1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-18 03:46:03 +00:00
Commit Graph

98 Commits

Author SHA1 Message Date
Mathieu Arnold
be414a03fe Update named.root.
Sponsored by:	People afraid of a nuclear holocaust.
2018-01-19 12:32:34 +00:00
Mathieu Arnold
81a0f18ac5 Update BIND9* to 9.9.11-P1, 9.10.6-P1, 9.11.2-P1 and 9.12.0rc3
MFH:		2018Q1
Security:	CVE-2017-3145
Sponsored by:	Absolight
2018-01-17 07:59:45 +00:00
Mathieu Arnold
ee84f127aa Add a TUNING_LARGE option.
https://kb.isc.org/article/AA-01314/0

Tunes certain compiled-in constants and default settings to
values better suited to large servers with 12/16GB+ of memory.
This can improve performance on such servers, but will consume
more memory and may degrade performance on smaller systems.

PR:		224859
Sponsored by:	Absolight
2018-01-12 12:58:51 +00:00
Mathieu Arnold
c8e8c7e244 Fix altlog_proglist warning when it contains more than the named service.
PR:		224951
Submitted by:	Trix Farrar
Sponsored by:	Absolight
2018-01-08 13:38:47 +00:00
Sunpoet Po-Chuan Hsieh
97064443de Update devel/json-c to 0.13
- Add TEST_TARGET
- While I'm here, fix shebang for net/opensips
- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://github.com/json-c/json-c/blob/master/ChangeLog
PR:		224675
Exp-run by:	antoine
2018-01-03 13:36:58 +00:00
Mathieu Arnold
d12663fa08 Add an extra check to make sure syslogd is correctly configured when
using chroot.

Sponsored by:	Absolight
2017-11-23 13:55:30 +00:00
Mathieu Arnold
7380d4d27b Make a note that dns/bind99 and dns/bind910 will be unsupported in a few
months.

Sponsored by:	Absolight
2017-11-07 15:48:20 +00:00
Mathieu Arnold
8ab9e7cb3e Add a symlink to named's session-keyfile.
Using nsupdate -l, and chroot was broken because nsupdate could not find
the keyfile by itself.

PR:		223403
Submitted by:	Harald Schmalzbauer
Sponsored by:	Absolight
2017-11-07 15:48:16 +00:00
Mathieu Arnold
3245e6532c Enable the PYTHON option by default, it brings a few interesting DNSSEC
tools.

Sponsored by:	Absolight
2017-11-03 13:20:28 +00:00
Mathieu Arnold
789f1484de Install the mtree file as .sample to allow users to change them.
Sponsored by:	Absolight
2017-10-25 13:24:19 +00:00
Mathieu Arnold
b104731907 Update BIND9 ports to 9.{9.11,10.6,11.2}.
Sponsored by:	Absolight
2017-07-28 22:57:26 +00:00
Mathieu Arnold
105f7f6bb7 Update to 9.{9.10,10.5,11.1}-P3.
Sponsored by:	Absolight
2017-07-10 18:48:00 +00:00
Mathieu Arnold
3550198a2d Update to 9.{9.10,10.5,11.1}-P2.
Security:	CVE-2017-3142
Security:	CVE-2017-3143
Sponsored by:	Absolight
2017-06-29 20:51:14 +00:00
Mathieu Arnold
784e0848d5 Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1.
MFH:		2017Q2
Security:	CVE-2017-3140
Security:	CVE-2017-3141
Sponsored by:	Absolight
2017-06-14 22:54:49 +00:00
Mathieu Arnold
336fb2ebbb Remove special handling for testing and documentation domains, per RFC
6761 recommendations.

While there:
- Fix invalid syntax in sample slave config.
- Add a message about having syslogd working with BIND9 chroot.

PR:		217915
Reported by:	eserte12 yahoo de
Sponsored by:	Absolight
2017-06-14 22:54:43 +00:00
Mathieu Arnold
d4de1a5f8c Update to 9.9.10, 9.10.5, 9.11.1 and 9.12 to latest snapshot.
While there:

Make it more maintainable by sorting stuff in the Makefile and removing
vestigial pre 10.3 things.

Refresh the root zone hints.

"Fix" the configuration section telling you to get some top level
zones from f.root-servers.net, which does not allow axfr any more. [1]

PR:		218656 [1]
Reported by:	Thomas Steen Rasmussen / Tykling [1]
MFH:		2017Q2
Sponsored by:	Absolight
2017-04-20 13:12:35 +00:00
Mathieu Arnold
0688061ed1 Unbreak rndc calls when using non default rndc.key location.
PR:		218335
Sponsored by:	Absolight
2017-04-13 10:15:18 +00:00
Xin LI
2710d88751 Security update to 9.10.4-P6.
Security:	c6861494-1ffb-11e7-934d-d05099c0ae8c
Approved by:	so
MFH:		2017Q2
2017-04-13 04:09:29 +00:00
Mathieu Arnold
4570564656 Remove private URLs that should never have been committed.
Pointy hat:	mat
Sponsored by:	Absolight
2017-04-11 13:59:43 +00:00
Mathieu Arnold
32b0a732f5 Update to 9.9.9-P6, 9.10.4-P6 and 9.11.0-P3.
While there, remove the RPZ_PATCH for BIND9 9.9, it has not been updated
for years, and, it does not build any more.

MFH:		2017Q1
Security:	CVE-2017-3135
Sponsored by:	Absolight
2017-02-08 22:39:28 +00:00
Mathieu Arnold
ae4096b69e Commit the cleanups that should have gone in with the pervious update.
Sponsored by:	Absolight
2017-01-12 08:15:41 +00:00
Xin LI
ec652af45e Security update to 9.10.4-P5.
Approved by:	so
Security:	d4c7e9a9-d893-11e6-9b4d-d050996490d0
MFH:		2017Q1
2017-01-12 07:29:19 +00:00
Mathieu Arnold
9572693d15 Remove bind-tools support from bind910.
Sponsored by:	Absolight
2016-12-09 15:40:39 +00:00
Mathieu Arnold
265c712184 Cleanup CONFLICTS.
Sponsored by:	Absolight
2016-12-09 15:40:32 +00:00
Mathieu Arnold
36062bcbe6 Fixup libedit for all BIND9 ports, and fix spurious json dependency by
adding an option.

PR:		215170
Reported by:	sunpoet
Sponsored by:	Absolight
2016-12-09 15:02:37 +00:00
Mathieu Arnold
617eb7085b Fix using libedit from ports.
PR:		215170
Reported by:	sunpoet
Sponsored by:	Absolight
2016-12-09 14:37:44 +00:00
Xin LI
442cd7309b Security update:
dns/bind99:  9.9.9-P3  -> 9.9.9-P4
dns/bind910: 9.10.4-P3 -> 9.10.4-P4
dns/bind911: 9.11.0    -> 9.11.0-P1

Security:	CVE-2016-8864
Submitted by:	mat
MFH:		2016Q4
2016-11-02 06:38:48 +00:00
Mathieu Arnold
8ee6dea551 Remarke MAKE_JOBS_UNSAFE everywhere.
Sponsored by:	Absolight
2016-10-04 14:37:34 +00:00
Mathieu Arnold
67b0d71465 So, on 9, it is failing to build it with jobs.
It builds .a before all the .o that are supposed to go in the .a are
built.  Imagine what happens after that...

Reported by:	Craig Leres
Sponsored by:	Absolight
2016-09-30 12:44:27 +00:00
Mathieu Arnold
6a863d85b8 Remove MAKE_JOBS_UNSAFE for BIND9.
It was added in 2009 in r232247 without the reason it was failing, I've
tried with -J 2-10, and can't have one of the BIND9 port fail.
Feel free to add it back, but please, add the reason why it fails.

Sponsored by:	Absolight
2016-09-28 12:55:09 +00:00
Mathieu Arnold
499919c7a8 Update BIND9 to latest versions, 9.9.9-P3, 9.10.4-P3, 9.11.0rc3
MFH:		2016Q3
Security:	CVE-2016-2776
Sponsored by:	Absolight
2016-09-27 16:10:22 +00:00
Mathieu Arnold
be9a739028 The START_LATE option is not needed by bind-tools.
Sponsored by:	Absolight
2016-08-31 12:06:23 +00:00
Mathieu Arnold
6234750e3f The NEWSTATS and RRL options were removed in BIND9 9.10, so remove them
from here, also, make the upstream default options default for real.

While there, put back the BIND_TOOLS knobs in bind9-devel.

Sponsored by:	Absolight
2016-08-31 11:59:05 +00:00
Mathieu Arnold
8301c5d5e3 Convert to USES=ssl.
Sponsored by:	Absolight
2016-08-08 12:29:46 +00:00
Mathieu Arnold
f8b6156bc5 BIND9 update, 9.9.9-P2, 9.10.4-P2, 9.11.0b2 and latest 9.12 snapshot.
MFH:		2016Q3
Security:	CVE-2016-2775
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000996.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000997.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000998.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000999.html
Sponsored by:	Absolight
2016-07-19 11:30:38 +00:00
Mathieu Arnold
022e70ccdc Introduce BIND9 9.11.0b1. (beta1)
BIND 9.11 brings many changes to BIND, including a new license
(the Mozilla Public License 2.0 -- you can read about it here:
https://www.isc.org/blogs/bind9-adopts-the-mpl-2-0-license-with-bind-9-11-0/)
and many new features, including:

-  Catalog zones, a new way to provision zones on slave servers
-  dyndb api, a fast new api enabling BIND to serve zones stored
   in a database (Developed by Petr Spacek of RedHat)
-  RNDC showzone, view-only mode and other improvements
-  dnstap query and response logging (Robert Edmonds is the author
   of dnstap, see www.dnstap.info)
-  EDNS Client-subnet (authoritative server functions)
-  DNSSEC key manager, a new utility (Thanks to Sebastián Castro
   for helping with development.)
-  Automatic CDS/CDSKEY generation
-  Negative Trust Anchors for DNSSEC validators
-  IPv6 bias to encourage use of IPv6 DNS servers
-  Minimal response to “any” queries (Thanks to Tony Finch for
   the contribution)
-  DNS Cookies are now enabled by default, using the standardized code point

Changes:	https://lists.isc.org/pipermail/bind-announce/2016-June/000994.html
Sponsored by:	Absolight
2016-07-04 09:47:25 +00:00
Mathieu Arnold
5b55a8a53e Fix usage of WITH_OPENSSL_BASE, WITH_OPENSSL_PORT and OPENSSL_PORT.
WITH_OPENSSL_* can't be set after bsd.port.pre.mk.
Fold all other usage into using SSL_DEFAULT == foo

PR:		210149
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	The FreeBSD Foundation, Absolight
Differential Revision:	https://reviews.freebsd.org/D6577
2016-06-16 13:23:13 +00:00
Mathieu Arnold
2da5650ff6 Update to 9.9.9-P1 and 9.10.4-P1.
Sponsored by:	Absolight
2016-05-26 08:54:58 +00:00
Mathieu Arnold
8a1f0e9c1f Add --with-dlopen=yes to the default options to allow using third
parties dlz drivers.

While there:
- enable the DLZ_FILESYSTEM option by default
- convert to USES=mysql and USES=bdb

Requested by:	borius i ua
Sponsored by:	Absolight
2016-05-25 13:28:21 +00:00
Dmitry Marakasov
c86e9d9724 Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by default anyway and don't need to be listed
Approved by:	portmgr blanket
2016-05-23 20:35:01 +00:00
Mathieu Arnold
f130dd1a0a Update to 9.10.4.
While there, update the root hints file.

Sponsored by:	Absolight
2016-04-29 10:05:11 +00:00
Mathieu Arnold
4668b601fb Stop bringing in OpenSSL from ports, it builds fine with the base one on
9, and WITH_OPENSSL_PORT does not belong in a port's Makefile anyway.

Not bumping PORTREVISION because:
- if you are building with poudriere, it will detect that a dependency
  has changed and rebuild it.
- if you are building from ports, you will have OpenSSL from ports
  installed, and it will choose to use it.

Sponsored by:	Absolight
2016-04-06 13:53:09 +00:00
Mathieu Arnold
4e1b79a0a6 Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.
With hat:	portmgr
Sponsored by:	Absolight
2016-04-01 14:00:51 +00:00
Mathieu Arnold
f6d0673391 Update to 9.9.8-P4, 9.10.3-P4 and latest snapshot.
MFH:		2016Q1 (obviously)
Security:	CVE-2016-1285
Security:	CVE-2016-1286
Security:	CVE-2016-2088
Sponsored by:	Absolight
2016-03-09 21:16:31 +00:00
Mathieu Arnold
965159c123 Update bind99 to 9.9.8-P3, bind910 to 9.10.3-P3 and bind9-devel to
latest snapshot.

MFH:		2016Q1
Security:	CVE-2015-8704
Security:	CVE-2015-8705
Sponsored by:	Absolight
2016-01-19 21:13:06 +00:00
Mathieu Arnold
ade4e0672d Update BIND9 to the latest patch releases, 9.9.8-P2, 9.10.3-P2, and snapshot.
MFH:		2015Q4
Changes:	https://kb.isc.org/article/AA-01326/81/BIND-9.9.8-P2-Release-Notes.html
Changes:	https://kb.isc.org/article/AA-01328/81/BIND-9.10.3-P2-Release-Notes.html
Security:	CVE-2015-3193
Security:	CVE-2015-8000
Security:	CVE-2015-8461
Sponsored by:	Absolight
2015-12-16 00:45:02 +00:00
Mathieu Arnold
b43773d4fd Fix build WITH=DLZ_BDB.
PR:		201715
Sponsored by:	Absolight
2015-10-08 12:14:41 +00:00
Mathieu Arnold
5ed65050ac Fix build on -CURRENT. [1]
- Force building with libedit
- Bump PORTREVISION to account for accidental succesful builds

PR:		203273 [1]
Sponsored by:	Absolight
2015-09-25 10:05:48 +00:00
Mathieu Arnold
752504ffb6 Fixup gssapi from base.
Submitted by:	hrs
Sponsored by:	Absolight
2015-09-18 22:11:21 +00:00
Mathieu Arnold
9645ef162a Update to bind99 to 9.9.8 & bind910 to 9.10.3.
- Add new QUERYTRACE & FETCHLIMIT.
  Note that QUERYTRACE is for debug purposes, and will eat your
  performances.
- Don't do the PORTREVISION patch if PORTREVISION is 0.
- Regen some patches

Changes:	https://lists.isc.org/pipermail/bind-announce/2015-September/000961.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2015-September/000962.html
Sponsored by:	Absolight
2015-09-16 08:12:05 +00:00