From owner-dev-commits-ports-all@freebsd.org Mon Sep 20 17:23:50 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CD2766AA62A; Mon, 20 Sep 2021 17:23:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HCrxy4p9mz4cd0; Mon, 20 Sep 2021 17:23:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 85BD31499B; Mon, 20 Sep 2021 17:23:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 18KHNorU079898; Mon, 20 Sep 2021 17:23:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 18KHNo7E079897; Mon, 20 Sep 2021 17:23:50 GMT (envelope-from git) Date: Mon, 20 Sep 2021 17:23:50 GMT Message-Id: <202109201723.18KHNo7E079897@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Mathieu Arnold Subject: git: 4a91cc902be0 - main - dns/bind9-devel: update to latest commit MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mat X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4a91cc902be09c5524ef4522e0c6151f7075207a Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2021 17:23:50 -0000 The branch main has been updated by mat: URL: https://cgit.FreeBSD.org/ports/commit/?id=4a91cc902be09c5524ef4522e0c6151f7075207a commit 4a91cc902be09c5524ef4522e0c6151f7075207a Author: Mathieu Arnold AuthorDate: 2021-09-20 17:21:51 +0000 Commit: Mathieu Arnold CommitDate: 2021-09-20 17:23:23 +0000 dns/bind9-devel: update to latest commit --- dns/bind-tools/pkg-plist-devel | 14 +++++------ dns/bind9-devel/Makefile | 10 ++------ dns/bind9-devel/distinfo | 6 ++--- .../files/extrapatch-bind-min-override-ttl | 18 +++++++------- dns/bind9-devel/files/extrapatch-bind-tools | 15 ++++++----- dns/bind9-devel/files/extrapatch-no-bind-tools | 11 +++----- dns/bind9-devel/files/named.in | 12 --------- .../files/patch-bin_named_include_named_globals.h | 4 +-- dns/bind9-devel/files/patch-configure.ac | 4 +-- dns/bind9-devel/pkg-help | 16 ------------ dns/bind9-devel/pkg-plist | 29 ++++++---------------- 11 files changed, 43 insertions(+), 96 deletions(-) diff --git a/dns/bind-tools/pkg-plist-devel b/dns/bind-tools/pkg-plist-devel index 4c095f749598..f0e490276003 100644 --- a/dns/bind-tools/pkg-plist-devel +++ b/dns/bind-tools/pkg-plist-devel @@ -17,19 +17,19 @@ bin/nsec3hash bin/nslookup bin/nsupdate lib/bind-tools/libbind9.so -lib/bind-tools/libbind9-9.17.15.so +lib/bind-tools/libbind9-9.17.18.so lib/bind-tools/libdns.so -lib/bind-tools/libdns-9.17.15.so +lib/bind-tools/libdns-9.17.18.so lib/bind-tools/libirs.so -lib/bind-tools/libirs-9.17.15.so +lib/bind-tools/libirs-9.17.18.so lib/bind-tools/libisc.so -lib/bind-tools/libisc-9.17.15.so +lib/bind-tools/libisc-9.17.18.so lib/bind-tools/libisccc.so -lib/bind-tools/libisccc-9.17.15.so +lib/bind-tools/libisccc-9.17.18.so lib/bind-tools/libisccfg.so -lib/bind-tools/libisccfg-9.17.15.so +lib/bind-tools/libisccfg-9.17.18.so lib/bind-tools/libns.so -lib/bind-tools/libns-9.17.15.so +lib/bind-tools/libns-9.17.18.so man/man1/arpaname.1.gz man/man1/delv.1.gz man/man1/dig.1.gz diff --git a/dns/bind9-devel/Makefile b/dns/bind9-devel/Makefile index 45a2b3c5779b..8a6aff840f2c 100644 --- a/dns/bind9-devel/Makefile +++ b/dns/bind9-devel/Makefile @@ -49,13 +49,13 @@ RUN_DEPENDS= bind-tools>0:dns/bind-tools # XXX: remove tar:bz2 USES= autoreconf compiler:c11 cpe libedit libtool pkgconfig ssl tar:bz2 # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.17.15a0.2021.07.06 +ISCVERSION= 9.17.18a0.2021.09.20 # XXX: Remove gitlab USE_GITLAB= yes GL_SITE= https://gitlab.isc.org GL_ACCOUNT= isc-projects GL_PROJECT= bind9 -GL_COMMIT= f663701b1deab34415f86cfef4172ac71e164edc +GL_COMMIT= be99fc92b63ef2463cadb2f90162982ed3ed289d CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} @@ -98,9 +98,6 @@ OPTIONS_DEFINE= DNSTAP DOCS FIXED_RRSET GEOIP IDN JSON LARGE_FILE LMDB \ MANPAGES OVERRIDECACHE PORTREVISION QUERYTRACE \ START_LATE TCP_FASTOPEN -OPTIONS_RADIO= CRYPTO -OPTIONS_RADIO_CRYPTO= NATIVE_PKCS11 - OPTIONS_GROUP= DLZ OPTIONS_GROUP_DLZ= DLZ_BDB DLZ_FILESYSTEM DLZ_LDAP DLZ_MYSQL \ DLZ_POSTGRESQL DLZ_STUB @@ -133,7 +130,6 @@ GSSAPI_NONE_DESC= Disable LARGE_FILE_DESC= 64-bit file support LMDB_DESC= Use LMDB for zone management OVERRIDECACHE_DESC= Use the override-cache patch -NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) PORTREVISION_DESC= Show PORTREVISION in the version string QUERYTRACE_DESC= Enable the very verbose query tracelogging START_LATE_DESC= Start BIND late in the boot process (see help) @@ -198,8 +194,6 @@ MANPAGES_BUILD_DEPENDS= sphinx-build:textproc/py-sphinx OVERRIDECACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl -NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 - QUERYTRACE_CONFIGURE_ENABLE= querytrace START_LATE_SUB_LIST= NAMED_BEFORE="LOGIN" \ diff --git a/dns/bind9-devel/distinfo b/dns/bind9-devel/distinfo index 0d95430036d5..ca046ef53dd2 100644 --- a/dns/bind9-devel/distinfo +++ b/dns/bind9-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1625573711 -SHA256 (isc-projects-bind9-f663701b1deab34415f86cfef4172ac71e164edc_GL0.tar.gz) = 6e07498a88a5c1525570e777501d96cbad3e9bf7d997fdb4a4da25183bec5663 -SIZE (isc-projects-bind9-f663701b1deab34415f86cfef4172ac71e164edc_GL0.tar.gz) = 6222198 +TIMESTAMP = 1632153636 +SHA256 (isc-projects-bind9-be99fc92b63ef2463cadb2f90162982ed3ed289d_GL0.tar.gz) = 5bdcd0999fb97f70c8622b90270665cccba9467d943984ce06845545ef5c605f +SIZE (isc-projects-bind9-be99fc92b63ef2463cadb2f90162982ed3ed289d_GL0.tar.gz) = 6192681 diff --git a/dns/bind9-devel/files/extrapatch-bind-min-override-ttl b/dns/bind9-devel/files/extrapatch-bind-min-override-ttl index 0814e1d03ccd..0277ad45fc8d 100644 --- a/dns/bind9-devel/files/extrapatch-bind-min-override-ttl +++ b/dns/bind9-devel/files/extrapatch-bind-min-override-ttl @@ -1,8 +1,8 @@ Add the override-cache-ttl feature. ---- bin/named/config.c.orig 2021-07-06 05:53:30 UTC +--- bin/named/config.c.orig 2021-09-17 07:10:48 UTC +++ bin/named/config.c -@@ -179,6 +179,7 @@ options {\n\ +@@ -182,6 +182,7 @@ options {\n\ notify-source *;\n\ notify-source-v6 *;\n\ nsec3-test-zone no;\n\ @@ -10,9 +10,9 @@ Add the override-cache-ttl feature. parental-source *;\n\ parental-source-v6 *;\n\ provide-ixfr true;\n\ ---- bin/named/server.c.orig 2021-07-06 05:53:30 UTC +--- bin/named/server.c.orig 2021-09-17 07:10:48 UTC +++ bin/named/server.c -@@ -4497,6 +4497,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl +@@ -4498,6 +4498,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } obj = NULL; @@ -24,7 +24,7 @@ Add the override-cache-ttl feature. result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asduration(obj); ---- lib/dns/include/dns/view.h.orig 2021-07-06 05:53:30 UTC +--- lib/dns/include/dns/view.h.orig 2021-09-17 07:10:48 UTC +++ lib/dns/include/dns/view.h @@ -154,6 +154,7 @@ struct dns_view { bool requestnsid; @@ -34,9 +34,9 @@ Add the override-cache-ttl feature. dns_ttl_t maxncachettl; dns_ttl_t mincachettl; dns_ttl_t minncachettl; ---- lib/dns/resolver.c.orig 2021-07-06 05:53:30 UTC +--- lib/dns/resolver.c.orig 2021-09-17 07:10:48 UTC +++ lib/dns/resolver.c -@@ -6386,6 +6386,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_mes +@@ -6382,6 +6382,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_mes } /* @@ -49,9 +49,9 @@ Add the override-cache-ttl feature. * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2021-07-06 05:53:30 UTC +--- lib/isccfg/namedconf.c.orig 2021-09-17 07:10:48 UTC +++ lib/isccfg/namedconf.c -@@ -2029,6 +2029,7 @@ static cfg_clausedef_t view_clauses[] = { +@@ -2050,6 +2050,7 @@ static cfg_clausedef_t view_clauses[] = { #endif /* ifdef HAVE_LMDB */ { "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, diff --git a/dns/bind9-devel/files/extrapatch-bind-tools b/dns/bind9-devel/files/extrapatch-bind-tools index e13e588e5aa4..ed20ba2432ba 100644 --- a/dns/bind9-devel/files/extrapatch-bind-tools +++ b/dns/bind9-devel/files/extrapatch-bind-tools @@ -1,6 +1,6 @@ Only select the "tools" part of bind for building. ---- Makefile.am.orig 2020-07-20 08:13:37 UTC +--- Makefile.am.orig 2021-09-17 07:10:48 UTC +++ Makefile.am @@ -8,8 +8,6 @@ CLEANFILES = bind.keys.h bind.keys.h: bind.keys Makefile @@ -11,17 +11,16 @@ Only select the "tools" part of bind for building. .PHONY: doc EXTRA_DIST = \ ---- bin/Makefile.am.orig 2020-07-20 08:13:37 UTC +--- bin/Makefile.am.orig 2021-09-17 07:10:48 UTC +++ bin/Makefile.am -@@ -1,4 +1,4 @@ +@@ -1 +1 @@ -SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins +SUBDIRS = dig delv dnssec tools nsupdate - - if HAVE_PKCS11 - SUBDIRS += pkcs11 ---- bin/tools/Makefile.am.orig 2020-07-20 08:13:37 UTC +-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins ++SUBDIRS = dig delv dnssec tools nsupdate +--- bin/tools/Makefile.am.orig 2021-09-17 07:10:48 UTC +++ bin/tools/Makefile.am -@@ -11,7 +11,6 @@ LDADD = \ +@@ -11,7 +11,6 @@ LDADD += \ bin_PROGRAMS = \ arpaname \ mdig \ diff --git a/dns/bind9-devel/files/extrapatch-no-bind-tools b/dns/bind9-devel/files/extrapatch-no-bind-tools index 0183e6a803ab..d53088bec0f4 100644 --- a/dns/bind9-devel/files/extrapatch-no-bind-tools +++ b/dns/bind9-devel/files/extrapatch-no-bind-tools @@ -1,16 +1,13 @@ Exclude the "tools" from building and installing. ---- bin/Makefile.am.orig 2021-01-04 06:21:13 UTC +--- bin/Makefile.am.orig 2021-09-17 07:10:48 UTC +++ bin/Makefile.am -@@ -1,4 +1,4 @@ +@@ -1 +1 @@ -SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins +SUBDIRS = named rndc tools check confgen tests plugins - - if HAVE_PKCS11 - SUBDIRS += pkcs11 ---- bin/tools/Makefile.am.orig 2021-01-04 06:21:13 UTC +--- bin/tools/Makefile.am.orig 2021-09-17 07:10:48 UTC +++ bin/tools/Makefile.am -@@ -9,11 +9,7 @@ LDADD = \ +@@ -9,11 +9,7 @@ LDADD += \ $(LIBISC_LIBS) bin_PROGRAMS = \ diff --git a/dns/bind9-devel/files/named.in b/dns/bind9-devel/files/named.in index f1f0fb3e2d03..0d19435000cc 100644 --- a/dns/bind9-devel/files/named.in +++ b/dns/bind9-devel/files/named.in @@ -21,7 +21,6 @@ # named_wait_host (str): Hostname to check if named_wait is enabled # named_auto_forward (str): Set up forwarders from /etc/resolv.conf # named_auto_forward_only (str): Do "forward only" instead of "forward first" -%%NATIVE_PKCS11%%# named_pkcs11_engine (str): Path to the PKCS#11 library to use. # . /etc/rc.subr @@ -52,7 +51,6 @@ named_wait=${named_wait:-"NO"} named_wait_host=${named_wait_host:-"localhost"} named_auto_forward=${named_auto_forward:-"NO"} named_auto_forward_only=${named_auto_forward_only:-"NO"} -%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""} # Not configuration variables but having them here keeps rclint happy required_dirs="${named_chrootdir}" @@ -334,16 +332,6 @@ named_prestart() command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}" -%%NATIVE_PKCS11%% if [ -z "${named_pkcs11_engine}"]; then -%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use" -%%NATIVE_PKCS11%% elif [ ! -f ${named_pkcs11_engine} ]; then -%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist" -%%NATIVE_PKCS11%% else -%%NATIVE_PKCS11%% mkdir -p ${named_chrootdir}${named_pkcs11_engine%/*} -%%NATIVE_PKCS11%% cp -p ${named_pkcs11_engine} ${named_chrootdir}${named_pkcs11_engine} -%%NATIVE_PKCS11%% command_args="-E ${named_pkcs11_engine} ${command_args}" -%%NATIVE_PKCS11%% fi - local line nsip firstns # Is the user using a sandbox? diff --git a/dns/bind9-devel/files/patch-bin_named_include_named_globals.h b/dns/bind9-devel/files/patch-bin_named_include_named_globals.h index 173ad8b5d006..6b9d61afe30c 100644 --- a/dns/bind9-devel/files/patch-bin_named_include_named_globals.h +++ b/dns/bind9-devel/files/patch-bin_named_include_named_globals.h @@ -1,8 +1,8 @@ We reference the pid file as being run/named/pid everywere else. ---- bin/named/include/named/globals.h.orig 2021-02-08 02:55:31 UTC +--- bin/named/include/named/globals.h.orig 2021-09-17 07:10:48 UTC +++ bin/named/include/named/globals.h -@@ -130,7 +130,7 @@ EXTERN bool named_g_forcelock INIT(false); +@@ -133,7 +133,7 @@ EXTERN bool named_g_forcelock INIT(false); #if NAMED_RUN_PID_DIR EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named/" diff --git a/dns/bind9-devel/files/patch-configure.ac b/dns/bind9-devel/files/patch-configure.ac index 417f725db3f2..ed71cb259b09 100644 --- a/dns/bind9-devel/files/patch-configure.ac +++ b/dns/bind9-devel/files/patch-configure.ac @@ -1,8 +1,8 @@ automake has warnings, it is ok here. ---- configure.ac.orig 2021-04-26 07:17:12 UTC +--- configure.ac.orig 2021-09-17 07:10:48 UTC +++ configure.ac -@@ -63,7 +63,7 @@ AC_CANONICAL_HOST +@@ -46,7 +46,7 @@ AC_CANONICAL_HOST AC_CANONICAL_TARGET AC_CONFIG_SRCDIR([bin/named/main.c]) diff --git a/dns/bind9-devel/pkg-help b/dns/bind9-devel/pkg-help index aa85330b21d7..55cdb63c117c 100644 --- a/dns/bind9-devel/pkg-help +++ b/dns/bind9-devel/pkg-help @@ -1,19 +1,3 @@ - NATIVE_PKCS11 -When using the NATIVE_PKCS11 option, BIND will use the PKCS#11 -engine specified by the named_pkcss11_engine variable in -/etc/rc.conf for *all* crypto operations. - -This is primarily intended to be used in an authoritative -case. - -If BIND is also operating as a validating resolver, -NATIVE_PKCS11 should not be used, because the HSM will be -used for all crypto, including DNSSEC validations, and the -HSM is likely to be slower than the CPU for this purpose. -Additionally, the HSM might not support all of the PKCS#11 -API functions needed for signature verification. - - GOST If using a chrooted instance of BIND on FreeBSD 8.x and 9.x, the OpenSSL engines MUST be accessible from within the chroot. diff --git a/dns/bind9-devel/pkg-plist b/dns/bind9-devel/pkg-plist index 691e7e9f1cac..f5e38c9ba9b6 100644 --- a/dns/bind9-devel/pkg-plist +++ b/dns/bind9-devel/pkg-plist @@ -4,10 +4,6 @@ bin/named-checkzone bin/named-compilezone bin/named-journalprint %%LMDB%%bin/named-nzd2nzf -%%NATIVE_PKCS11%%bin/pkcs11-destroy -%%NATIVE_PKCS11%%bin/pkcs11-keygen -%%NATIVE_PKCS11%%bin/pkcs11-list -%%NATIVE_PKCS11%%bin/pkcs11-tokens @sample etc/mtree/BIND.chroot.dist.sample @sample etc/mtree/BIND.chroot.local.dist.sample %%ETCDIR%%/bind.keys @@ -163,7 +159,6 @@ include/isc/interfaceiter.h include/isc/iterated_hash.h include/isc/lang.h include/isc/lex.h -include/isc/lib.h include/isc/likely.h include/isc/list.h include/isc/log.h @@ -256,28 +251,22 @@ include/ns/stats.h include/ns/types.h include/ns/update.h include/ns/xfrout.h -include/pk11/constants.h -include/pk11/internal.h -include/pk11/pk11.h -include/pk11/result.h -include/pk11/site.h -include/pkcs11/pkcs11.h lib/bind/filter-a.so lib/bind/filter-aaaa.so lib/libbind9.so -lib/libbind9-9.17.15.so +lib/libbind9-9.17.18.so lib/libdns.so -lib/libdns-9.17.15.so +lib/libdns-9.17.18.so lib/libirs.so -lib/libirs-9.17.15.so +lib/libirs-9.17.18.so lib/libisc.so -lib/libisc-9.17.15.so +lib/libisc-9.17.18.so lib/libisccc.so -lib/libisccc-9.17.15.so +lib/libisccc-9.17.18.so lib/libisccfg.so -lib/libisccfg-9.17.15.so +lib/libisccfg-9.17.18.so lib/libns.so -lib/libns-9.17.15.so +lib/libns-9.17.18.so @comment man/man1/arpaname.1.gz @comment man/man1/delv.1.gz @comment man/man1/dig.1.gz @@ -302,10 +291,6 @@ lib/libns-9.17.15.so @comment man/man1/nsec3hash.1.gz @comment man/man1/nslookup.1.gz @comment man/man1/nsupdate.1.gz -%%MANPAGES%%%%NATIVE_PKCS11%%man/man1/pkcs11-destroy.1.gz -%%MANPAGES%%%%NATIVE_PKCS11%%man/man1/pkcs11-keygen.1.gz -%%MANPAGES%%%%NATIVE_PKCS11%%man/man1/pkcs11-list.1.gz -%%MANPAGES%%%%NATIVE_PKCS11%%man/man1/pkcs11-tokens.1.gz %%MANPAGES%%man/man5/named.conf.5.gz %%MANPAGES%%man/man5/rndc.conf.5.gz %%MANPAGES%%man/man8/ddns-confgen.8.gz