Bind9 security upgrade

Sat Feb 6 16:34:53 UTC 2021

On Fri, Feb 05, 2021 at 11:44:27PM -0800, Dan Mahoney (Gushi) wrote:
> On Sat, 6 Feb 2021, Greg Rivers via freebsd-ports wrote:
> 
> > On Saturday, 6 February 2021 00:56:58 CST bob prohaska wrote:
> > > On Fri, Feb 05, 2021 at 10:00:36PM -0600, Greg Rivers via freebsd-ports wrote:
> > > > > 
> > > > I think that means >= 9.16.3. But 9.16.3 is pretty old by now, and many other bugs have since been fixed. You definitely want to track the current stable release, which is 9.16.11 at present.
> > > > 
> > > 
> > > Unfortunately make for bind9.16.11 stops with
> > > exec: /usr/local/bin/autoreconf-2.69: not found
> > > 
> > > The same error has been presented by at least one other port.
> > > There does exist a /usr/local/bin/autoreconf but it's a link
> > > to nowhere. There does exist /usr/ports/devel/autoconf, but
> > > that stops make with
> > > configure: error: Perl 5.006 or better is required
> > > 
> > > 
> > > If somebody knows a fix or workaround please post!
> > > 
> > It builds successfully in poudriere, which starts with a clean environment and builds/installs compile time dependencies as required. I'd suggest giving poudriere a try, or install from the latest FreeBSD pkg repo if the default options suit you. That works well for me anyway.
> 
I'm trying to get by using a simple "make -DBATCH" in the ports tree.
This is on a Raspberry Pi 2 and it worked perfectly and quickly last
spring when I first set the machine up. My latest experiements are on
a Pi 3, where I'm running into trouble. The machines are headless servers
with serial consoles.

> Yeah, some part of this suggests you haven't cleanly updated your full ports
> tree.

Not sure what's meant by "cleanly". It hasn't been replaced lately.

Right now it's at 
root at pelorus:/usr/ports/devel/autoconf # svnlite info /usr/ports
Path: /usr/ports
Working Copy Root Path: /usr/ports
URL: svn://svn.freebsd.org/ports/head
Relative URL: ^/head
Repository Root: svn://svn.freebsd.org/ports
Repository UUID: 35697150-7ecd-e111-bb59-0022644237b5
Revision: 564181
Node Kind: directory
Schedule: normal
Last Changed Author: fluffy
Last Changed Rev: 564180
Last Changed Date: 2021-02-05 18:13:47 -0800 (Fri, 05 Feb 2021)

> 
> How did you originally install bind916?
>

Simple make -DBATCH, nothing fancy. Worked fine last spring. 

> Is your OS current enough to handle a current ports tree?  (uname -a
> please?)
>
FreeBSD pelorus.zefox.org 13.0-ALPHA3 FreeBSD 13.0-ALPHA3 #2 stable/13-c256281-gc415d0df47f: Fri Feb  5 08:09:12 PST 2021     bob at pelorus.zefox.org:/usr/obj/usr/freebsd-src/arm64.aarch64/sys/GENERIC-MMCCAM  arm64

> If so, "pkg install bind916"
> 

Not following you here; did you mean "if not so"?

> or
> 
> portsnap fetch update; cd /usr/ports/dns/bind916; make
> 

I'm not familiar with portsnap, if it handles dependencies
better it might be worth a try. After getting frustrated with
make I tried portmaster and found it different than make but
not really better. AFAIK the key is the individual makefiles,
if they don't correctly track dependencies a "wrapper" script
can't help. On a Pi2 or Pi3 overhead is a real concern. 

Until very recently text-based software compiled from ports
relatively easily. I was surprised and a little horrified to
see cairo getting involved for things with no graphics at all.

Thanks for reading!

bob prohaska