Index: head/dns/bind910/Makefile =================================================================== --- head/dns/bind910/Makefile (revision 465008) +++ head/dns/bind910/Makefile (revision 465009) @@ -1,246 +1,246 @@ # $FreeBSD$ # pkg-help formatted with fmt 59 63 PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} PKGNAMESUFFIX= 910 DISTNAME= ${PORTNAME}-${ISCVERSION} MAINTAINER= mat@FreeBSD.org COMMENT= BIND DNS suite with updated DNSSEC and DNS64 LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT DEPRECATED= Going out of support, please migrate to dns/bind911 EXPIRATION_DATE= 2018-06-30 # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.10.6-P1 +ISCVERSION= 9.10.7 USES= cpe libedit CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} .if ${ISCVERSION:M*-*} CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} .endif LIB_DEPENDS= libxml2.so:textproc/libxml2 GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ --disable-symtable \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ --sysconfdir=${ETCDIR} ETCDIR= ${PREFIX}/etc/namedb CONFLICTS= bind-tools bind99 bind911 bind912 bind9-devel SUB_FILES= pkg-message named.conf USE_RC_SUBR= named MAKE_JOBS_UNSAFE= yes PORTDOCS= * OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON \ DLZ_FILESYSTEM RPZ_NSIP RPZ_NSDNAME PYTHON OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \ FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA \ RPZ_NSIP RPZ_NSDNAME DOCS GEOIP \ MINCACHE PORTREVISION FETCHLIMIT QUERYTRACE \ START_LATE TUNING_LARGE OPTIONS_RADIO= CRYPTO GOSTDEF OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1 OPTIONS_GROUP= DLZ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB OPTIONS_SINGLE= GSSAPI OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes CRYPTO_DESC= Choose which crypto engine to use DLZ_BDB_DESC= DLZ BDB driver DLZ_DESC= Dynamically Loadable Zones DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_LDAP_DESC= DLZ LDAP driver DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) DLZ_POSTGRESQL_DESC= DLZ Postgres driver DLZ_STUB_DESC= DLZ stub driver FETCHLIMIT_DESC= Enable the query quotas for resolvers FILTER_AAAA_DESC= Enable filtering of AAAA records FIXED_RRSET_DESC= Enable fixed rrset ordering GEOIP_DESC= Allow geographically based ACL. GOSTDEF_DESC= Enable GOST ciphers, needs SSL GOST_ASN1_DESC= GOST using ASN.1 GOST_DESC= GOST raw keys (new default) GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 GSSAPI_NONE_DESC= Disable LARGE_FILE_DESC= 64-bit file support MINCACHE_DESC= Use the mincachettl patch NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) PORTREVISION_DESC= Show PORTREVISION in the version string PYTHON_DESC= Build with Python utilities QUERYTRACE_DESC= Enable the very verbose query tracelogging RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation SSL_DESC= Build with OpenSSL (Required for DNSSEC) START_LATE_DESC= Start BIND late in the boot process (see help) TUNING_LARGE_DESC= Tune named for large systems (**READ HELP**) DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes DLZ_BDB_USES= bdb DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes DLZ_LDAP_USE= openldap=yes DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes DLZ_MYSQL_PREVENTS= THREADS DLZ_MYSQL_USES= mysql DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes DLZ_POSTGRESQL_USES= pgsql DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes FETCHLIMIT_CONFIGURE_ENABLE= fetchlimit FILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset GEOIP_CONFIGURE_WITH= geoip GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP GOST_ASN1_CONFIGURE_ON= --with-gost=asn1 GOST_CONFIGURE_ON= --with-gost GSSAPI_BASE_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_MIT_USES= gssapi:mit GSSAPI_NONE_CONFIGURE_ON= --without-gssapi IDN_CONFIGURE_OFF= --without-idn IDN_CONFIGURE_ON= --with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE} IDN_LIB_DEPENDS= libidnkit.so:dns/idnkit IDN_USES= iconv IPV6_CONFIGURE_ENABLE= ipv6 JSON_CONFIGURE_WITH= libjson JSON_LIB_DEPENDS= libjson-c.so:devel/json-c LARGE_FILE_CONFIGURE_ENABLE= largefile MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 NATIVE_PKCS11_IMPLIES= THREADS PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} PYTHON_USES= python QUERYTRACE_CONFIGURE_ENABLE= querytrace RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} SSL_USES= ssl START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ NAMED_BEFORE="LOGIN" START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ NAMED_BEFORE="SERVERS" THREADS_CONFIGURE_ENABLE= threads TUNING_LARGE_IMPLIES= THREADS TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include .if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1} CONFIGURE_ARGS+= --without-gost .endif .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ that needs SSL. .endif post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ rndc/rndc.8 @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ ${WRKSRC}/bin/${FILE} .endfor .if ${PORTREVISION:N0} post-patch-PORTREVISION-on: @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ ${WRKSRC}/version .endif post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree ${MKDIR} ${STAGEDIR}${ETCDIR} .for i in dynamic master slave working @${MKDIR} ${STAGEDIR}${ETCDIR}/$i .endfor ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${STAGEDIR}${ETCDIR}/rndc.conf.sample post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ* \ ${WRKSRC}/HISTORY* ${WRKSRC}/README* ${STAGEDIR}${DOCSDIR} # Can't use USE_PYTHON=autoplist post-install-PYTHON-on: @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} .include Index: head/dns/bind910/distinfo =================================================================== --- head/dns/bind910/distinfo (revision 465008) +++ head/dns/bind910/distinfo (revision 465009) @@ -1,3 +1,3 @@ -TIMESTAMP = 1516059365 -SHA256 (bind-9.10.6-P1.tar.gz) = 9b8b4f6ecfc82a491774bf713d8a888b954c427526035eb715544438f36a2334 -SIZE (bind-9.10.6-P1.tar.gz) = 9452495 +TIMESTAMP = 1521455507 +SHA256 (bind-9.10.7.tar.gz) = e15e70982d966cd4b194ff483f5cc636c0017b054ae2e332ca3f28fe53f11660 +SIZE (bind-9.10.7.tar.gz) = 9171441 Index: head/dns/bind910/files/extrapatch-bind-min-override-ttl =================================================================== --- head/dns/bind910/files/extrapatch-bind-min-override-ttl (revision 465008) +++ head/dns/bind910/files/extrapatch-bind-min-override-ttl (revision 465009) @@ -1,73 +1,78 @@ ---- bin/named/config.c.orig 2018-01-04 05:35:08 UTC +--- bin/named/config.c.orig 2018-01-24 21:17:00 UTC +++ bin/named/config.c -@@ -154,6 +154,8 @@ options {\n\ - min-roots 2;\n\ - lame-ttl 600;\n\ +@@ -167,11 +167,13 @@ options {\n\ max-ncache-ttl 10800; /* 3 hours */\n\ -+ override-cache-ttl 0; /* do not override */\n\ -+ min-cache-ttl 0; /* no minimal, zero is allowed */\n\ - max-cache-ttl 604800; /* 1 week */\n\ - transfer-format many-answers;\n\ - max-cache-size 0;\n\ ---- bin/named/server.c.orig 2018-01-04 05:35:08 UTC + max-recursion-depth 7;\n\ + max-recursion-queries 75;\n\ ++ min-cache-ttl 0; /* no minimal, zero is allowed */\n\ + min-roots 2;\n\ + minimal-responses false;\n\ + notify-source *;\n\ + notify-source-v6 *;\n\ + nsec3-test-zone no;\n\ ++ override-cache-ttl 0; /* do not override */\n\ + provide-ixfr true;\n\ + query-source address *;\n\ + query-source-v6 address *;\n\ +--- bin/named/server.c.orig 2018-01-24 21:17:00 UTC +++ bin/named/server.c -@@ -2890,6 +2890,16 @@ configure_view(dns_view_t *view, dns_vie +@@ -2854,6 +2854,16 @@ configure_view(dns_view_t *view, dns_vie } obj = NULL; + result = ns_config_get(maps, "override-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->overridecachettl = cfg_obj_asuint32(obj); + + obj = NULL; + result = ns_config_get(maps, "min-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->mincachettl = cfg_obj_asuint32(obj); + + obj = NULL; result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-01-04 05:35:08 UTC +--- lib/dns/include/dns/view.h.orig 2018-01-24 21:17:00 UTC +++ lib/dns/include/dns/view.h @@ -151,6 +151,8 @@ struct dns_view { isc_boolean_t requestnsid; isc_boolean_t requestsit; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; dns_ttl_t prefetch_trigger; dns_ttl_t prefetch_eligible; ---- lib/dns/resolver.c.orig 2018-01-04 05:35:08 UTC +--- lib/dns/resolver.c.orig 2018-01-24 21:17:00 UTC +++ lib/dns/resolver.c -@@ -5387,6 +5387,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5416,6 +5416,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* + * Enforce the configure cache TTL override. + */ + if (res->view->overridecachettl) + rdataset->ttl = res->view->overridecachettl; + + /* + * Enforce the configure minimum cache TTL. + */ + if (rdataset->ttl < res->view->mincachettl) + rdataset->ttl = res->view->mincachettl; + + /* * Enforce the configure maximum cache TTL. */ - if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2018-01-04 05:35:08 UTC + if (rdataset->ttl > res->view->maxcachettl) { +--- lib/isccfg/namedconf.c.orig 2018-01-24 21:17:00 UTC +++ lib/isccfg/namedconf.c -@@ -1591,6 +1591,8 @@ view_clauses[] = { - #endif +@@ -1600,6 +1600,8 @@ view_clauses[] = { + { "lame-ttl", &cfg_type_uint32, 0 }, { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizenodefault, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, + { "min-cache-ttl", &cfg_type_uint32, 0 }, { "max-cache-ttl", &cfg_type_uint32, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_uint32, 0 }, Index: head/dns/bind910/files/patch-configure =================================================================== --- head/dns/bind910/files/patch-configure (revision 465008) +++ head/dns/bind910/files/patch-configure (revision 465009) @@ -1,90 +1,90 @@ ---- configure.orig 2017-07-24 05:31:21 UTC +--- configure.orig 2018-03-08 20:55:52 UTC +++ configure -@@ -14348,27 +14348,9 @@ done +@@ -14387,27 +14387,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ - "-lgssapi_krb5" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ - "-lgssapi" \ - "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgss -lkrb5" + "$($KRB5CONFIG gssapi --libs)"; \ do - # Note that this does not include $saved_libs, because - # on FreeBSD machines this configure script has added - # -L/usr/local/lib to LIBS, which can make the - # -lgssapi_krb5 test succeed with shared libraries even - # when you are trying to build with KTH in /usr/lib. - if test "/usr" = "$use_gssapi" - then - LIBS="$TRY_LIBS" - else - LIBS="-L$use_gssapi/lib $TRY_LIBS" - fi + LIBS="$TRY_LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14411,47 +14393,7 @@ $as_echo "no" >&6; } ;; +@@ -14450,47 +14432,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac - # - # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib - # but MIT in /usr/local/lib and trying to build with KTH. - # /usr/local/lib can end up earlier on the link lines. - # Like most kludges, this one is not only inelegant it - # is also likely to be the wrong thing to do at least as - # many times as it is the right thing. Something better - # needs to be done. - # - if test "/usr" = "$use_gssapi" -a \ - -f /usr/local/lib/libkrb5.a; then - FIX_KTH_VS_MIT=yes - fi - - case "$FIX_KTH_VS_MIT" in - yes) - case "$enable_static_linking" in - yes) gssapi_lib_suffix=".a" ;; - *) gssapi_lib_suffix=".so" ;; - esac - - for lib in $LIBS; do - case $lib in - -L*) - ;; - -l*) - new_lib=`echo $lib | - sed -e s%^-l%$use_gssapi/lib/lib% \ - -e s%$%$gssapi_lib_suffix%` - NEW_LIBS="$NEW_LIBS $new_lib" - ;; - *) - as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 - ;; - esac - done - LIBS="$NEW_LIBS" - ;; - esac - - DST_GSSAPI_INC="-I$use_gssapi/include" + DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -22036,7 +21978,7 @@ $as_echo "" >&6; } +@@ -22349,7 +22291,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). - bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" + bdb_incdirs="/db6 /db5 /db48" # include a blank element first for d in "" $bdb_incdirs do Index: head/dns/bind910/pkg-plist =================================================================== --- head/dns/bind910/pkg-plist (revision 465008) +++ head/dns/bind910/pkg-plist (revision 465009) @@ -1,425 +1,427 @@ bin/arpaname bin/bind9-config bin/delv bin/dig bin/host bin/isc-config.sh bin/named-rrchecker bin/nslookup bin/nsupdate @sample etc/mtree/BIND.chroot.dist.sample @sample etc/mtree/BIND.chroot.local.dist.sample %%ETCDIR%%/bind.keys %%ETCDIR%%/master/empty.db %%ETCDIR%%/master/localhost-forward.db %%ETCDIR%%/master/localhost-reverse.db @sample %%ETCDIR%%/named.conf.sample %%ETCDIR%%/named.root %%ETCDIR%%/rndc.conf.sample include/bind9/check.h include/bind9/getaddresses.h include/bind9/version.h include/dns/acache.h include/dns/acl.h include/dns/adb.h include/dns/bit.h include/dns/byaddr.h include/dns/cache.h include/dns/callbacks.h include/dns/cert.h include/dns/client.h include/dns/clientinfo.h include/dns/compress.h include/dns/db.h include/dns/dbiterator.h include/dns/dbtable.h include/dns/diff.h include/dns/dispatch.h include/dns/dlz.h include/dns/dlz_dlopen.h include/dns/dns64.h include/dns/dnssec.h include/dns/ds.h include/dns/dsdigest.h include/dns/ecdb.h include/dns/enumclass.h include/dns/enumtype.h include/dns/events.h include/dns/fixedname.h include/dns/forward.h include/dns/geoip.h include/dns/iptable.h include/dns/journal.h include/dns/keydata.h include/dns/keyflags.h include/dns/keytable.h include/dns/keyvalues.h include/dns/lib.h include/dns/log.h include/dns/lookup.h include/dns/master.h include/dns/masterdump.h include/dns/message.h include/dns/name.h include/dns/ncache.h include/dns/nsec.h include/dns/nsec3.h include/dns/opcode.h include/dns/order.h include/dns/peer.h include/dns/portlist.h include/dns/private.h include/dns/rbt.h include/dns/rcode.h include/dns/rdata.h include/dns/rdataclass.h include/dns/rdatalist.h include/dns/rdataset.h include/dns/rdatasetiter.h include/dns/rdataslab.h include/dns/rdatastruct.h include/dns/rdatatype.h include/dns/request.h include/dns/resolver.h include/dns/result.h include/dns/rootns.h include/dns/rpz.h include/dns/rriterator.h include/dns/rrl.h include/dns/sdb.h include/dns/sdlz.h include/dns/secalg.h include/dns/secproto.h include/dns/soa.h include/dns/ssu.h include/dns/stats.h include/dns/tcpmsg.h include/dns/time.h include/dns/timer.h include/dns/tkey.h include/dns/tsec.h include/dns/tsig.h include/dns/ttl.h include/dns/types.h include/dns/update.h include/dns/validator.h include/dns/version.h include/dns/view.h include/dns/xfrin.h include/dns/zone.h include/dns/zonekey.h include/dns/zt.h include/dst/dst.h include/dst/gssapi.h include/dst/lib.h include/dst/result.h include/irs/context.h include/irs/dnsconf.h include/irs/netdb.h include/irs/platform.h include/irs/resconf.h include/irs/types.h include/irs/version.h include/isc/aes.h include/isc/app.h include/isc/assertions.h include/isc/atomic.h include/isc/backtrace.h include/isc/base32.h include/isc/base64.h include/isc/bind9.h include/isc/boolean.h include/isc/buffer.h include/isc/bufferlist.h include/isc/commandline.h include/isc/condition.h include/isc/counter.h include/isc/crc64.h include/isc/dir.h include/isc/entropy.h include/isc/errno.h include/isc/error.h include/isc/event.h include/isc/eventclass.h include/isc/file.h include/isc/formatcheck.h include/isc/fsaccess.h include/isc/hash.h include/isc/heap.h include/isc/hex.h include/isc/hmacmd5.h include/isc/hmacsha.h include/isc/httpd.h include/isc/int.h include/isc/interfaceiter.h include/isc/iterated_hash.h include/isc/json.h include/isc/keyboard.h include/isc/lang.h include/isc/lex.h include/isc/lfsr.h include/isc/lib.h +include/isc/likely.h include/isc/list.h include/isc/log.h include/isc/magic.h include/isc/md5.h include/isc/mem.h include/isc/msgcat.h include/isc/msgs.h include/isc/mutex.h include/isc/mutexblock.h include/isc/net.h include/isc/netaddr.h include/isc/netdb.h include/isc/netscope.h include/isc/offset.h include/isc/once.h include/isc/ondestroy.h include/isc/os.h include/isc/parseint.h include/isc/platform.h include/isc/pool.h include/isc/portset.h include/isc/print.h include/isc/queue.h include/isc/quota.h include/isc/radix.h include/isc/random.h include/isc/ratelimiter.h include/isc/refcount.h include/isc/regex.h include/isc/region.h include/isc/resource.h include/isc/result.h include/isc/resultclass.h include/isc/rwlock.h include/isc/safe.h include/isc/serial.h include/isc/sha1.h include/isc/sha2.h include/isc/sockaddr.h include/isc/socket.h include/isc/stat.h include/isc/stats.h include/isc/stdio.h include/isc/stdlib.h include/isc/stdtime.h include/isc/strerror.h include/isc/string.h include/isc/symtab.h include/isc/syslog.h include/isc/task.h include/isc/taskpool.h include/isc/thread.h include/isc/time.h include/isc/timer.h include/isc/tm.h include/isc/types.h include/isc/util.h include/isc/version.h include/isc/xml.h include/isccc/alist.h include/isccc/base64.h include/isccc/cc.h include/isccc/ccmsg.h include/isccc/events.h include/isccc/lib.h include/isccc/result.h include/isccc/sexpr.h include/isccc/symtab.h include/isccc/symtype.h include/isccc/types.h include/isccc/util.h include/isccc/version.h include/isccfg/aclconf.h include/isccfg/cfg.h include/isccfg/dnsconf.h include/isccfg/grammar.h include/isccfg/log.h include/isccfg/namedconf.h include/isccfg/version.h include/lwres/context.h include/lwres/int.h include/lwres/ipv6.h include/lwres/lang.h include/lwres/list.h include/lwres/lwbuffer.h include/lwres/lwpacket.h include/lwres/lwres.h include/lwres/net.h include/lwres/netdb.h include/lwres/platform.h include/lwres/result.h include/lwres/stdlib.h include/lwres/string.h include/lwres/version.h include/pk11/constants.h include/pk11/internal.h include/pk11/pk11.h include/pk11/result.h include/pk11/site.h include/pkcs11/cryptoki.h +include/pkcs11/eddsa.h include/pkcs11/pkcs11.h include/pkcs11/pkcs11f.h include/pkcs11/pkcs11t.h lib/libbind9.a lib/libdns.a lib/libirs.a lib/libisc.a lib/libisccc.a lib/libisccfg.a lib/liblwres.a man/man1/arpaname.1.gz man/man1/bind9-config.1.gz man/man1/delv.1.gz man/man1/dig.1.gz man/man1/host.1.gz man/man1/isc-config.sh.1.gz man/man1/named-rrchecker.1.gz man/man1/nslookup.1.gz man/man1/nsupdate.1.gz man/man3/lwres.3.gz man/man3/lwres_addr_parse.3.gz man/man3/lwres_buffer.3.gz man/man3/lwres_buffer_add.3.gz man/man3/lwres_buffer_back.3.gz man/man3/lwres_buffer_clear.3.gz man/man3/lwres_buffer_first.3.gz man/man3/lwres_buffer_forward.3.gz man/man3/lwres_buffer_getmem.3.gz man/man3/lwres_buffer_getuint16.3.gz man/man3/lwres_buffer_getuint32.3.gz man/man3/lwres_buffer_getuint8.3.gz man/man3/lwres_buffer_init.3.gz man/man3/lwres_buffer_invalidate.3.gz man/man3/lwres_buffer_putmem.3.gz man/man3/lwres_buffer_putuint16.3.gz man/man3/lwres_buffer_putuint32.3.gz man/man3/lwres_buffer_putuint8.3.gz man/man3/lwres_buffer_subtract.3.gz man/man3/lwres_conf_clear.3.gz man/man3/lwres_conf_get.3.gz man/man3/lwres_conf_init.3.gz man/man3/lwres_conf_parse.3.gz man/man3/lwres_conf_print.3.gz man/man3/lwres_config.3.gz man/man3/lwres_context.3.gz man/man3/lwres_context_allocmem.3.gz man/man3/lwres_context_create.3.gz man/man3/lwres_context_destroy.3.gz man/man3/lwres_context_freemem.3.gz man/man3/lwres_context_initserial.3.gz man/man3/lwres_context_nextserial.3.gz man/man3/lwres_context_sendrecv.3.gz man/man3/lwres_endhostent.3.gz man/man3/lwres_endhostent_r.3.gz man/man3/lwres_freeaddrinfo.3.gz man/man3/lwres_freehostent.3.gz man/man3/lwres_gabn.3.gz man/man3/lwres_gabnrequest_free.3.gz man/man3/lwres_gabnrequest_parse.3.gz man/man3/lwres_gabnrequest_render.3.gz man/man3/lwres_gabnresponse_free.3.gz man/man3/lwres_gabnresponse_parse.3.gz man/man3/lwres_gabnresponse_render.3.gz man/man3/lwres_gai_strerror.3.gz man/man3/lwres_getaddrinfo.3.gz man/man3/lwres_getaddrsbyname.3.gz man/man3/lwres_gethostbyaddr.3.gz man/man3/lwres_gethostbyaddr_r.3.gz man/man3/lwres_gethostbyname.3.gz man/man3/lwres_gethostbyname2.3.gz man/man3/lwres_gethostbyname_r.3.gz man/man3/lwres_gethostent.3.gz man/man3/lwres_gethostent_r.3.gz man/man3/lwres_getipnode.3.gz man/man3/lwres_getipnodebyaddr.3.gz man/man3/lwres_getipnodebyname.3.gz man/man3/lwres_getnamebyaddr.3.gz man/man3/lwres_getnameinfo.3.gz man/man3/lwres_getrrsetbyname.3.gz man/man3/lwres_gnba.3.gz man/man3/lwres_gnbarequest_free.3.gz man/man3/lwres_gnbarequest_parse.3.gz man/man3/lwres_gnbarequest_render.3.gz man/man3/lwres_gnbaresponse_free.3.gz man/man3/lwres_gnbaresponse_parse.3.gz man/man3/lwres_gnbaresponse_render.3.gz man/man3/lwres_herror.3.gz man/man3/lwres_hstrerror.3.gz man/man3/lwres_inetntop.3.gz man/man3/lwres_lwpacket_parseheader.3.gz man/man3/lwres_lwpacket_renderheader.3.gz man/man3/lwres_net_ntop.3.gz man/man3/lwres_noop.3.gz man/man3/lwres_nooprequest_free.3.gz man/man3/lwres_nooprequest_parse.3.gz man/man3/lwres_nooprequest_render.3.gz man/man3/lwres_noopresponse_free.3.gz man/man3/lwres_noopresponse_parse.3.gz man/man3/lwres_noopresponse_render.3.gz man/man3/lwres_packet.3.gz man/man3/lwres_resutil.3.gz man/man3/lwres_sethostent.3.gz man/man3/lwres_sethostent_r.3.gz man/man3/lwres_string_parse.3.gz man/man5/named.conf.5.gz man/man5/rndc.conf.5.gz man/man8/ddns-confgen.8.gz %%PYTHON%%man/man8/dnssec-checkds.8.gz %%PYTHON%%man/man8/dnssec-coverage.8.gz man/man8/dnssec-dsfromkey.8.gz man/man8/dnssec-importkey.8.gz man/man8/dnssec-keyfromlabel.8.gz man/man8/dnssec-keygen.8.gz man/man8/dnssec-revoke.8.gz man/man8/dnssec-settime.8.gz man/man8/dnssec-signzone.8.gz man/man8/dnssec-verify.8.gz man/man8/genrandom.8.gz man/man8/isc-hmac-fixup.8.gz man/man8/lwresd.8.gz man/man8/named-checkconf.8.gz man/man8/named-checkzone.8.gz man/man8/named-compilezone.8.gz man/man8/named-journalprint.8.gz man/man8/named.8.gz man/man8/nsec3hash.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz man/man8/rndc-confgen.8.gz man/man8/rndc.8.gz man/man8/tsig-keygen.8.gz sbin/ddns-confgen %%PYTHON%%sbin/dnssec-checkds %%PYTHON%%sbin/dnssec-coverage sbin/dnssec-dsfromkey sbin/dnssec-importkey sbin/dnssec-keyfromlabel sbin/dnssec-keygen sbin/dnssec-revoke sbin/dnssec-settime sbin/dnssec-signzone sbin/dnssec-verify sbin/genrandom sbin/isc-hmac-fixup sbin/lwresd sbin/named sbin/named-checkconf sbin/named-checkzone sbin/named-compilezone sbin/named-journalprint sbin/nsec3hash %%NATIVE_PKCS11%%sbin/pkcs11-destroy %%NATIVE_PKCS11%%sbin/pkcs11-keygen %%NATIVE_PKCS11%%sbin/pkcs11-list %%NATIVE_PKCS11%%sbin/pkcs11-tokens sbin/rndc sbin/rndc-confgen sbin/tsig-keygen @dir(bind,bind,) %%ETCDIR%%/dynamic @dir %%ETCDIR%%/master @dir(bind,bind,) %%ETCDIR%%/slave @dir(bind,bind,) %%ETCDIR%%/working Index: head/dns/bind911/Makefile =================================================================== --- head/dns/bind911/Makefile (revision 465008) +++ head/dns/bind911/Makefile (revision 465009) @@ -1,256 +1,256 @@ # $FreeBSD$ # pkg-help formatted with fmt 59 63 PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} -PORTREVISION= 3 +PORTREVISION= 0 CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} PKGNAMESUFFIX= 911 DISTNAME= ${PORTNAME}-${ISCVERSION} MAINTAINER= mat@FreeBSD.org COMMENT= BIND DNS suite with updated DNSSEC and DNS64 LICENSE= MPL20 LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.2-P1 +ISCVERSION= 9.11.3 USES= cpe libedit CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} .if ${ISCVERSION:M*-*} CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} .endif LIB_DEPENDS= libxml2.so:textproc/libxml2 GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ --disable-symtable \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ --sysconfdir=${ETCDIR} ETCDIR= ${PREFIX}/etc/namedb CONFLICTS= bind-tools bind99 bind910 bind912 bind9-devel SUB_FILES= pkg-message named.conf USE_RC_SUBR= named MAKE_JOBS_UNSAFE= yes PORTDOCS= * OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON PYTHON \ DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP TCP_FASTOPEN OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \ FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA \ RPZ_NSIP RPZ_NSDNAME DOCS GEOIP \ MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \ START_LATE TUNING_LARGE TCP_FASTOPEN OPTIONS_RADIO= CRYPTO GOSTDEF OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1 OPTIONS_GROUP= DLZ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB OPTIONS_SINGLE= GSSAPI OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes CRYPTO_DESC= Choose which crypto engine to use DLZ_BDB_DESC= DLZ BDB driver DLZ_DESC= Dynamically Loadable Zones DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_LDAP_DESC= DLZ LDAP driver DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) DLZ_POSTGRESQL_DESC= DLZ Postgres driver DLZ_STUB_DESC= DLZ stub driver DNSTAP_DESC= Provides fast passive logging of DNS messages FILTER_AAAA_DESC= Enable filtering of AAAA records FIXED_RRSET_DESC= Enable fixed rrset ordering GEOIP_DESC= Allow geographically based ACL. GOSTDEF_DESC= Enable GOST ciphers, needs SSL GOST_ASN1_DESC= GOST using ASN.1 GOST_DESC= GOST raw keys (new default) GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 GSSAPI_NONE_DESC= Disable LARGE_FILE_DESC= 64-bit file support LMDB_DESC= Use LMDB for zone management MINCACHE_DESC= Use the mincachettl patch NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) PORTREVISION_DESC= Show PORTREVISION in the version string PYTHON_DESC= Build with Python utilities QUERYTRACE_DESC= Enable the very verbose query tracelogging RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation SSL_DESC= Build with OpenSSL (Required for DNSSEC) START_LATE_DESC= Start BIND late in the boot process (see help) TCP_FASTOPEN_DESC= RFC 7413 support TUNING_LARGE_DESC= Tune named for large systems (**READ HELP**) DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes DLZ_BDB_USES= bdb DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes DLZ_LDAP_USE= openldap=yes DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes DLZ_MYSQL_PREVENTS= THREADS DLZ_MYSQL_USES= mysql DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes DLZ_POSTGRESQL_USES= pgsql DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes DNSTAP_CONFIGURE_ENABLE= dnstap DNSTAP_IMPLIES= THREADS DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \ libprotobuf-c.so:devel/protobuf-c FILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset GEOIP_CONFIGURE_WITH= geoip GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP GOST_ASN1_CONFIGURE_ON= --with-gost=asn1 GOST_CONFIGURE_ON= --with-gost GSSAPI_BASE_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_MIT_USES= gssapi:mit GSSAPI_NONE_CONFIGURE_ON= --without-gssapi IDN_CONFIGURE_OFF= --without-idn IDN_CONFIGURE_ON= --with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE} IDN_LIB_DEPENDS= libidnkit.so:dns/idnkit IDN_USES= iconv IPV6_CONFIGURE_ENABLE= ipv6 JSON_CONFIGURE_WITH= libjson JSON_LIB_DEPENDS= libjson-c.so:devel/json-c LARGE_FILE_CONFIGURE_ENABLE= largefile LMDB_CONFIGURE_WITH= lmdb LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 NATIVE_PKCS11_IMPLIES= THREADS PYTHON_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply PYTHON_USES= python QUERYTRACE_CONFIGURE_ENABLE= querytrace RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} SSL_USES= ssl START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ NAMED_BEFORE="LOGIN" START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ NAMED_BEFORE="SERVERS" THREADS_CONFIGURE_ENABLE= threads TUNING_LARGE_IMPLIES= THREADS TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include .if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1} CONFIGURE_ARGS+= --without-gost .endif .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ that needs SSL. .endif post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ rndc/rndc.8 @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ ${WRKSRC}/bin/${FILE} .endfor .if ${PORTREVISION:N0} post-patch-PORTREVISION-on: @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ ${WRKSRC}/version .endif post-patch-TCP_FASTOPEN-off: @${REINPLACE_CMD} -e 's/#define ISC_PLATFORM_HAVETFO 1/#undef ISC_PLATFORM_HAVETFO/' ${WRKSRC}/configure post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree ${MKDIR} ${STAGEDIR}${ETCDIR} .for i in dynamic master slave working @${MKDIR} ${STAGEDIR}${ETCDIR}/$i .endfor ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${STAGEDIR}${ETCDIR}/rndc.conf.sample post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/CHANGES \ ${WRKSRC}/HISTORY* ${WRKSRC}/README* ${STAGEDIR}${DOCSDIR} # Can't use USE_PYTHON=autoplist post-install-PYTHON-on: @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} .include Index: head/dns/bind911/distinfo =================================================================== --- head/dns/bind911/distinfo (revision 465008) +++ head/dns/bind911/distinfo (revision 465009) @@ -1,3 +1,3 @@ -TIMESTAMP = 1516059868 -SHA256 (bind-9.11.2-P1.tar.gz) = cec31548832fca3f85d95178d4019b7d702039e8595d4c93914feba337df1212 -SIZE (bind-9.11.2-P1.tar.gz) = 9783329 +TIMESTAMP = 1521455716 +SHA256 (bind-9.11.3.tar.gz) = 0d9dde14b2ec7f9cdc3b69f19540c7a2e4eee7b6c727965dfae48810965876f5 +SIZE (bind-9.11.3.tar.gz) = 9523375 Index: head/dns/bind911/files/extrapatch-bind-min-override-ttl =================================================================== --- head/dns/bind911/files/extrapatch-bind-min-override-ttl (revision 465008) +++ head/dns/bind911/files/extrapatch-bind-min-override-ttl (revision 465009) @@ -1,73 +1,73 @@ ---- bin/named/config.c.orig 2018-01-04 05:28:11 UTC +--- bin/named/config.c.orig 2018-01-24 21:23:16 UTC +++ bin/named/config.c -@@ -154,6 +154,8 @@ options {\n\ - lame-ttl 600;\n\ - servfail-ttl 1;\n\ - max-ncache-ttl 10800; /* 3 hours */\n\ -+ override-cache-ttl 0; /* do not override */\n\ -+ min-cache-ttl 0; /* no minimal, zero is allowed */\n\ - max-cache-ttl 604800; /* 1 week */\n\ - transfer-format many-answers;\n\ +@@ -171,6 +171,8 @@ options {\n\ + " max-acache-size 16M;\n\ max-cache-size 90%;\n\ ---- bin/named/server.c.orig 2018-01-04 05:28:11 UTC + max-cache-ttl 604800; /* 1 week */\n\ ++ min-cache-ttl 0; /* no minimal, zero is allowed */\n\ ++ override-cache-ttl 0; /* do not override */\n\ + max-clients-per-query 100;\n\ + max-ncache-ttl 10800; /* 3 hours */\n\ + max-recursion-depth 7;\n\ +--- bin/named/server.c.orig 2018-01-24 21:23:16 UTC +++ bin/named/server.c -@@ -3713,6 +3713,16 @@ configure_view(dns_view_t *view, dns_vie +@@ -3699,6 +3699,16 @@ configure_view(dns_view_t *view, dns_vie } obj = NULL; + result = ns_config_get(maps, "override-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->overridecachettl = cfg_obj_asuint32(obj); + + obj = NULL; + result = ns_config_get(maps, "min-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->mincachettl = cfg_obj_asuint32(obj); + + obj = NULL; result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-01-04 05:28:11 UTC +--- lib/dns/include/dns/view.h.orig 2018-01-24 21:23:16 UTC +++ lib/dns/include/dns/view.h @@ -146,6 +146,8 @@ struct dns_view { isc_boolean_t requestnsid; isc_boolean_t sendcookie; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; isc_uint32_t nta_lifetime; isc_uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2018-01-04 05:28:11 UTC +--- lib/dns/resolver.c.orig 2018-01-24 21:23:16 UTC +++ lib/dns/resolver.c -@@ -5448,6 +5448,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5477,6 +5477,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* + * Enforce the configure cache TTL override. + */ + if (res->view->overridecachettl) + rdataset->ttl = res->view->overridecachettl; + + /* + * Enforce the configure minimum cache TTL. + */ + if (rdataset->ttl < res->view->mincachettl) + rdataset->ttl = res->view->mincachettl; + + /* * Enforce the configure maximum cache TTL. */ - if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2018-01-04 05:28:11 UTC + if (rdataset->ttl > res->view->maxcachettl) { +--- lib/isccfg/namedconf.c.orig 2018-01-24 21:23:16 UTC +++ lib/isccfg/namedconf.c -@@ -1765,6 +1765,8 @@ view_clauses[] = { - { "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, +@@ -1766,6 +1766,8 @@ view_clauses[] = { + #endif { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, + { "min-cache-ttl", &cfg_type_uint32, 0 }, { "max-cache-ttl", &cfg_type_uint32, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_uint32, 0 }, Index: head/dns/bind911/files/patch-configure =================================================================== --- head/dns/bind911/files/patch-configure (revision 465008) +++ head/dns/bind911/files/patch-configure (revision 465009) @@ -1,90 +1,90 @@ ---- configure.orig 2017-07-24 05:36:50 UTC +--- configure.orig 2018-03-08 20:55:28 UTC +++ configure -@@ -14402,27 +14402,9 @@ done +@@ -14465,27 +14465,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ - "-lgssapi_krb5" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ - "-lgssapi" \ - "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgss -lkrb5" + "$($KRB5CONFIG gssapi --libs)"; \ do - # Note that this does not include $saved_libs, because - # on FreeBSD machines this configure script has added - # -L/usr/local/lib to LIBS, which can make the - # -lgssapi_krb5 test succeed with shared libraries even - # when you are trying to build with KTH in /usr/lib. - if test "/usr" = "$use_gssapi" - then - LIBS="$TRY_LIBS" - else - LIBS="-L$use_gssapi/lib $TRY_LIBS" - fi + LIBS="$TRY_LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14465,47 +14447,7 @@ $as_echo "no" >&6; } ;; +@@ -14528,47 +14510,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac - # - # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib - # but MIT in /usr/local/lib and trying to build with KTH. - # /usr/local/lib can end up earlier on the link lines. - # Like most kludges, this one is not only inelegant it - # is also likely to be the wrong thing to do at least as - # many times as it is the right thing. Something better - # needs to be done. - # - if test "/usr" = "$use_gssapi" -a \ - -f /usr/local/lib/libkrb5.a; then - FIX_KTH_VS_MIT=yes - fi - - case "$FIX_KTH_VS_MIT" in - yes) - case "$enable_static_linking" in - yes) gssapi_lib_suffix=".a" ;; - *) gssapi_lib_suffix=".so" ;; - esac - - for lib in $LIBS; do - case $lib in - -L*) - ;; - -l*) - new_lib=`echo $lib | - sed -e s%^-l%$use_gssapi/lib/lib% \ - -e s%$%$gssapi_lib_suffix%` - NEW_LIBS="$NEW_LIBS $new_lib" - ;; - *) - as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 - ;; - esac - done - LIBS="$NEW_LIBS" - ;; - esac - - DST_GSSAPI_INC="-I$use_gssapi/include" + DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -22825,7 +22767,7 @@ $as_echo "" >&6; } +@@ -23242,7 +23184,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). - bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" + bdb_incdirs="/db6 /db5 /db48" # include a blank element first for d in "" $bdb_incdirs do Index: head/dns/bind911/pkg-plist =================================================================== --- head/dns/bind911/pkg-plist (revision 465008) +++ head/dns/bind911/pkg-plist (revision 465009) @@ -1,443 +1,446 @@ bin/arpaname bin/bind9-config bin/delv bin/dig %%DNSTAP%%bin/dnstap-read bin/host bin/isc-config.sh bin/mdig bin/named-rrchecker bin/nslookup bin/nsupdate @sample etc/mtree/BIND.chroot.dist.sample @sample etc/mtree/BIND.chroot.local.dist.sample %%ETCDIR%%/bind.keys %%ETCDIR%%/master/empty.db %%ETCDIR%%/master/localhost-forward.db %%ETCDIR%%/master/localhost-reverse.db @sample %%ETCDIR%%/named.conf.sample %%ETCDIR%%/named.root %%ETCDIR%%/rndc.conf.sample include/bind9/check.h include/bind9/getaddresses.h include/bind9/version.h include/dns/acache.h include/dns/acl.h include/dns/adb.h include/dns/badcache.h include/dns/bit.h include/dns/byaddr.h include/dns/cache.h include/dns/callbacks.h include/dns/catz.h include/dns/cert.h include/dns/client.h include/dns/clientinfo.h include/dns/compress.h include/dns/db.h include/dns/dbiterator.h include/dns/dbtable.h include/dns/diff.h include/dns/dispatch.h include/dns/dlz.h include/dns/dlz_dlopen.h include/dns/dns64.h include/dns/dnssec.h include/dns/dnstap.h %%DNSTAP%%include/dns/dnstap.pb-c.h include/dns/ds.h include/dns/dsdigest.h include/dns/dyndb.h include/dns/ecdb.h include/dns/edns.h include/dns/enumclass.h include/dns/enumtype.h include/dns/events.h include/dns/fixedname.h include/dns/forward.h include/dns/geoip.h include/dns/ipkeylist.h include/dns/iptable.h include/dns/journal.h include/dns/keydata.h include/dns/keyflags.h include/dns/keytable.h include/dns/keyvalues.h include/dns/lib.h include/dns/log.h include/dns/lookup.h include/dns/master.h include/dns/masterdump.h include/dns/message.h include/dns/name.h include/dns/ncache.h include/dns/nsec.h include/dns/nsec3.h include/dns/nta.h include/dns/opcode.h include/dns/order.h include/dns/peer.h include/dns/portlist.h include/dns/private.h include/dns/rbt.h include/dns/rcode.h include/dns/rdata.h include/dns/rdataclass.h include/dns/rdatalist.h include/dns/rdataset.h include/dns/rdatasetiter.h include/dns/rdataslab.h include/dns/rdatastruct.h include/dns/rdatatype.h include/dns/request.h include/dns/resolver.h include/dns/result.h include/dns/rootns.h include/dns/rpz.h include/dns/rriterator.h include/dns/rrl.h include/dns/sdb.h include/dns/sdlz.h include/dns/secalg.h include/dns/secproto.h include/dns/soa.h include/dns/ssu.h include/dns/stats.h include/dns/tcpmsg.h include/dns/time.h include/dns/timer.h include/dns/tkey.h include/dns/tsec.h include/dns/tsig.h include/dns/ttl.h include/dns/types.h include/dns/update.h include/dns/validator.h include/dns/version.h include/dns/view.h include/dns/xfrin.h include/dns/zone.h include/dns/zonekey.h include/dns/zt.h include/dst/dst.h include/dst/gssapi.h include/dst/lib.h include/dst/result.h include/irs/context.h include/irs/dnsconf.h include/irs/netdb.h include/irs/platform.h include/irs/resconf.h include/irs/types.h include/irs/version.h include/isc/aes.h include/isc/app.h include/isc/assertions.h include/isc/atomic.h include/isc/backtrace.h include/isc/base32.h include/isc/base64.h include/isc/bind9.h include/isc/boolean.h include/isc/buffer.h include/isc/bufferlist.h include/isc/commandline.h include/isc/condition.h include/isc/counter.h include/isc/crc64.h +include/isc/deprecated.h include/isc/dir.h include/isc/entropy.h include/isc/errno.h include/isc/error.h include/isc/event.h include/isc/eventclass.h include/isc/file.h include/isc/formatcheck.h include/isc/fsaccess.h include/isc/hash.h include/isc/heap.h include/isc/hex.h include/isc/hmacmd5.h include/isc/hmacsha.h include/isc/ht.h include/isc/httpd.h include/isc/int.h include/isc/interfaceiter.h include/isc/iterated_hash.h include/isc/json.h include/isc/keyboard.h include/isc/lang.h include/isc/lex.h include/isc/lfsr.h include/isc/lib.h +include/isc/likely.h include/isc/list.h include/isc/log.h include/isc/magic.h include/isc/md5.h include/isc/mem.h include/isc/meminfo.h include/isc/msgcat.h include/isc/msgs.h include/isc/mutex.h include/isc/mutexblock.h include/isc/net.h include/isc/netaddr.h include/isc/netdb.h include/isc/netscope.h include/isc/offset.h include/isc/once.h include/isc/ondestroy.h include/isc/os.h include/isc/parseint.h include/isc/platform.h include/isc/pool.h include/isc/portset.h include/isc/print.h include/isc/queue.h include/isc/quota.h include/isc/radix.h include/isc/random.h include/isc/ratelimiter.h include/isc/refcount.h include/isc/regex.h include/isc/region.h include/isc/resource.h include/isc/result.h include/isc/resultclass.h include/isc/rwlock.h include/isc/safe.h include/isc/serial.h include/isc/sha1.h include/isc/sha2.h include/isc/sockaddr.h include/isc/socket.h include/isc/stat.h include/isc/stats.h include/isc/stdio.h include/isc/stdlib.h include/isc/stdtime.h include/isc/strerror.h include/isc/string.h include/isc/symtab.h include/isc/syslog.h include/isc/task.h include/isc/taskpool.h include/isc/thread.h include/isc/time.h include/isc/timer.h include/isc/tm.h include/isc/types.h include/isc/util.h include/isc/version.h include/isc/xml.h include/isccc/alist.h include/isccc/base64.h include/isccc/cc.h include/isccc/ccmsg.h include/isccc/events.h include/isccc/lib.h include/isccc/result.h include/isccc/sexpr.h include/isccc/symtab.h include/isccc/symtype.h include/isccc/types.h include/isccc/util.h include/isccc/version.h include/isccfg/aclconf.h include/isccfg/cfg.h include/isccfg/dnsconf.h include/isccfg/grammar.h include/isccfg/log.h include/isccfg/namedconf.h include/isccfg/version.h include/lwres/context.h include/lwres/int.h include/lwres/ipv6.h include/lwres/lang.h include/lwres/list.h include/lwres/lwbuffer.h include/lwres/lwpacket.h include/lwres/lwres.h include/lwres/net.h include/lwres/netdb.h include/lwres/platform.h include/lwres/result.h include/lwres/stdlib.h include/lwres/string.h include/lwres/version.h include/pk11/constants.h include/pk11/internal.h include/pk11/pk11.h include/pk11/result.h include/pk11/site.h include/pkcs11/cryptoki.h +include/pkcs11/eddsa.h include/pkcs11/pkcs11.h include/pkcs11/pkcs11f.h include/pkcs11/pkcs11t.h lib/libbind9.a lib/libdns.a lib/libirs.a lib/libisc.a lib/libisccc.a lib/libisccfg.a lib/liblwres.a man/man1/arpaname.1.gz man/man1/bind9-config.1.gz man/man1/delv.1.gz man/man1/dig.1.gz %%DNSTAP%%man/man1/dnstap-read.1.gz man/man1/host.1.gz man/man1/isc-config.sh.1.gz man/man1/mdig.1.gz man/man1/named-rrchecker.1.gz man/man1/nslookup.1.gz man/man1/nsupdate.1.gz man/man3/lwres.3.gz man/man3/lwres_addr_parse.3.gz man/man3/lwres_buffer.3.gz man/man3/lwres_buffer_add.3.gz man/man3/lwres_buffer_back.3.gz man/man3/lwres_buffer_clear.3.gz man/man3/lwres_buffer_first.3.gz man/man3/lwres_buffer_forward.3.gz man/man3/lwres_buffer_getmem.3.gz man/man3/lwres_buffer_getuint16.3.gz man/man3/lwres_buffer_getuint32.3.gz man/man3/lwres_buffer_getuint8.3.gz man/man3/lwres_buffer_init.3.gz man/man3/lwres_buffer_invalidate.3.gz man/man3/lwres_buffer_putmem.3.gz man/man3/lwres_buffer_putuint16.3.gz man/man3/lwres_buffer_putuint32.3.gz man/man3/lwres_buffer_putuint8.3.gz man/man3/lwres_buffer_subtract.3.gz man/man3/lwres_conf_clear.3.gz man/man3/lwres_conf_get.3.gz man/man3/lwres_conf_init.3.gz man/man3/lwres_conf_parse.3.gz man/man3/lwres_conf_print.3.gz man/man3/lwres_config.3.gz man/man3/lwres_context.3.gz man/man3/lwres_context_allocmem.3.gz man/man3/lwres_context_create.3.gz man/man3/lwres_context_destroy.3.gz man/man3/lwres_context_freemem.3.gz man/man3/lwres_context_initserial.3.gz man/man3/lwres_context_nextserial.3.gz man/man3/lwres_context_sendrecv.3.gz man/man3/lwres_endhostent.3.gz man/man3/lwres_endhostent_r.3.gz man/man3/lwres_freeaddrinfo.3.gz man/man3/lwres_freehostent.3.gz man/man3/lwres_gabn.3.gz man/man3/lwres_gabnrequest_free.3.gz man/man3/lwres_gabnrequest_parse.3.gz man/man3/lwres_gabnrequest_render.3.gz man/man3/lwres_gabnresponse_free.3.gz man/man3/lwres_gabnresponse_parse.3.gz man/man3/lwres_gabnresponse_render.3.gz man/man3/lwres_gai_strerror.3.gz man/man3/lwres_getaddrinfo.3.gz man/man3/lwres_getaddrsbyname.3.gz man/man3/lwres_gethostbyaddr.3.gz man/man3/lwres_gethostbyaddr_r.3.gz man/man3/lwres_gethostbyname.3.gz man/man3/lwres_gethostbyname2.3.gz man/man3/lwres_gethostbyname_r.3.gz man/man3/lwres_gethostent.3.gz man/man3/lwres_gethostent_r.3.gz man/man3/lwres_getipnode.3.gz man/man3/lwres_getipnodebyaddr.3.gz man/man3/lwres_getipnodebyname.3.gz man/man3/lwres_getnamebyaddr.3.gz man/man3/lwres_getnameinfo.3.gz man/man3/lwres_getrrsetbyname.3.gz man/man3/lwres_gnba.3.gz man/man3/lwres_gnbarequest_free.3.gz man/man3/lwres_gnbarequest_parse.3.gz man/man3/lwres_gnbarequest_render.3.gz man/man3/lwres_gnbaresponse_free.3.gz man/man3/lwres_gnbaresponse_parse.3.gz man/man3/lwres_gnbaresponse_render.3.gz man/man3/lwres_herror.3.gz man/man3/lwres_hstrerror.3.gz man/man3/lwres_inetntop.3.gz man/man3/lwres_lwpacket_parseheader.3.gz man/man3/lwres_lwpacket_renderheader.3.gz man/man3/lwres_net_ntop.3.gz man/man3/lwres_noop.3.gz man/man3/lwres_nooprequest_free.3.gz man/man3/lwres_nooprequest_parse.3.gz man/man3/lwres_nooprequest_render.3.gz man/man3/lwres_noopresponse_free.3.gz man/man3/lwres_noopresponse_parse.3.gz man/man3/lwres_noopresponse_render.3.gz man/man3/lwres_packet.3.gz man/man3/lwres_resutil.3.gz man/man3/lwres_sethostent.3.gz man/man3/lwres_sethostent_r.3.gz man/man3/lwres_string_parse.3.gz man/man5/named.conf.5.gz man/man5/rndc.conf.5.gz man/man8/ddns-confgen.8.gz %%PYTHON%%man/man8/dnssec-checkds.8.gz %%PYTHON%%man/man8/dnssec-coverage.8.gz man/man8/dnssec-dsfromkey.8.gz man/man8/dnssec-importkey.8.gz man/man8/dnssec-keyfromlabel.8.gz man/man8/dnssec-keygen.8.gz %%PYTHON%%man/man8/dnssec-keymgr.8.gz man/man8/dnssec-revoke.8.gz man/man8/dnssec-settime.8.gz man/man8/dnssec-signzone.8.gz man/man8/dnssec-verify.8.gz man/man8/genrandom.8.gz man/man8/isc-hmac-fixup.8.gz man/man8/lwresd.8.gz man/man8/named-checkconf.8.gz man/man8/named-checkzone.8.gz man/man8/named-compilezone.8.gz man/man8/named-journalprint.8.gz %%LMDB%%man/man8/named-nzd2nzf.8.gz man/man8/named.8.gz man/man8/nsec3hash.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz %%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz man/man8/rndc-confgen.8.gz man/man8/rndc.8.gz man/man8/tsig-keygen.8.gz sbin/ddns-confgen %%PYTHON%%sbin/dnssec-checkds %%PYTHON%%sbin/dnssec-coverage sbin/dnssec-dsfromkey sbin/dnssec-importkey sbin/dnssec-keyfromlabel sbin/dnssec-keygen %%PYTHON%%sbin/dnssec-keymgr sbin/dnssec-revoke sbin/dnssec-settime sbin/dnssec-signzone sbin/dnssec-verify sbin/genrandom sbin/isc-hmac-fixup sbin/lwresd sbin/named sbin/named-checkconf sbin/named-checkzone sbin/named-compilezone sbin/named-journalprint %%LMDB%%sbin/named-nzd2nzf sbin/nsec3hash %%NATIVE_PKCS11%%sbin/pkcs11-destroy %%NATIVE_PKCS11%%sbin/pkcs11-keygen %%NATIVE_PKCS11%%sbin/pkcs11-list %%NATIVE_PKCS11%%sbin/pkcs11-tokens sbin/rndc sbin/rndc-confgen sbin/tsig-keygen @dir(bind,bind,) %%ETCDIR%%/dynamic @dir %%ETCDIR%%/master @dir(bind,bind,) %%ETCDIR%%/slave @dir(bind,bind,) %%ETCDIR%%/working Index: head/dns/bind912/Makefile =================================================================== --- head/dns/bind912/Makefile (revision 465008) +++ head/dns/bind912/Makefile (revision 465009) @@ -1,287 +1,287 @@ # $FreeBSD$ # pkg-help formatted with fmt 59 63 PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} .if defined(BIND_TOOLS_SLAVE) # dns/bind-tools here PORTREVISION= 0 .else # dns/bind912 here -PORTREVISION= 3 +PORTREVISION= 0 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} .if defined(BIND_TOOLS_SLAVE) PKGNAMESUFFIX= -tools .else PKGNAMESUFFIX= 912 .endif DISTNAME= ${PORTNAME}-${ISCVERSION} MAINTAINER= mat@FreeBSD.org .if defined(BIND_TOOLS_SLAVE) COMMENT= Command line tools from BIND: delv, dig, host, nslookup... .else COMMENT= BIND DNS suite with updated DNSSEC and DNS64 .endif LICENSE= MPL20 LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.12.0 +ISCVERSION= 9.12.1 USES= cpe libedit CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} .if ${ISCVERSION:M*-*} CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} .endif LIB_DEPENDS= libxml2.so:textproc/libxml2 GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ --disable-symtable \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ --sysconfdir=${ETCDIR} ETCDIR= ${PREFIX}/etc/namedb CONFLICTS= bind99 bind910 bind911 bind9-devel .if defined(BIND_TOOLS_SLAVE) CONFIGURE_ARGS+= --disable-shared CONFLICTS+= bind912 .else USE_RC_SUBR= named SUB_FILES= pkg-message named.conf CONFLICTS+= bind-tools .endif # BIND_TOOLS_SLAVE MAKE_JOBS_UNSAFE= yes PORTDOCS= * OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON PYTHON OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \ FIXED_RRSET SIGCHASE IPV6 THREADS OPTIONS_RADIO= CRYPTO GOSTDEF OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1 .if !defined(BIND_TOOLS_SLAVE) OPTIONS_DEFAULT+= DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP TCP_FASTOPEN OPTIONS_DEFINE+= RPZ_NSIP RPZ_NSDNAME DOCS GEOIP \ MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \ START_LATE TUNING_LARGE TCP_FASTOPEN OPTIONS_GROUP= DLZ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB .endif # BIND_TOOLS_SLAVE OPTIONS_SINGLE= GSSAPI OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes CRYPTO_DESC= Choose which crypto engine to use DLZ_BDB_DESC= DLZ BDB driver DLZ_DESC= Dynamically Loadable Zones DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_LDAP_DESC= DLZ LDAP driver DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) DLZ_POSTGRESQL_DESC= DLZ Postgres driver DLZ_STUB_DESC= DLZ stub driver DNSTAP_DESC= Provides fast passive logging of DNS messages FIXED_RRSET_DESC= Enable fixed rrset ordering GEOIP_DESC= Allow geographically based ACL. GOSTDEF_DESC= Enable GOST ciphers, needs SSL GOST_ASN1_DESC= GOST using ASN.1 GOST_DESC= GOST raw keys (new default) GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 GSSAPI_NONE_DESC= Disable LARGE_FILE_DESC= 64-bit file support LMDB_DESC= Use LMDB for zone management MINCACHE_DESC= Use the mincachettl patch NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) PORTREVISION_DESC= Show PORTREVISION in the version string PYTHON_DESC= Build with Python utilities QUERYTRACE_DESC= Enable the very verbose query tracelogging RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation SSL_DESC= Build with OpenSSL (Required for DNSSEC) START_LATE_DESC= Start BIND late in the boot process (see help) TCP_FASTOPEN_DESC= RFC 7413 support TUNING_LARGE_DESC= Tune named for large systems (**READ HELP**) DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes DLZ_BDB_USES= bdb DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes DLZ_LDAP_USE= openldap=yes DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes DLZ_MYSQL_PREVENTS= THREADS DLZ_MYSQL_USES= mysql DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes DLZ_POSTGRESQL_USES= pgsql DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes DNSTAP_CONFIGURE_ENABLE= dnstap DNSTAP_IMPLIES= THREADS DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \ libprotobuf-c.so:devel/protobuf-c FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset GEOIP_CONFIGURE_WITH= geoip GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP GOST_ASN1_CONFIGURE_ON= --with-gost=asn1 GOST_CONFIGURE_ON= --with-gost GSSAPI_BASE_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_MIT_USES= gssapi:mit GSSAPI_NONE_CONFIGURE_ON= --without-gssapi IDN_CONFIGURE_OFF= --without-idn IDN_CONFIGURE_ON= --with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE} IDN_LIB_DEPENDS= libidnkit.so:dns/idnkit IDN_USES= iconv IPV6_CONFIGURE_ENABLE= ipv6 JSON_CONFIGURE_WITH= libjson JSON_LIB_DEPENDS= libjson-c.so:devel/json-c LARGE_FILE_CONFIGURE_ENABLE= largefile LMDB_CONFIGURE_WITH= lmdb LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 NATIVE_PKCS11_IMPLIES= THREADS PYTHON_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply PYTHON_USES= python QUERYTRACE_CONFIGURE_ENABLE= querytrace RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} SSL_USES= ssl START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ NAMED_BEFORE="LOGIN" START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ NAMED_BEFORE="SERVERS" TCP_FASTOPEN_CONFIGURE_ENABLE= tcp-fastopen THREADS_CONFIGURE_ENABLE= threads TUNING_LARGE_IMPLIES= THREADS TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include .if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1} CONFIGURE_ARGS+= --without-gost .endif .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ that needs SSL. .endif post-patch: .if defined(BIND_TOOLS_SLAVE) @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \ -e 's#isc-config.sh installdirs#installdirs#' \ -e 's#.*INSTALL.*isc-config.*##' \ -e 's#.*INSTALL.*bind.keys.*##' \ ${WRKSRC}/Makefile.in @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = delv dig dnssec tools nsupdate \\#' \ -e 's#^ .*check confgen ##' \ ${WRKSRC}/bin/Makefile.in .else . for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ rndc/rndc.8 @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ ${WRKSRC}/bin/${FILE} . endfor .endif .if !defined(BIND_TOOLS_SLAVE) . if ${PORTREVISION:N0} post-patch-PORTREVISION-on: @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ ${WRKSRC}/version . endif post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree ${MKDIR} ${STAGEDIR}${ETCDIR} . for i in dynamic master slave working @${MKDIR} ${STAGEDIR}${ETCDIR}/$i . endfor ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${STAGEDIR}${ETCDIR}/rndc.conf.sample post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/CHANGES* ${WRKSRC}/HISTORY.md \ ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} .endif # BIND_TOOLS_SLAVE # Can't use USE_PYTHON=autoplist post-install-PYTHON-on: @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} .include Index: head/dns/bind912/distinfo =================================================================== --- head/dns/bind912/distinfo (revision 465008) +++ head/dns/bind912/distinfo (revision 465009) @@ -1,3 +1,3 @@ -TIMESTAMP = 1516788319 -SHA256 (bind-9.12.0.tar.gz) = 29870e9bf9dcc31ead3793ca754a7b0236a0785a7a9dc0f859a0bc42e19b3c82 -SIZE (bind-9.12.0.tar.gz) = 9282550 +TIMESTAMP = 1521456447 +SHA256 (bind-9.12.1.tar.gz) = 16e446425c35e48b651ddf1171d2115ebf32b07670b652e1030a174038937510 +SIZE (bind-9.12.1.tar.gz) = 9302783 Index: head/dns/bind912/files/extrapatch-bind-min-override-ttl =================================================================== --- head/dns/bind912/files/extrapatch-bind-min-override-ttl (revision 465008) +++ head/dns/bind912/files/extrapatch-bind-min-override-ttl (revision 465009) @@ -1,79 +1,79 @@ ---- bin/named/config.c.orig 2018-01-12 19:49:09 UTC +--- bin/named/config.c.orig 2018-02-18 05:26:12 UTC +++ bin/named/config.c @@ -176,12 +176,14 @@ options {\n\ max-recursion-queries 75;\n\ max-stale-ttl 604800; /* 1 week */\n\ message-compression yes;\n\ + min-cache-ttl 0; /* no minimal, zero is allowed */\n\ # min-roots ;\n\ minimal-any false;\n\ minimal-responses no-auth-recursive;\n\ notify-source *;\n\ notify-source-v6 *;\n\ nsec3-test-zone no;\n\ + override-cache-ttl 0; /* do not override */\n\ provide-ixfr true;\n\ query-source address *;\n\ query-source-v6 address *;\n\ ---- bin/named/server.c.orig 2018-01-12 19:49:09 UTC +--- bin/named/server.c.orig 2018-02-18 05:26:12 UTC +++ bin/named/server.c -@@ -4067,6 +4067,16 @@ configure_view(dns_view_t *view, dns_vie +@@ -4074,6 +4074,16 @@ configure_view(dns_view_t *view, dns_vie } obj = NULL; + result = named_config_get(maps, "override-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->overridecachettl = cfg_obj_asuint32(obj); + + obj = NULL; + result = named_config_get(maps, "min-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->mincachettl = cfg_obj_asuint32(obj); + + obj = NULL; result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-01-12 19:49:09 UTC +--- lib/dns/include/dns/view.h.orig 2018-02-18 05:26:12 UTC +++ lib/dns/include/dns/view.h @@ -145,6 +145,8 @@ struct dns_view { isc_boolean_t requestnsid; isc_boolean_t sendcookie; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; isc_uint32_t nta_lifetime; isc_uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2018-01-12 19:49:09 UTC +--- lib/dns/resolver.c.orig 2018-02-18 05:26:12 UTC +++ lib/dns/resolver.c -@@ -5758,6 +5758,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5762,6 +5762,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* + * Enforce the configure cache TTL override. + */ + if (res->view->overridecachettl) + rdataset->ttl = res->view->overridecachettl; + + /* + * Enforce the configure minimum cache TTL. + */ + if (rdataset->ttl < res->view->mincachettl) + rdataset->ttl = res->view->mincachettl; + + /* * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-01-12 19:49:09 UTC +--- lib/isccfg/namedconf.c.orig 2018-02-18 05:26:12 UTC +++ lib/isccfg/namedconf.c -@@ -1909,6 +1909,8 @@ view_clauses[] = { +@@ -1910,6 +1910,8 @@ view_clauses[] = { { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, + { "min-cache-ttl", &cfg_type_uint32, 0 }, { "max-cache-ttl", &cfg_type_uint32, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_uint32, 0 }, Index: head/dns/bind912/files/patch-configure =================================================================== --- head/dns/bind912/files/patch-configure (revision 465008) +++ head/dns/bind912/files/patch-configure (revision 465009) @@ -1,90 +1,90 @@ ---- configure.orig 2017-12-06 17:32:49 UTC +--- configure.orig 2018-03-08 20:56:40 UTC +++ configure -@@ -14442,27 +14442,9 @@ done +@@ -14455,27 +14455,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ - "-lgssapi_krb5" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ - "-lgssapi" \ - "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lhx509 -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgss -lkrb5" + "$($KRB5CONFIG gssapi --libs)"; \ do - # Note that this does not include $saved_libs, because - # on FreeBSD machines this configure script has added - # -L/usr/local/lib to LIBS, which can make the - # -lgssapi_krb5 test succeed with shared libraries even - # when you are trying to build with KTH in /usr/lib. - if test "/usr" = "$use_gssapi" - then - LIBS="$TRY_LIBS $ISC_OPENSSL_LIBS" - else - LIBS="-L$use_gssapi/lib $TRY_LIBS $ISC_OPENSSL_LIBS" - fi + LIBS="$TRY_LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14505,47 +14487,7 @@ $as_echo "no" >&6; } ;; +@@ -14518,47 +14500,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac - # - # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib - # but MIT in /usr/local/lib and trying to build with KTH. - # /usr/local/lib can end up earlier on the link lines. - # Like most kludges, this one is not only inelegant it - # is also likely to be the wrong thing to do at least as - # many times as it is the right thing. Something better - # needs to be done. - # - if test "/usr" = "$use_gssapi" -a \ - -f /usr/local/lib/libkrb5.a; then - FIX_KTH_VS_MIT=yes - fi - - case "$FIX_KTH_VS_MIT" in - yes) - case "$enable_static_linking" in - yes) gssapi_lib_suffix=".a" ;; - *) gssapi_lib_suffix=".so" ;; - esac - - for lib in $LIBS; do - case $lib in - -L*) - ;; - -l*) - new_lib=`echo $lib | - sed -e s%^-l%$use_gssapi/lib/lib% \ - -e s%$%$gssapi_lib_suffix%` - NEW_LIBS="$NEW_LIBS $new_lib" - ;; - *) - as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 - ;; - esac - done - LIBS="$NEW_LIBS" - ;; - esac - - DST_GSSAPI_INC="-I$use_gssapi/include" + DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -23145,7 +23087,7 @@ $as_echo "" >&6; } +@@ -23197,7 +23139,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). - bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" + bdb_incdirs="/db6 /db5 /db48" # include a blank element first for d in "" $bdb_incdirs do Index: head/dns/bind99/Makefile =================================================================== --- head/dns/bind99/Makefile (revision 465008) +++ head/dns/bind99/Makefile (revision 465009) @@ -1,224 +1,224 @@ # $FreeBSD$ # pkg-help formatted with fmt 59 63 PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} PKGNAMESUFFIX= 99 DISTNAME= ${PORTNAME}-${ISCVERSION} MAINTAINER= mat@FreeBSD.org COMMENT= BIND DNS suite with updated DNSSEC and DNS64 LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/COPYRIGHT DEPRECATED= Going out of support, please migrate to dns/bind911 EXPIRATION_DATE= 2018-06-30 # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.11-P1 +ISCVERSION= 9.9.12 USES= cpe libedit CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} .if ${ISCVERSION:M*-*} CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} .endif LIB_DEPENDS= libxml2.so:textproc/libxml2 GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ --disable-symtable \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ --sysconfdir=${ETCDIR} ETCDIR= ${PREFIX}/etc/namedb CONFLICTS= bind-tools bind9-devel bind910 bind911 bind912 SUB_FILES= pkg-message named.conf USE_RC_SUBR= named MAKE_JOBS_UNSAFE= yes PORTDOCS= * OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE RRL DLZ_FILESYSTEM \ RPZ_NSIP RPZ_NSDNAME PYTHON OPTIONS_DEFINE= SSL IDN LARGE_FILE FIXED_RRSET SIGCHASE \ IPV6 THREADS FILTER_AAAA GOST PYTHON START_LATE MINCACHE \ RPZ_NSIP RPZ_NSDNAME RRL DOCS NEWSTATS \ PORTREVISION FETCHLIMIT QUERYTRACE OPTIONS_GROUP= DLZ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB OPTIONS_SINGLE= GSSAPI OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes DLZ_BDB_DESC= DLZ BDB driver DLZ_DESC= Dynamically Loadable Zones DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_LDAP_DESC= DLZ LDAP driver DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) DLZ_POSTGRESQL_DESC= DLZ Postgres driver DLZ_STUB_DESC= DLZ stub driver FETCHLIMIT_DESC= Enable the query quotas for resolvers FILTER_AAAA_DESC= Enable filtering of AAAA records FIXED_RRSET_DESC= Enable fixed rrset ordering GOST_DESC= Enable GOST ciphers, needs SSL GSSAPI_BASE_DESC= ${GSSAPI_DESC} (Heimdal in base) GSSAPI_HEIMDAL_DESC= ${GSSAPI_DESC} (security/heimdal) GSSAPI_MIT_DESC= ${GSSAPI_DESC} (security/krb5) GSSAPI_NONE_DESC= No ${GSSAPI_DESC} LARGE_FILE_DESC= 64-bit file support MINCACHE_DESC= Use the mincachettl patch NEWSTATS_DESC= Enable alternate xml statistics channel format PORTREVISION_DESC= Show PORTREVISION in the version string PYTHON_DESC= Build with Python utilities QUERYTRACE_DESC= Enable the very verbose query tracelogging RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules RRL_DESC= Response Rate Limiting SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation SSL_DESC= Build with OpenSSL (Required for DNSSEC) START_LATE_DESC= Start BIND late in the boot process (see help) DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes DLZ_BDB_USES= bdb DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes DLZ_LDAP_USE= openldap=yes DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes DLZ_MYSQL_PREVENTS= THREADS DLZ_MYSQL_USES= mysql DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes DLZ_POSTGRESQL_USES= pgsql DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes FETCHLIMIT_CONFIGURE_ENABLE= fetchlimit FILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset GOST_CONFIGURE_WITH= gost GSSAPI_BASE_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_MIT_USES= gssapi:mit GSSAPI_NONE_CONFIGURE_ON= --without-gssapi IDN_CONFIGURE_OFF= --without-idn IDN_CONFIGURE_ON= --with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE} IDN_LIB_DEPENDS= libidnkit.so:dns/idnkit IDN_USES= iconv IPV6_CONFIGURE_ENABLE= ipv6 LARGE_FILE_CONFIGURE_ENABLE= largefile MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl NEWSTATS_CONFIGURE_ENABLE= newstats PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} PYTHON_USES= python QUERYTRACE_CONFIGURE_ENABLE= querytrace RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip RRL_CONFIGURE_ENABLE= rrl SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} SSL_USES= ssl START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ NAMED_BEFORE="LOGIN" START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ NAMED_BEFORE="SERVERS" THREADS_CONFIGURE_ENABLE= threads .include .if ( ${PORT_OPTIONS:MGOST} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ that needs SSL. .endif post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ rndc/rndc.8 @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ ${WRKSRC}/bin/${FILE} .endfor .if ${PORTREVISION:N0} post-patch-PORTREVISION-on: @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ ${WRKSRC}/version .endif post-configure: @${REINPLACE_CMD} -e '/^SO_LDFLAGS/s/-Wl,-rpath,/-rpath /' ${WRKSRC}/bin/tests/system/dlzexternal/Makefile post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree ${MKDIR} ${STAGEDIR}${ETCDIR} .for i in dynamic master slave working @${MKDIR} ${STAGEDIR}${ETCDIR}/$i .endfor ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${STAGEDIR}${ETCDIR}/rndc.conf.sample post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ* \ ${WRKSRC}/HISTORY* ${WRKSRC}/README* ${STAGEDIR}${DOCSDIR} # Can't use USE_PYTHON=autoplist post-install-PYTHON-on: @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} .include Index: head/dns/bind99/distinfo =================================================================== --- head/dns/bind99/distinfo (revision 465008) +++ head/dns/bind99/distinfo (revision 465009) @@ -1,3 +1,3 @@ -TIMESTAMP = 1516059275 -SHA256 (bind-9.9.11-P1.tar.gz) = 40a8dd0eedf44236a77e4009c61daa065447b09461bffddab3b0aefcbf358fa8 -SIZE (bind-9.9.11-P1.tar.gz) = 8868987 +TIMESTAMP = 1521455029 +SHA256 (bind-9.9.12.tar.gz) = 9e39dcd35320c2aeb260a45037ac57c97c964e717d10e3c9f74ff4472f939761 +SIZE (bind-9.9.12.tar.gz) = 8694636 Index: head/dns/bind99/files/extrapatch-bind-min-override-ttl =================================================================== --- head/dns/bind99/files/extrapatch-bind-min-override-ttl (revision 465008) +++ head/dns/bind99/files/extrapatch-bind-min-override-ttl (revision 465009) @@ -1,73 +1,78 @@ ---- bin/named/config.c.orig 2018-01-04 05:41:15 UTC +--- bin/named/config.c.orig 2018-01-24 21:11:07 UTC +++ bin/named/config.c -@@ -141,6 +141,8 @@ options {\n\ - min-roots 2;\n\ - lame-ttl 600;\n\ +@@ -154,11 +154,13 @@ options {\n\ max-ncache-ttl 10800; /* 3 hours */\n\ -+ override-cache-ttl 0; /* do not override */\n\ -+ min-cache-ttl 0; /* no minimal, zero is allowed */\n\ - max-cache-ttl 604800; /* 1 week */\n\ - transfer-format many-answers;\n\ - max-cache-size 0;\n\ ---- bin/named/server.c.orig 2018-01-04 05:41:15 UTC + max-recursion-depth 7;\n\ + max-recursion-queries 50;\n\ ++ min-cache-ttl 0; /* no minimal, zero is allowed */\n\ + min-roots 2;\n\ + minimal-responses false;\n\ + notify-source *;\n\ + notify-source-v6 *;\n\ + nsec3-test-zone no;\n\ ++ override-cache-ttl 0; /* do not override */\n\ + provide-ixfr true;\n\ + query-source address *;\n\ + query-source-v6 address *;\n\ +--- bin/named/server.c.orig 2018-01-24 21:11:07 UTC +++ bin/named/server.c -@@ -2647,6 +2647,16 @@ configure_view(dns_view_t *view, cfg_obj +@@ -2611,6 +2611,16 @@ configure_view(dns_view_t *view, cfg_obj } obj = NULL; + result = ns_config_get(maps, "override-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->overridecachettl = cfg_obj_asuint32(obj); + + obj = NULL; + result = ns_config_get(maps, "min-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->mincachettl = cfg_obj_asuint32(obj); + + obj = NULL; result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-01-04 05:41:15 UTC +--- lib/dns/include/dns/view.h.orig 2018-01-24 21:11:07 UTC +++ lib/dns/include/dns/view.h @@ -148,6 +148,8 @@ struct dns_view { isc_boolean_t provideixfr; isc_boolean_t requestnsid; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; in_port_t dstport; dns_aclenv_t aclenv; ---- lib/dns/resolver.c.orig 2018-01-04 05:41:15 UTC +--- lib/dns/resolver.c.orig 2018-01-24 21:11:07 UTC +++ lib/dns/resolver.c -@@ -5126,6 +5126,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5153,6 +5153,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* + * Enforce the configure cache TTL override. + */ + if (res->view->overridecachettl) + rdataset->ttl = res->view->overridecachettl; + + /* + * Enforce the configure minimum cache TTL. + */ + if (rdataset->ttl < res->view->mincachettl) + rdataset->ttl = res->view->mincachettl; + + /* * Enforce the configure maximum cache TTL. */ - if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2018-01-04 05:41:15 UTC + if (rdataset->ttl > res->view->maxcachettl) { +--- lib/isccfg/namedconf.c.orig 2018-01-24 21:11:07 UTC +++ lib/isccfg/namedconf.c -@@ -1475,6 +1475,8 @@ view_clauses[] = { +@@ -1487,6 +1487,8 @@ view_clauses[] = { { "lame-ttl", &cfg_type_uint32, 0 }, { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizenodefault, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, + { "min-cache-ttl", &cfg_type_uint32, 0 }, { "max-cache-ttl", &cfg_type_uint32, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_uint32, 0 }, Index: head/dns/bind99/files/patch-configure =================================================================== --- head/dns/bind99/files/patch-configure (revision 465008) +++ head/dns/bind99/files/patch-configure (revision 465009) @@ -1,90 +1,90 @@ ---- configure.orig 2017-07-24 05:26:01 UTC +--- configure.orig 2018-03-08 20:56:13 UTC +++ configure -@@ -14509,27 +14509,9 @@ done +@@ -14635,27 +14635,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ - "-lgssapi_krb5" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ - "-lgssapi" \ - "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ - "-lgss -lkrb5" + "$($KRB5CONFIG gssapi --libs)"; \ do - # Note that this does not include $saved_libs, because - # on FreeBSD machines this configure script has added - # -L/usr/local/lib to LIBS, which can make the - # -lgssapi_krb5 test succeed with shared libraries even - # when you are trying to build with KTH in /usr/lib. - if test "/usr" = "$use_gssapi" - then - LIBS="$TRY_LIBS" - else - LIBS="-L$use_gssapi/lib $TRY_LIBS" - fi + LIBS="$TRY_LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14572,47 +14554,7 @@ $as_echo "no" >&6; } ;; +@@ -14698,47 +14680,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac - # - # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib - # but MIT in /usr/local/lib and trying to build with KTH. - # /usr/local/lib can end up earlier on the link lines. - # Like most kludges, this one is not only inelegant it - # is also likely to be the wrong thing to do at least as - # many times as it is the right thing. Something better - # needs to be done. - # - if test "/usr" = "$use_gssapi" -a \ - -f /usr/local/lib/libkrb5.a; then - FIX_KTH_VS_MIT=yes - fi - - case "$FIX_KTH_VS_MIT" in - yes) - case "$enable_static_linking" in - yes) gssapi_lib_suffix=".a" ;; - *) gssapi_lib_suffix=".so" ;; - esac - - for lib in $LIBS; do - case $lib in - -L*) - ;; - -l*) - new_lib=`echo $lib | - sed -e s%^-l%$use_gssapi/lib/lib% \ - -e s%$%$gssapi_lib_suffix%` - NEW_LIBS="$NEW_LIBS $new_lib" - ;; - *) - as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 - ;; - esac - done - LIBS="$NEW_LIBS" - ;; - esac - - DST_GSSAPI_INC="-I$use_gssapi/include" + DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -20809,7 +20751,7 @@ $as_echo "" >&6; } +@@ -21001,7 +20943,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). - bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" + bdb_incdirs="/db6 /db5 /db48" # include a blank element first for d in "" $bdb_incdirs do Index: head/dns/bind99/pkg-plist =================================================================== --- head/dns/bind99/pkg-plist (revision 465008) +++ head/dns/bind99/pkg-plist (revision 465009) @@ -1,391 +1,392 @@ bin/arpaname bin/bind9-config bin/dig bin/host bin/isc-config.sh bin/nslookup bin/nsupdate @sample etc/mtree/BIND.chroot.dist.sample @sample etc/mtree/BIND.chroot.local.dist.sample %%ETCDIR%%/bind.keys %%ETCDIR%%/master/empty.db %%ETCDIR%%/master/localhost-forward.db %%ETCDIR%%/master/localhost-reverse.db @sample %%ETCDIR%%/named.conf.sample %%ETCDIR%%/named.root %%ETCDIR%%/rndc.conf.sample include/bind9/check.h include/bind9/getaddresses.h include/bind9/version.h include/dns/acache.h include/dns/acl.h include/dns/adb.h include/dns/bit.h include/dns/byaddr.h include/dns/cache.h include/dns/callbacks.h include/dns/cert.h include/dns/client.h include/dns/clientinfo.h include/dns/compress.h include/dns/db.h include/dns/dbiterator.h include/dns/dbtable.h include/dns/diff.h include/dns/dispatch.h include/dns/dlz.h include/dns/dlz_dlopen.h include/dns/dns64.h include/dns/dnssec.h include/dns/ds.h include/dns/ecdb.h include/dns/enumclass.h include/dns/enumtype.h include/dns/events.h include/dns/fixedname.h include/dns/forward.h include/dns/iptable.h include/dns/journal.h include/dns/keydata.h include/dns/keyflags.h include/dns/keytable.h include/dns/keyvalues.h include/dns/lib.h include/dns/log.h include/dns/lookup.h include/dns/master.h include/dns/masterdump.h include/dns/message.h include/dns/name.h include/dns/ncache.h include/dns/nsec.h include/dns/nsec3.h include/dns/opcode.h include/dns/order.h include/dns/peer.h include/dns/portlist.h include/dns/private.h include/dns/rbt.h include/dns/rcode.h include/dns/rdata.h include/dns/rdataclass.h include/dns/rdatalist.h include/dns/rdataset.h include/dns/rdatasetiter.h include/dns/rdataslab.h include/dns/rdatastruct.h include/dns/rdatatype.h include/dns/request.h include/dns/resolver.h include/dns/result.h include/dns/rootns.h include/dns/rpz.h include/dns/rriterator.h include/dns/rrl.h include/dns/sdb.h include/dns/sdlz.h include/dns/secalg.h include/dns/secproto.h include/dns/soa.h include/dns/ssu.h include/dns/stats.h include/dns/tcpmsg.h include/dns/time.h include/dns/timer.h include/dns/tkey.h include/dns/tsec.h include/dns/tsig.h include/dns/ttl.h include/dns/types.h include/dns/update.h include/dns/validator.h include/dns/version.h include/dns/view.h include/dns/xfrin.h include/dns/zone.h include/dns/zonekey.h include/dns/zt.h include/dst/dst.h include/dst/gssapi.h include/dst/lib.h include/dst/result.h include/isc/app.h include/isc/assertions.h include/isc/atomic.h include/isc/backtrace.h include/isc/base32.h include/isc/base64.h include/isc/bind9.h include/isc/bitstring.h include/isc/boolean.h include/isc/buffer.h include/isc/bufferlist.h include/isc/commandline.h include/isc/condition.h include/isc/counter.h include/isc/dir.h include/isc/entropy.h include/isc/errno.h include/isc/error.h include/isc/event.h include/isc/eventclass.h include/isc/file.h include/isc/formatcheck.h include/isc/fsaccess.h include/isc/hash.h include/isc/heap.h include/isc/hex.h include/isc/hmacmd5.h include/isc/hmacsha.h include/isc/httpd.h include/isc/int.h include/isc/interfaceiter.h include/isc/iterated_hash.h include/isc/keyboard.h include/isc/lang.h include/isc/lex.h include/isc/lfsr.h include/isc/lib.h +include/isc/likely.h include/isc/list.h include/isc/log.h include/isc/magic.h include/isc/md5.h include/isc/mem.h include/isc/msgcat.h include/isc/msgs.h include/isc/mutex.h include/isc/mutexblock.h include/isc/namespace.h include/isc/net.h include/isc/netaddr.h include/isc/netdb.h include/isc/netscope.h include/isc/offset.h include/isc/once.h include/isc/ondestroy.h include/isc/os.h include/isc/parseint.h include/isc/platform.h include/isc/pool.h include/isc/portset.h include/isc/print.h include/isc/queue.h include/isc/quota.h include/isc/radix.h include/isc/random.h include/isc/ratelimiter.h include/isc/refcount.h include/isc/regex.h include/isc/region.h include/isc/resource.h include/isc/result.h include/isc/resultclass.h include/isc/rwlock.h include/isc/safe.h include/isc/serial.h include/isc/sha1.h include/isc/sha2.h include/isc/sockaddr.h include/isc/socket.h include/isc/stat.h include/isc/stats.h include/isc/stdio.h include/isc/stdlib.h include/isc/stdtime.h include/isc/strerror.h include/isc/string.h include/isc/symtab.h include/isc/syslog.h include/isc/task.h include/isc/taskpool.h include/isc/thread.h include/isc/time.h include/isc/timer.h include/isc/tm.h include/isc/types.h include/isc/util.h include/isc/version.h include/isc/xml.h include/isccc/alist.h include/isccc/base64.h include/isccc/cc.h include/isccc/ccmsg.h include/isccc/events.h include/isccc/lib.h include/isccc/result.h include/isccc/sexpr.h include/isccc/symtab.h include/isccc/symtype.h include/isccc/types.h include/isccc/util.h include/isccc/version.h include/isccfg/aclconf.h include/isccfg/cfg.h include/isccfg/dnsconf.h include/isccfg/grammar.h include/isccfg/log.h include/isccfg/namedconf.h include/isccfg/version.h include/lwres/context.h include/lwres/int.h include/lwres/ipv6.h include/lwres/lang.h include/lwres/list.h include/lwres/lwbuffer.h include/lwres/lwpacket.h include/lwres/lwres.h include/lwres/net.h include/lwres/netdb.h include/lwres/platform.h include/lwres/result.h include/lwres/stdlib.h include/lwres/string.h include/lwres/version.h lib/libbind9.a lib/libdns.a lib/libisc.a lib/libisccc.a lib/libisccfg.a lib/liblwres.a man/man1/arpaname.1.gz man/man1/bind9-config.1.gz man/man1/dig.1.gz man/man1/host.1.gz man/man1/isc-config.sh.1.gz man/man1/nslookup.1.gz man/man1/nsupdate.1.gz man/man3/lwres.3.gz man/man3/lwres_addr_parse.3.gz man/man3/lwres_buffer.3.gz man/man3/lwres_buffer_add.3.gz man/man3/lwres_buffer_back.3.gz man/man3/lwres_buffer_clear.3.gz man/man3/lwres_buffer_first.3.gz man/man3/lwres_buffer_forward.3.gz man/man3/lwres_buffer_getmem.3.gz man/man3/lwres_buffer_getuint16.3.gz man/man3/lwres_buffer_getuint32.3.gz man/man3/lwres_buffer_getuint8.3.gz man/man3/lwres_buffer_init.3.gz man/man3/lwres_buffer_invalidate.3.gz man/man3/lwres_buffer_putmem.3.gz man/man3/lwres_buffer_putuint16.3.gz man/man3/lwres_buffer_putuint32.3.gz man/man3/lwres_buffer_putuint8.3.gz man/man3/lwres_buffer_subtract.3.gz man/man3/lwres_conf_clear.3.gz man/man3/lwres_conf_get.3.gz man/man3/lwres_conf_init.3.gz man/man3/lwres_conf_parse.3.gz man/man3/lwres_conf_print.3.gz man/man3/lwres_config.3.gz man/man3/lwres_context.3.gz man/man3/lwres_context_allocmem.3.gz man/man3/lwres_context_create.3.gz man/man3/lwres_context_destroy.3.gz man/man3/lwres_context_freemem.3.gz man/man3/lwres_context_initserial.3.gz man/man3/lwres_context_nextserial.3.gz man/man3/lwres_context_sendrecv.3.gz man/man3/lwres_endhostent.3.gz man/man3/lwres_endhostent_r.3.gz man/man3/lwres_freeaddrinfo.3.gz man/man3/lwres_freehostent.3.gz man/man3/lwres_gabn.3.gz man/man3/lwres_gabnrequest_free.3.gz man/man3/lwres_gabnrequest_parse.3.gz man/man3/lwres_gabnrequest_render.3.gz man/man3/lwres_gabnresponse_free.3.gz man/man3/lwres_gabnresponse_parse.3.gz man/man3/lwres_gabnresponse_render.3.gz man/man3/lwres_gai_strerror.3.gz man/man3/lwres_getaddrinfo.3.gz man/man3/lwres_getaddrsbyname.3.gz man/man3/lwres_gethostbyaddr.3.gz man/man3/lwres_gethostbyaddr_r.3.gz man/man3/lwres_gethostbyname.3.gz man/man3/lwres_gethostbyname2.3.gz man/man3/lwres_gethostbyname_r.3.gz man/man3/lwres_gethostent.3.gz man/man3/lwres_gethostent_r.3.gz man/man3/lwres_getipnode.3.gz man/man3/lwres_getipnodebyaddr.3.gz man/man3/lwres_getipnodebyname.3.gz man/man3/lwres_getnamebyaddr.3.gz man/man3/lwres_getnameinfo.3.gz man/man3/lwres_getrrsetbyname.3.gz man/man3/lwres_gnba.3.gz man/man3/lwres_gnbarequest_free.3.gz man/man3/lwres_gnbarequest_parse.3.gz man/man3/lwres_gnbarequest_render.3.gz man/man3/lwres_gnbaresponse_free.3.gz man/man3/lwres_gnbaresponse_parse.3.gz man/man3/lwres_gnbaresponse_render.3.gz man/man3/lwres_herror.3.gz man/man3/lwres_hstrerror.3.gz man/man3/lwres_inetntop.3.gz man/man3/lwres_lwpacket_parseheader.3.gz man/man3/lwres_lwpacket_renderheader.3.gz man/man3/lwres_net_ntop.3.gz man/man3/lwres_noop.3.gz man/man3/lwres_nooprequest_free.3.gz man/man3/lwres_nooprequest_parse.3.gz man/man3/lwres_nooprequest_render.3.gz man/man3/lwres_noopresponse_free.3.gz man/man3/lwres_noopresponse_parse.3.gz man/man3/lwres_noopresponse_render.3.gz man/man3/lwres_packet.3.gz man/man3/lwres_resutil.3.gz man/man3/lwres_sethostent.3.gz man/man3/lwres_sethostent_r.3.gz man/man3/lwres_string_parse.3.gz man/man5/named.conf.5.gz man/man5/rndc.conf.5.gz man/man8/ddns-confgen.8.gz %%PYTHON%%man/man8/dnssec-checkds.8.gz %%PYTHON%%man/man8/dnssec-coverage.8.gz man/man8/dnssec-dsfromkey.8.gz man/man8/dnssec-importkey.8.gz man/man8/dnssec-keyfromlabel.8.gz man/man8/dnssec-keygen.8.gz man/man8/dnssec-revoke.8.gz man/man8/dnssec-settime.8.gz man/man8/dnssec-signzone.8.gz man/man8/dnssec-verify.8.gz man/man8/genrandom.8.gz man/man8/isc-hmac-fixup.8.gz man/man8/lwresd.8.gz man/man8/named-checkconf.8.gz man/man8/named-checkzone.8.gz man/man8/named-compilezone.8.gz man/man8/named-journalprint.8.gz man/man8/named.8.gz man/man8/nsec3hash.8.gz man/man8/rndc-confgen.8.gz man/man8/rndc.8.gz sbin/ddns-confgen %%PYTHON%%sbin/dnssec-checkds %%PYTHON%%sbin/dnssec-coverage sbin/dnssec-dsfromkey sbin/dnssec-importkey sbin/dnssec-keyfromlabel sbin/dnssec-keygen sbin/dnssec-revoke sbin/dnssec-settime sbin/dnssec-signzone sbin/dnssec-verify sbin/genrandom sbin/isc-hmac-fixup sbin/lwresd sbin/named sbin/named-checkconf sbin/named-checkzone sbin/named-compilezone sbin/named-journalprint sbin/nsec3hash sbin/rndc sbin/rndc-confgen @dir(bind,bind,) %%ETCDIR%%/dynamic @dir %%ETCDIR%%/master @dir(bind,bind,) %%ETCDIR%%/slave @dir(bind,bind,) %%ETCDIR%%/working