From nobody@FreeBSD.org  Fri Oct 22 00:54:02 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E31A1106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 22 Oct 2010 00:54:02 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id D22248FC1B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 22 Oct 2010 00:54:02 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o9M0s2Z0027492
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 22 Oct 2010 00:54:02 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o9M0s2Pm027479;
	Fri, 22 Oct 2010 00:54:02 GMT
	(envelope-from nobody)
Message-Id: <201010220054.o9M0s2Pm027479@www.freebsd.org>
Date: Fri, 22 Oct 2010 00:54:02 GMT
From: Benjamin Lee <ben@b1c1l1.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: dns/bind97 binary package does not install symlinks in /var/named
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         151635
>Category:       ports
>Synopsis:       dns/bind97 binary package does not install symlinks in /var/named
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 22 01:00:21 UTC 2010
>Closed-Date:    Sat Dec 04 00:09:41 UTC 2010
>Last-Modified:  Sat Dec 04 00:09:41 UTC 2010
>Originator:     Benjamin Lee
>Release:        8.1-RELEASE
>Organization:
>Environment:
FreeBSD eclipse.b1c1l1.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010     root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
When installing the dns/bind97 port using "make install", it creates a set of symlinks in /var/named${PREFIX}/etc:

blee@eclipse ~ $ ls -l /var/named/usr/local/etc 
total 0K
lrwxr-xr-x 1 root wheel 22 Oct 21 17:51 named.conf -> /etc/namedb/named.conf
lrwxr-xr-x 1 root wheel 20 Oct 21 17:51 rndc.key -> /etc/namedb/rndc.key

However, these symlinks are created by the "post-install" Makefile target:

.if !defined(WITHOUT_LINKS) && !defined(WITH_REPLACE_BASE)
        ${MKDIR} /var/named${PREFIX}/etc
.for DIR in ${PREFIX}/etc /var/named${PREFIX}/etc
.for FILE in named.conf rndc.key
        ${LN} -sf /etc/namedb/${FILE} ${DIR}/${FILE}
.endfor
.endfor
.endif

Therefore, the symlinks are not created when creating a binary package using "make package" and using pkg_add(1).

The dns/bind97 port should provide a pkg-install file so that these symlinks are also created when using binary packages.
>How-To-Repeat:
Create a binary package:

make -C /usr/ports/dns/bind97 package clean

Then use pkg_add(1) to install the binary package.

>Fix:
Add a pkg-install script to the dns/bind97 port that creates the relevant symlinks.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->dougb 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Fri Oct 22 01:00:29 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151635 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/151635: commit references a PR
Date: Fri,  3 Dec 2010 22:39:49 +0000 (UTC)

 dougb       2010-12-03 22:39:44 UTC
 
   FreeBSD ports repository
 
   Modified files:
     dns/bind97           Makefile distinfo 
   Added files:
     dns/bind97           pkg-install 
   Log:
   Update to version 9.7.2-P3, the latest from ISC, which addresses
   the following security vulnerabilities.
   
   For more information regarding these issues please see:
   http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
   
   1. Cache incorrectly allows ncache and rrsig for the same type
   
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
   
      Affects resolver operators whose servers are open to potential
      attackers. Triggering the bug will cause the server to crash.
   
      This bug applies even if you do not have DNSSEC enabled.
   
   2. Using "allow-query" in the "options" or "view" statements to
      restrict access to authoritative zones has no effect.
   
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
   
      Affects authoritative server operators who wish to generally
      restrict queries to their authoritative zones, and are running
      9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized
      end users to receive answers to queries they should not.
   
   3. Key algorithm rollover
   
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
   
      Affects resolver operators who have 9.7.2-P2 installed,
      are validating with DNSSEC, and querying zones which are
      in a key rollover period. The bug will cause answers to
      incorrectly be marked as insecure.
   
   For the port:
   1. Add CONFLICT for the ../bind-tools port
   2. Switch to pkg-install to create the symlinks to /etc/namedb/ as
      requested in [1]
   
   PR:             ports/151635 [1]
   Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
   
   Revision  Changes    Path
   1.13      +4 -8      ports/dns/bind97/Makefile
   1.11      +4 -4      ports/dns/bind97/distinfo
   1.1       +13 -0     ports/dns/bind97/pkg-install (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/151635: commit references a PR
Date: Fri,  3 Dec 2010 23:01:42 +0000 (UTC)

 dougb       2010-12-03 23:01:38 UTC
 
   FreeBSD ports repository
 
   Modified files:
     dns/bind95           Makefile 
   Log:
   For the port:
   1. Add CONFLICT for the ../bind-tools port
   2. Remove CONFLICT for the removed ../bind9 port
   3. Remove OPTION for threads on < RELENG_7
   4. Remove MD5 from distinfo
   5. Switch to pkg-install to create the symlinks to /etc/namedb/ as
      requested in [1]
   
   PR:             ports/151635 [1]
   Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
   
   Revision  Changes    Path
   1.110     +4 -15     ports/dns/bind95/Makefile
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/151635: commit references a PR
Date: Fri,  3 Dec 2010 23:21:37 +0000 (UTC)

 dougb       2010-12-03 23:21:31 UTC
 
   FreeBSD ports repository
 
   Modified files:
     dns/bind96           Makefile distinfo 
   Log:
   Update to version 9.6-ESV-R3, the latest from ISC, which addresses
   the following security vulnerabilities.
   
   For more information regarding these issues please see:
   http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
   
   1. Cache incorrectly allows ncache and rrsig for the same type
   
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
   
      Affects resolver operators whose servers are open to potential
      attackers. Triggering the bug will cause the server to crash.
   
      This bug applies even if you do not have DNSSEC enabled.
   
   2. Using "allow-query" in the "options" or "view" statements to
      restrict access to authoritative zones has no effect.
   
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
   
      Affects authoritative server operators who wish to generally
      restrict queries to their authoritative zones, and are running
      9.6.2-P2 or any version of 9.7.x. The bug will allow unauthorized
      end users to receive answers to queries they should not.
   
   For the port:
   1. Add CONFLICT for the ../bind-tools port
   2. Remove CONFLICT for the removed ../bind9 port
   3. Remove OPTION for threads on < RELENG_7
   4. Switch to pkg-install to create the symlinks to /etc/namedb/ as
      requested in [1]
   
   PR:             ports/151635 [1]
   Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
   
   Revision  Changes    Path
   1.112     +6 -16     ports/dns/bind96/Makefile
   1.65      +4 -4      ports/dns/bind96/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/151635: commit references a PR
Date: Fri,  3 Dec 2010 23:57:20 +0000 (UTC)

 dougb       2010-12-03 23:57:16 UTC
 
   FreeBSD ports repository
 
   Modified files:
     dns/bind94           Makefile distinfo 
   Log:
   Update to version 9.4-ESV-R4, the latest from ISC, which addresses
   the following security vulnerability.
   
   For more information regarding these issues please see:
   http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories
   
   Key algorithm rollover
   
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
   
   Affects resolver operators who are validating with DNSSEC,
   and querying zones which are in a key rollover period.
   The bug will cause answers to incorrectly be marked as insecure.
   
   For the port:
   1. Add CONFLICT for the ../bind-tools port
   2. Remove CONFLICT for the removed ../bind9 port
   3. Remove OPTION for threads on < RELENG_7
   4. Remove MD5 from distinfo
   5. Switch to pkg-install to create the symlinks to /etc/namedb/ as
      requested in [1]
   
   PR:             ports/151635 [1]
   Submitted by:   Benjamin Lee <ben@b1c1l1.com> [1]
   
   Revision  Changes    Path
   1.108     +7 -17     ports/dns/bind94/Makefile
   1.64      +4 -7      ports/dns/bind94/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: dougb 
State-Changed-When: Sat Dec 4 00:09:15 UTC 2010 
State-Changed-Why:  

Update installed for all dns/bind* ports. Thanks for the reminder. :) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151635 
>Unformatted:
