When installing the dns/bind97 port using "make install", it creates a set of symlinks in /var/named${PREFIX}/etc: blee@eclipse ~ $ ls -l /var/named/usr/local/etc total 0K lrwxr-xr-x 1 root wheel 22 Oct 21 17:51 named.conf -> /etc/namedb/named.conf lrwxr-xr-x 1 root wheel 20 Oct 21 17:51 rndc.key -> /etc/namedb/rndc.key However, these symlinks are created by the "post-install" Makefile target: .if !defined(WITHOUT_LINKS) && !defined(WITH_REPLACE_BASE) ${MKDIR} /var/named${PREFIX}/etc .for DIR in ${PREFIX}/etc /var/named${PREFIX}/etc .for FILE in named.conf rndc.key ${LN} -sf /etc/namedb/${FILE} ${DIR}/${FILE} .endfor .endfor .endif Therefore, the symlinks are not created when creating a binary package using "make package" and using pkg_add(1). The dns/bind97 port should provide a pkg-install file so that these symlinks are also created when using binary packages. Fix: Add a pkg-install script to the dns/bind97 port that creates the relevant symlinks. How-To-Repeat: Create a binary package: make -C /usr/ports/dns/bind97 package clean Then use pkg_add(1) to install the binary package.
Responsible Changed From-To: freebsd-ports-bugs->dougb Over to maintainer (via the GNATS Auto Assign Tool)
dougb 2010-12-03 22:39:44 UTC FreeBSD ports repository Modified files: dns/bind97 Makefile distinfo Added files: dns/bind97 pkg-install Log: Update to version 9.7.2-P3, the latest from ISC, which addresses the following security vulnerabilities. For more information regarding these issues please see: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories 1. Cache incorrectly allows ncache and rrsig for the same type http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 Affects resolver operators whose servers are open to potential attackers. Triggering the bug will cause the server to crash. This bug applies even if you do not have DNSSEC enabled. 2. Using "allow-query" in the "options" or "view" statements to restrict access to authoritative zones has no effect. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615 Affects authoritative server operators who wish to generally restrict queries to their authoritative zones, and are running 9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized end users to receive answers to queries they should not. 3. Key algorithm rollover http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 Affects resolver operators who have 9.7.2-P2 installed, are validating with DNSSEC, and querying zones which are in a key rollover period. The bug will cause answers to incorrectly be marked as insecure. For the port: 1. Add CONFLICT for the ../bind-tools port 2. Switch to pkg-install to create the symlinks to /etc/namedb/ as requested in [1] PR: ports/151635 [1] Submitted by: Benjamin Lee <ben@b1c1l1.com> [1] Revision Changes Path 1.13 +4 -8 ports/dns/bind97/Makefile 1.11 +4 -4 ports/dns/bind97/distinfo 1.1 +13 -0 ports/dns/bind97/pkg-install (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
dougb 2010-12-03 23:01:38 UTC FreeBSD ports repository Modified files: dns/bind95 Makefile Log: For the port: 1. Add CONFLICT for the ../bind-tools port 2. Remove CONFLICT for the removed ../bind9 port 3. Remove OPTION for threads on < RELENG_7 4. Remove MD5 from distinfo 5. Switch to pkg-install to create the symlinks to /etc/namedb/ as requested in [1] PR: ports/151635 [1] Submitted by: Benjamin Lee <ben@b1c1l1.com> [1] Revision Changes Path 1.110 +4 -15 ports/dns/bind95/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
dougb 2010-12-03 23:21:31 UTC FreeBSD ports repository Modified files: dns/bind96 Makefile distinfo Log: Update to version 9.6-ESV-R3, the latest from ISC, which addresses the following security vulnerabilities. For more information regarding these issues please see: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories 1. Cache incorrectly allows ncache and rrsig for the same type http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613 Affects resolver operators whose servers are open to potential attackers. Triggering the bug will cause the server to crash. This bug applies even if you do not have DNSSEC enabled. 2. Using "allow-query" in the "options" or "view" statements to restrict access to authoritative zones has no effect. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615 Affects authoritative server operators who wish to generally restrict queries to their authoritative zones, and are running 9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized end users to receive answers to queries they should not. For the port: 1. Add CONFLICT for the ../bind-tools port 2. Remove CONFLICT for the removed ../bind9 port 3. Remove OPTION for threads on < RELENG_7 4. Switch to pkg-install to create the symlinks to /etc/namedb/ as requested in [1] PR: ports/151635 [1] Submitted by: Benjamin Lee <ben@b1c1l1.com> [1] Revision Changes Path 1.112 +6 -16 ports/dns/bind96/Makefile 1.65 +4 -4 ports/dns/bind96/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
dougb 2010-12-03 23:57:16 UTC FreeBSD ports repository Modified files: dns/bind94 Makefile distinfo Log: Update to version 9.4-ESV-R4, the latest from ISC, which addresses the following security vulnerability. For more information regarding these issues please see: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories Key algorithm rollover http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614 Affects resolver operators who are validating with DNSSEC, and querying zones which are in a key rollover period. The bug will cause answers to incorrectly be marked as insecure. For the port: 1. Add CONFLICT for the ../bind-tools port 2. Remove CONFLICT for the removed ../bind9 port 3. Remove OPTION for threads on < RELENG_7 4. Remove MD5 from distinfo 5. Switch to pkg-install to create the symlinks to /etc/namedb/ as requested in [1] PR: ports/151635 [1] Submitted by: Benjamin Lee <ben@b1c1l1.com> [1] Revision Changes Path 1.108 +7 -17 ports/dns/bind94/Makefile 1.64 +4 -7 ports/dns/bind94/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Update installed for all dns/bind* ports. Thanks for the reminder. :)