From ee030af2cc2b3c28788ff83c7d26fdf909144e22 Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Fri, 3 Dec 2010 23:57:16 +0000 Subject: Update to version 9.4-ESV-R4, the latest from ISC, which addresses the following security vulnerability. For more information regarding these issues please see: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories Key algorithm rollover http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 Affects resolver operators who are validating with DNSSEC, and querying zones which are in a key rollover period. The bug will cause answers to incorrectly be marked as insecure. For the port: 1. Add CONFLICT for the ../bind-tools port 2. Remove CONFLICT for the removed ../bind9 port 3. Remove OPTION for threads on < RELENG_7 4. Remove MD5 from distinfo 5. Switch to pkg-install to create the symlinks to /etc/namedb/ as requested in [1] PR: ports/151635 [1] Submitted by: Benjamin Lee [1] --- dns/bind94/Makefile | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) (limited to 'dns/bind94/Makefile') diff --git a/dns/bind94/Makefile b/dns/bind94/Makefile index e2b108a90100..264654d023de 100644 --- a/dns/bind94/Makefile +++ b/dns/bind94/Makefile @@ -12,7 +12,7 @@ # release you can generally build it cleanly from the source - Doug PORTNAME= bind94 -PORTVERSION= 9.4.4.ESV.3 +PORTVERSION= 9.4.4.ESV.4 CATEGORIES= dns net ipv6 MASTER_SITES= ${MASTER_SITE_ISC} \ http://dougbarton.us/Downloads/%SUBDIR%/ @@ -22,10 +22,10 @@ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= dougb@FreeBSD.org -COMMENT= The BIND DNS suite version 9.4-ESV-R1 with updated DNSSEC and threads +COMMENT= The BIND DNS suite with updated DNSSEC and threads # ISC releases things like 9.4.0b3, which our versioning doesn't like -ISCVERSION= 9.4-ESV-R3 +ISCVERSION= 9.4-ESV-R4 MAKE_JOBS_UNSAFE= yes @@ -33,7 +33,7 @@ GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ --with-randomdev=/dev/random -CONFLICTS= bind9*-9.[3567].* bind9-sdb-* host-* +CONFLICTS= bind9*-9.[567].* bind9-sdb-* host-* bind-tools-9.* OPTIONS= SSL "Building without OpenSSL removes DNSSEC" on \ LINKS "Create conf file symlinks in ${PREFIX}" on \ @@ -41,6 +41,7 @@ OPTIONS= SSL "Building without OpenSSL removes DNSSEC" on \ LARGE_FILE "64-bit file support" off \ SIGCHASE "dig/host/nslookup will do DNSSEC validation" off \ IPV6 "IPv6 Support (autodetected by default)" off \ + THREADS "Compile with thread support" on \ DLZ_POSTGRESQL "DLZ Postgres driver" off \ DLZ_MYSQL "DLZ MySQL driver (single-threaded BIND)" off \ DLZ_BDB "DLZ BDB driver" off \ @@ -53,13 +54,6 @@ USE_OPENSSL= yes .include -# We are ok by default from 7.0-RELEASE on -.if ${OSVERSION} >= 700055 -OPTIONS+= THREADS "Compile with thread support" on -.else -OPTIONS+= THREADS "Compile w/threads (Not Recommended ${WRKSRC}/bin/${FILE} .endfor +PKGINSTALL= ${.CURDIR}/../bind97/pkg-install post-install: ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${BIND_DESTETC}/rndc.conf.sample @@ -223,12 +218,7 @@ post-install: ${WRKSRC}/README ${DOCSDIR}/ .endif .if !defined(WITHOUT_LINKS) && !defined(WITH_REPLACE_BASE) - ${MKDIR} /var/named${PREFIX}/etc -.for DIR in ${PREFIX}/etc /var/named${PREFIX}/etc -.for FILE in named.conf rndc.key - ${LN} -sf /etc/namedb/${FILE} ${DIR}/${FILE} -.endfor -.endfor + PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL .endif @${CAT} ${PKGMESSAGE} -- cgit v1.2.3