Date: Fri, 2 Nov 2018 10:13:14 +0000 (UTC) From: Mathieu Arnold <mat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r483798 - in head/dns: bind911 bind912 Message-ID: <201811021013.wA2ADEQJ008134@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mat Date: Fri Nov 2 10:13:14 2018 New Revision: 483798 URL: https://svnweb.freebsd.org/changeset/ports/483798 Log: Remove GOST support from BIND9 9.11 and 9.12. It was never (widely|really) used, and support for it has been dropped in OpenSSL starting at 1.1, and BIND9 starting at 9.13. PR: 231980 Reported by: mfechner Modified: head/dns/bind911/Makefile (contents, props changed) head/dns/bind912/Makefile (contents, props changed) Modified: head/dns/bind911/Makefile ============================================================================== --- head/dns/bind911/Makefile Fri Nov 2 09:59:46 2018 (r483797) +++ head/dns/bind911/Makefile Fri Nov 2 10:13:14 2018 (r483798) @@ -56,9 +56,8 @@ OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \ MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \ START_LATE TUNING_LARGE TCP_FASTOPEN -OPTIONS_RADIO= CRYPTO GOSTDEF +OPTIONS_RADIO= CRYPTO OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 -OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1 OPTIONS_GROUP= DLZ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ @@ -80,9 +79,6 @@ DNSTAP_DESC= Provides fast passive logging of DNS mes FILTER_AAAA_DESC= Enable filtering of AAAA records FIXED_RRSET_DESC= Enable fixed rrset ordering GEOIP_DESC= Allow geographically based ACL. -GOSTDEF_DESC= Enable GOST ciphers, needs SSL -GOST_ASN1_DESC= GOST using ASN.1 -GOST_DESC= GOST raw keys (new default) GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 @@ -131,10 +127,6 @@ FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset GEOIP_CONFIGURE_WITH= geoip GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP -GOST_ASN1_CONFIGURE_ON= --with-gost=asn1 - -GOST_CONFIGURE_ON= --with-gost - GSSAPI_BASE_CONFIGURE_ON=\ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_BASE_USES= gssapi @@ -198,16 +190,6 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> - -.if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1} -CONFIGURE_ARGS+= --without-gost -.endif - -.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base -BROKEN= OpenSSL from the base system does not support GOST, add \ - DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ - that needs SSL. -.endif post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ Modified: head/dns/bind912/Makefile ============================================================================== --- head/dns/bind912/Makefile Fri Nov 2 09:59:46 2018 (r483797) +++ head/dns/bind912/Makefile Fri Nov 2 10:13:14 2018 (r483798) @@ -72,9 +72,8 @@ OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \ FIXED_RRSET SIGCHASE IPV6 THREADS -OPTIONS_RADIO= CRYPTO GOSTDEF +OPTIONS_RADIO= CRYPTO OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 -OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1 .if !defined(BIND_TOOLS_SLAVE) OPTIONS_DEFAULT+= DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP TCP_FASTOPEN @@ -101,9 +100,6 @@ DLZ_STUB_DESC= DLZ stub driver DNSTAP_DESC= Provides fast passive logging of DNS messages FIXED_RRSET_DESC= Enable fixed rrset ordering GEOIP_DESC= Allow geographically based ACL. -GOSTDEF_DESC= Enable GOST ciphers, needs SSL -GOST_ASN1_DESC= GOST using ASN.1 -GOST_DESC= GOST raw keys (new default) GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 @@ -150,10 +146,6 @@ FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset GEOIP_CONFIGURE_WITH= geoip GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP -GOST_ASN1_CONFIGURE_ON= --with-gost=asn1 - -GOST_CONFIGURE_ON= --with-gost - GSSAPI_BASE_CONFIGURE_ON=\ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_BASE_USES= gssapi @@ -219,16 +211,6 @@ TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include <bsd.port.pre.mk> - -.if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1} -CONFIGURE_ARGS+= --without-gost -.endif - -.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base -BROKEN= OpenSSL from the base system does not support GOST, add \ - DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ - that needs SSL. -.endif post-patch: .if defined(BIND_TOOLS_SLAVE)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811021013.wA2ADEQJ008134>