aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--dns/bind9-devel/Makefile15
-rw-r--r--dns/bind9-devel/files/named.in50
-rw-r--r--dns/bind911/Makefile11
-rw-r--r--dns/bind911/distinfo6
-rw-r--r--dns/bind911/files/named.in44
-rw-r--r--dns/bind912/Makefile14
-rw-r--r--dns/bind912/distinfo6
-rw-r--r--dns/bind912/files/named.in44
-rw-r--r--dns/bind913/Makefile19
-rw-r--r--dns/bind913/distinfo6
-rw-r--r--dns/bind913/files/extrapatch-bind-min-override-ttl16
-rw-r--r--dns/bind913/files/named.in50
-rw-r--r--dns/bind913/files/patch-configure8
-rw-r--r--dns/bind913/pkg-plist3
14 files changed, 195 insertions, 97 deletions
diff --git a/dns/bind9-devel/Makefile b/dns/bind9-devel/Makefile
index a6cfd942d05d..4efb9f33be33 100644
--- a/dns/bind9-devel/Makefile
+++ b/dns/bind9-devel/Makefile
@@ -9,7 +9,7 @@ PORTREVISION= 1
.else
# XXX: correct version
# dns/bind9xx here
-PORTREVISION= 1
+PORTREVISION= 2
.endif
CATEGORIES= dns net ipv6
# XXX: put the ISC master_site
@@ -54,7 +54,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \
@@ -210,6 +209,18 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
+
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
+.endif
+
# XXX: Remove
post-extract:
echo "SRCID=${GL_COMMIT}" > ${WRKSRC}/srcid
diff --git a/dns/bind9-devel/files/named.in b/dns/bind9-devel/files/named.in
index d2815f1f905b..a5a18660ac8c 100644
--- a/dns/bind9-devel/files/named.in
+++ b/dns/bind9-devel/files/named.in
@@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
-_openssl_engines="%%LOCALBASE%%/lib/engines"
+_openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@@ -143,19 +143,16 @@ chroot_autoupdate()
fi
fi
- # If OpenSSL from ports, then the engines should be present in the
- # chroot, named loads them after chrooting.
+ # The OpenSSL engines should be present in the chroot, named loads them
+ # after chrooting.
if [ -d ${_openssl_engines} ]; then
- # FIXME when 8.4 is gone see if
- # security.jail.param.allow.mount.nullfs can be used.
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,22 +238,41 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
}
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
+}
+
create_file()
{
if [ -e "$1" ]; then
diff --git a/dns/bind911/Makefile b/dns/bind911/Makefile
index 063588a06c54..08d000b8eda7 100644
--- a/dns/bind911/Makefile
+++ b/dns/bind911/Makefile
@@ -3,7 +3,7 @@
PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
-PORTREVISION= 1
+PORTREVISION= 0
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
PKGNAMESUFFIX= 911
@@ -20,7 +20,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= cpe libedit
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.11.5
+ISCVERSION= 9.11.5-P1
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -30,7 +30,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-randomdev=/dev/random \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
@@ -192,6 +191,12 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
+
.if ${SSL_DEFAULT} == base
SUB_LIST+= ENGINES=/usr/lib/engines
.else
diff --git a/dns/bind911/distinfo b/dns/bind911/distinfo
index c404ad2f4437..5d106ed2529a 100644
--- a/dns/bind911/distinfo
+++ b/dns/bind911/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1540325506
-SHA256 (bind-9.11.5.tar.gz) = a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322
-SIZE (bind-9.11.5.tar.gz) = 8810710
+TIMESTAMP = 1544687911
+SHA256 (bind-9.11.5-P1.tar.gz) = 6cd6dbf016569f12d4a0ed629e44e895d9ed41c6908274ed2e617666c5491928
+SIZE (bind-9.11.5-P1.tar.gz) = 8814650
diff --git a/dns/bind911/files/named.in b/dns/bind911/files/named.in
index a2ab7de1d832..a5a18660ac8c 100644
--- a/dns/bind911/files/named.in
+++ b/dns/bind911/files/named.in
@@ -146,16 +146,13 @@ chroot_autoupdate()
# The OpenSSL engines should be present in the chroot, named loads them
# after chrooting.
if [ -d ${_openssl_engines} ]; then
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
- [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
- [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,22 +238,41 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
}
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
+}
+
create_file()
{
if [ -e "$1" ]; then
diff --git a/dns/bind912/Makefile b/dns/bind912/Makefile
index 29dc7c2a9da0..e1a80702ed85 100644
--- a/dns/bind912/Makefile
+++ b/dns/bind912/Makefile
@@ -5,10 +5,9 @@ PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
.if defined(BIND_TOOLS_SLAVE)
# dns/bind-tools here
-PORTREVISION= 1
+PORTREVISION= 0
.else
-# dns/bind912 here
-PORTREVISION= 2
+PORTREVISION= 0
.endif
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
@@ -33,7 +32,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= compiler:c11 cpe libedit
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.12.3
+ISCVERSION= 9.12.3-P1
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -43,7 +42,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-randomdev=/dev/random \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
@@ -211,6 +209,12 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
+
.if ${SSL_DEFAULT} == base
SUB_LIST+= ENGINES=/usr/lib/engines
.else
diff --git a/dns/bind912/distinfo b/dns/bind912/distinfo
index 1b7837d72911..c199d57e29a3 100644
--- a/dns/bind912/distinfo
+++ b/dns/bind912/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1540325569
-SHA256 (bind-9.12.3.tar.gz) = 0e80762631258e1c193552efa7c56c05ec5e8c2f98e4b2a3b91a61fd8d96b938
-SIZE (bind-9.12.3.tar.gz) = 8616664
+TIMESTAMP = 1544687855
+SHA256 (bind-9.12.3-P1.tar.gz) = 6cb79389d787368af27f01c65a9fa09be1fd062eda37c94819a1a0178d5ded73
+SIZE (bind-9.12.3-P1.tar.gz) = 8625693
diff --git a/dns/bind912/files/named.in b/dns/bind912/files/named.in
index a2ab7de1d832..a5a18660ac8c 100644
--- a/dns/bind912/files/named.in
+++ b/dns/bind912/files/named.in
@@ -146,16 +146,13 @@ chroot_autoupdate()
# The OpenSSL engines should be present in the chroot, named loads them
# after chrooting.
if [ -d ${_openssl_engines} ]; then
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
- [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
- [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,22 +238,41 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
}
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
+}
+
create_file()
{
if [ -e "$1" ]; then
diff --git a/dns/bind913/Makefile b/dns/bind913/Makefile
index 3206358bece2..2e63ccfc1e01 100644
--- a/dns/bind913/Makefile
+++ b/dns/bind913/Makefile
@@ -5,10 +5,10 @@ PORTNAME= bind
PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
.if defined(BIND_TOOLS_SLAVE)
# dns/bind-tools here
-PORTREVISION= 1
+PORTREVISION= 0
.else
# dns/bind913 here
-PORTREVISION= 1
+PORTREVISION= 0
.endif
CATEGORIES= dns net ipv6
MASTER_SITES= ISC/bind9/${ISCVERSION}
@@ -33,7 +33,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2
USES= compiler:c11 cpe libedit ssl
# ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION= 9.13.4
+ISCVERSION= 9.13.5
CPE_VENDOR= isc
CPE_VERSION= ${ISCVERSION:C/-.*//}
@@ -43,7 +43,6 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
- --disable-symtable \
--with-libxml2=${LOCALBASE} \
--with-readline="-L${LOCALBASE}/lib -ledit" \
--with-dlopen=yes \
@@ -199,6 +198,18 @@ TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
.include <bsd.port.pre.mk>
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
+
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
+.endif
+
post-patch:
.if defined(BIND_TOOLS_SLAVE)
@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \
diff --git a/dns/bind913/distinfo b/dns/bind913/distinfo
index 385a59340b5d..11226bf191c6 100644
--- a/dns/bind913/distinfo
+++ b/dns/bind913/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1542875991
-SHA256 (bind-9.13.4.tar.gz) = ea02107ae0b22a5b3df76d4c45bd44414f1d17731fffc07813d8e5b4ce05f95b
-SIZE (bind-9.13.4.tar.gz) = 6274124
+TIMESTAMP = 1544687807
+SHA256 (bind-9.13.5.tar.gz) = bbde0b81c66a7c7f5b074c8f0e714ed8aa235e4b930e28953cab0ae3cae94e4b
+SIZE (bind-9.13.5.tar.gz) = 6309308
diff --git a/dns/bind913/files/extrapatch-bind-min-override-ttl b/dns/bind913/files/extrapatch-bind-min-override-ttl
index caa3388fb896..3cf1c096028b 100644
--- a/dns/bind913/files/extrapatch-bind-min-override-ttl
+++ b/dns/bind913/files/extrapatch-bind-min-override-ttl
@@ -1,6 +1,6 @@
---- bin/named/config.c.orig 2018-11-19 17:02:41 UTC
+--- bin/named/config.c.orig 2018-12-07 18:44:21 UTC
+++ bin/named/config.c
-@@ -182,6 +182,7 @@ options {\n\
+@@ -179,6 +179,7 @@ options {\n\
notify-source *;\n\
notify-source-v6 *;\n\
nsec3-test-zone no;\n\
@@ -8,9 +8,9 @@
provide-ixfr true;\n\
qname-minimization relaxed;\n\
query-source address *;\n\
---- bin/named/server.c.orig 2018-11-19 17:02:41 UTC
+--- bin/named/server.c.orig 2018-12-07 18:44:21 UTC
+++ bin/named/server.c
-@@ -4116,6 +4116,11 @@ configure_view(dns_view_t *view, dns_vie
+@@ -4154,6 +4154,11 @@ configure_view(dns_view_t *view, dns_vie
}
obj = NULL;
@@ -22,7 +22,7 @@
result = named_config_get(maps, "max-cache-ttl", &obj);
INSIST(result == ISC_R_SUCCESS);
view->maxcachettl = cfg_obj_asuint32(obj);
---- lib/dns/include/dns/view.h.orig 2018-11-19 17:02:41 UTC
+--- lib/dns/include/dns/view.h.orig 2018-12-07 18:44:21 UTC
+++ lib/dns/include/dns/view.h
@@ -153,6 +153,7 @@ struct dns_view {
bool requestnsid;
@@ -32,7 +32,7 @@
dns_ttl_t maxncachettl;
dns_ttl_t mincachettl;
dns_ttl_t minncachettl;
---- lib/dns/resolver.c.orig 2018-11-19 17:02:41 UTC
+--- lib/dns/resolver.c.orig 2018-12-07 18:44:21 UTC
+++ lib/dns/resolver.c
@@ -5967,6 +5967,12 @@ cache_name(fetchctx_t *fctx, dns_name_t
}
@@ -47,9 +47,9 @@
* Enforce the configure maximum cache TTL.
*/
if (rdataset->ttl > res->view->maxcachettl) {
---- lib/isccfg/namedconf.c.orig 2018-11-19 17:02:41 UTC
+--- lib/isccfg/namedconf.c.orig 2018-12-07 18:44:21 UTC
+++ lib/isccfg/namedconf.c
-@@ -1921,6 +1921,7 @@ view_clauses[] = {
+@@ -1900,6 +1900,7 @@ view_clauses[] = {
{ "max-acache-size", &cfg_type_sizenodefault,
CFG_CLAUSEFLAG_OBSOLETE },
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
diff --git a/dns/bind913/files/named.in b/dns/bind913/files/named.in
index d2815f1f905b..a5a18660ac8c 100644
--- a/dns/bind913/files/named.in
+++ b/dns/bind913/files/named.in
@@ -62,7 +62,7 @@ required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
-_openssl_engines="%%LOCALBASE%%/lib/engines"
+_openssl_engines="%%ENGINES%%"
# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
@@ -143,19 +143,16 @@ chroot_autoupdate()
fi
fi
- # If OpenSSL from ports, then the engines should be present in the
- # chroot, named loads them after chrooting.
+ # The OpenSSL engines should be present in the chroot, named loads them
+ # after chrooting.
if [ -d ${_openssl_engines} ]; then
- # FIXME when 8.4 is gone see if
- # security.jail.param.allow.mount.nullfs can be used.
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,22 +238,41 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
}
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
+}
+
create_file()
{
if [ -e "$1" ]; then
diff --git a/dns/bind913/files/patch-configure b/dns/bind913/files/patch-configure
index f585cc25e814..0a296073985c 100644
--- a/dns/bind913/files/patch-configure
+++ b/dns/bind913/files/patch-configure
@@ -1,6 +1,6 @@
---- configure.orig 2018-11-22 00:20:34 UTC
+--- configure.orig 2018-12-07 18:44:21 UTC
+++ configure
-@@ -16386,27 +16386,9 @@ done
+@@ -16296,27 +16296,9 @@ done
# problems start to show up.
saved_libs="$LIBS"
for TRY_LIBS in \
@@ -30,7 +30,7 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
$as_echo_n "checking linking as $TRY_LIBS... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -16449,47 +16431,7 @@ $as_echo "no" >&6; } ;;
+@@ -16359,47 +16341,7 @@ $as_echo "no" >&6; } ;;
no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
esac
@@ -79,7 +79,7 @@
DNS_GSSAPI_LIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -21015,7 +20957,7 @@ $as_echo "" >&6; }
+@@ -20933,7 +20875,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
diff --git a/dns/bind913/pkg-plist b/dns/bind913/pkg-plist
index 863c95b0f5b1..580cc0cf5959 100644
--- a/dns/bind913/pkg-plist
+++ b/dns/bind913/pkg-plist
@@ -250,6 +250,7 @@ include/isccfg/log.h
include/isccfg/namedconf.h
include/isccfg/version.h
include/ns/client.h
+include/ns/hooks.h
include/ns/interfacemgr.h
include/ns/lib.h
include/ns/listenlist.h
@@ -273,6 +274,7 @@ include/pkcs11/eddsa.h
include/pkcs11/pkcs11.h
include/pkcs11/pkcs11f.h
include/pkcs11/pkcs11t.h
+lib/filter-aaaa.so
lib/libbind9.a
lib/libdns.a
lib/libirs.a
@@ -306,6 +308,7 @@ man/man8/dnssec-revoke.8.gz
man/man8/dnssec-settime.8.gz
man/man8/dnssec-signzone.8.gz
man/man8/dnssec-verify.8.gz
+man/man8/filter-aaaa.8.gz
man/man8/named-checkconf.8.gz
man/man8/named-checkzone.8.gz
man/man8/named-compilezone.8.gz