diff options
Diffstat (limited to 'dns')
| -rw-r--r-- | dns/bind911/Makefile | 4 | ||||
| -rw-r--r-- | dns/bind911/distinfo | 6 | ||||
| -rw-r--r-- | dns/bind911/files/extrapatch-bind-min-override-ttl | 20 | ||||
| -rw-r--r-- | dns/bind911/files/patch-CVE-2018-5738 | 127 | ||||
| -rw-r--r-- | dns/bind911/files/patch-bin_named_include_named_globals.h | 4 | ||||
| -rw-r--r-- | dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in | 4 | ||||
| -rw-r--r-- | dns/bind911/files/patch-configure | 8 | ||||
| -rw-r--r-- | dns/bind912/Makefile | 4 | ||||
| -rw-r--r-- | dns/bind912/distinfo | 6 | ||||
| -rw-r--r-- | dns/bind912/files/extrapatch-bind-min-override-ttl | 20 | ||||
| -rw-r--r-- | dns/bind912/files/patch-CVE-2018-5738 | 112 | ||||
| -rw-r--r-- | dns/bind912/files/patch-bin_named_include_named_globals.h | 4 | ||||
| -rw-r--r-- | dns/bind912/files/patch-bin_tests_system_dlzexternal_Makefile.in | 4 | ||||
| -rw-r--r-- | dns/bind912/files/patch-configure | 8 | ||||
| -rw-r--r-- | dns/bind912/files/patch-libressl2.7 | 386 | ||||
| -rw-r--r-- | dns/bind913/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind913/distinfo | 6 | ||||
| -rw-r--r-- | dns/bind913/files/extrapatch-bind-min-override-ttl | 22 | ||||
| -rw-r--r-- | dns/bind913/files/patch-configure | 8 | ||||
| -rw-r--r-- | dns/bind913/pkg-plist | 1 |
20 files changed, 66 insertions, 690 deletions
diff --git a/dns/bind911/Makefile b/dns/bind911/Makefile index 730729b2825f..ca19a6d4a4ee 100644 --- a/dns/bind911/Makefile +++ b/dns/bind911/Makefile @@ -3,7 +3,7 @@ PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} PKGNAMESUFFIX= 911 @@ -20,7 +20,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= cpe libedit # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.3 +ISCVERSION= 9.11.4 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} diff --git a/dns/bind911/distinfo b/dns/bind911/distinfo index 036488a510f5..7f229f4d4fa9 100644 --- a/dns/bind911/distinfo +++ b/dns/bind911/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1521455716 -SHA256 (bind-9.11.3.tar.gz) = 0d9dde14b2ec7f9cdc3b69f19540c7a2e4eee7b6c727965dfae48810965876f5 -SIZE (bind-9.11.3.tar.gz) = 9523375 +TIMESTAMP = 1531290674 +SHA256 (bind-9.11.4.tar.gz) = 595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617 +SIZE (bind-9.11.4.tar.gz) = 9621408 diff --git a/dns/bind911/files/extrapatch-bind-min-override-ttl b/dns/bind911/files/extrapatch-bind-min-override-ttl index d71dfd47f865..d99a4463a3b2 100644 --- a/dns/bind911/files/extrapatch-bind-min-override-ttl +++ b/dns/bind911/files/extrapatch-bind-min-override-ttl @@ -1,6 +1,6 @@ ---- bin/named/config.c.orig 2018-01-24 21:23:16 UTC +--- bin/named/config.c.orig 2018-06-10 06:06:33 UTC +++ bin/named/config.c -@@ -171,6 +171,8 @@ options {\n\ +@@ -176,6 +176,8 @@ options {\n\ " max-acache-size 16M;\n\ max-cache-size 90%;\n\ max-cache-ttl 604800; /* 1 week */\n\ @@ -9,9 +9,9 @@ max-clients-per-query 100;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ max-recursion-depth 7;\n\ ---- bin/named/server.c.orig 2018-01-24 21:23:16 UTC +--- bin/named/server.c.orig 2018-06-10 06:06:33 UTC +++ bin/named/server.c -@@ -3699,6 +3699,16 @@ configure_view(dns_view_t *view, dns_vie +@@ -3692,6 +3692,16 @@ configure_view(dns_view_t *view, dns_vie } obj = NULL; @@ -28,9 +28,9 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-01-24 21:23:16 UTC +--- lib/dns/include/dns/view.h.orig 2018-06-10 06:06:33 UTC +++ lib/dns/include/dns/view.h -@@ -146,6 +146,8 @@ struct dns_view { +@@ -150,6 +150,8 @@ struct dns_view { isc_boolean_t requestnsid; isc_boolean_t sendcookie; dns_ttl_t maxcachettl; @@ -39,9 +39,9 @@ dns_ttl_t maxncachettl; isc_uint32_t nta_lifetime; isc_uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2018-01-24 21:23:16 UTC +--- lib/dns/resolver.c.orig 2018-06-10 06:06:33 UTC +++ lib/dns/resolver.c -@@ -5477,6 +5477,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5473,6 +5473,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -60,9 +60,9 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-01-24 21:23:16 UTC +--- lib/isccfg/namedconf.c.orig 2018-06-10 06:06:33 UTC +++ lib/isccfg/namedconf.c -@@ -1766,6 +1766,8 @@ view_clauses[] = { +@@ -1770,6 +1770,8 @@ view_clauses[] = { #endif { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, diff --git a/dns/bind911/files/patch-CVE-2018-5738 b/dns/bind911/files/patch-CVE-2018-5738 deleted file mode 100644 index ff81198b8750..000000000000 --- a/dns/bind911/files/patch-CVE-2018-5738 +++ /dev/null @@ -1,127 +0,0 @@ -commit 3d71785ef143b670409affee203145eb39266d87 -Author: Evan Hunt <each@isc.org> -Date: 2018-06-04 21:55:41 -0700 - - allow-recursion could incorrectly inherit from the default allow-query - ---- CHANGES.orig 2018-03-08 20:55:28 UTC -+++ CHANGES -@@ -1,3 +1,10 @@ -+4960. [security] When recursion is enabled, but the "allow-recursion" -+ and "allow-query-cache" ACLs are not specified, -+ they should be limited to local networks, -+ but were inadvertently set to match the default -+ "allow-query", thus allowing remote queries. -+ (CVE-2018-5738) [GL #309] -+ - --- 9.11.3 released --- - --- 9.11.3rc2 released --- - ---- bin/named/server.c.orig 2018-03-08 20:55:28 UTC -+++ bin/named/server.c -@@ -3376,10 +3376,6 @@ configure_view(dns_view_t *view, dns_vie - dns_acache_setcachesize(view->acache, max_acache_size); - } - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query", NULL, actx, -- ns_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -4258,9 +4254,6 @@ configure_view(dns_view_t *view, dns_vie - INSIST(result == ISC_R_SUCCESS); - view->trust_anchor_telemetry = cfg_obj_asboolean(obj); - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query-cache-on", NULL, actx, -- ns_g_mctx, &view->cacheonacl)); - /* - * Set sources where additional data and CNAME/DNAME - * targets for authoritative answers may be found. -@@ -4287,22 +4280,40 @@ configure_view(dns_view_t *view, dns_vie - view->additionalfromcache = ISC_TRUE; - } - -+ CHECK(configure_view_acl(vconfig, config, ns_g_config, -+ "allow-query-cache-on", NULL, actx, -+ ns_g_mctx, &view->cacheonacl)); -+ - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, ns_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ ns_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ ns_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - ns_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - ns_g_mctx, &view->recursiononacl)); -@@ -4340,18 +4351,21 @@ configure_view(dns_view_t *view, dns_vie - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion", NULL, - actx, ns_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion-on", NULL, - actx, ns_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-query-cache", NULL, - actx, ns_g_mctx, -@@ -4365,6 +4379,14 @@ configure_view(dns_view_t *view, dns_vie - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, ns_g_config, -+ "allow-query", NULL, -+ actx, ns_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, diff --git a/dns/bind911/files/patch-bin_named_include_named_globals.h b/dns/bind911/files/patch-bin_named_include_named_globals.h index 6a11fb802a11..9f5abb33c1c5 100644 --- a/dns/bind911/files/patch-bin_named_include_named_globals.h +++ b/dns/bind911/files/patch-bin_named_include_named_globals.h @@ -1,8 +1,8 @@ We reference the pid file as being run/named/pid everywere else. ---- bin/named/include/named/globals.h.orig 2018-01-04 05:28:11 UTC +--- bin/named/include/named/globals.h.orig 2018-06-10 06:06:33 UTC +++ bin/named/include/named/globals.h -@@ -135,7 +135,7 @@ EXTERN isc_boolean_t ns_g_forcelock IN +@@ -138,7 +138,7 @@ EXTERN isc_boolean_t ns_g_forcelock IN #if NS_RUN_PID_DIR EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR "/run/named/" diff --git a/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in b/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in index 4b79d1b9151a..10d490aecb0e 100644 --- a/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in +++ b/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in @@ -1,6 +1,6 @@ ---- bin/tests/system/dlzexternal/Makefile.in.orig 2017-04-14 03:58:25 UTC +--- bin/tests/system/dlzexternal/Makefile.in.orig 2018-06-10 06:06:33 UTC +++ bin/tests/system/dlzexternal/Makefile.in -@@ -31,7 +31,7 @@ OBJS = +@@ -34,7 +34,7 @@ OBJS = @BIND9_MAKE_RULES@ CFLAGS = @CFLAGS@ @SO_CFLAGS@ diff --git a/dns/bind911/files/patch-configure b/dns/bind911/files/patch-configure index bfc0685881cc..550d35b914a4 100644 --- a/dns/bind911/files/patch-configure +++ b/dns/bind911/files/patch-configure @@ -1,6 +1,6 @@ ---- configure.orig 2018-03-08 20:55:28 UTC +--- configure.orig 2018-06-10 06:06:33 UTC +++ configure -@@ -14465,27 +14465,9 @@ done +@@ -14961,27 +14961,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14528,47 +14510,7 @@ $as_echo "no" >&6; } ;; +@@ -15024,47 +15006,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -79,7 +79,7 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -23242,7 +23184,7 @@ $as_echo "" >&6; } +@@ -23847,7 +23789,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). diff --git a/dns/bind912/Makefile b/dns/bind912/Makefile index 09a35f522cae..e868b395c0d3 100644 --- a/dns/bind912/Makefile +++ b/dns/bind912/Makefile @@ -8,7 +8,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} PORTREVISION= 0 .else # dns/bind912 here -PORTREVISION= 1 +PORTREVISION= 0 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} @@ -35,7 +35,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= cpe libedit # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.12.1-P2 +ISCVERSION= 9.12.2 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} diff --git a/dns/bind912/distinfo b/dns/bind912/distinfo index a5bb613eb2ab..b13ba9a8fb2c 100644 --- a/dns/bind912/distinfo +++ b/dns/bind912/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1526711298 -SHA256 (bind-9.12.1-P2.tar.gz) = 0de7c3453461e2f0505ac634b984f8e7afa1952cf7fc972cbefbcc169edf2d29 -SIZE (bind-9.12.1-P2.tar.gz) = 9305005 +TIMESTAMP = 1531290911 +SHA256 (bind-9.12.2.tar.gz) = 9f6a4c8b39a7064d447d8414a09ed667ff21adc69f17461916d8f5a45f348452 +SIZE (bind-9.12.2.tar.gz) = 9424960 diff --git a/dns/bind912/files/extrapatch-bind-min-override-ttl b/dns/bind912/files/extrapatch-bind-min-override-ttl index 4fe88beb8264..ed0321c86738 100644 --- a/dns/bind912/files/extrapatch-bind-min-override-ttl +++ b/dns/bind912/files/extrapatch-bind-min-override-ttl @@ -1,6 +1,6 @@ ---- bin/named/config.c.orig 2018-02-18 05:26:12 UTC +--- bin/named/config.c.orig 2018-07-03 07:08:14 UTC +++ bin/named/config.c -@@ -176,12 +176,14 @@ options {\n\ +@@ -182,12 +182,14 @@ options {\n\ max-recursion-queries 75;\n\ max-stale-ttl 604800; /* 1 week */\n\ message-compression yes;\n\ @@ -15,9 +15,9 @@ provide-ixfr true;\n\ query-source address *;\n\ query-source-v6 address *;\n\ ---- bin/named/server.c.orig 2018-02-18 05:26:12 UTC +--- bin/named/server.c.orig 2018-07-03 07:08:14 UTC +++ bin/named/server.c -@@ -4074,6 +4074,16 @@ configure_view(dns_view_t *view, dns_vie +@@ -4072,6 +4072,16 @@ configure_view(dns_view_t *view, dns_vie } obj = NULL; @@ -34,9 +34,9 @@ result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-02-18 05:26:12 UTC +--- lib/dns/include/dns/view.h.orig 2018-07-03 07:08:14 UTC +++ lib/dns/include/dns/view.h -@@ -145,6 +145,8 @@ struct dns_view { +@@ -149,6 +149,8 @@ struct dns_view { isc_boolean_t requestnsid; isc_boolean_t sendcookie; dns_ttl_t maxcachettl; @@ -45,9 +45,9 @@ dns_ttl_t maxncachettl; isc_uint32_t nta_lifetime; isc_uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2018-02-18 05:26:12 UTC +--- lib/dns/resolver.c.orig 2018-07-03 07:08:14 UTC +++ lib/dns/resolver.c -@@ -5762,6 +5762,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5756,6 +5756,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -66,9 +66,9 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-02-18 05:26:12 UTC +--- lib/isccfg/namedconf.c.orig 2018-07-03 07:08:14 UTC +++ lib/isccfg/namedconf.c -@@ -1910,6 +1910,8 @@ view_clauses[] = { +@@ -1914,6 +1914,8 @@ view_clauses[] = { { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, diff --git a/dns/bind912/files/patch-CVE-2018-5738 b/dns/bind912/files/patch-CVE-2018-5738 deleted file mode 100644 index 1e21cfb7748e..000000000000 --- a/dns/bind912/files/patch-CVE-2018-5738 +++ /dev/null @@ -1,112 +0,0 @@ -commit be02bf65712ee54148496aac3edb3ca7d061327f -Author: Evan Hunt <each@isc.org> -Date: 2018-06-04 21:46:23 -0700 - - allow-recursion could incorrectly inherit from the default allow-query - ---- CHANGES.orig 2018-05-16 18:06:47 UTC -+++ CHANGES -@@ -1,3 +1,10 @@ -+4960. [security] When recursion is enabled, but the "allow-recursion" -+ and "allow-query-cache" ACLs are not specified, -+ they should be limited to local networks, -+ but were inadvertently set to match the default -+ "allow-query", thus allowing remote queries. -+ (CVE-2018-5738) [GL #309] -+ - --- 9.12.1-P2 released --- - - --- 9.12.1-P1 (withdrawn) --- ---- bin/named/server.c.orig 2018-05-16 18:06:47 UTC -+++ bin/named/server.c -@@ -3725,10 +3725,6 @@ configure_view(dns_view_t *view, dns_vie - CHECKM(named_config_getport(config, &port), "port"); - dns_view_setdstport(view, port); - -- CHECK(configure_view_acl(vconfig, config, named_g_config, -- "allow-query", NULL, actx, -- named_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -4692,21 +4688,35 @@ configure_view(dns_view_t *view, dns_vie - "allow-query-cache-on", NULL, actx, - named_g_mctx, &view->cacheonacl)); - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, named_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ named_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ named_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - named_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - named_g_mctx, &view->recursiononacl)); -@@ -4744,18 +4754,21 @@ configure_view(dns_view_t *view, dns_vie - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-recursion", NULL, - actx, named_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-recursion-on", NULL, - actx, named_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-query-cache", NULL, - actx, named_g_mctx, -@@ -4769,6 +4782,14 @@ configure_view(dns_view_t *view, dns_vie - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, named_g_config, -+ "allow-query", NULL, -+ actx, named_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, diff --git a/dns/bind912/files/patch-bin_named_include_named_globals.h b/dns/bind912/files/patch-bin_named_include_named_globals.h index 1a44c78534a6..8f2f8d44b88a 100644 --- a/dns/bind912/files/patch-bin_named_include_named_globals.h +++ b/dns/bind912/files/patch-bin_named_include_named_globals.h @@ -1,8 +1,8 @@ We reference the pid file as being run/named/pid everywere else. ---- bin/named/include/named/globals.h.orig 2018-01-17 06:56:09 UTC +--- bin/named/include/named/globals.h.orig 2018-06-10 06:06:19 UTC +++ bin/named/include/named/globals.h -@@ -125,7 +125,7 @@ EXTERN isc_boolean_t named_g_forcelock +@@ -128,7 +128,7 @@ EXTERN isc_boolean_t named_g_forcelock #if NAMED_RUN_PID_DIR EXTERN const char * named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named/" diff --git a/dns/bind912/files/patch-bin_tests_system_dlzexternal_Makefile.in b/dns/bind912/files/patch-bin_tests_system_dlzexternal_Makefile.in index 7430899c4ac8..c59309bc2393 100644 --- a/dns/bind912/files/patch-bin_tests_system_dlzexternal_Makefile.in +++ b/dns/bind912/files/patch-bin_tests_system_dlzexternal_Makefile.in @@ -1,6 +1,6 @@ ---- bin/tests/system/dlzexternal/Makefile.in.orig 2016-11-01 20:46:42 UTC +--- bin/tests/system/dlzexternal/Makefile.in.orig 2018-06-10 06:06:19 UTC +++ bin/tests/system/dlzexternal/Makefile.in -@@ -31,7 +31,7 @@ OBJS = +@@ -34,7 +34,7 @@ OBJS = @BIND9_MAKE_RULES@ CFLAGS = @CFLAGS@ @SO_CFLAGS@ diff --git a/dns/bind912/files/patch-configure b/dns/bind912/files/patch-configure index 5fbe06fae97c..9e481f106d58 100644 --- a/dns/bind912/files/patch-configure +++ b/dns/bind912/files/patch-configure @@ -1,6 +1,6 @@ ---- configure.orig 2018-03-08 20:56:40 UTC +--- configure.orig 2018-06-10 06:06:19 UTC +++ configure -@@ -14455,27 +14455,9 @@ done +@@ -14939,27 +14939,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14518,47 +14500,7 @@ $as_echo "no" >&6; } ;; +@@ -15002,47 +14984,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -79,7 +79,7 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -23197,7 +23139,7 @@ $as_echo "" >&6; } +@@ -23790,7 +23732,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). diff --git a/dns/bind912/files/patch-libressl2.7 b/dns/bind912/files/patch-libressl2.7 deleted file mode 100644 index b478bffa43fc..000000000000 --- a/dns/bind912/files/patch-libressl2.7 +++ /dev/null @@ -1,386 +0,0 @@ -From 1e64b869b5b33e2deda7059e4348d9870f86d315 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> -Date: Thu, 3 May 2018 13:59:04 +0200 -Subject: [PATCH 1/3] Add support for LibreSSL 2.7 - -(cherry picked from commit 29ff62a1492ce3dc702a887e864d00bf1949aed3) ---- - config.h.in | 12 +++++++ - configure | 13 +++++++ - configure.in | 2 ++ - lib/dns/openssldh_link.c | 69 +++++++++++++++++++++++-------------- - lib/dns/openssldsa_link.c | 2 +- - lib/dns/opensslecdsa_link.c | 11 +++--- - lib/dns/opensslrsa_link.c | 36 ++++++++++++------- - 7 files changed, 103 insertions(+), 42 deletions(-) - -diff --git config.h.in config.h.in -index 0cc04c5dd9..65ee20eeb5 100644 ---- config.h.in -+++ config.h.in -@@ -206,6 +206,9 @@ int sigwait(const unsigned int *set, int *sig); - /* Define to 1 if you have the <devpoll.h> header file. */ - #undef HAVE_DEVPOLL_H - -+/* Define to 1 if you have the `DH_get0_key' function. */ -+#undef HAVE_DH_GET0_KEY -+ - /* Define to 1 if you have the `dlclose' function. */ - #undef HAVE_DLCLOSE - -@@ -221,6 +224,12 @@ int sigwait(const unsigned int *set, int *sig); - /* Define to 1 to enable dnstap support */ - #undef HAVE_DNSTAP - -+/* Define to 1 if you have the `DSA_get0_pqg' function. */ -+#undef HAVE_DSA_GET0_PQG -+ -+/* Define to 1 if you have the `ECDSA_SIG_get0' function. */ -+#undef HAVE_ECDSA_SIG_GET0 -+ - /* Define to 1 if you have the <editline/readline.h> header file. */ - #undef HAVE_EDITLINE_READLINE_H - -@@ -431,6 +440,9 @@ int sigwait(const unsigned int *set, int *sig); - /* Define to 1 if you have the <regex.h> header file. */ - #undef HAVE_REGEX_H - -+/* Define to 1 if you have the `RSA_set0_key' function. */ -+#undef HAVE_RSA_SET0_KEY -+ - /* Define to 1 if you have the <sched.h> header file. */ - #undef HAVE_SCHED_H - -diff --git configure configure -index fc9256fa8d..2dde1a681d 100755 ---- configure -+++ configure -@@ -16724,6 +16724,19 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 - _ACEOF - -+fi -+done -+ -+ -+ for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg -+do : -+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -+if eval test \"x\$"$as_ac_var"\" = x"yes"; then : -+ cat >>confdefs.h <<_ACEOF -+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -+_ACEOF -+ - fi - done - -diff --git configure.in configure.in -index 99139ba5ac..193562c783 100644 ---- configure.in -+++ configure.in -@@ -1781,6 +1781,8 @@ DSO_METHOD_dlfcn(); - - AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512) - -+ AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg]) -+ - AC_MSG_CHECKING(for OpenSSL ECDSA support) - have_ecdsa="" - AC_TRY_RUN([ -diff --git lib/dns/openssldh_link.c lib/dns/openssldh_link.c -index e74bee2e2d..0db673dd31 100644 ---- lib/dns/openssldh_link.c -+++ lib/dns/openssldh_link.c -@@ -71,62 +71,81 @@ static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data); - - static BIGNUM *bn2, *bn768, *bn1024, *bn1536; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if !defined(HAVE_DH_GET0_KEY) - /* - * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg - * are from OpenSSL 1.1.0. - */ - static void - DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) { -- if (pub_key != NULL) -+ if (pub_key != NULL) { - *pub_key = dh->pub_key; -- if (priv_key != NULL) -+ } -+ if (priv_key != NULL) { - *priv_key = dh->priv_key; -+ } - } - - static int - DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { -- /* Note that it is valid for priv_key to be NULL */ -- if (pub_key == NULL) -- return 0; -+ if (pub_key != NULL) { -+ BN_free(dh->pub_key); -+ dh->pub_key = pub_key; -+ } - -- BN_free(dh->pub_key); -- BN_free(dh->priv_key); -- dh->pub_key = pub_key; -- dh->priv_key = priv_key; -+ if (priv_key != NULL) { -+ BN_free(dh->priv_key); -+ dh->priv_key = priv_key; -+ } - -- return 1; -+ return (1); - } - - static void - DH_get0_pqg(const DH *dh, - const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) - { -- if (p != NULL) -+ if (p != NULL) { - *p = dh->p; -- if (q != NULL) -+ } -+ if (q != NULL) { - *q = dh->q; -- if (g != NULL) -+ } -+ if (g != NULL) { - *g = dh->g; -+ } - } - - static int --DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { -- /* q is optional */ -- if (p == NULL || g == NULL) -- return(0); -- BN_free(dh->p); -- BN_free(dh->q); -- BN_free(dh->g); -- dh->p = p; -- dh->q = q; -- dh->g = g; -+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. q may remain NULL. -+ */ -+ if ((dh->p == NULL && p == NULL) -+ || (dh->g == NULL && g == NULL)) -+ { -+ return 0; -+ } -+ -+ if (p != NULL) { -+ BN_free(dh->p); -+ dh->p = p; -+ } -+ if (q != NULL) { -+ BN_free(dh->q); -+ dh->q = q; -+ } -+ if (g != NULL) { -+ BN_free(dh->g); -+ dh->g = g; -+ } - - if (q != NULL) { - dh->length = BN_num_bits(q); - } - -- return(1); -+ return (1); - } - - #define DH_clear_flags(d, f) (d)->flags &= ~(f) -diff --git lib/dns/openssldsa_link.c lib/dns/openssldsa_link.c -index 1c541ae73a..dfbd484247 100644 ---- lib/dns/openssldsa_link.c -+++ lib/dns/openssldsa_link.c -@@ -52,7 +52,7 @@ - - static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if !defined(HAVE_DSA_GET0_PQG) - static void - DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, - const BIGNUM **g) -diff --git lib/dns/opensslecdsa_link.c lib/dns/opensslecdsa_link.c -index a8941a808a..2e47459249 100644 ---- lib/dns/opensslecdsa_link.c -+++ lib/dns/opensslecdsa_link.c -@@ -45,20 +45,23 @@ - - #define DST_RET(a) {ret = a; goto err;} - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if !defined(HAVE_ECDSA_SIG_GET0) - /* From OpenSSL 1.1 */ - static void - ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { -- if (pr != NULL) -+ if (pr != NULL) { - *pr = sig->r; -- if (ps != NULL) -+ } -+ if (ps != NULL) { - *ps = sig->s; -+ } - } - - static int - ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { -- if (r == NULL || s == NULL) -+ if (r == NULL || s == NULL) { - return 0; -+ } - - BN_clear_free(sig->r); - BN_clear_free(sig->s); -diff --git lib/dns/opensslrsa_link.c lib/dns/opensslrsa_link.c -index bdb0a3931d..43f6d317bc 100644 ---- lib/dns/opensslrsa_link.c -+++ lib/dns/opensslrsa_link.c -@@ -123,7 +123,7 @@ - #endif - #define DST_RET(a) {ret = a; goto err;} - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if !defined(HAVE_RSA_SET0_KEY) - /* From OpenSSL 1.1.0 */ - static int - RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { -@@ -133,8 +133,9 @@ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { - * parameters MUST be non-NULL for n and e. d may be - * left NULL (in case only the public key is used). - */ -- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) -+ if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) { - return 0; -+ } - - if (n != NULL) { - BN_free(r->n); -@@ -159,8 +160,9 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) { - * If the fields p and q in r are NULL, the corresponding input - * parameters MUST be non-NULL. - */ -- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) -+ if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) { - return 0; -+ } - - if (p != NULL) { - BN_free(r->p); -@@ -183,7 +185,9 @@ RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) { - if ((r->dmp1 == NULL && dmp1 == NULL) || - (r->dmq1 == NULL && dmq1 == NULL) || - (r->iqmp == NULL && iqmp == NULL)) -+ { - return 0; -+ } - - if (dmp1 != NULL) { - BN_free(r->dmp1); -@@ -205,32 +209,40 @@ static void - RSA_get0_key(const RSA *r, - const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) - { -- if (n != NULL) -+ if (n != NULL) { - *n = r->n; -- if (e != NULL) -+ } -+ if (e != NULL) { - *e = r->e; -- if (d != NULL) -+ } -+ if (d != NULL) { - *d = r->d; -+ } - } - - static void - RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) { -- if (p != NULL) -+ if (p != NULL) { - *p = r->p; -- if (q != NULL) -- *q = r->q; -+ } -+ if (q != NULL) { -+ *q = r->q; -+ } - } - - static void - RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, - const BIGNUM **iqmp) - { -- if (dmp1 != NULL) -+ if (dmp1 != NULL) { - *dmp1 = r->dmp1; -- if (dmq1 != NULL) -+ } -+ if (dmq1 != NULL) { - *dmq1 = r->dmq1; -- if (iqmp != NULL) -+ } -+ if (iqmp != NULL) { - *iqmp = r->iqmp; -+ } - } - - static int --- -2.17.1 - -From e3a318e8d3e050677cfe603b25eaa9607c202276 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> -Date: Wed, 2 May 2018 14:18:06 +0200 -Subject: [PATCH 2/3] Workaround LibreSSL 2.7.0-2.7.2 quirk in DH_set0_key - -(cherry picked from commit 6b9e3b7b069509e79c59f89403a91761c300bdee) ---- - lib/dns/openssldh_link.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git lib/dns/openssldh_link.c lib/dns/openssldh_link.c -index 0db673dd31..8dfda0d2fa 100644 ---- lib/dns/openssldh_link.c -+++ lib/dns/openssldh_link.c -@@ -44,6 +44,8 @@ - - #include <dst/result.h> - -+#include <openssl/opensslv.h> -+ - #include "dst_internal.h" - #include "dst_openssl.h" - #include "dst_parse.h" -@@ -564,7 +566,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) { - DH_free(dh); - return (dst__openssl_toresult(ISC_R_NOMEMORY)); - } -+#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL) -+ /* -+ * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when -+ * DH structure is empty, hence we cannot use DH_get0_key(). -+ */ -+ dh->pub_key = pub_key; -+#else /* LIBRESSL_VERSION_NUMBER */ - DH_set0_key(dh, pub_key, NULL); -+#endif /* LIBRESSL_VERSION_NUMBER */ - isc_region_consume(&r, publen); - - key->key_size = BN_num_bits(p); --- -2.17.1 - diff --git a/dns/bind913/Makefile b/dns/bind913/Makefile index 64ed15f704d8..e31d54f4bede 100644 --- a/dns/bind913/Makefile +++ b/dns/bind913/Makefile @@ -33,7 +33,7 @@ LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= cpe libedit ssl # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.13.1 +ISCVERSION= 9.13.2 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} diff --git a/dns/bind913/distinfo b/dns/bind913/distinfo index 41ce677f4b36..56acda5114dc 100644 --- a/dns/bind913/distinfo +++ b/dns/bind913/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1529066513 -SHA256 (bind-9.13.1.tar.gz) = d081011170a915b3059d3f24e1a14e5540d2892f2a0267af94cfbe6601423d22 -SIZE (bind-9.13.1.tar.gz) = 8787034 +TIMESTAMP = 1531290964 +SHA256 (bind-9.13.2.tar.gz) = 6c044e9ea81add9dbbd2f5dfc224964cc6b6e364e43a8d6d8b574d9282651802 +SIZE (bind-9.13.2.tar.gz) = 8547111 diff --git a/dns/bind913/files/extrapatch-bind-min-override-ttl b/dns/bind913/files/extrapatch-bind-min-override-ttl index d659e08099dc..dac554161b83 100644 --- a/dns/bind913/files/extrapatch-bind-min-override-ttl +++ b/dns/bind913/files/extrapatch-bind-min-override-ttl @@ -1,6 +1,6 @@ ---- bin/named/config.c.orig 2018-05-18 05:44:02 UTC +--- bin/named/config.c.orig 2018-07-03 07:51:40 UTC +++ bin/named/config.c -@@ -174,12 +174,14 @@ options {\n\ +@@ -177,12 +177,14 @@ options {\n\ max-recursion-queries 75;\n\ max-stale-ttl 604800; /* 1 week */\n\ message-compression yes;\n\ @@ -13,11 +13,11 @@ nsec3-test-zone no;\n\ + override-cache-ttl 0; /* do not override */\n\ provide-ixfr true;\n\ + qname-minimization relaxed;\n\ query-source address *;\n\ - query-source-v6 address *;\n\ ---- bin/named/server.c.orig 2018-05-18 05:44:02 UTC +--- bin/named/server.c.orig 2018-07-03 07:51:40 UTC +++ bin/named/server.c -@@ -4072,6 +4072,16 @@ configure_view(dns_view_t *view, dns_vie +@@ -4071,6 +4071,16 @@ configure_view(dns_view_t *view, dns_vie } obj = NULL; @@ -34,9 +34,9 @@ result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-05-18 05:44:02 UTC +--- lib/dns/include/dns/view.h.orig 2018-07-03 07:51:40 UTC +++ lib/dns/include/dns/view.h -@@ -149,6 +149,8 @@ struct dns_view { +@@ -151,6 +151,8 @@ struct dns_view { isc_boolean_t requestnsid; isc_boolean_t sendcookie; dns_ttl_t maxcachettl; @@ -45,9 +45,9 @@ dns_ttl_t maxncachettl; isc_uint32_t nta_lifetime; isc_uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2018-05-18 05:44:02 UTC +--- lib/dns/resolver.c.orig 2018-07-03 07:51:40 UTC +++ lib/dns/resolver.c -@@ -5746,6 +5746,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5799,6 +5799,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -66,9 +66,9 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-05-18 05:44:02 UTC +--- lib/isccfg/namedconf.c.orig 2018-07-03 07:51:40 UTC +++ lib/isccfg/namedconf.c -@@ -1916,6 +1916,8 @@ view_clauses[] = { +@@ -1917,6 +1917,8 @@ view_clauses[] = { { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, diff --git a/dns/bind913/files/patch-configure b/dns/bind913/files/patch-configure index fede241d1a36..f57715421ef5 100644 --- a/dns/bind913/files/patch-configure +++ b/dns/bind913/files/patch-configure @@ -1,6 +1,6 @@ ---- configure.orig 2018-05-22 23:42:35 UTC +--- configure.orig 2018-07-03 07:51:40 UTC +++ configure -@@ -14757,27 +14757,9 @@ done +@@ -14993,27 +14993,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14820,47 +14802,7 @@ $as_echo "no" >&6; } ;; +@@ -15056,47 +15038,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -79,7 +79,7 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -23329,7 +23271,7 @@ $as_echo "" >&6; } +@@ -23693,7 +23635,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). diff --git a/dns/bind913/pkg-plist b/dns/bind913/pkg-plist index e00f01a43e0d..b32a43c032c9 100644 --- a/dns/bind913/pkg-plist +++ b/dns/bind913/pkg-plist @@ -120,6 +120,7 @@ include/dns/view.h include/dns/xfrin.h include/dns/zone.h include/dns/zonekey.h +include/dns/zoneverify.h include/dns/zt.h include/dst/dst.h include/dst/gssapi.h |