From nobody Tue Apr 30 20:25:01 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VTWs93SBKz5JrtT; Tue, 30 Apr 2024 20:25:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VTWs91D9Nz4NFg; Tue, 30 Apr 2024 20:25:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714508701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dCc442OzQb2ORv9t+2NCVXQbJO3AfyUvslNmPeKQ5Bs=; b=PIL8X08kCaHsYASB+9juBMF+cuKMthTro++NjJfXSusWoqkK/uF0jbf+4LcmSVbHOHzcot qTlxFxN+t7+KqaWLMVmWKt/paKcnx7CH7WR4zchXHPgpBHQNk9t7cg1Csc465RPLpNhRVw rHSKpgbJ83SKbQkLzBfqMaznAYAMYrORDofboBLAhNKOQk3kPEKtuLlcX4NrI3Csx5q4oH /0N+9GYY6FdGa8Brsk7ZcbXGhi1w/p6tLFem/Nu0+pdplWAso5AGoYsvUgpsqRnQMzSnLU WKLHo9vcTeiao5qC7wgziBsxdUYgbzI6PTjnP4MSTWsENgKzmMRTOHwdzpwrqA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714508701; a=rsa-sha256; cv=none; b=DXggupRe3mIC+IUrKjaN7Opt7CR6al8Tww4wUFgiF+pWfnpmjt3JnpzwaXtwHcG0smxWKw opNNRVbWWoJLoNoWtFOL6NHJsvaORcJlDp7bjBxcPnj7Zd5ZMggQusJFvLomC8ndh5gCgh Cc0jkpCIZN0YCGXiKrkcoNC1VzeJnoHuzk863YyTwpb2l0Tpod6f9UXfksj7yC1mnt6sO+ RfdC7EAjKGTnWVONuI6+X2UQ0uiSuGAykEUdU934au8I/SIWp34WH9JJ05J2naDMous61h WYamtuqRLM7lQlwNRmxAnBi/25mLamAH5fP5VNJybgVCBZyWRbjbfdLauQHksQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714508701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dCc442OzQb2ORv9t+2NCVXQbJO3AfyUvslNmPeKQ5Bs=; b=sOKgXIcmPH9q4nRmpAUjdPa2ntsCJNgUmyeyZwx8qqUDCgb0o0O83hBbKme+Ey1l6wU39V 6IbeAFJDH7lRNzQnP8anGlxofN2V/httfQwCBKGNVCV0mRUBalIx4gbLEqHA/oZB0oBFDP KgSQj829y5+GdzDrtMqmHzfuZv8I6oZQXuQKW/0jXIkyx7UMAMGIf5FX7afbBVvbwF/M3A TEdI7ELgse/Ed6auQ6SXXU6ge1ep8Ljmf5ekR8Hejv/Hc6ijRGkSqm1kXHqQ2wXyafo2Ta w0DmYy6L6mRkx034UkSBKf0ysHFeNIy7/Zg6T308ij2k0d8QrxK8C0sJNwW7XQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VTWs90qH5zpvM; Tue, 30 Apr 2024 20:25:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43UKP1xR011409; Tue, 30 Apr 2024 20:25:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43UKP1BU011406; Tue, 30 Apr 2024 20:25:01 GMT (envelope-from git) Date: Tue, 30 Apr 2024 20:25:01 GMT Message-Id: <202404302025.43UKP1BU011406@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Rene Ladan Subject: git: 3a4d8de87ce0 - main - dns/bind916: Remove expired port List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rene X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3a4d8de87ce0160ab4bfe85f60c6d1922d9fa3c4 Auto-Submitted: auto-generated The branch main has been updated by rene: URL: https://cgit.FreeBSD.org/ports/commit/?id=3a4d8de87ce0160ab4bfe85f60c6d1922d9fa3c4 commit 3a4d8de87ce0160ab4bfe85f60c6d1922d9fa3c4 Author: Rene Ladan AuthorDate: 2024-04-30 20:24:52 +0000 Commit: Rene Ladan CommitDate: 2024-04-30 20:24:52 +0000 dns/bind916: Remove expired port 2024-04-30 dns/bind916: End of life, please migrate to a newer version of BIND9 --- MOVED | 1 + dns/Makefile | 1 - dns/bind916/Makefile | 227 ---------- dns/bind916/distinfo | 3 - dns/bind916/files/BIND.chroot.dist | 24 -- dns/bind916/files/BIND.chroot.local.dist | 18 - dns/bind916/files/bind-v9.16.0-tcp_quota_fix.patch | 341 --------------- dns/bind916/files/empty.db | 8 - dns/bind916/files/extrapatch-bind-min-override-ttl | 61 --- dns/bind916/files/localhost-forward.db | 8 - dns/bind916/files/localhost-reverse.db | 10 - dns/bind916/files/named.conf.in | 378 ----------------- dns/bind916/files/named.in | 464 --------------------- dns/bind916/files/named.root | 92 ---- .../files/patch-bin_named_include_named_globals.h | 13 - .../patch-bin_tests_system_dlzexternal_Makefile.in | 13 - dns/bind916/files/patch-configure | 92 ---- dns/bind916/files/patch-no-bind-tools | 46 -- dns/bind916/files/pkg-message.in | 22 - dns/bind916/pkg-descr | 13 - dns/bind916/pkg-help | 30 -- dns/bind916/pkg-plist | 331 --------------- 22 files changed, 1 insertion(+), 2195 deletions(-) diff --git a/MOVED b/MOVED index 2ecf16307e8a..3db0a11381c4 100644 --- a/MOVED +++ b/MOVED @@ -3205,3 +3205,4 @@ lang/tcl9|lang/tcl90|2024-04-30|Renamed for consistency with the 8.x series port deskutils/aspostit||2024-04-30|Has expired: Unmaintained, last upstream release in 2001 x11-toolkits/p5-Tk-FileDialog||2024-04-30|Has expired: Does not work with recent Tk versions www/py-django-dpaste||2024-04-30|Has expired +dns/bind916|dns/bind918|2024-04-30|Has expired: End of life, please migrate to a newer version of BIND9 diff --git a/dns/Makefile b/dns/Makefile index 3717716f6067..587157026a25 100644 --- a/dns/Makefile +++ b/dns/Makefile @@ -7,7 +7,6 @@ SUBDIR += axfr2acl SUBDIR += bind-tools SUBDIR += bind9-devel - SUBDIR += bind916 SUBDIR += bind918 SUBDIR += bindgraph SUBDIR += blocky diff --git a/dns/bind916/Makefile b/dns/bind916/Makefile deleted file mode 100644 index 89e72f532b6b..000000000000 --- a/dns/bind916/Makefile +++ /dev/null @@ -1,227 +0,0 @@ -# pkg-help formatted with fmt 59 63 - -PORTNAME= bind -DISTVERSION= 9.16.50 -PORTREVISION= 1 -CATEGORIES= dns net -MASTER_SITES= ISC/bind9/${DISTVERSION} -PKGNAMESUFFIX= 916 -DISTNAME= ${PORTNAME}-${DISTVERSION} - -MAINTAINER= mat@FreeBSD.org -COMMENT= BIND DNS suite with updated DNSSEC and DNS64 -WWW= https://www.isc.org/bind/ - -DEPRECATED= End of life, please migrate to a newer version of BIND9 -EXPIRATION_DATE= 2024-04-30 - -LICENSE= MPL20 -LICENSE_FILE= ${WRKSRC}/LICENSE - -LIB_DEPENDS= libuv.so:devel/libuv \ - libxml2.so:textproc/libxml2 -RUN_DEPENDS= bind-tools>0:dns/bind-tools - -USES= compiler:c11 cpe libedit pkgconfig ssl tar:xz - -CPE_VENDOR= isc -CPE_VERSION= ${DISTVERSION:C/-.*//} -.if ${DISTVERSION:M*-*} -CPE_UPDATE= ${DISTVERSION:C/.*-//:tl} -.endif - -GNU_CONFIGURE= yes -GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share -CONFIGURE_ARGS= --disable-linux-caps \ - --localstatedir=/var \ - --sysconfdir=${ETCDIR} \ - --with-dlopen=yes \ - --without-python \ - --with-libxml2 \ - --with-openssl=${OPENSSLBASE} \ - --with-readline="-L${LOCALBASE}/lib -ledit" -ETCDIR= ${PREFIX}/etc/namedb - -USE_RC_SUBR= named -SUB_FILES= named.conf pkg-message - -PORTDOCS= * - -CONFLICTS= bind9[0-9][0-9] bind9-devel - -MAKE_JOBS_UNSAFE= yes - -OPTIONS_DEFAULT= DLZ_FILESYSTEM GSSAPI_NONE IDN JSON LMDB \ - TCP_FASTOPEN DNSTAP -OPTIONS_DEFINE= DNSTAP DOCS FIXED_RRSET GEOIP IDN JSON LARGE_FILE LMDB \ - OVERRIDECACHE PORTREVISION QUERYTRACE \ - START_LATE TCP_FASTOPEN - -OPTIONS_RADIO= CRYPTO -OPTIONS_RADIO_CRYPTO= NATIVE_PKCS11 - -OPTIONS_GROUP= DLZ -OPTIONS_GROUP_DLZ= DLZ_BDB DLZ_FILESYSTEM DLZ_LDAP DLZ_MYSQL \ - DLZ_POSTGRESQL DLZ_STUB - -OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE - -OPTIONS_SUB= yes - -CRYPTO_DESC= Choose which crypto engine to use -DLZ_BDB_DESC= DLZ BDB driver -DLZ_DESC= Dynamically Loadable Zones -DLZ_FILESYSTEM_DESC= DLZ filesystem driver -DLZ_LDAP_DESC= DLZ LDAP driver -DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) -DLZ_POSTGRESQL_DESC= DLZ Postgres driver -DLZ_STUB_DESC= DLZ stub driver -DNSTAP_DESC= Provides fast passive logging of DNS messages -FIXED_RRSET_DESC= Enable fixed rrset ordering -GSSAPI_BASE_DESC= Using Heimdal in base (nsupdate is broken) -GSSAPI_HEIMDAL_DESC= Using security/heimdal (nsupdate is broken) -GSSAPI_MIT_DESC= Using security/krb5 -GSSAPI_NONE_DESC= Disable -LARGE_FILE_DESC= 64-bit file support -LMDB_DESC= Use LMDB for zone management -OVERRIDECACHE_DESC= Use the override-cache patch -NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) -PORTREVISION_DESC= Show PORTREVISION in the version string -QUERYTRACE_DESC= Enable the very verbose query tracelogging -START_LATE_DESC= Start BIND late in the boot process (see help) -TCP_FASTOPEN_DESC= RFC 7413 support - -DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes -DLZ_BDB_USES= bdb - -DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes - -DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes -DLZ_LDAP_USES= ldap - -DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes -DLZ_MYSQL_USES= mysql - -DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes -DLZ_POSTGRESQL_USES= pgsql - -DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes - -DOCS_BUILD_DEPENDS= sphinx-build:textproc/py-sphinx \ - ${PYTHON_PKGNAMEPREFIX}sphinx_rtd_theme>0:textproc/py-sphinx_rtd_theme@${PY_FLAVOR} -DOCS_USES= python:env - -DNSTAP_CONFIGURE_ENABLE= dnstap -DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \ - libprotobuf-c.so:devel/protobuf-c - -FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset - -GEOIP_CONFIGURE_ENABLE= geoip -GEOIP_CONFIGURE_WITH= maxminddb -GEOIP_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb - -GSSAPI_BASE_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} \ - ${GSSAPI_CONFIGURE_ARGS} -GSSAPI_BASE_USES= gssapi - -GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} \ - ${GSSAPI_CONFIGURE_ARGS} -GSSAPI_HEIMDAL_USES= gssapi:heimdal - -GSSAPI_MIT_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} \ - ${GSSAPI_CONFIGURE_ARGS} -GSSAPI_MIT_USES= gssapi:mit - -GSSAPI_NONE_CONFIGURE_ON= --without-gssapi - -IDN_CONFIGURE_OFF= --without-libidn2 -IDN_CONFIGURE_ON= ${ICONV_CONFIGURE_BASE} \ - --with-libidn2=${LOCALBASE} -IDN_LIB_DEPENDS= libidn2.so:dns/libidn2 -IDN_USES= iconv - -JSON_CONFIGURE_WITH= json-c -JSON_LIB_DEPENDS= libjson-c.so:devel/json-c -JSON_LDFLAGS= -L${LOCALBASE}/lib -ljson-c - -LARGE_FILE_CONFIGURE_ENABLE= largefile - -LMDB_CONFIGURE_WITH= lmdb=${LOCALBASE} -LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb - -OVERRIDECACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl - -NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 - -QUERYTRACE_CONFIGURE_ENABLE= querytrace - -START_LATE_SUB_LIST= NAMED_BEFORE="LOGIN" \ - NAMED_REQUIRE="SERVERS cleanvar" -START_LATE_SUB_LIST_OFF= NAMED_BEFORE="SERVERS" \ - NAMED_REQUIRE="NETWORKING ldconfig syslogd" - -TCP_FASTOPEN_CONFIGURE_ENABLE= tcp-fastopen - -.include - -.if defined(WITH_DEBUG) -CONFIGURE_ARGS+= --enable-developer \ - --enable-symtable -USES+= perl5 -USE_PERL5= build -BUILD_DEPENDS+= cmocka>0:sysutils/cmocka -.else -CONFIGURE_ARGS+= --disable-symtable -.endif - -.include - -.if ${SSL_DEFAULT} == base -SUB_LIST+= ENGINES=/usr/lib/engines -.else -SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines -.endif - -post-patch: -.for FILE in named-checkconf.8 named.8 named.conf.5 nsupdate.1 \ - rndc.8 - @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ - -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ - -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ - ${WRKSRC}/doc/man/${FILE}in -.endfor - -. if ${PORTREVISION:N0} -post-patch-PORTREVISION-on: - @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ - ${WRKSRC}/version -. endif - -post-build-DOCS-on: - cd ${WRKSRC}/doc/arm && ${MAKE} html - -post-install: - ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree - ${MKDIR} ${STAGEDIR}${ETCDIR} -. for i in dynamic master slave working - @${MKDIR} ${STAGEDIR}${ETCDIR}/$i -. endfor - ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample - ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} - ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master - ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master - ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master - ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample - ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample - ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ - ${STAGEDIR}${ETCDIR}/rndc.conf.sample - -post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm - ${INSTALL_DATA} ${WRKSRC}/CHANGES* ${WRKSRC}/HISTORY.md \ - ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} - cd ${WRKSRC}/doc/arm/_build/html && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR}/arm - -.include diff --git a/dns/bind916/distinfo b/dns/bind916/distinfo deleted file mode 100644 index fa4268e146f3..000000000000 --- a/dns/bind916/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1713682578 -SHA256 (bind-9.16.50.tar.xz) = 816dbaa3c115019f30fcebd9e8ef8f7637f4adde91c79daa099b035255a15795 -SIZE (bind-9.16.50.tar.xz) = 5134620 diff --git a/dns/bind916/files/BIND.chroot.dist b/dns/bind916/files/BIND.chroot.dist deleted file mode 100644 index 5616dd712f6b..000000000000 --- a/dns/bind916/files/BIND.chroot.dist +++ /dev/null @@ -1,24 +0,0 @@ -# mtree -deU -f files/BIND.chroot.dist -p tmp -# mtree -cjnb -k uname,gname,mode -p tmp - -/set type=file uname=root gname=wheel mode=0755 -. type=dir - dev type=dir mode=0555 - .. - etc type=dir - .. - tmp type=dir mode=01777 - .. -/set type=file uname=bind gname=bind mode=0755 - var type=dir uname=root gname=wheel - dump type=dir - .. - log type=dir - .. - run type=dir - named type=dir - .. - .. - stats type=dir - .. - .. diff --git a/dns/bind916/files/BIND.chroot.local.dist b/dns/bind916/files/BIND.chroot.local.dist deleted file mode 100644 index 81fca3df322c..000000000000 --- a/dns/bind916/files/BIND.chroot.local.dist +++ /dev/null @@ -1,18 +0,0 @@ -# mtree -deU -f files/BIND.etc.dist -p tmp -# mtree -cjnb -k uname,gname,mode -p tmp - -/set type=file uname=root gname=wheel mode=0755 -. type=dir - etc type=dir -/set type=file uname=bind gname=wheel mode=0755 - namedb type=dir uname=root - dynamic type=dir - .. - master type=dir uname=root - .. - slave type=dir - .. - working type=dir - .. - .. - .. diff --git a/dns/bind916/files/bind-v9.16.0-tcp_quota_fix.patch b/dns/bind916/files/bind-v9.16.0-tcp_quota_fix.patch deleted file mode 100644 index bad95dddc192..000000000000 --- a/dns/bind916/files/bind-v9.16.0-tcp_quota_fix.patch +++ /dev/null @@ -1,341 +0,0 @@ -diff --git a/lib/isc/netmgr/netmgr-int.h b/lib/isc/netmgr/netmgr-int.h -index ae83f943d3..c85065f39d 100644 ---- a/lib/isc/netmgr/netmgr-int.h -+++ b/lib/isc/netmgr/netmgr-int.h -@@ -356,7 +356,16 @@ struct isc_nmsocket { - */ - isc_quota_t *quota; - isc_quota_t *pquota; -- bool overquota; -+ -+ /*% -+ * How many connections we have not accepted due to quota? -+ * When we close a connection we need to accept a new one. -+ */ -+ int overquota; -+ /*% -+ * How many active connections we have? -+ */ -+ int conns; - - /*% - * Socket statistics -diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c -index f4361575cc..26728c1ba6 100644 ---- a/lib/isc/netmgr/netmgr.c -+++ b/lib/isc/netmgr/netmgr.c -@@ -727,6 +727,11 @@ nmsocket_cleanup(isc_nmsocket_t *sock, bool dofree) - for (int i = 0; i < sock->nchildren; i++) { - if (!atomic_load(&sock->children[i].destroying)) { - nmsocket_cleanup(&sock->children[i], false); -+ if (sock->statsindex != NULL) { -+ isc__nm_decstats( -+ sock->mgr, -+ sock->statsindex[STATID_ACTIVE]); -+ } - } - } - -@@ -738,6 +743,9 @@ nmsocket_cleanup(isc_nmsocket_t *sock, bool dofree) - sock->children = NULL; - sock->nchildren = 0; - } -+ if (sock->statsindex != NULL) { -+ isc__nm_decstats(sock->mgr, sock->statsindex[STATID_ACTIVE]); -+ } - - if (sock->tcphandle != NULL) { - isc_nmhandle_unref(sock->tcphandle); -@@ -854,8 +862,6 @@ isc__nmsocket_prep_destroy(isc_nmsocket_t *sock) - if (sock->children != NULL) { - for (int i = 0; i < sock->nchildren; i++) { - atomic_store(&sock->children[i].active, false); -- isc__nm_decstats(sock->mgr, -- sock->statsindex[STATID_ACTIVE]); - } - } - -diff --git a/lib/isc/netmgr/tcp.c b/lib/isc/netmgr/tcp.c -index a83fede0d2..58ffd3c404 100644 ---- a/lib/isc/netmgr/tcp.c -+++ b/lib/isc/netmgr/tcp.c -@@ -26,12 +26,28 @@ - #include - #include - #include -+#include - #include - #include - - #include "netmgr-int.h" - #include "uv-compat.h" - -+static atomic_uint_fast32_t last_tcpquota_log = ATOMIC_VAR_INIT(0); -+ -+static bool -+can_log_tcp_quota() { -+ isc_stdtime_t now, last; -+ -+ isc_stdtime_get(&now); -+ last = atomic_exchange_relaxed(&last_tcpquota_log, now); -+ if (now != last) { -+ return (true); -+ } -+ -+ return (false); -+} -+ - static int - tcp_connect_direct(isc_nmsocket_t *sock, isc__nm_uvreq_t *req); - -@@ -668,9 +684,6 @@ read_cb(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf) - } - - isc__nm_free_uvbuf(sock, buf); -- if (sock->quota) { -- isc_quota_detach(&sock->quota); -- } - - /* - * This might happen if the inner socket is closing. It means that -@@ -699,6 +712,7 @@ accept_connection(isc_nmsocket_t *ssock) - struct sockaddr_storage ss; - isc_sockaddr_t local; - int r; -+ bool overquota = false; - - REQUIRE(VALID_NMSOCK(ssock)); - REQUIRE(ssock->tid == isc_nm_tid()); -@@ -711,10 +725,25 @@ accept_connection(isc_nmsocket_t *ssock) - - if (ssock->pquota != NULL) { - result = isc_quota_attach(ssock->pquota, "a); -+ -+ /* -+ * We share the quota between all TCP sockets. Others -+ * may have used up all the quota slots, in which case -+ * this socket could starve. So we only fail here if we -+ * already had at least one active connection on this -+ * socket. This guarantees that we'll maintain some level -+ * of service while over quota, and will resume normal -+ * service when the quota comes back down. -+ */ - if (result != ISC_R_SUCCESS) { -- isc__nm_incstats(ssock->mgr, -- ssock->statsindex[STATID_ACCEPTFAIL]); -- return (result); -+ ssock->overquota++; -+ overquota = true; -+ if (ssock->conns > 0) { -+ isc__nm_incstats( -+ ssock->mgr, -+ ssock->statsindex[STATID_ACCEPTFAIL]); -+ return (result); -+ } - } - } - -@@ -761,6 +790,7 @@ accept_connection(isc_nmsocket_t *ssock) - } - - isc_nmsocket_attach(ssock, &csock->server); -+ ssock->conns++; - - handle = isc__nmhandle_get(csock, NULL, &local); - -@@ -779,6 +809,9 @@ error: - if (csock->quota != NULL) { - isc_quota_detach(&csock->quota); - } -+ if (overquota) { -+ ssock->overquota--; -+ } - /* We need to detach it properly to make sure uv_close is called. */ - isc_nmsocket_detach(&csock); - return (result); -@@ -793,14 +826,14 @@ tcp_connection_cb(uv_stream_t *server, int status) - UNUSED(status); - - result = accept_connection(ssock); -- if (result != ISC_R_SUCCESS) { -- if (result == ISC_R_QUOTA || result == ISC_R_SOFTQUOTA) { -- ssock->overquota = true; -+ if (result != ISC_R_SUCCESS && result != ISC_R_NOCONN) { -+ if ((result != ISC_R_QUOTA && result != ISC_R_SOFTQUOTA) || -+ can_log_tcp_quota()) { -+ isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, -+ ISC_LOGMODULE_NETMGR, ISC_LOG_ERROR, -+ "TCP connection failed: %s", -+ isc_result_totext(result)); - } -- isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, -- ISC_LOGMODULE_NETMGR, ISC_LOG_ERROR, -- "TCP connection failed: %s", -- isc_result_totext(result)); - } - } - -@@ -936,17 +969,27 @@ tcp_close_direct(isc_nmsocket_t *sock) - REQUIRE(VALID_NMSOCK(sock)); - REQUIRE(sock->tid == isc_nm_tid()); - REQUIRE(sock->type == isc_nm_tcpsocket); -+ isc_nmsocket_t *ssock = sock->server; - - if (sock->quota != NULL) { -- isc_nmsocket_t *ssock = sock->server; -- - isc_quota_detach(&sock->quota); -- -- if (ssock->overquota) { -+ } -+ if (ssock != NULL) { -+ ssock->conns--; -+ while (ssock->conns == 0 && ssock->overquota > 0) { -+ ssock->overquota--; - isc_result_t result = accept_connection(ssock); -- if (result != ISC_R_QUOTA && -- result != ISC_R_SOFTQUOTA) { -- ssock->overquota = false; -+ if (result == ISC_R_SUCCESS || result == ISC_R_NOCONN) { -+ continue; -+ } -+ if ((result != ISC_R_QUOTA && -+ result != ISC_R_SOFTQUOTA) || -+ can_log_tcp_quota()) { -+ isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, -+ ISC_LOGMODULE_NETMGR, -+ ISC_LOG_ERROR, -+ "TCP connection failed: %s", -+ isc_result_totext(result)); - } - } - } -diff --git a/lib/isc/netmgr/tcpdns.c b/lib/isc/netmgr/tcpdns.c -index e384b73be9..f89eb359af 100644 ---- a/lib/isc/netmgr/tcpdns.c -+++ b/lib/isc/netmgr/tcpdns.c -@@ -43,6 +43,9 @@ dnslisten_readcb(isc_nmhandle_t *handle, isc_region_t *region, void *arg); - static void - resume_processing(void *arg); - -+static void -+tcpdns_close_direct(isc_nmsocket_t *sock); -+ - static inline size_t - dnslen(unsigned char *base) - { -@@ -82,7 +85,6 @@ timer_close_cb(uv_handle_t *handle) - { - isc_nmsocket_t *sock = (isc_nmsocket_t *)uv_handle_get_data(handle); - INSIST(VALID_NMSOCK(sock)); -- atomic_store(&sock->closed, true); - isc_nmsocket_detach(&sock); - } - -@@ -94,9 +96,7 @@ dnstcp_readtimeout(uv_timer_t *timer) - - REQUIRE(VALID_NMSOCK(sock)); - REQUIRE(sock->tid == isc_nm_tid()); -- -- isc_nmsocket_detach(&sock->outer); -- uv_close((uv_handle_t *)&sock->timer, timer_close_cb); -+ tcpdns_close_direct(sock); - } - - /* -@@ -252,7 +252,9 @@ dnslisten_readcb(isc_nmhandle_t *handle, isc_region_t *region, void *arg) - * We have a packet: stop timeout timers - */ - atomic_store(&dnssock->outer->processing, true); -- uv_timer_stop(&dnssock->timer); -+ if (dnssock->timer_initialized) { -+ uv_timer_stop(&dnssock->timer); -+ } - - if (atomic_load(&dnssock->sequential)) { - /* -@@ -399,8 +401,10 @@ resume_processing(void *arg) - if (atomic_load(&sock->ah) == 0) { - /* Nothing is active; sockets can timeout now */ - atomic_store(&sock->outer->processing, false); -- uv_timer_start(&sock->timer, dnstcp_readtimeout, -- sock->read_timeout, 0); -+ if (sock->timer_initialized) { -+ uv_timer_start(&sock->timer, dnstcp_readtimeout, -+ sock->read_timeout, 0); -+ } - } - - /* -@@ -413,7 +417,9 @@ resume_processing(void *arg) - result = processbuffer(sock, &handle); - if (result == ISC_R_SUCCESS) { - atomic_store(&sock->outer->processing, true); -- uv_timer_stop(&sock->timer); -+ if (sock->timer_initialized) { -+ uv_timer_stop(&sock->timer); -+ } - isc_nmhandle_unref(handle); - } else if (sock->outer != NULL) { - isc_nm_resumeread(sock->outer); -@@ -441,7 +447,9 @@ resume_processing(void *arg) - break; - } - -- uv_timer_stop(&sock->timer); -+ if (sock->timer_initialized) { -+ uv_timer_stop(&sock->timer); -+ } - atomic_store(&sock->outer->processing, true); - isc_nmhandle_unref(dnshandle); - } while (atomic_load(&sock->ah) < TCPDNS_CLIENTS_PER_CONN); -@@ -507,18 +515,29 @@ static void - tcpdns_close_direct(isc_nmsocket_t *sock) - { - REQUIRE(sock->tid == isc_nm_tid()); -- if (sock->outer != NULL) { -- sock->outer->rcb.recv = NULL; -- isc_nmsocket_detach(&sock->outer); -- } -- if (sock->listener != NULL) { -- isc_nmsocket_detach(&sock->listener); -- } - /* We don't need atomics here, it's all in single network thread */ - if (sock->timer_initialized) { -+ /* -+ * We need to fire the timer callback to clean it up, -+ * it will then call us again (via detach) so that we -+ * can finally close the socket. -+ */ - sock->timer_initialized = false; - uv_timer_stop(&sock->timer); - uv_close((uv_handle_t *)&sock->timer, timer_close_cb); -+ } else { -+ /* -+ * At this point we're certain that there are no external -+ * references, we can close everything. -+ */ -+ if (sock->outer != NULL) { -+ sock->outer->rcb.recv = NULL; -+ isc_nmsocket_detach(&sock->outer); -+ } -+ if (sock->listener != NULL) { -+ isc_nmsocket_detach(&sock->listener); -+ } -+ atomic_store(&sock->closed, true); - } - } - -diff --git a/lib/isc/netmgr/uverr2result.c b/lib/isc/netmgr/uverr2result.c -index b6a8065e3e..9781454ca6 100644 ---- a/lib/isc/netmgr/uverr2result.c -+++ b/lib/isc/netmgr/uverr2result.c -@@ -38,6 +38,8 @@ isc___nm_uverr2result(int uverr, bool dolog, const char *file, - return (ISC_R_INVALIDFILE); - case UV_ENOENT: - return (ISC_R_FILENOTFOUND); -+ case UV_EAGAIN: -+ return (ISC_R_NOCONN); - case UV_EACCES: - case UV_EPERM: - return (ISC_R_NOPERM); diff --git a/dns/bind916/files/empty.db b/dns/bind916/files/empty.db deleted file mode 100644 index 30870e74342f..000000000000 --- a/dns/bind916/files/empty.db +++ /dev/null @@ -1,8 +0,0 @@ -$TTL 3h -@ SOA @ nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - -@ NS @ - -; Silence a BIND warning -@ A 127.0.0.1 diff --git a/dns/bind916/files/extrapatch-bind-min-override-ttl b/dns/bind916/files/extrapatch-bind-min-override-ttl deleted file mode 100644 index f6f2dc707250..000000000000 --- a/dns/bind916/files/extrapatch-bind-min-override-ttl +++ /dev/null @@ -1,61 +0,0 @@ -Add the override-cache-ttl feature. - ---- bin/named/config.c.orig 2024-04-03 12:48:29 UTC -+++ bin/named/config.c -@@ -177,6 +177,7 @@ options {\n\ - notify-source *;\n\ - notify-source-v6 *;\n\ - nsec3-test-zone no;\n\ -+ override-cache-ttl 0; /* do not override */\n\ - parental-source *;\n\ - parental-source-v6 *;\n\ - provide-ixfr true;\n\ ---- bin/named/server.c.orig 2024-04-03 12:48:29 UTC -+++ bin/named/server.c -@@ -4449,6 +4449,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl - } - - obj = NULL; -+ result = named_config_get(maps, "override-cache-ttl", &obj); -+ INSIST(result == ISC_R_SUCCESS); -+ view->overridecachettl = cfg_obj_asduration(obj); -+ -+ obj = NULL; - result = named_config_get(maps, "max-cache-ttl", &obj); - INSIST(result == ISC_R_SUCCESS); - view->maxcachettl = cfg_obj_asduration(obj); ---- lib/dns/include/dns/view.h.orig 2024-04-03 12:48:29 UTC -+++ lib/dns/include/dns/view.h -@@ -154,6 +154,7 @@ struct dns_view { - bool requestnsid; - bool sendcookie; - dns_ttl_t maxcachettl; -+ dns_ttl_t overridecachettl; - dns_ttl_t maxncachettl; - dns_ttl_t mincachettl; - dns_ttl_t minncachettl; ---- lib/dns/resolver.c.orig 2024-04-03 12:48:29 UTC -+++ lib/dns/resolver.c -@@ -6494,6 +6494,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_mes - } - - /* -+ * Enforce the configure cache TTL override. -+ */ -+ if (res->view->overridecachettl) -+ rdataset->ttl = res->view->overridecachettl; -+ -+ /* - * Enforce the configure maximum cache TTL. - */ - if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2024-04-03 12:48:29 UTC -+++ lib/isccfg/namedconf.c -@@ -2054,6 +2054,7 @@ static cfg_clausedef_t view_clauses[] = { - #endif /* ifdef HAVE_LMDB */ - { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, - { "max-cache-size", &cfg_type_sizeorpercent, 0 }, -+ { "override-cache-ttl", &cfg_type_duration, 0 }, - { "max-cache-ttl", &cfg_type_duration, 0 }, - { "max-clients-per-query", &cfg_type_uint32, 0 }, - { "max-ncache-ttl", &cfg_type_duration, 0 }, diff --git a/dns/bind916/files/localhost-forward.db b/dns/bind916/files/localhost-forward.db deleted file mode 100644 index fdd2e9ce4bee..000000000000 --- a/dns/bind916/files/localhost-forward.db +++ /dev/null @@ -1,8 +0,0 @@ -$TTL 3h -localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - - A 127.0.0.1 - AAAA ::1 diff --git a/dns/bind916/files/localhost-reverse.db b/dns/bind916/files/localhost-reverse.db deleted file mode 100644 index 376e94fa94a8..000000000000 --- a/dns/bind916/files/localhost-reverse.db +++ /dev/null @@ -1,10 +0,0 @@ -$TTL 3h -@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - -1.0.0 PTR localhost. - -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. - diff --git a/dns/bind916/files/named.conf.in b/dns/bind916/files/named.conf.in deleted file mode 100644 index c3a367fd23ee..000000000000 --- a/dns/bind916/files/named.conf.in +++ /dev/null @@ -1,378 +0,0 @@ -// Refer to the named.conf(5) and named(8) man pages, and the documentation -// in /usr/local/share/doc/bind for more details. -// -// If you are going to set up an authoritative server, make sure you -// understand the hairy details of how DNS works. Even with -// simple mistakes, you can break connectivity for affected parties, -// or cause huge amounts of useless Internet traffic. - -options { - // All file and path names are relative to the chroot directory, - // if any, and should be fully qualified. - directory "%%ETCDIR%%/working"; - pid-file "/var/run/named/pid"; - dump-file "/var/dump/named_dump.db"; - statistics-file "/var/stats/named.stats"; - -// If named is being used only as a local resolver, this is a safe default. -// For named to be accessible to the network, comment this option, specify -// the proper IP address, or delete this option. - listen-on { 127.0.0.1; }; - -// If you have IPv6 enabled on this system, uncomment this option for -// use as a local resolver. To give access to the network, specify -// an IPv6 address, or the keyword "any". -// listen-on-v6 { ::1; }; - -// These zones are already covered by the empty zones listed below. -// If you remove the related empty zones below, comment these lines out. - disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; - disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - -// If you've got a DNS server around at your upstream provider, enter -// its IP address here, and enable the line below. This will make you -// benefit from its cache, thus reduce overall DNS traffic in the Internet. -/* - forwarders { - 127.0.0.1; - }; -*/ - -// If the 'forwarders' clause is not empty the default is to 'forward first' -// which will fall back to sending a query from your local server if the name -// servers in 'forwarders' do not have the answer. Alternatively you can -// force your name server to never initiate queries of its own by enabling the -// following line: -// forward only; - -// If you wish to have forwarding configured automatically based on -// the entries in /etc/resolv.conf, uncomment the following line and -// set named_auto_forward=yes in /etc/rc.conf. You can also enable -// named_auto_forward_only (the effect of which is described above). -// include "%%ETCDIR%%/auto_forward.conf"; - - /* - Modern versions of BIND use a random UDP port for each outgoing - query by default in order to dramatically reduce the possibility - of cache poisoning. All users are strongly encouraged to utilize - this feature, and to configure their firewalls to accommodate it. - - AS A LAST RESORT in order to get around a restrictive firewall - policy you can try enabling the option below. Use of this option - will significantly reduce your ability to withstand cache poisoning - attacks, and should be avoided if at all possible. - - Replace NNNNN in the example with a number between 49160 and 65530. - */ - // query-source address * port NNNNN; -}; - -// If you enable a local name server, don't forget to enter 127.0.0.1 -// first in your /etc/resolv.conf so this server will be queried. -// Also, make sure to enable it in /etc/rc.conf. - -// The traditional root hints mechanism. Use this, OR the slave zones below. -zone "." { type hint; file "%%ETCDIR%%/named.root"; }; - -/* Slaving the following zones from the root name servers has some - significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots - 3. Greater resilience to any potential root server failure/DDoS - - On the other hand, this method requires more monitoring than the - hints file to be sure that an unexpected failure mode has not - incapacitated your server. Name servers that are serving a lot - of clients will benefit more from this approach than individual - hosts. Use with caution. - - To use this mechanism, uncomment the entries below, and comment - the hint zone above. - - As documented at http://dns.icann.org/services/axfr/ these zones: - "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others - are available for AXFR from these servers on IPv4 and IPv6: - xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org -*/ -/* -zone "." { - type slave; - file "%%ETCDIR%%/slave/root.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -zone "arpa" { - type slave; - file "%%ETCDIR%%/slave/arpa.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -zone "in-addr.arpa" { - type slave; - file "%%ETCDIR%%/slave/in-addr.arpa.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -zone "ip6.arpa" { - type slave; - file "%%ETCDIR%%/slave/ip6.arpa.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -*/ - -/* Serving the following zones locally will prevent any queries - for these zones leaving your network and going to the root - name servers. This has two significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots -*/ -// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) -zone "localhost" { type master; file "%%ETCDIR%%/master/localhost-forward.db"; }; -zone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; -zone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// RFC 1912-style zone for IPv6 localhost address (RFC 6303) -zone "0.ip6.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; - -// "This" Network (RFCs 1912, 5735 and 6303) -zone "0.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Private Use Networks (RFCs 1918, 5735 and 6303) -zone "10.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; *** 1387 LINES SKIPPED ***