diff options
-rw-r--r-- | dns/bind9-devel/Makefile | 15 | ||||
-rw-r--r-- | dns/bind9-devel/files/named.in | 50 | ||||
-rw-r--r-- | dns/bind911/Makefile | 11 | ||||
-rw-r--r-- | dns/bind911/distinfo | 6 | ||||
-rw-r--r-- | dns/bind911/files/named.in | 44 | ||||
-rw-r--r-- | dns/bind912/Makefile | 14 | ||||
-rw-r--r-- | dns/bind912/distinfo | 6 | ||||
-rw-r--r-- | dns/bind912/files/named.in | 44 | ||||
-rw-r--r-- | dns/bind913/Makefile | 19 | ||||
-rw-r--r-- | dns/bind913/distinfo | 6 | ||||
-rw-r--r-- | dns/bind913/files/extrapatch-bind-min-override-ttl | 16 | ||||
-rw-r--r-- | dns/bind913/files/named.in | 50 | ||||
-rw-r--r-- | dns/bind913/files/patch-configure | 8 | ||||
-rw-r--r-- | dns/bind913/pkg-plist | 3 |
14 files changed, 195 insertions, 97 deletions
diff --git a/dns/bind9-devel/Makefile b/dns/bind9-devel/Makefile index a6cfd942d05d..4efb9f33be33 100644 --- a/dns/bind9-devel/Makefile +++ b/dns/bind9-devel/Makefile @@ -9,7 +9,7 @@ PORTREVISION= 1 .else # XXX: correct version # dns/bind9xx here -PORTREVISION= 1 +PORTREVISION= 2 .endif CATEGORIES= dns net ipv6 # XXX: put the ISC master_site @@ -54,7 +54,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ @@ -210,6 +209,18 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-symtable +.else +CONFIGURE_ARGS+= --disable-symtable +.endif + +.if ${SSL_DEFAULT} == base +SUB_LIST+= ENGINES=/usr/lib/engines +.else +SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines +.endif + # XXX: Remove post-extract: echo "SRCID=${GL_COMMIT}" > ${WRKSRC}/srcid diff --git a/dns/bind9-devel/files/named.in b/dns/bind9-devel/files/named.in index d2815f1f905b..a5a18660ac8c 100644 --- a/dns/bind9-devel/files/named.in +++ b/dns/bind9-devel/files/named.in @@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}" _named_confdirroot="${named_conf%/*}" _named_confdir="${named_chrootdir}${_named_confdirroot}" _named_program_root="${named_program%/sbin/named}" -_openssl_engines="%%LOCALBASE%%/lib/engines" +_openssl_engines="%%ENGINES%%" # Needed if named.conf and rndc.conf are moved or if rndc.conf is used rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} @@ -143,19 +143,16 @@ chroot_autoupdate() fi fi - # If OpenSSL from ports, then the engines should be present in the - # chroot, named loads them after chrooting. + # The OpenSSL engines should be present in the chroot, named loads them + # after chrooting. if [ -d ${_openssl_engines} ]; then - # FIXME when 8.4 is gone see if - # security.jail.param.allow.mount.nullfs can be used. - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} + mkdir -p ${named_chrootdir}${_openssl_engines} + if can_mount nullfs ; then mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} else warn "named chroot: cannot nullfs mount OpenSSL" \ "engines into the chroot, will copy the shared" \ "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} fi fi @@ -241,22 +238,41 @@ named_stop() named_poststop() { - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ -n "${named_chrootdir}" ]; then # if using OpenSSL from ports, unmount OpenSSL engines, if they # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} + if [ -d ${_openssl_engines} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${_openssl_engines} + fi fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi fi } +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 +} + create_file() { if [ -e "$1" ]; then diff --git a/dns/bind911/Makefile b/dns/bind911/Makefile index 063588a06c54..08d000b8eda7 100644 --- a/dns/bind911/Makefile +++ b/dns/bind911/Makefile @@ -3,7 +3,7 @@ PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} -PORTREVISION= 1 +PORTREVISION= 0 CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} PKGNAMESUFFIX= 911 @@ -20,7 +20,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= cpe libedit # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.5 +ISCVERSION= 9.11.5-P1 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} @@ -30,7 +30,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ @@ -192,6 +191,12 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-symtable +.else +CONFIGURE_ARGS+= --disable-symtable +.endif + .if ${SSL_DEFAULT} == base SUB_LIST+= ENGINES=/usr/lib/engines .else diff --git a/dns/bind911/distinfo b/dns/bind911/distinfo index c404ad2f4437..5d106ed2529a 100644 --- a/dns/bind911/distinfo +++ b/dns/bind911/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1540325506 -SHA256 (bind-9.11.5.tar.gz) = a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 -SIZE (bind-9.11.5.tar.gz) = 8810710 +TIMESTAMP = 1544687911 +SHA256 (bind-9.11.5-P1.tar.gz) = 6cd6dbf016569f12d4a0ed629e44e895d9ed41c6908274ed2e617666c5491928 +SIZE (bind-9.11.5-P1.tar.gz) = 8814650 diff --git a/dns/bind911/files/named.in b/dns/bind911/files/named.in index a2ab7de1d832..a5a18660ac8c 100644 --- a/dns/bind911/files/named.in +++ b/dns/bind911/files/named.in @@ -146,16 +146,13 @@ chroot_autoupdate() # The OpenSSL engines should be present in the chroot, named loads them # after chrooting. if [ -d ${_openssl_engines} ]; then - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || - [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || - [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then - mkdir -p ${named_chrootdir}${_openssl_engines} + mkdir -p ${named_chrootdir}${_openssl_engines} + if can_mount nullfs ; then mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} else warn "named chroot: cannot nullfs mount OpenSSL" \ "engines into the chroot, will copy the shared" \ "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} fi fi @@ -241,22 +238,41 @@ named_stop() named_poststop() { - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ -n "${named_chrootdir}" ]; then # if using OpenSSL from ports, unmount OpenSSL engines, if they # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} + if [ -d ${_openssl_engines} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${_openssl_engines} + fi fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi fi } +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 +} + create_file() { if [ -e "$1" ]; then diff --git a/dns/bind912/Makefile b/dns/bind912/Makefile index 29dc7c2a9da0..e1a80702ed85 100644 --- a/dns/bind912/Makefile +++ b/dns/bind912/Makefile @@ -5,10 +5,9 @@ PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} .if defined(BIND_TOOLS_SLAVE) # dns/bind-tools here -PORTREVISION= 1 +PORTREVISION= 0 .else -# dns/bind912 here -PORTREVISION= 2 +PORTREVISION= 0 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} @@ -33,7 +32,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= compiler:c11 cpe libedit # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.12.3 +ISCVERSION= 9.12.3-P1 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} @@ -43,7 +42,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ @@ -211,6 +209,12 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-symtable +.else +CONFIGURE_ARGS+= --disable-symtable +.endif + .if ${SSL_DEFAULT} == base SUB_LIST+= ENGINES=/usr/lib/engines .else diff --git a/dns/bind912/distinfo b/dns/bind912/distinfo index 1b7837d72911..c199d57e29a3 100644 --- a/dns/bind912/distinfo +++ b/dns/bind912/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1540325569 -SHA256 (bind-9.12.3.tar.gz) = 0e80762631258e1c193552efa7c56c05ec5e8c2f98e4b2a3b91a61fd8d96b938 -SIZE (bind-9.12.3.tar.gz) = 8616664 +TIMESTAMP = 1544687855 +SHA256 (bind-9.12.3-P1.tar.gz) = 6cb79389d787368af27f01c65a9fa09be1fd062eda37c94819a1a0178d5ded73 +SIZE (bind-9.12.3-P1.tar.gz) = 8625693 diff --git a/dns/bind912/files/named.in b/dns/bind912/files/named.in index a2ab7de1d832..a5a18660ac8c 100644 --- a/dns/bind912/files/named.in +++ b/dns/bind912/files/named.in @@ -146,16 +146,13 @@ chroot_autoupdate() # The OpenSSL engines should be present in the chroot, named loads them # after chrooting. if [ -d ${_openssl_engines} ]; then - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || - [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || - [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then - mkdir -p ${named_chrootdir}${_openssl_engines} + mkdir -p ${named_chrootdir}${_openssl_engines} + if can_mount nullfs ; then mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} else warn "named chroot: cannot nullfs mount OpenSSL" \ "engines into the chroot, will copy the shared" \ "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} fi fi @@ -241,22 +238,41 @@ named_stop() named_poststop() { - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ -n "${named_chrootdir}" ]; then # if using OpenSSL from ports, unmount OpenSSL engines, if they # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} + if [ -d ${_openssl_engines} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${_openssl_engines} + fi fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi fi } +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 +} + create_file() { if [ -e "$1" ]; then diff --git a/dns/bind913/Makefile b/dns/bind913/Makefile index 3206358bece2..2e63ccfc1e01 100644 --- a/dns/bind913/Makefile +++ b/dns/bind913/Makefile @@ -5,10 +5,10 @@ PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} .if defined(BIND_TOOLS_SLAVE) # dns/bind-tools here -PORTREVISION= 1 +PORTREVISION= 0 .else # dns/bind913 here -PORTREVISION= 1 +PORTREVISION= 0 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} @@ -33,7 +33,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= compiler:c11 cpe libedit ssl # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.13.4 +ISCVERSION= 9.13.5 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} @@ -43,7 +43,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ @@ -199,6 +198,18 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-symtable +.else +CONFIGURE_ARGS+= --disable-symtable +.endif + +.if ${SSL_DEFAULT} == base +SUB_LIST+= ENGINES=/usr/lib/engines +.else +SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines +.endif + post-patch: .if defined(BIND_TOOLS_SLAVE) @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \ diff --git a/dns/bind913/distinfo b/dns/bind913/distinfo index 385a59340b5d..11226bf191c6 100644 --- a/dns/bind913/distinfo +++ b/dns/bind913/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1542875991 -SHA256 (bind-9.13.4.tar.gz) = ea02107ae0b22a5b3df76d4c45bd44414f1d17731fffc07813d8e5b4ce05f95b -SIZE (bind-9.13.4.tar.gz) = 6274124 +TIMESTAMP = 1544687807 +SHA256 (bind-9.13.5.tar.gz) = bbde0b81c66a7c7f5b074c8f0e714ed8aa235e4b930e28953cab0ae3cae94e4b +SIZE (bind-9.13.5.tar.gz) = 6309308 diff --git a/dns/bind913/files/extrapatch-bind-min-override-ttl b/dns/bind913/files/extrapatch-bind-min-override-ttl index caa3388fb896..3cf1c096028b 100644 --- a/dns/bind913/files/extrapatch-bind-min-override-ttl +++ b/dns/bind913/files/extrapatch-bind-min-override-ttl @@ -1,6 +1,6 @@ ---- bin/named/config.c.orig 2018-11-19 17:02:41 UTC +--- bin/named/config.c.orig 2018-12-07 18:44:21 UTC +++ bin/named/config.c -@@ -182,6 +182,7 @@ options {\n\ +@@ -179,6 +179,7 @@ options {\n\ notify-source *;\n\ notify-source-v6 *;\n\ nsec3-test-zone no;\n\ @@ -8,9 +8,9 @@ provide-ixfr true;\n\ qname-minimization relaxed;\n\ query-source address *;\n\ ---- bin/named/server.c.orig 2018-11-19 17:02:41 UTC +--- bin/named/server.c.orig 2018-12-07 18:44:21 UTC +++ bin/named/server.c -@@ -4116,6 +4116,11 @@ configure_view(dns_view_t *view, dns_vie +@@ -4154,6 +4154,11 @@ configure_view(dns_view_t *view, dns_vie } obj = NULL; @@ -22,7 +22,7 @@ result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-11-19 17:02:41 UTC +--- lib/dns/include/dns/view.h.orig 2018-12-07 18:44:21 UTC +++ lib/dns/include/dns/view.h @@ -153,6 +153,7 @@ struct dns_view { bool requestnsid; @@ -32,7 +32,7 @@ dns_ttl_t maxncachettl; dns_ttl_t mincachettl; dns_ttl_t minncachettl; ---- lib/dns/resolver.c.orig 2018-11-19 17:02:41 UTC +--- lib/dns/resolver.c.orig 2018-12-07 18:44:21 UTC +++ lib/dns/resolver.c @@ -5967,6 +5967,12 @@ cache_name(fetchctx_t *fctx, dns_name_t } @@ -47,9 +47,9 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-11-19 17:02:41 UTC +--- lib/isccfg/namedconf.c.orig 2018-12-07 18:44:21 UTC +++ lib/isccfg/namedconf.c -@@ -1921,6 +1921,7 @@ view_clauses[] = { +@@ -1900,6 +1900,7 @@ view_clauses[] = { { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, diff --git a/dns/bind913/files/named.in b/dns/bind913/files/named.in index d2815f1f905b..a5a18660ac8c 100644 --- a/dns/bind913/files/named.in +++ b/dns/bind913/files/named.in @@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}" _named_confdirroot="${named_conf%/*}" _named_confdir="${named_chrootdir}${_named_confdirroot}" _named_program_root="${named_program%/sbin/named}" -_openssl_engines="%%LOCALBASE%%/lib/engines" +_openssl_engines="%%ENGINES%%" # Needed if named.conf and rndc.conf are moved or if rndc.conf is used rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} @@ -143,19 +143,16 @@ chroot_autoupdate() fi fi - # If OpenSSL from ports, then the engines should be present in the - # chroot, named loads them after chrooting. + # The OpenSSL engines should be present in the chroot, named loads them + # after chrooting. if [ -d ${_openssl_engines} ]; then - # FIXME when 8.4 is gone see if - # security.jail.param.allow.mount.nullfs can be used. - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} + mkdir -p ${named_chrootdir}${_openssl_engines} + if can_mount nullfs ; then mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} else warn "named chroot: cannot nullfs mount OpenSSL" \ "engines into the chroot, will copy the shared" \ "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} fi fi @@ -241,22 +238,41 @@ named_stop() named_poststop() { - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ -n "${named_chrootdir}" ]; then # if using OpenSSL from ports, unmount OpenSSL engines, if they # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} + if [ -d ${_openssl_engines} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${_openssl_engines} + fi fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi fi } +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 +} + create_file() { if [ -e "$1" ]; then diff --git a/dns/bind913/files/patch-configure b/dns/bind913/files/patch-configure index f585cc25e814..0a296073985c 100644 --- a/dns/bind913/files/patch-configure +++ b/dns/bind913/files/patch-configure @@ -1,6 +1,6 @@ ---- configure.orig 2018-11-22 00:20:34 UTC +--- configure.orig 2018-12-07 18:44:21 UTC +++ configure -@@ -16386,27 +16386,9 @@ done +@@ -16296,27 +16296,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -16449,47 +16431,7 @@ $as_echo "no" >&6; } ;; +@@ -16359,47 +16341,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -79,7 +79,7 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -21015,7 +20957,7 @@ $as_echo "" >&6; } +@@ -20933,7 +20875,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). diff --git a/dns/bind913/pkg-plist b/dns/bind913/pkg-plist index 863c95b0f5b1..580cc0cf5959 100644 --- a/dns/bind913/pkg-plist +++ b/dns/bind913/pkg-plist @@ -250,6 +250,7 @@ include/isccfg/log.h include/isccfg/namedconf.h include/isccfg/version.h include/ns/client.h +include/ns/hooks.h include/ns/interfacemgr.h include/ns/lib.h include/ns/listenlist.h @@ -273,6 +274,7 @@ include/pkcs11/eddsa.h include/pkcs11/pkcs11.h include/pkcs11/pkcs11f.h include/pkcs11/pkcs11t.h +lib/filter-aaaa.so lib/libbind9.a lib/libdns.a lib/libirs.a @@ -306,6 +308,7 @@ man/man8/dnssec-revoke.8.gz man/man8/dnssec-settime.8.gz man/man8/dnssec-signzone.8.gz man/man8/dnssec-verify.8.gz +man/man8/filter-aaaa.8.gz man/man8/named-checkconf.8.gz man/man8/named-checkzone.8.gz man/man8/named-compilezone.8.gz |