Bug 151635 - dns/bind97 binary package does not install symlinks in /var/named
Summary: dns/bind97 binary package does not install symlinks in /var/named
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Doug Barton
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-22 02:00 UTC by ben
Modified: 2010-12-04 00:09 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description ben 2010-10-22 02:00:21 UTC
When installing the dns/bind97 port using "make install", it creates a set of symlinks in /var/named${PREFIX}/etc:

blee@eclipse ~ $ ls -l /var/named/usr/local/etc 
total 0K
lrwxr-xr-x 1 root wheel 22 Oct 21 17:51 named.conf -> /etc/namedb/named.conf
lrwxr-xr-x 1 root wheel 20 Oct 21 17:51 rndc.key -> /etc/namedb/rndc.key

However, these symlinks are created by the "post-install" Makefile target:

.if !defined(WITHOUT_LINKS) && !defined(WITH_REPLACE_BASE)
        ${MKDIR} /var/named${PREFIX}/etc
.for DIR in ${PREFIX}/etc /var/named${PREFIX}/etc
.for FILE in named.conf rndc.key
        ${LN} -sf /etc/namedb/${FILE} ${DIR}/${FILE}
.endfor
.endfor
.endif

Therefore, the symlinks are not created when creating a binary package using "make package" and using pkg_add(1).

The dns/bind97 port should provide a pkg-install file so that these symlinks are also created when using binary packages.

Fix: 

Add a pkg-install script to the dns/bind97 port that creates the relevant symlinks.
How-To-Repeat: Create a binary package:

make -C /usr/ports/dns/bind97 package clean

Then use pkg_add(1) to install the binary package.
Comment 1 Edwin Groothuis freebsd_committer 2010-10-22 02:00:29 UTC
Responsible Changed
From-To: freebsd-ports-bugs->dougb

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer 2010-12-03 22:39:49 UTC
dougb       2010-12-03 22:39:44 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind97           Makefile distinfo 
  Added files:
    dns/bind97           pkg-install 
  Log:
  Update to version 9.7.2-P3, the latest from ISC, which addresses
  the following security vulnerabilities.
  
  For more information regarding these issues please see:
  http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
  
  1. Cache incorrectly allows ncache and rrsig for the same type
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
  
     Affects resolver operators whose servers are open to potential
     attackers. Triggering the bug will cause the server to crash.
  
     This bug applies even if you do not have DNSSEC enabled.
  
  2. Using "allow-query" in the "options" or "view" statements to
     restrict access to authoritative zones has no effect.
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
  
     Affects authoritative server operators who wish to generally
     restrict queries to their authoritative zones, and are running
     9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized
     end users to receive answers to queries they should not.
  
  3. Key algorithm rollover
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
  
     Affects resolver operators who have 9.7.2-P2 installed,
     are validating with DNSSEC, and querying zones which are
     in a key rollover period. The bug will cause answers to
     incorrectly be marked as insecure.
  
  For the port:
  1. Add CONFLICT for the ../bind-tools port
  2. Switch to pkg-install to create the symlinks to /etc/namedb/ as
     requested in [1]
  
  PR:             ports/151635 [1]
  Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
  
  Revision  Changes    Path
  1.13      +4 -8      ports/dns/bind97/Makefile
  1.11      +4 -4      ports/dns/bind97/distinfo
  1.1       +13 -0     ports/dns/bind97/pkg-install (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 dfilter service freebsd_committer 2010-12-03 23:01:42 UTC
dougb       2010-12-03 23:01:38 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind95           Makefile 
  Log:
  For the port:
  1. Add CONFLICT for the ../bind-tools port
  2. Remove CONFLICT for the removed ../bind9 port
  3. Remove OPTION for threads on < RELENG_7
  4. Remove MD5 from distinfo
  5. Switch to pkg-install to create the symlinks to /etc/namedb/ as
     requested in [1]
  
  PR:             ports/151635 [1]
  Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
  
  Revision  Changes    Path
  1.110     +4 -15     ports/dns/bind95/Makefile
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 dfilter service freebsd_committer 2010-12-03 23:21:37 UTC
dougb       2010-12-03 23:21:31 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind96           Makefile distinfo 
  Log:
  Update to version 9.6-ESV-R3, the latest from ISC, which addresses
  the following security vulnerabilities.
  
  For more information regarding these issues please see:
  http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
  
  1. Cache incorrectly allows ncache and rrsig for the same type
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
  
     Affects resolver operators whose servers are open to potential
     attackers. Triggering the bug will cause the server to crash.
  
     This bug applies even if you do not have DNSSEC enabled.
  
  2. Using "allow-query" in the "options" or "view" statements to
     restrict access to authoritative zones has no effect.
  
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
  
     Affects authoritative server operators who wish to generally
     restrict queries to their authoritative zones, and are running
     9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized
     end users to receive answers to queries they should not.
  
  For the port:
  1. Add CONFLICT for the ../bind-tools port
  2. Remove CONFLICT for the removed ../bind9 port
  3. Remove OPTION for threads on < RELENG_7
  4. Switch to pkg-install to create the symlinks to /etc/namedb/ as
     requested in [1]
  
  PR:             ports/151635 [1]
  Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
  
  Revision  Changes    Path
  1.112     +6 -16     ports/dns/bind96/Makefile
  1.65      +4 -4      ports/dns/bind96/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 dfilter service freebsd_committer 2010-12-03 23:57:20 UTC
dougb       2010-12-03 23:57:16 UTC

  FreeBSD ports repository

  Modified files:
    dns/bind94           Makefile distinfo 
  Log:
  Update to version 9.4-ESV-R4, the latest from ISC, which addresses
  the following security vulnerability.
  
  For more information regarding these issues please see:
  http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
  
  Key algorithm rollover
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
  
  Affects resolver operators who are validating with DNSSEC,
  and querying zones which are in a key rollover period.
  The bug will cause answers to incorrectly be marked as insecure.
  
  For the port:
  1. Add CONFLICT for the ../bind-tools port
  2. Remove CONFLICT for the removed ../bind9 port
  3. Remove OPTION for threads on < RELENG_7
  4. Remove MD5 from distinfo
  5. Switch to pkg-install to create the symlinks to /etc/namedb/ as
     requested in [1]
  
  PR:             ports/151635 [1]
  Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
  
  Revision  Changes    Path
  1.108     +7 -17     ports/dns/bind94/Makefile
  1.64      +4 -7      ports/dns/bind94/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 6 Doug Barton freebsd_committer 2010-12-04 00:09:15 UTC
State Changed
From-To: open->closed


Update installed for all dns/bind* ports. Thanks for the reminder. :)