/${ISCVERSION}
PKGNAMESUFFIX= 911 PKGNAMESUFFIX= 911
@ -20,7 +20,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= cpe libedit USES= cpe libedit
# ISC releases things like 9.8.0-P1, which our versioning doesn't like # ISC releases things like 9.8.0-P1, which our versioning doesn't like
ISCVERSION= 9.11.5 ISCVERSION= 9.11.5-P1
CPE_VENDOR= isc CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//} CPE_VERSION= ${ISCVERSION:C/-.*//}
@ -30,7 +30,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
--disable-symtable \
--with-randomdev=/dev/random \ --with-randomdev=/dev/random \
--with-libxml2=${LOCALBASE} \ --with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \ --with-readline="-L${LOCALBASE}/lib -ledit" \
@ -192,6 +191,12 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk> .include <bsd.port.pre.mk>
.if defined(WITH_DEBUG)
CONFIGURE_ARGS+= --enable-symtable
.else
CONFIGURE_ARGS+= --disable-symtable
.endif
.if ${SSL_DEFAULT} == base .if ${SSL_DEFAULT} == base
SUB_LIST+= ENGINES=/usr/lib/engines SUB_LIST+= ENGINES=/usr/lib/engines
.else .else

6
dns/bind911/distinfo
View file

@ -1,3 +1,3 @@
TIMESTAMP = 1540325506 TIMESTAMP = 1544687911
SHA256 (bind-9.11.5.tar.gz) = a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 SHA256 (bind-9.11.5-P1.tar.gz) = 6cd6dbf016569f12d4a0ed629e44e895d9ed41c6908274ed2e617666c5491928
SIZE (bind-9.11.5.tar.gz) = 8810710 SIZE (bind-9.11.5-P1.tar.gz) = 8814650

28
dns/bind911/files/named.in
View file

@ -146,16 +146,13 @@ chroot_autoupdate()
# The OpenSSL engines should be present in the chroot, named loads them # The OpenSSL engines should be present in the chroot, named loads them
# after chrooting. # after chrooting.
if [ -d ${_openssl_engines} ]; then if [ -d ${_openssl_engines} ]; then
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
[ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
mkdir -p ${named_chrootdir}${_openssl_engines} mkdir -p ${named_chrootdir}${_openssl_engines}
if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else else
warn "named chroot: cannot nullfs mount OpenSSL" \ warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \ "engines into the chroot, will copy the shared" \
"libraries instead." "libraries instead."
mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi fi
fi fi
@ -241,12 +238,15 @@ named_stop()
named_poststop() named_poststop()
{ {
if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they # if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing. # were not mounted but only copied, do nothing.
if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then if [ -d ${_openssl_engines} ]; then
if can_mount nullfs; then
umount ${named_chrootdir}${_openssl_engines} umount ${named_chrootdir}${_openssl_engines}
fi fi
fi
if [ -c ${named_chrootdir}/dev/null ]; then
# unmount /dev # unmount /dev
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
umount ${named_chrootdir}/dev 2>/dev/null || true umount ${named_chrootdir}/dev 2>/dev/null || true
@ -255,6 +255,22 @@ named_poststop()
"cannot unmount devfs from inside jail!" "cannot unmount devfs from inside jail!"
fi fi
fi fi
fi
}
can_mount()
{
local kld
kld=$1
if ! load_kld $kld; then
return 1
fi
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
[ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
return 0
fi
return 1
} }
create_file() create_file()

14
dns/bind912/Makefile
View file

@ -5,10 +5,9 @@ PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
.if defined(BIND_TOOLS_SLAVE) .if defined(BIND_TOOLS_SLAVE)
# dns/bind-tools here # dns/bind-tools here
PORTREVISION= 1 PORTREVISION= 0
.else .else
# dns/bind912 here PORTREVISION= 0
PORTREVISION= 2
.endif .endif
CATEGORIES= dns net ipv6 CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION} MASTER_SITES= ISC/bind9/${ISCVERSION}
@ -33,7 +32,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= compiler:c11 cpe libedit USES= compiler:c11 cpe libedit
# ISC releases things like 9.8.0-P1, which our versioning doesn't like # ISC releases things like 9.8.0-P1, which our versioning doesn't like
ISCVERSION= 9.12.3 ISCVERSION= 9.12.3-P1
CPE_VENDOR= isc CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//} CPE_VERSION= ${ISCVERSION:C/-.*//}
@ -43,7 +42,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
--disable-symtable \
--with-randomdev=/dev/random \ --with-randomdev=/dev/random \
--with-libxml2=${LOCALBASE} \ --with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \ --with-readline="-L${LOCALBASE}/lib -ledit" \
@ -211,6 +209,12 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk> .include <bsd.port.pre.mk>
.if defined(WITH_DEBUG)
CONFIGURE_ARGS+= --enable-symtable
.else
CONFIGURE_ARGS+= --disable-symtable
.endif
.if ${SSL_DEFAULT} == base .if ${SSL_DEFAULT} == base
SUB_LIST+= ENGINES=/usr/lib/engines SUB_LIST+= ENGINES=/usr/lib/engines
.else .else

6
dns/bind912/distinfo
View file

@ -1,3 +1,3 @@
TIMESTAMP = 1540325569 TIMESTAMP = 1544687855
SHA256 (bind-9.12.3.tar.gz) = 0e80762631258e1c193552efa7c56c05ec5e8c2f98e4b2a3b91a61fd8d96b938 SHA256 (bind-9.12.3-P1.tar.gz) = 6cb79389d787368af27f01c65a9fa09be1fd062eda37c94819a1a0178d5ded73
SIZE (bind-9.12.3.tar.gz) = 8616664 SIZE (bind-9.12.3-P1.tar.gz) = 8625693

28
dns/bind912/files/named.in
View file

@ -146,16 +146,13 @@ chroot_autoupdate()
# The OpenSSL engines should be present in the chroot, named loads them # The OpenSSL engines should be present in the chroot, named loads them
# after chrooting. # after chrooting.
if [ -d ${_openssl_engines} ]; then if [ -d ${_openssl_engines} ]; then
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
[ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
mkdir -p ${named_chrootdir}${_openssl_engines} mkdir -p ${named_chrootdir}${_openssl_engines}
if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else else
warn "named chroot: cannot nullfs mount OpenSSL" \ warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \ "engines into the chroot, will copy the shared" \
"libraries instead." "libraries instead."
mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi fi
fi fi
@ -241,12 +238,15 @@ named_stop()
named_poststop() named_poststop()
{ {
if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they # if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing. # were not mounted but only copied, do nothing.
if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then if [ -d ${_openssl_engines} ]; then
if can_mount nullfs; then
umount ${named_chrootdir}${_openssl_engines} umount ${named_chrootdir}${_openssl_engines}
fi fi
fi
if [ -c ${named_chrootdir}/dev/null ]; then
# unmount /dev # unmount /dev
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
umount ${named_chrootdir}/dev 2>/dev/null || true umount ${named_chrootdir}/dev 2>/dev/null || true
@ -255,6 +255,22 @@ named_poststop()
"cannot unmount devfs from inside jail!" "cannot unmount devfs from inside jail!"
fi fi
fi fi
fi
}
can_mount()
{
local kld
kld=$1
if ! load_kld $kld; then
return 1
fi
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
[ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
return 0
fi
return 1
} }
create_file() create_file()

19
dns/bind913/Makefile
View file

@ -5,10 +5,10 @@ PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
.if defined(BIND_TOOLS_SLAVE) .if defined(BIND_TOOLS_SLAVE)
# dns/bind-tools here # dns/bind-tools here
PORTREVISION= 1 PORTREVISION= 0
.else .else
# dns/bind913 here # dns/bind913 here
PORTREVISION= 1 PORTREVISION= 0
.endif .endif
CATEGORIES= dns net ipv6 CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION} MASTER_SITES= ISC/bind9/${ISCVERSION}
@ -33,7 +33,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= compiler:c11 cpe libedit ssl USES= compiler:c11 cpe libedit ssl
# ISC releases things like 9.8.0-P1, which our versioning doesn't like # ISC releases things like 9.8.0-P1, which our versioning doesn't like
ISCVERSION= 9.13.4 ISCVERSION= 9.13.5
CPE_VENDOR= isc CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//} CPE_VERSION= ${ISCVERSION:C/-.*//}
@ -43,7 +43,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
--disable-symtable \
--with-libxml2=${LOCALBASE} \ --with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \ --with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \ --with-dlopen=yes \
@ -199,6 +198,18 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk> .include <bsd.port.pre.mk>
.if defined(WITH_DEBUG)
CONFIGURE_ARGS+= --enable-symtable
.else
CONFIGURE_ARGS+= --disable-symtable
.endif
.if ${SSL_DEFAULT} == base
SUB_LIST+= ENGINES=/usr/lib/engines
.else
SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
.endif
post-patch: post-patch:
.if defined(BIND_TOOLS_SLAVE) .if defined(BIND_TOOLS_SLAVE)
@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \ @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \

6
dns/bind913/distinfo
View file

@ -1,3 +1,3 @@
TIMESTAMP = 1542875991 TIMESTAMP = 1544687807
SHA256 (bind-9.13.4.tar.gz) = ea02107ae0b22a5b3df76d4c45bd44414f1d17731fffc07813d8e5b4ce05f95b SHA256 (bind-9.13.5.tar.gz) = bbde0b81c66a7c7f5b074c8f0e714ed8aa235e4b930e28953cab0ae3cae94e4b
SIZE (bind-9.13.4.tar.gz) = 6274124 SIZE (bind-9.13.5.tar.gz) = 6309308

16
dns/bind913/files/extrapatch-bind-min-override-ttl
View file

@ -1,6 +1,6 @@
--- bin/named/config.c.orig 2018-11-19 17:02:41 UTC --- bin/named/config.c.orig 2018-12-07 18:44:21 UTC
+++ bin/named/config.c +++ bin/named/config.c
@@ -182,6 +182,7 @@ options {\n\ @@ -179,6 +179,7 @@ options {\n\
notify-source *;\n\ notify-source *;\n\
notify-source-v6 *;\n\ notify-source-v6 *;\n\
nsec3-test-zone no;\n\ nsec3-test-zone no;\n\
@ -8,9 +8,9 @@
provide-ixfr true;\n\ provide-ixfr true;\n\
qname-minimization relaxed;\n\ qname-minimization relaxed;\n\
query-source address *;\n\ query-source address *;\n\
--- bin/named/server.c.orig 2018-11-19 17:02:41 UTC --- bin/named/server.c.orig 2018-12-07 18:44:21 UTC
+++ bin/named/server.c +++ bin/named/server.c
@@ -4116,6 +4116,11 @@ configure_view(dns_view_t *view, dns_vie @@ -4154,6 +4154,11 @@ configure_view(dns_view_t *view, dns_vie
} }
obj = NULL; obj = NULL;
@ -22,7 +22,7 @@
result = named_config_get(maps, "max-cache-ttl", &obj); result = named_config_get(maps, "max-cache-ttl", &obj);
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
view->maxcachettl = cfg_obj_asuint32(obj); view->maxcachettl = cfg_obj_asuint32(obj);
--- lib/dns/include/dns/view.h.orig 2018-11-19 17:02:41 UTC --- lib/dns/include/dns/view.h.orig 2018-12-07 18:44:21 UTC
+++ lib/dns/include/dns/view.h +++ lib/dns/include/dns/view.h
@@ -153,6 +153,7 @@ struct dns_view { @@ -153,6 +153,7 @@ struct dns_view {
bool requestnsid; bool requestnsid;
@ -32,7 +32,7 @@
dns_ttl_t maxncachettl; dns_ttl_t maxncachettl;
dns_ttl_t mincachettl; dns_ttl_t mincachettl;
dns_ttl_t minncachettl; dns_ttl_t minncachettl;
--- lib/dns/resolver.c.orig 2018-11-19 17:02:41 UTC --- lib/dns/resolver.c.orig 2018-12-07 18:44:21 UTC
+++ lib/dns/resolver.c +++ lib/dns/resolver.c
@@ -5967,6 +5967,12 @@ cache_name(fetchctx_t *fctx, dns_name_t @@ -5967,6 +5967,12 @@ cache_name(fetchctx_t *fctx, dns_name_t
} }
@ -47,9 +47,9 @@
* Enforce the configure maximum cache TTL. * Enforce the configure maximum cache TTL.
*/ */
if (rdataset->ttl > res->view->maxcachettl) { if (rdataset->ttl > res->view->maxcachettl) {
--- lib/isccfg/namedconf.c.orig 2018-11-19 17:02:41 UTC --- lib/isccfg/namedconf.c.orig 2018-12-07 18:44:21 UTC
+++ lib/isccfg/namedconf.c +++ lib/isccfg/namedconf.c
@@ -1921,6 +1921,7 @@ view_clauses[] = { @@ -1900,6 +1900,7 @@ view_clauses[] = {
{ "max-acache-size", &cfg_type_sizenodefault, { "max-acache-size", &cfg_type_sizenodefault,
CFG_CLAUSEFLAG_OBSOLETE }, CFG_CLAUSEFLAG_OBSOLETE },
{ "max-cache-size", &cfg_type_sizeorpercent, 0 }, { "max-cache-size", &cfg_type_sizeorpercent, 0 },

34
dns/bind913/files/named.in
View file

@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}" _named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}" _named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}" _named_program_root="${named_program%/sbin/named}"
_openssl_engines="%%LOCALBASE%%/lib/engines" _openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used # Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@ -143,19 +143,16 @@ chroot_autoupdate()
fi fi
fi fi
# If OpenSSL from ports, then the engines should be present in the # The OpenSSL engines should be present in the chroot, named loads them
# chroot, named loads them after chrooting. # after chrooting.
if [ -d ${_openssl_engines} ]; then if [ -d ${_openssl_engines} ]; then
# FIXME when 8.4 is gone see if
# security.jail.param.allow.mount.nullfs can be used.
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
mkdir -p ${named_chrootdir}${_openssl_engines} mkdir -p ${named_chrootdir}${_openssl_engines}
if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else else
warn "named chroot: cannot nullfs mount OpenSSL" \ warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \ "engines into the chroot, will copy the shared" \
"libraries instead." "libraries instead."
mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi fi
fi fi
@ -241,12 +238,15 @@ named_stop()
named_poststop() named_poststop()
{ {
if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they # if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing. # were not mounted but only copied, do nothing.
if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then if [ -d ${_openssl_engines} ]; then
if can_mount nullfs; then
umount ${named_chrootdir}${_openssl_engines} umount ${named_chrootdir}${_openssl_engines}
fi fi
fi
if [ -c ${named_chrootdir}/dev/null ]; then
# unmount /dev # unmount /dev
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
umount ${named_chrootdir}/dev 2>/dev/null || true umount ${named_chrootdir}/dev 2>/dev/null || true
@ -255,6 +255,22 @@ named_poststop()
"cannot unmount devfs from inside jail!" "cannot unmount devfs from inside jail!"
fi fi
fi fi
fi
}
can_mount()
{
local kld
kld=$1
if ! load_kld $kld; then
return 1
fi
if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
[ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
[ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
return 0
fi
return 1
} }
create_file() create_file()

8
dns/bind913/files/patch-configure
View file

@ -1,6 +1,6 @@
--- configure.orig 2018-11-22 00:20:34 UTC --- configure.orig 2018-12-07 18:44:21 UTC
+++ configure +++ configure
@@ -16386,27 +16386,9 @@ done @@ -16296,27 +16296,9 @@ done
# problems start to show up. # problems start to show up.
saved_libs="$LIBS" saved_libs="$LIBS"
for TRY_LIBS in \ for TRY_LIBS in \
@ -30,7 +30,7 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
$as_echo_n "checking linking as $TRY_LIBS... " >&6; } $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -16449,47 +16431,7 @@ $as_echo "no" >&6; } ;; @@ -16359,47 +16341,7 @@ $as_echo "no" >&6; } ;;
no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
esac esac
@ -79,7 +79,7 @@
DNS_GSSAPI_LIBS="$LIBS" DNS_GSSAPI_LIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
@@ -21015,7 +20957,7 @@ $as_echo "" >&6; } @@ -20933,7 +20875,7 @@ $as_echo "" >&6; }
# Check other locations for includes. # Check other locations for includes.
# Order is important (sigh). # Order is important (sigh).

3
dns/bind913/pkg-plist
View file

@ -250,6 +250,7 @@ include/isccfg/log.h
include/isccfg/namedconf.h include/isccfg/namedconf.h
include/isccfg/version.h include/isccfg/version.h
include/ns/client.h include/ns/client.h
include/ns/hooks.h
include/ns/interfacemgr.h include/ns/interfacemgr.h
include/ns/lib.h include/ns/lib.h
include/ns/listenlist.h include/ns/listenlist.h
@ -273,6 +274,7 @@ include/pkcs11/eddsa.h
include/pkcs11/pkcs11.h include/pkcs11/pkcs11.h
include/pkcs11/pkcs11f.h include/pkcs11/pkcs11f.h
include/pkcs11/pkcs11t.h include/pkcs11/pkcs11t.h
lib/filter-aaaa.so
lib/libbind9.a lib/libbind9.a
lib/libdns.a lib/libdns.a
lib/libirs.a lib/libirs.a
@ -306,6 +308,7 @@ man/man8/dnssec-revoke.8.gz
man/man8/dnssec-settime.8.gz man/man8/dnssec-settime.8.gz
man/man8/dnssec-signzone.8.gz man/man8/dnssec-signzone.8.gz
man/man8/dnssec-verify.8.gz man/man8/dnssec-verify.8.gz
man/man8/filter-aaaa.8.gz
man/man8/named-checkconf.8.gz man/man8/named-checkconf.8.gz
man/man8/named-checkzone.8.gz man/man8/named-checkzone.8.gz
man/man8/named-compilezone.8.gz man/man8/named-compilezone.8.gz