diff options
| -rw-r--r-- | security/opendnssec/Makefile | 4 | ||||
| -rw-r--r-- | security/opendnssec/distinfo | 3 | ||||
| -rwxr-xr-x | security/opendnssec/files/opendnssec.sh | 7 | ||||
| -rw-r--r-- | security/opendnssec/patches/patch-signer_src_wire_xfrd.c | 27 |
4 files changed, 34 insertions, 7 deletions
diff --git a/security/opendnssec/Makefile b/security/opendnssec/Makefile index 834a1c3ac74..97a06c970bb 100644 --- a/security/opendnssec/Makefile +++ b/security/opendnssec/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.46 2014/10/28 13:26:37 he Exp $ +# $NetBSD: Makefile,v 1.47 2014/10/31 16:32:39 he Exp $ # DISTNAME= opendnssec-1.4.6 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= security net MASTER_SITES= http://www.opendnssec.org/files/source/ diff --git a/security/opendnssec/distinfo b/security/opendnssec/distinfo index 44f29f51e51..addd7149866 100644 --- a/security/opendnssec/distinfo +++ b/security/opendnssec/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.26 2014/09/27 19:41:06 pettai Exp $ +$NetBSD: distinfo,v 1.27 2014/10/31 16:32:39 he Exp $ SHA1 (opendnssec-1.4.6.tar.gz) = 2318b31546d0d4118cd03b9591ba76d259e1b0b0 RMD160 (opendnssec-1.4.6.tar.gz) = a7c3bbfa42edd64fffbb0680db6f9c372ded2c85 @@ -6,3 +6,4 @@ Size (opendnssec-1.4.6.tar.gz) = 1014314 bytes SHA1 (patch-aa) = 104e077af6c368cbb5fc3034d58b2f2249fcf991 SHA1 (patch-enforcer_utils_Makefile.am) = bee7cb4f3cfe5aae96c5726a115eb8b6587288dd SHA1 (patch-enforcer_utils_Makefile.in) = da9fce97e631bb81607851f9758b206ea975b052 +SHA1 (patch-signer_src_wire_xfrd.c) = 2158991c46ac415d187c45b654d548a459547693 diff --git a/security/opendnssec/files/opendnssec.sh b/security/opendnssec/files/opendnssec.sh index 369aab00b07..81e6b976547 100755 --- a/security/opendnssec/files/opendnssec.sh +++ b/security/opendnssec/files/opendnssec.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: opendnssec.sh,v 1.1 2014/10/28 13:26:37 he Exp $ +# $NetBSD: opendnssec.sh,v 1.2 2014/10/31 16:32:39 he Exp $ # # PROVIDE: opendnssec @@ -85,9 +85,8 @@ ods_stop () { echo 1>&2 "$signer not running (no $signerd_pidfile file)" rv=$(($rv + 1)) fi - if [ $rv != 0 ]; then - exit $rv - fi + +# Ignore warnings, so that we can stop or restart if one component has crashed $ods_control stop diff --git a/security/opendnssec/patches/patch-signer_src_wire_xfrd.c b/security/opendnssec/patches/patch-signer_src_wire_xfrd.c new file mode 100644 index 00000000000..c5e3569f812 --- /dev/null +++ b/security/opendnssec/patches/patch-signer_src_wire_xfrd.c @@ -0,0 +1,27 @@ +$NetBSD: patch-signer_src_wire_xfrd.c,v 1.1 2014/10/31 16:32:39 he Exp $ + +There's no need for htonl() on values restored from a local file. +This causes IXFRs to fail, because the wrong SOA version number +is being stuffed into the IXFR requests(!) + +--- signer/src/wire/xfrd.c.orig 2014-07-21 09:30:09.000000000 +0000 ++++ signer/src/wire/xfrd.c +@@ -265,12 +265,12 @@ xfrd_recover(xfrd_type* xfrd) + xfrd->timeout.tv_sec = timeout; + xfrd->timeout.tv_nsec = 0; + xfrd->master = NULL; /* acl_find_num(...) */ +- xfrd->soa.ttl = htonl(soa_ttl); +- xfrd->soa.serial = htonl(soa_serial); +- xfrd->soa.refresh = htonl(soa_refresh); +- xfrd->soa.retry = htonl(soa_retry); +- xfrd->soa.expire = htonl(soa_expire); +- xfrd->soa.minimum = htonl(soa_minimum); ++ xfrd->soa.ttl = soa_ttl; ++ xfrd->soa.serial = soa_serial; ++ xfrd->soa.refresh = soa_refresh; ++ xfrd->soa.retry = soa_retry; ++ xfrd->soa.expire = soa_expire; ++ xfrd->soa.minimum = soa_minimum; + xfrd->soa.mname[0] = xfrd_recover_dname(xfrd->soa.mname+1, + soa_mname); + xfrd->soa.rname[0] = xfrd_recover_dname(xfrd->soa.rname+1, |