Commit graph

75 commits

Author SHA1 Message Date
Doug Barton
cfda064524 For the ports that I maintain, do the following as appropriate:
1. Add myself as a backup master site (Sourceforge and CPAN ports
already have good enough coverage, so skip them).
2. For all ports that have them, download the PGP signature files.
3. For ports in 2, add a verify target to the Makefile
4. For ports where I was already providing a master site, update the URL.
5. Pet portlint in a couple of places.
2005-10-29 07:13:29 +00:00
Doug Barton
700756844d This issue was researched by glebius, and this patch was
incorporated by ISC into the next version of BIND.

The patch addresses a problem with high-load resolvers which
hit memory barriers. Without this patch, running the resolving
name server out of memory would lead to "unpredictable results."

Of course, the canonical answer to this problem is to put more
memory into the system, however that is not always possible, and
the code should be able to handle this situation gracefully in
any case.

Approved by:	portmgr (krion)
2005-08-18 19:12:08 +00:00
Doug Barton
6d4b4b627b ISC staff has informed me that in BIND 9.3.x, threads are always a
bad idea, so disable them in all cases unless the user has
affirmatively requested this through the define.
2005-06-29 08:10:25 +00:00
Doug Barton
96dbf2741c 1. The OPTIONS stuff isn't working the way it should according to reports,
so rip it out until I have a chance to debug it.

2. Improve the comment about deprecating an old knob.
2005-03-17 07:07:51 +00:00
Doug Barton
8f80a0e30e Upgrade to 9.3.1, the latest version from ISC. This version contains
several important fixes, including a remote (although unlikely) exploit.
See the CHANGES file for details.

All users of BIND 9 are highly encouraged to upgrade to this version.

Changes to the port include:
1. Remove ISC patch to 9.3.0 that addressed the remote exploit
2. Change to OPTIONS, and thereby
3. --enable-threads is now the default. Users report that the new thread
code in 9.3.x works significantly better than the old on all versions of
FreeBSD.
4. Add a temporary shim for the old PORT_REPLACES_BASE_BIND9 option.
The OPTIONS framework requires knobs to start with WITH_ or WITHOUT_
5. Remove patch that shoehorned named.conf.5 into the right place,
it has been fixed in the code.
2005-03-13 10:52:52 +00:00
Doug Barton
400315c158 Include a patch from ISC to deal with the following vulnerability:
Name:			BIND: Self Check Failing [Added 2005.25.01]
Versions affected:	BIND 9.3.0
Severity:		LOW
Exploitable:		Remotely
Type:			Denial of Service
Description:
An incorrect assumption in the validator (authvalidated) can result in a
REQUIRE (internal consistancy) test failing and named exiting.

Workarounds:
Turn off dnssec validation (off by default) at the options/view level.

	dnssec-enable no;

Active Exploits:	None known

Bump PORTREVISION accordingly.

It should be noted that the vast majority of users would not have
DNSSEC enabled, and therefore are not vulnerable to this bug.
2005-01-28 20:47:44 +00:00
Doug Barton
48ccb4f2c8 The parens around the OSVERSION test were fatal for < 4.9, and did not
provide anything useful for newer systems, so remove them.

PR:		ports/72118
Submitted by:	Michel Lavondes <fox@vader.aacc.cc.md.us>
Approved by:	portmgr (eik)
2004-09-27 04:43:55 +00:00
Doug Barton
d4984bf979 Update to BIND 9.3.0, the latest from ISC. This version has several
significant updates, not the least of which is the new and improved
DNSSEC code based on the latest standards (including DS).

Various updates to the port, including:
1. Download the PGP signature
2. If running on ${OSVERSION} >= 503000, configure with threads
3. Update pkg-descr re IPv6 RRs
4. Update pkg-message to reflect a world with 6-current

There is also a patch to correct a man page installation error.
This problem should be fixed in the next release.

Approved by:	portmgr (marcus)
2004-09-24 04:03:31 +00:00
Doug Barton
c2809c490a The ringserver sites don't have the latest BIND 9.
Submitted by:	fenner's distfile survey
2004-04-04 06:19:46 +00:00
Doug Barton
23f07f556e DISTNAME is a slightly less painful way of dealing with wacky
version numbers.
2004-03-14 23:06:52 +00:00
Doug Barton
eade3ab710 Now that the SIZE thing has stabilized, add it to the ports I maintain. 2004-03-14 00:17:57 +00:00
Doug Barton
fbe9f7ffc6 I specifically stated that I did not want to bump portepoch for this port.
I realize that my error in version numbering previously caused some confusion
about 9.2.3 being a more up to date version than 9.2.3.4, but this will quickly
be resolved with the next version, and affected only a few users who installed
the release candidate. The portepoch change is permanent, and perpetuates a
silly kludge for no good reason.

Please do not change this again without discussing it with me.
2003-10-28 11:54:41 +00:00
Edwin Groothuis
f87daeeabb Fix removal of the last digit in the version number issue.
[~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3
>
[~/cvs/ports/dns/bind9] edwin@k7>pkg_version -t 9.2.3.4 9.2.3,1
<
2003-10-28 09:15:03 +00:00
Doug Barton
30538e2406 Upgrade to the 9.2.3 release version 2003-10-24 23:10:57 +00:00
Doug Barton
6825ecd5f0 Unbreak(?) USE_OPENSSL support for people that don't have it in the base
Submitted by:	A cast of thousands
2003-10-02 19:18:54 +00:00
Doug Barton
fbfadf0fbc Upgrade to version 9.2.3rc4.
The 9.2.3 code has many many bugs fixed from 9.2.2, check CHANGES
for more information.

The rc4 code has the delegation-only options. Check the ARM for
information on how to enable it.
2003-09-25 05:08:39 +00:00
Doug Barton
d60aaa0273 DOCSDIR'ify 2003-09-25 05:05:02 +00:00
Edwin Groothuis
bf60be81d1 Chase repocopies towards ports/dns
PR:		ports/56020
Submitted by:	Kimura Fuyuki <fuyuki@nigredo.org>
Approved by:	portmgr
2003-09-05 07:33:51 +00:00
Edwin Groothuis
fa1ac61168 Massive repo-copies request: net->dns (partly devel->dns)
PR:		ports/56020
Submitted by:	Kimura Fuyuki <fuyuki@nigredo.org>
Approved by:	portmgr
2003-09-05 04:54:37 +00:00
Doug Barton
95cfdcc8b6 Display the new pkg-message after port build. 2003-06-07 22:56:34 +00:00
Doug Barton
980e994574 Add a message to explain how to configure randomness, and rndc. 2003-06-07 22:49:52 +00:00
Doug Barton
d891e5ba6c * Update to version 9.2.2, the latest from ISC. This version contains no
new features compared to 9.2.1, only bug fixes. Users of BIND 9 are
highly encouraged to upgrade.

* Switch to Makefile COMMENT
2003-03-04 09:44:15 +00:00
Doug Barton
b8faddb15a Switch to Makefile comment 2003-03-04 09:41:48 +00:00
Doug Barton
e9fa4d1d0f Add my name and e-mail 2003-03-04 09:41:31 +00:00
Doug Barton
5c2fc66d06 Upgrade to 9.2.2rc1. This version has been available for several months, and
is widely considered to be more stable than 9.2.1. I would have preferred
a -REL version, but better is better.

* Clean up the Makefile a little
* Just say no to threads
* Add the PORT_REPLACES_BASE magic, similar to the bind8 port
2003-01-26 08:42:01 +00:00
Ying-Chieh Liao
ba6b295580 typo
Submitted by:	Kimura Fuyuki <fuyuki@hadaly.org>
2002-08-01 09:23:06 +00:00
Ying-Chieh Liao
e1bfe4684c add MASTER_SITE_ISC (1) and apply them
PR:		41218
Submitted by:	Kimura Fuyuki <fuyuki@hadaly.org> (1)
2002-08-01 07:35:52 +00:00
Doug Barton
b00185e8b6 Update to the latest release version 2002-05-22 05:22:31 +00:00
Doug Barton
31d52c8c98 Upgrade to 9.2.1rc2, the latest from ISC. Numerous bugs were fixed,
see /usr/local/share/doc/bind9/CHANGES after installation for details.
2002-04-08 08:32:47 +00:00
Doug Barton
26070aa7ab Fix PORTVERSION so that wacky things don't happen down the road.
In my previous commit I forgot to mention that 'pkg_add -r bind' is
only half the rationale for changing PORTNAME. The other half is so
that people who really want to can 'pkg_add -r bind9'.
2002-03-17 19:09:09 +00:00
Doug Barton
f5fbcb7753 Upgrade to the latest release candidate, 9.2.1rc1. Numerous 9.x bugs
are fixed in this version, however BIND 9 is still recommended only
for early adopters, and those that have time to closely monitor
their name service.

* Change PORTNAME to bind9 so that 'pkg_add -r bind' does the right thing
* Use the local version of openssl, and disable threads on all but
the most recent -current. Thread support is still considered experimental.
2002-03-17 06:47:25 +00:00
Doug Barton
564fdfefb4 Add some mirrors 2001-08-15 00:03:13 +00:00
Doug Barton
832ba252d4 Update port version to ISC's latest stable release 2001-07-24 18:10:31 +00:00
Doug Barton
83c87ae0b7 Upgrade to 9.1.3rc1, whose most significant change is a fix for
some IXFR problems.
2001-05-28 08:27:10 +00:00
Doug Barton
cc95368efa Upgrade to BIND 9.1.2-Release. There is no newe functionality, but
it is highly recommended that all users of BIND 9 upgrade to this
maintenance release.
2001-05-09 06:32:43 +00:00
Doug Barton
683eaaa4ff Update to the actual release version of 9.1.1. If you're using
bind 9, upgrade to this version.
2001-04-03 07:37:00 +00:00
Doug Barton
233ba03753 Latest bug fixes, FOR GREAT JUSTICE !! 2001-03-27 08:45:23 +00:00
Doug Barton
18a209367d Latest bug fixes and documentation updates. 2001-03-23 14:37:41 +00:00
Doug Barton
27b6c96d7e Latest bug fixes, no features added. 2001-03-19 09:11:31 +00:00
Doug Barton
e9605e1f63 Upgrade to ISC's latest. No new features, but a few useful bug fixes. 2001-03-10 20:56:44 +00:00
Jun Kuriyama
4ba90539ee Add more master sites.
Approved by:	maintainer
2001-03-02 07:28:36 +00:00
Doug Barton
cd9640f64f Update to ISC's latest 2001-02-27 08:08:59 +00:00
Doug Barton
db375cb582 Latest update from ISC. Truly just bugfixes. 2001-02-13 07:33:34 +00:00
Doug Barton
6fd266d4aa Update to ISC's bug fix release. For those who wish to (or need to)
use BIND 9 this upgrade is highly recommended.
2001-02-08 08:35:46 +00:00
Doug Barton
53414b33c4 I knew I forgot something... the patch is reported to substantially
improve the resistance to DOS, so this is worth a portrevision bump.
2001-02-07 20:34:50 +00:00
Doug Barton
e77ea8ac3f Major overhaul, including an updated man/plist, patching the man pages
to make the location of etc/ files prefix-safe. Install a sample
rndc.conf file. Since rndc won't start without one the user should have
an example to work from. Add the installation of various docs wrapped
in a NOPORTDOCS test.

Last but not least, add a patch that turns off the debugging code ISC
left on by default. This should help solve the problems with
misbehaving assert's, related to nmap and other causes.
2001-02-07 12:36:27 +00:00
Doug Barton
858f4921c4 Take over maintainership of the BIND's. This is something I use every day,
so I'm on top of the security advisories, etc.
2001-01-31 07:21:26 +00:00
Will Andrews
e5a7427bfb Update to 9.1.0; replace Makefile.in patch with perl regex.
Requested by:	Joong Hyun Kim <better@ns1.betterbox.net>
2001-01-21 00:42:49 +00:00
Ade Lovett
09a4ed7fa5 Add CONFIGURE_ARGS so that named/lwresd put their pid files
in the "right" place (/var/run), as opposed to ${PREFIX}/var/run
2000-12-01 23:42:12 +00:00
Doug Barton
d4d172612f Update to 9.0.1
PR:		ports/22941
Submitted by:	Leif Neland, leifn@neland.dk
2000-11-19 19:21:02 +00:00