Date: Fri, 11 Apr 2014 23:13:27 +0200 (CEST) From: Jaap Akkerhuis <jaap@NLnetLabs.nl> To: FreeBSD-gnats-submit@freebsd.org Cc: jaap@nlnetlabs.nl Subject: ports/188482: [MAINTAINER] dns/opendnssec: update to 1.4.5 Message-ID: <201404112113.s3BLDRxm017482@bela.nlnetlabs.nl> Resent-Message-ID: <201404112120.s3BLK0e1024672@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 188482 >Category: ports >Synopsis: [MAINTAINER] dns/opendnssec: update to 1.4.5 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Apr 11 21:20:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Jaap Akkerhuis >Release: FreeBSD 10.0-STABLE amd64 >Organization: NLnet Labs >Environment: System: FreeBSD bela.nlnetlabs.nl 10.0-STABLE FreeBSD 10.0-STABLE #23 r264273: Wed Apr 9 02:50:35 >Description: Note to committer: This update superceeds the update to 1.4.4, <http://www.freebsd.org/cgi/query-pr.cgi?pr=188064>; For reasons unknown to me, this one got never got condidered nor comitted. - Update to 1.4.5 Added Staging support; Modern options handling where possible. Bugfixes: OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key generation. OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4 on MySQL. Reported by Mark Elkins <mje@posix.co.za> Includes the update to 1.4.4: Updates: SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-574]. OPENDNSSEC-358: ods-ksmutil: Extend 'key list' command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output. OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441). Bugfixes: SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512]. SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired [OPENDNSSEC-526]. SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug [OPENDNSSEC-529]. SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/ SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace [OPENDNSSEC-520]. SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain dates [OPENDNSSEC-553]. SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576]. SUPPORT-127: ods-signer: Fix manpage sections. OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output type parameter to allow only File or DNS. OPENDNSSEC-481: libhsm: Fix an off-by-one length check error. OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects. OPENDNSSEC-531: ods-ksmutil: Exported value of in 'policy export' output could be wrong on MySQL. OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id. OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR request with EDNS. OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion. OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA. Signer Engine: Fix a race condition when stopping daemon. Generated with FreeBSD Port Tools 1.00.2014.03.23 (mode: update, diff: ports) >How-To-Repeat: >Fix: --- opendnssec-1.4.5.patch begins here --- diff -ruN /usr/ports/dns/opendnssec/Makefile ./Makefile --- /usr/ports/dns/opendnssec/Makefile 2013-12-07 20:01:55.031669593 +0100 +++ ./Makefile 2014-04-11 21:29:37.640538529 +0200 @@ -2,14 +2,14 @@ # $FreeBSD: head/dns/opendnssec/Makefile 335687 2013-12-05 20:25:54Z sunpoet $ PORTNAME= opendnssec -PORTVERSION= 1.4.3 +PORTVERSION= 1.4.5 CATEGORIES= dns MASTER_SITES= http://dist.opendnssec.org/source/ MAINTAINER= jaap@NLnetLabs.nl COMMENT= Tool suite for maintaining DNSSEC -LICENSE= BSD +LICENSE= BSD3CLAUSE BUILD_DEPENDS= ldns>=1.6.16:${PORTSDIR}/dns/ldns LIB_DEPENDS= libldns.so:${PORTSDIR}/dns/ldns @@ -26,40 +26,38 @@ USERS= opendnssec GROUPS= opendnssec -MAN1= ods-hsmspeed.1 ods-hsmutil.1 ods-ksmutil.1 ods-kaspcheck.1 -MAN5= ods-timing.5 -MAN7= opendnssec.7 -MAN8= ods-control.8 ods-enforcerd.8 ods-signer.8 ods-signerd.8 +PORTDOCS= KNOWN_ISSUES MIGRATION NEWS README.md -PORTDOCS= KNOWN_ISSUES MIGRATION NEWS README +OPTIONS_DEFINE= SOFTHSM +OPTIONS_SUB= yes -OPTIONS_DEFINE= SOFTHSM MYSQL -SOFTHSM_DESC= SoftHSM cryptographic store for PKCS \#11 interface +OPTIONS_SINGLE= DB +OPTIONS_SINGLE_DB= MYSQL SQLITE OPTIONS_DEFAULT= MYSQL -NO_STAGE= yes +SOFTHSM_DESC= SoftHSM cryptographic store for PKCS \#11 interface + +MYSQL_DESC= Use MYSQL backend +SQLITE_DESC= Use SQLite backend + +SQLITE_USE= yes + .include <bsd.port.options.mk> .if ${PORT_OPTIONS:MMYSQL} -CONFIGURE_ARGS+= --with-mysql=${LOCALBASE} CONFIGURE_ARGS+= --with-database-backend=mysql USE_MYSQL= compat -PLIST_SUB+= SQLITE="@comment " -PLIST_SUB+= MYSQL="" PORTDATA= migrate_adapters_1.mysql migrate_keyshare_mysql.pl \ migrate_zone_delete.mysql migrate_id_mysql.pl migrate_to_ng_mysql.pl -.else -CONFIGURE_ARGS+=--with-sqlite3=${LOCALBASE} +.endif + +.if ${PORT_OPTIONS:MSQLITE} BUILD_DEPENDS+= sqlite3>=3.3.9:${PORTSDIR}/databases/sqlite3 -LIB_DEPENDS+= sqlite3:${PORTSDIR}/databases/sqlite3 -PLIST_SUB+= SQLITE="" -PLIST_SUB+= MYSQL="@comment " PORTDATA= database_create.sqlite3 migrate_keyshare_sqlite3.pl \ migrate_adapters_1.sqlite3 migrate_to_ng_sqlite.pl .endif .if ${PORT_OPTIONS:MSOFTHSM} -CONFIGURE_ARGS+= --with-softhsm CONFIGURE_ARGS+= --with-pkcs11-softhsm=${LOCALBASE}/lib/libsofthsm.so RUN_DEPENDS+= softhsm>=1.2.0:${PORTSDIR}/security/softhsm .endif @@ -73,13 +71,13 @@ post-install: .if ${PORT_OPTIONS:MDOCS} - @${MKDIR} ${DOCSDIR} - ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${DOCSDIR} + @${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR} .endif .if !defined(BATCH) @${CAT} ${PKGMESSAGE} .endif - ${INSTALL_DATA} ${PORTDATA:S|^|${WRKSRC}/enforcer/utils/|} ${DATADIR} - ${CHOWN} -R ${USERS}:${GROUPS} ${PREFIX}/var/opendnssec + ${INSTALL_DATA} ${PORTDATA:S|^|${WRKSRC}/enforcer/utils/|} ${STAGEDIR}${DATADIR} +# ${CHOWN} -R ${USERS}:${GROUPS} ${PREFIX}/var/opendnssec .include <bsd.port.mk> diff -ruN /usr/ports/dns/opendnssec/distinfo ./distinfo --- /usr/ports/dns/opendnssec/distinfo 2013-12-07 20:01:55.029668123 +0100 +++ ./distinfo 2014-04-11 21:30:04.871535871 +0200 @@ -1,2 +1,2 @@ -SHA256 (opendnssec-1.4.3.tar.gz) = 22979b53851a1ec74a242ca89bbd1fc58a170272f33c6a395f0ab14f6244e491 -SIZE (opendnssec-1.4.3.tar.gz) = 1012398 +SHA256 (opendnssec-1.4.5.tar.gz) = c4d4366497ab096c6887c51f7518d546a0419a44dfad1f57d4ec9e67bb95019b +SIZE (opendnssec-1.4.5.tar.gz) = 1009953 diff -ruN /usr/ports/dns/opendnssec/pkg-plist ./pkg-plist --- /usr/ports/dns/opendnssec/pkg-plist 2014-01-30 23:28:38.915027605 +0100 +++ ./pkg-plist 2014-04-02 21:42:32.073410534 +0200 @@ -30,6 +30,21 @@ %%DATADIR%%/signconf.rng %%DATADIR%%/zonelist.rnc %%DATADIR%%/zonelist.rng +man/man1/ods-hsmspeed.1.gz +man/man1/ods-hsmutil.1.gz +man/man1/ods-ksmutil.1.gz +man/man1/ods-kaspcheck.1.gz +man/man5/ods-timing.5.gz +man/man7/opendnssec.7.gz +man/man8/ods-control.8.gz +man/man8/ods-enforcerd.8.gz +man/man8/ods-signer.8.gz +man/man8/ods-signerd.8.gz +@exec chown opendnssec:opendnssec %D/var/opendnssec/unsigned +@exec chown opendnssec:opendnssec %D/var/opendnssec/tmp +@exec chown opendnssec:opendnssec %D/var/opendnssec/signed +@exec chown opendnssec:opendnssec %D/var/opendnssec/signconf +@dirrm var/opendnssec @dirrm var/opendnssec/unsigned @dirrm var/opendnssec/tmp @dirrm var/opendnssec/signed @@ -37,11 +52,6 @@ @dirrm var/opendnssec @dirrm %%DATADIR%% @dirrm %%ETCDIR%% -@exec mkdir -p %D/var/run/opendnssec -@exec mkdir -p %D/var/opendnssec/unsigned -@exec mkdir -p %D/var/opendnssec/tmp -@exec mkdir -p %D/var/opendnssec/signed -@exec mkdir -p %D/var/opendnssec/signconf @dirrmtry var/run/opendnssec @dirrmtry var/run @dirrmtry var --- opendnssec-1.4.5.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404112113.s3BLDRxm017482>