svn commit: r487359 - in head/dns: bind9-devel bind9-devel/files bind911 bind911/files bind912 bind912/files bind913 bind913/files
Mathieu Arnold
mat at FreeBSD.org
Thu Dec 13 09:06:54 UTC 2018
Author: mat
Date: Thu Dec 13 09:06:50 2018
New Revision: 487359
URL: https://svnweb.freebsd.org/changeset/ports/487359
Log:
Update to 9.11.5-P1, 9.12.3-P1, 9.13.5.
While there:
- Don't disable symbol table generation when building WITH_DEBUG.
- Try and make sure nullfs can really be used in a more robustt and
centralized way.
- Make sure all changes are sync'ed among all BIND9 ports.
Modified:
head/dns/bind9-devel/Makefile (contents, props changed)
head/dns/bind9-devel/files/named.in
head/dns/bind911/Makefile (contents, props changed)
head/dns/bind911/distinfo (contents, props changed)
head/dns/bind911/files/named.in
head/dns/bind912/Makefile (contents, props changed)
head/dns/bind912/distinfo (contents, props changed)
head/dns/bind912/files/named.in
head/dns/bind913/Makefile (contents, props changed)
head/dns/bind913/distinfo (contents, props changed)
head/dns/bind913/files/extrapatch-bind-min-override-ttl (contents, props changed)
head/dns/bind913/files/named.in
head/dns/bind913/files/patch-configure (contents, props changed)
head/dns/bind913/pkg-plist (contents, props changed)
Modified: head/dns/bind9-devel/Makefile
==============================================================================
--- head/dns/bind9-devel/Makefile Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind9-devel/Makefile Thu Dec 13 09:06:50 2018 (r487359)
@@ -9,7 +9,7 @@ PORTREVISION= 1
.else
# XXX: correct version
# dns/bind9xx here
-PORTREVISION= 1
+PORTREVISION= 2
.endif
CATEGORIES= dns net ipv6
# XXX: put the ISC master_site
@@ -54,7 +54,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \
@@ -209,6 +208,18 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large
TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
+
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
+.endif
# XXX: Remove
post-extract:
Modified: head/dns/bind9-devel/files/named.in
==============================================================================
--- head/dns/bind9-devel/files/named.in Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind9-devel/files/named.in Thu Dec 13 09:06:50 2018 (r487359)
@@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
-_openssl_engines="%%LOCALBASE%%/lib/engines"
+_openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@@ -143,19 +143,16 @@ chroot_autoupdate()
fi
fi
- # If OpenSSL from ports, then the engines should be present in the
- # chroot, named loads them after chrooting.
+ # The OpenSSL engines should be present in the chroot, named loads them
+ # after chrooting.
if [ -d ${_openssl_engines} ]; then
- # FIXME when 8.4 is gone see if
- # security.jail.param.allow.mount.nullfs can be used.
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,20 +238,39 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
+}
+
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
}
create_file()
Modified: head/dns/bind911/Makefile
==============================================================================
--- head/dns/bind911/Makefile Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind911/Makefile Thu Dec 13 09:06:50 2018 (r487359)
@@ -3,7 +3,7 @@
PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
-PORTREVISION= 1
+PORTREVISION= 0
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
PKGNAMESUFFIX= 911
@@ -20,7 +20,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= cpe libedit
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.11.5
+ISCVERSION= 9.11.5-P1
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -30,7 +30,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-randomdev=/dev/random \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
@@ -191,6 +190,12 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large
TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
.if ${SSL_DEFAULT} == base
SUB_LIST+= ENGINES=/usr/lib/engines
Modified: head/dns/bind911/distinfo
==============================================================================
--- head/dns/bind911/distinfo Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind911/distinfo Thu Dec 13 09:06:50 2018 (r487359)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1540325506
-SHA256 (bind-9.11.5.tar.gz) = a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322
-SIZE (bind-9.11.5.tar.gz) = 8810710
+TIMESTAMP = 1544687911
+SHA256 (bind-9.11.5-P1.tar.gz) = 6cd6dbf016569f12d4a0ed629e44e895d9ed41c6908274ed2e617666c5491928
+SIZE (bind-9.11.5-P1.tar.gz) = 8814650
Modified: head/dns/bind911/files/named.in
==============================================================================
--- head/dns/bind911/files/named.in Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind911/files/named.in Thu Dec 13 09:06:50 2018 (r487359)
@@ -146,16 +146,13 @@ chroot_autoupdate()
# The OpenSSL engines should be present in the chroot, named loads them
# after chrooting.
if [ -d ${_openssl_engines} ]; then
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
- [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
- [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,20 +238,39 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
+}
+
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
}
create_file()
Modified: head/dns/bind912/Makefile
==============================================================================
--- head/dns/bind912/Makefile Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind912/Makefile Thu Dec 13 09:06:50 2018 (r487359)
@@ -5,10 +5,9 @@ PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
.if defined(BIND_TOOLS_SLAVE)
# dns/bind-tools here
-PORTREVISION= 1
+PORTREVISION= 0
.else
-# dns/bind912 here
-PORTREVISION= 2
+PORTREVISION= 0
.endif
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
@@ -33,7 +32,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= compiler:c11 cpe libedit
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.12.3
+ISCVERSION= 9.12.3-P1
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -43,7 +42,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-randomdev=/dev/random \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
@@ -210,6 +208,12 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large
TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
.if ${SSL_DEFAULT} == base
SUB_LIST+= ENGINES=/usr/lib/engines
Modified: head/dns/bind912/distinfo
==============================================================================
--- head/dns/bind912/distinfo Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind912/distinfo Thu Dec 13 09:06:50 2018 (r487359)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1540325569
-SHA256 (bind-9.12.3.tar.gz) = 0e80762631258e1c193552efa7c56c05ec5e8c2f98e4b2a3b91a61fd8d96b938
-SIZE (bind-9.12.3.tar.gz) = 8616664
+TIMESTAMP = 1544687855
+SHA256 (bind-9.12.3-P1.tar.gz) = 6cb79389d787368af27f01c65a9fa09be1fd062eda37c94819a1a0178d5ded73
+SIZE (bind-9.12.3-P1.tar.gz) = 8625693
Modified: head/dns/bind912/files/named.in
==============================================================================
--- head/dns/bind912/files/named.in Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind912/files/named.in Thu Dec 13 09:06:50 2018 (r487359)
@@ -146,16 +146,13 @@ chroot_autoupdate()
# The OpenSSL engines should be present in the chroot, named loads them
# after chrooting.
if [ -d ${_openssl_engines} ]; then
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
- [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
- [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,20 +238,39 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
+}
+
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
}
create_file()
Modified: head/dns/bind913/Makefile
==============================================================================
--- head/dns/bind913/Makefile Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind913/Makefile Thu Dec 13 09:06:50 2018 (r487359)
@@ -5,10 +5,10 @@ PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
.if defined(BIND_TOOLS_SLAVE)
# dns/bind-tools here
-PORTREVISION= 1
+PORTREVISION= 0
.else
# dns/bind913 here
-PORTREVISION= 1
+PORTREVISION= 0
.endif
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
@@ -33,7 +33,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= compiler:c11 cpe libedit ssl
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.13.4
+ISCVERSION= 9.13.5
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -43,7 +43,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \
@@ -198,6 +197,18 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large
TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
+
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
+.endif
post-patch:
.if defined(BIND_TOOLS_SLAVE)
Modified: head/dns/bind913/distinfo
==============================================================================
--- head/dns/bind913/distinfo Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind913/distinfo Thu Dec 13 09:06:50 2018 (r487359)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1542875991
-SHA256 (bind-9.13.4.tar.gz) = ea02107ae0b22a5b3df76d4c45bd44414f1d17731fffc07813d8e5b4ce05f95b
-SIZE (bind-9.13.4.tar.gz) = 6274124
+TIMESTAMP = 1544687807
+SHA256 (bind-9.13.5.tar.gz) = bbde0b81c66a7c7f5b074c8f0e714ed8aa235e4b930e28953cab0ae3cae94e4b
+SIZE (bind-9.13.5.tar.gz) = 6309308
Modified: head/dns/bind913/files/extrapatch-bind-min-override-ttl
==============================================================================
--- head/dns/bind913/files/extrapatch-bind-min-override-ttl Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind913/files/extrapatch-bind-min-override-ttl Thu Dec 13 09:06:50 2018 (r487359)
@@ -1,6 +1,6 @@
---- bin/named/config.c.orig 2018-11-19 17:02:41 UTC
+--- bin/named/config.c.orig 2018-12-07 18:44:21 UTC
+++ bin/named/config.c
-@@ -182,6 +182,7 @@ options {\n\
+@@ -179,6 +179,7 @@ options {\n\
notify-source *;\n\
notify-source-v6 *;\n\
nsec3-test-zone no;\n\
@@ -8,9 +8,9 @@
provide-ixfr true;\n\
qname-minimization relaxed;\n\
query-source address *;\n\
---- bin/named/server.c.orig 2018-11-19 17:02:41 UTC
+--- bin/named/server.c.orig 2018-12-07 18:44:21 UTC
+++ bin/named/server.c
-@@ -4116,6 +4116,11 @@ configure_view(dns_view_t *view, dns_vie
+@@ -4154,6 +4154,11 @@ configure_view(dns_view_t *view, dns_vie
}
obj = NULL;
@@ -22,7 +22,7 @@
result = named_config_get(maps, "max-cache-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
view->maxcachettl = cfg_obj_asuint32(obj);
---- lib/dns/include/dns/view.h.orig 2018-11-19 17:02:41 UTC
+--- lib/dns/include/dns/view.h.orig 2018-12-07 18:44:21 UTC
+++ lib/dns/include/dns/view.h
@@ -153,6 +153,7 @@ struct dns_view {
bool requestnsid;
@@ -32,7 +32,7 @@
dns_ttl_t maxncachettl;
dns_ttl_t mincachettl;
dns_ttl_t minncachettl;
---- lib/dns/resolver.c.orig 2018-11-19 17:02:41 UTC
+--- lib/dns/resolver.c.orig 2018-12-07 18:44:21 UTC
+++ lib/dns/resolver.c
@@ -5967,6 +5967,12 @@ cache_name(fetchctx_t *fctx, dns_name_t
}
@@ -47,9 +47,9 @@
* Enforce the configure maximum cache TTL.
*/
if (rdataset->ttl > res->view->maxcachettl) {
---- lib/isccfg/namedconf.c.orig 2018-11-19 17:02:41 UTC
+--- lib/isccfg/namedconf.c.orig 2018-12-07 18:44:21 UTC
+++ lib/isccfg/namedconf.c
-@@ -1921,6 +1921,7 @@ view_clauses[] = {
+@@ -1900,6 +1900,7 @@ view_clauses[] = {
{ "max-acache-size", &cfg_type_sizenodefault,
CFG_CLAUSEFLAG_OBSOLETE },
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
Modified: head/dns/bind913/files/named.in
==============================================================================
--- head/dns/bind913/files/named.in Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind913/files/named.in Thu Dec 13 09:06:50 2018 (r487359)
@@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
-_openssl_engines="%%LOCALBASE%%/lib/engines"
+_openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@@ -143,19 +143,16 @@ chroot_autoupdate()
fi
fi
- # If OpenSSL from ports, then the engines should be present in the
- # chroot, named loads them after chrooting.
+ # The OpenSSL engines should be present in the chroot, named loads them
+ # after chrooting.
if [ -d ${_openssl_engines} ]; then
- # FIXME when 8.4 is gone see if
- # security.jail.param.allow.mount.nullfs can be used.
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,20 +238,39 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
+}
+
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
}
create_file()
Modified: head/dns/bind913/files/patch-configure
==============================================================================
--- head/dns/bind913/files/patch-configure Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind913/files/patch-configure Thu Dec 13 09:06:50 2018 (r487359)
@@ -1,6 +1,6 @@
---- configure.orig 2018-11-22 00:20:34 UTC
+--- configure.orig 2018-12-07 18:44:21 UTC
+++ configure
-@@ -16386,27 +16386,9 @@ done
+@@ -16296,27 +16296,9 @@ done
# problems start to show up.
saved_libs="$LIBS"
for TRY_LIBS in \
@@ -30,7 +30,7 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
$as_echo_n "checking linking as $TRY_LIBS... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -16449,47 +16431,7 @@ $as_echo "no" >&6; } ;;
+@@ -16359,47 +16341,7 @@ $as_echo "no" >&6; } ;;
no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
esac
@@ -79,7 +79,7 @@
DNS_GSSAPI_LIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -21015,7 +20957,7 @@ $as_echo "" >&6; }
+@@ -20933,7 +20875,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
Modified: head/dns/bind913/pkg-plist
==============================================================================
--- head/dns/bind913/pkg-plist Thu Dec 13 09:01:37 2018 (r487358)
+++ head/dns/bind913/pkg-plist Thu Dec 13 09:06:50 2018 (r487359)
@@ -250,6 +250,7 @@ include/isccfg/log.h
include/isccfg/namedconf.h
include/isccfg/version.h
include/ns/client.h
+include/ns/hooks.h
include/ns/interfacemgr.h
include/ns/lib.h
include/ns/listenlist.h
@@ -273,6 +274,7 @@ include/pkcs11/eddsa.h
include/pkcs11/pkcs11.h
include/pkcs11/pkcs11f.h
include/pkcs11/pkcs11t.h
+lib/filter-aaaa.so
lib/libbind9.a
lib/libdns.a
lib/libirs.a
@@ -306,6 +308,7 @@ man/man8/dnssec-revoke.8.gz
man/man8/dnssec-settime.8.gz
man/man8/dnssec-signzone.8.gz
man/man8/dnssec-verify.8.gz
+man/man8/filter-aaaa.8.gz
man/man8/named-checkconf.8.gz
man/man8/named-checkzone.8.gz
man/man8/named-compilezone.8.gz
More information about the svn-ports-all
mailing list