diff options
| author | he <he@pkgsrc.org> | 2014-10-31 16:32:39 +0000 |
|---|---|---|
| committer | he <he@pkgsrc.org> | 2014-10-31 16:32:39 +0000 |
| commit | 084ec241838637969230eec288bf53fb32839d7f (patch) | |
| tree | 0cb1d6e2466d16be83548cd75d223a02f616b880 /security | |
| parent | f8c7da90513f2196bd9a11fce8f93efb64a7ef72 (diff) | |
| download | pkgsrc-084ec241838637969230eec288bf53fb32839d7f.tar.gz | |
Fix a bug related to restoring various data from .xfrd-state files:
there's no need to byte-swap values read from a local file.
This would cause some IXFRs to mysteriously and consistently fail
until manual intervention is done, because the wrong (byte-swapped)
SOA serial# was being stuffed into the IXFR requests.
Ref. https://issues.opendnssec.org/browse/SUPPORT-147.
Also fix the rc.d script to not insist that the components must be
running to allow "stop" to proceed, so that "restart" or "stop" can
be done if one or both of the processes have exited or crashed.
Bump PKGREVISION.
Diffstat (limited to 'security')
| -rw-r--r-- | security/opendnssec/Makefile | 4 | ||||
| -rw-r--r-- | security/opendnssec/distinfo | 3 | ||||
| -rwxr-xr-x | security/opendnssec/files/opendnssec.sh | 7 | ||||
| -rw-r--r-- | security/opendnssec/patches/patch-signer_src_wire_xfrd.c | 27 |
4 files changed, 34 insertions, 7 deletions
diff --git a/security/opendnssec/Makefile b/security/opendnssec/Makefile index 834a1c3ac74..97a06c970bb 100644 --- a/security/opendnssec/Makefile +++ b/security/opendnssec/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.46 2014/10/28 13:26:37 he Exp $ +# $NetBSD: Makefile,v 1.47 2014/10/31 16:32:39 he Exp $ # DISTNAME= opendnssec-1.4.6 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= security net MASTER_SITES= http://www.opendnssec.org/files/source/ diff --git a/security/opendnssec/distinfo b/security/opendnssec/distinfo index 44f29f51e51..addd7149866 100644 --- a/security/opendnssec/distinfo +++ b/security/opendnssec/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.26 2014/09/27 19:41:06 pettai Exp $ +$NetBSD: distinfo,v 1.27 2014/10/31 16:32:39 he Exp $ SHA1 (opendnssec-1.4.6.tar.gz) = 2318b31546d0d4118cd03b9591ba76d259e1b0b0 RMD160 (opendnssec-1.4.6.tar.gz) = a7c3bbfa42edd64fffbb0680db6f9c372ded2c85 @@ -6,3 +6,4 @@ Size (opendnssec-1.4.6.tar.gz) = 1014314 bytes SHA1 (patch-aa) = 104e077af6c368cbb5fc3034d58b2f2249fcf991 SHA1 (patch-enforcer_utils_Makefile.am) = bee7cb4f3cfe5aae96c5726a115eb8b6587288dd SHA1 (patch-enforcer_utils_Makefile.in) = da9fce97e631bb81607851f9758b206ea975b052 +SHA1 (patch-signer_src_wire_xfrd.c) = 2158991c46ac415d187c45b654d548a459547693 diff --git a/security/opendnssec/files/opendnssec.sh b/security/opendnssec/files/opendnssec.sh index 369aab00b07..81e6b976547 100755 --- a/security/opendnssec/files/opendnssec.sh +++ b/security/opendnssec/files/opendnssec.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: opendnssec.sh,v 1.1 2014/10/28 13:26:37 he Exp $ +# $NetBSD: opendnssec.sh,v 1.2 2014/10/31 16:32:39 he Exp $ # # PROVIDE: opendnssec @@ -85,9 +85,8 @@ ods_stop () { echo 1>&2 "$signer not running (no $signerd_pidfile file)" rv=$(($rv + 1)) fi - if [ $rv != 0 ]; then - exit $rv - fi + +# Ignore warnings, so that we can stop or restart if one component has crashed $ods_control stop diff --git a/security/opendnssec/patches/patch-signer_src_wire_xfrd.c b/security/opendnssec/patches/patch-signer_src_wire_xfrd.c new file mode 100644 index 00000000000..c5e3569f812 --- /dev/null +++ b/security/opendnssec/patches/patch-signer_src_wire_xfrd.c @@ -0,0 +1,27 @@ +$NetBSD: patch-signer_src_wire_xfrd.c,v 1.1 2014/10/31 16:32:39 he Exp $ + +There's no need for htonl() on values restored from a local file. +This causes IXFRs to fail, because the wrong SOA version number +is being stuffed into the IXFR requests(!) + +--- signer/src/wire/xfrd.c.orig 2014-07-21 09:30:09.000000000 +0000 ++++ signer/src/wire/xfrd.c +@@ -265,12 +265,12 @@ xfrd_recover(xfrd_type* xfrd) + xfrd->timeout.tv_sec = timeout; + xfrd->timeout.tv_nsec = 0; + xfrd->master = NULL; /* acl_find_num(...) */ +- xfrd->soa.ttl = htonl(soa_ttl); +- xfrd->soa.serial = htonl(soa_serial); +- xfrd->soa.refresh = htonl(soa_refresh); +- xfrd->soa.retry = htonl(soa_retry); +- xfrd->soa.expire = htonl(soa_expire); +- xfrd->soa.minimum = htonl(soa_minimum); ++ xfrd->soa.ttl = soa_ttl; ++ xfrd->soa.serial = soa_serial; ++ xfrd->soa.refresh = soa_refresh; ++ xfrd->soa.retry = soa_retry; ++ xfrd->soa.expire = soa_expire; ++ xfrd->soa.minimum = soa_minimum; + xfrd->soa.mname[0] = xfrd_recover_dname(xfrd->soa.mname+1, + soa_mname); + xfrd->soa.rname[0] = xfrd_recover_dname(xfrd->soa.rname+1, |