diff options
author | Doug Barton <dougb@FreeBSD.org> | 2010-12-03 23:57:16 +0000 |
---|---|---|
committer | Doug Barton <dougb@FreeBSD.org> | 2010-12-03 23:57:16 +0000 |
commit | ee030af2cc2b3c28788ff83c7d26fdf909144e22 (patch) | |
tree | 327bf839cd36ee9b3018aaa1d5f964bf3be9ccdb /dns/bind94/Makefile | |
parent | Update to version 9.6-ESV-R3, the latest from ISC, which addresses (diff) |
Update to version 9.4-ESV-R4, the latest from ISC, which addresses
the following security vulnerability.
For more information regarding these issues please see:
http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
Key algorithm rollover
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
Affects resolver operators who are validating with DNSSEC,
and querying zones which are in a key rollover period.
The bug will cause answers to incorrectly be marked as insecure.
For the port:
1. Add CONFLICT for the ../bind-tools port
2. Remove CONFLICT for the removed ../bind9 port
3. Remove OPTION for threads on < RELENG_7
4. Remove MD5 from distinfo
5. Switch to pkg-install to create the symlinks to /etc/namedb/ as
requested in [1]
PR: ports/151635 [1]
Submitted by: Benjamin Lee <ben@b1c1l1.com> [1]
Notes
Notes:
svn path=/head/; revision=265652
Diffstat (limited to 'dns/bind94/Makefile')
-rw-r--r-- | dns/bind94/Makefile | 24 |
1 files changed, 7 insertions, 17 deletions
diff --git a/dns/bind94/Makefile b/dns/bind94/Makefile index e2b108a90100..264654d023de 100644 --- a/dns/bind94/Makefile +++ b/dns/bind94/Makefile @@ -12,7 +12,7 @@ # release you can generally build it cleanly from the source - Doug PORTNAME= bind94 -PORTVERSION= 9.4.4.ESV.3 +PORTVERSION= 9.4.4.ESV.4 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} \ http://dougbarton.us/Downloads/%SUBDIR%/ @@ -22,10 +22,10 @@ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= dougb@FreeBSD.org -COMMENT= The BIND DNS suite version 9.4-ESV-R1 with updated DNSSEC and threads +COMMENT= The BIND DNS suite with updated DNSSEC and threads # ISC releases things like 9.4.0b3, which our versioning doesn't like -ISCVERSION= 9.4-ESV-R3 +ISCVERSION= 9.4-ESV-R4 MAKE_JOBS_UNSAFE= yes @@ -33,7 +33,7 @@ GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ --with-randomdev=/dev/random -CONFLICTS= bind9*-9.[3567].* bind9-sdb-* host-* +CONFLICTS= bind9*-9.[567].* bind9-sdb-* host-* bind-tools-9.* OPTIONS= SSL "Building without OpenSSL removes DNSSEC" on \ LINKS "Create conf file symlinks in ${PREFIX}" on \ @@ -41,6 +41,7 @@ OPTIONS= SSL "Building without OpenSSL removes DNSSEC" on \ LARGE_FILE "64-bit file support" off \ SIGCHASE "dig/host/nslookup will do DNSSEC validation" off \ IPV6 "IPv6 Support (autodetected by default)" off \ + THREADS "Compile with thread support" on \ DLZ_POSTGRESQL "DLZ Postgres driver" off \ DLZ_MYSQL "DLZ MySQL driver (single-threaded BIND)" off \ DLZ_BDB "DLZ BDB driver" off \ @@ -53,13 +54,6 @@ USE_OPENSSL= yes .include <bsd.port.pre.mk> -# We are ok by default from 7.0-RELEASE on -.if ${OSVERSION} >= 700055 -OPTIONS+= THREADS "Compile with thread support" on -.else -OPTIONS+= THREADS "Compile w/threads (Not Recommended <FreeBSD-7)" off -.endif - .if !defined(WITHOUT_SSL) CONFIGURE_ARGS+= --with-openssl=${OPENSSLBASE} .else @@ -211,6 +205,7 @@ post-patch: ${WRKSRC}/bin/${FILE}.Dist > ${WRKSRC}/bin/${FILE} .endfor +PKGINSTALL= ${.CURDIR}/../bind97/pkg-install post-install: ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${BIND_DESTETC}/rndc.conf.sample @@ -223,12 +218,7 @@ post-install: ${WRKSRC}/README ${DOCSDIR}/ .endif .if !defined(WITHOUT_LINKS) && !defined(WITH_REPLACE_BASE) - ${MKDIR} /var/named${PREFIX}/etc -.for DIR in ${PREFIX}/etc /var/named${PREFIX}/etc -.for FILE in named.conf rndc.key - ${LN} -sf /etc/namedb/${FILE} ${DIR}/${FILE} -.endfor -.endfor + PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL .endif @${CAT} ${PKGMESSAGE} |