SecBSD's official ports repository
This commit is contained in:
commit
2c0afcbbf3
GPG key ID:
F42C07F07E2E35B7
64331 changed files with 5339189 additions and 0 deletions
52
net/isc-bind/patches/patch-bin_dig_dig_c
Normal file
52
net/isc-bind/patches/patch-bin_dig_dig_c
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
Patch to use pledge on OpenBSD.
|
||||
locale is needed for idn2.
|
||||
|
||||
Index: bin/dig/dig.c
|
||||
--- bin/dig/dig.c.orig
|
||||
+++ bin/dig/dig.c
|
||||
@@ -18,6 +18,7 @@
|
||||
#include <stdbool.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
+#include <unistd.h>
|
||||
|
||||
#include <isc/app.h>
|
||||
#include <isc/attributes.h>
|
||||
@@ -3023,6 +3024,15 @@ dig_setup(int argc, char **argv) {
|
||||
ISC_LIST_INIT(server_list);
|
||||
ISC_LIST_INIT(search_list);
|
||||
|
||||
+ /*
|
||||
+ * unix: needed for startup check, isc_net_probeunix.
|
||||
+ * (unix sockets used in controlconf).
|
||||
+ */
|
||||
+ if (pledge("stdio rpath inet unix dns unveil", NULL) == -1) {
|
||||
+ perror("pledge");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
debug("dig_setup()");
|
||||
|
||||
/* setup dighost callbacks */
|
||||
@@ -3054,6 +3064,21 @@ dig_query_setup(bool is_batchfile, bool config_only, i
|
||||
} else if (keysecret[0] != 0) {
|
||||
setup_text_key();
|
||||
}
|
||||
+
|
||||
+ if (unveil("/usr/share/locale", "r") == -1) {
|
||||
+ perror("unveil /usr/share/locale");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ /*
|
||||
+ * dns: resolv.conf, also allows port 53 sockets
|
||||
+ * inet: needed if we query on port != 53
|
||||
+ * rpath: locale
|
||||
+ */
|
||||
+ if (pledge("stdio rpath inet dns", NULL) == -1) {
|
||||
+ perror("pledge");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
if (domainopt[0] != '\0') {
|
||||
set_search_domain(domainopt);
|
||||
usesearch = true;
|
||||
52
net/isc-bind/patches/patch-bin_dig_host_c
Normal file
52
net/isc-bind/patches/patch-bin_dig_host_c
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
Patch to use pledge on OpenBSD.
|
||||
locale is needed for idn2.
|
||||
|
||||
Index: bin/dig/host.c
|
||||
--- bin/dig/host.c.orig
|
||||
+++ bin/dig/host.c
|
||||
@@ -18,6 +18,7 @@
|
||||
#include <locale.h>
|
||||
#include <stdbool.h>
|
||||
#include <stdlib.h>
|
||||
+#include <unistd.h>
|
||||
|
||||
#include <isc/app.h>
|
||||
#include <isc/attributes.h>
|
||||
@@ -908,6 +909,15 @@ main(int argc, char **argv) {
|
||||
dighost_trying = trying;
|
||||
dighost_shutdown = host_shutdown;
|
||||
|
||||
+ /*
|
||||
+ * unix: needed for startup check, isc_net_probeunix.
|
||||
+ * (unix sockets used in controlconf).
|
||||
+ */
|
||||
+ if (pledge("stdio rpath inet unix dns unveil", NULL) == -1) {
|
||||
+ perror("pledge");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
debug("main()");
|
||||
progname = argv[0];
|
||||
pre_parse_args(argc, argv);
|
||||
@@ -921,6 +931,21 @@ main(int argc, char **argv) {
|
||||
} else if (keysecret[0] != 0) {
|
||||
setup_text_key();
|
||||
}
|
||||
+
|
||||
+ if (unveil("/usr/share/locale", "r") == -1) {
|
||||
+ perror("unveil /usr/share/locale");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ /*
|
||||
+ * dns: resolv.conf, also allows port 53 sockets
|
||||
+ * inet: needed if we query on port != 53
|
||||
+ * rpath: locale
|
||||
+ */
|
||||
+ if (pledge("stdio rpath inet dns", NULL) == -1) {
|
||||
+ perror("pledge");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
|
||||
check_result(result, "isc_app_onrun");
|
||||
isc_app_run();
|
||||
44
net/isc-bind/patches/patch-bin_dig_nslookup_c
Normal file
44
net/isc-bind/patches/patch-bin_dig_nslookup_c
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
Patch to use pledge on OpenBSD.
|
||||
locale is needed for idn2.
|
||||
|
||||
Index: bin/dig/nslookup.c
|
||||
--- bin/dig/nslookup.c.orig
|
||||
+++ bin/dig/nslookup.c
|
||||
@@ -941,6 +941,15 @@ main(int argc, char **argv) {
|
||||
result = isc_app_start();
|
||||
check_result(result, "isc_app_start");
|
||||
|
||||
+ /*
|
||||
+ * unix: needed for startup check, isc_net_probeunix.
|
||||
+ * (unix sockets used in controlconf).
|
||||
+ */
|
||||
+ if (pledge("stdio rpath inet unix dns unveil", NULL) == -1) {
|
||||
+ perror("pledge");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
setup_libs();
|
||||
progname = argv[0];
|
||||
|
||||
@@ -951,6 +960,21 @@ main(int argc, char **argv) {
|
||||
} else if (keysecret[0] != 0) {
|
||||
setup_text_key();
|
||||
}
|
||||
+
|
||||
+ if (unveil("/usr/share/locale", "r") == -1) {
|
||||
+ perror("unveil /usr/share/locale");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ /*
|
||||
+ * dns: resolv.conf, also allows port 53 sockets
|
||||
+ * inet: needed if we query on port != 53
|
||||
+ * rpath: locale
|
||||
+ */
|
||||
+ if (pledge("stdio rpath inet dns", NULL) == -1) {
|
||||
+ perror("pledge");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
if (domainopt[0] != '\0') {
|
||||
set_search_domain(domainopt);
|
||||
}
|
||||
12
net/isc-bind/patches/patch-bin_named_include_named_globals_h
Normal file
12
net/isc-bind/patches/patch-bin_named_include_named_globals_h
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
Index: bin/named/include/named/globals.h
|
||||
--- bin/named/include/named/globals.h.orig
|
||||
+++ bin/named/include/named/globals.h
|
||||
@@ -138,7 +138,7 @@ EXTERN const char *named_g_defaultpidfile INIT(NAMED_L
|
||||
"named.pid");
|
||||
#endif /* if NAMED_RUN_PID_DIR */
|
||||
|
||||
-EXTERN const char *named_g_username INIT(NULL);
|
||||
+EXTERN const char *named_g_username INIT("_bind");
|
||||
|
||||
EXTERN const char *named_g_engine INIT(NULL);
|
||||
|
||||
19
net/isc-bind/patches/patch-lib_isc_net_c
Normal file
19
net/isc-bind/patches/patch-lib_isc_net_c
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
Patch to use pledge on OpenBSD.
|
||||
|
||||
Index: lib/isc/net.c
|
||||
--- lib/isc/net.c.orig
|
||||
+++ lib/isc/net.c
|
||||
@@ -216,6 +216,13 @@ isc_net_probeunix(void) {
|
||||
|
||||
static void
|
||||
try_ipv6only(void) {
|
||||
+#ifdef __OpenBSD__
|
||||
+/*
|
||||
+ * pledge doesn't allow setting IPV6_V6ONLY, but that's ok,
|
||||
+ * IPV6_V6ONLY is always enabled on OpenBSD;
|
||||
+ */
|
||||
+#undef IPV6_V6ONLY
|
||||
+#endif
|
||||
#ifdef IPV6_V6ONLY
|
||||
int s, on;
|
||||
#endif /* ifdef IPV6_V6ONLY */
|
||||
42
net/isc-bind/patches/patch-lib_isc_netmgr_netmgr_c
Normal file
42
net/isc-bind/patches/patch-lib_isc_netmgr_netmgr_c
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
Patch to use pledge on OpenBSD.
|
||||
|
||||
Index: lib/isc/netmgr/netmgr.c
|
||||
--- lib/isc/netmgr/netmgr.c.orig
|
||||
+++ lib/isc/netmgr/netmgr.c
|
||||
@@ -3295,7 +3295,8 @@ isc__nm_socket_disable_pmtud(uv_os_sock_t fd, sa_famil
|
||||
* Disable the Path MTU Discovery on IP packets
|
||||
*/
|
||||
if (sa_family == AF_INET6) {
|
||||
-#if defined(IPV6_DONTFRAG)
|
||||
+/* disabled for pledge */
|
||||
+#if !defined(__OpenBSD__) && defined(IPV6_DONTFRAG)
|
||||
if (setsockopt_off(fd, IPPROTO_IPV6, IPV6_DONTFRAG) == -1) {
|
||||
return (ISC_R_FAILURE);
|
||||
} else {
|
||||
@@ -3313,7 +3314,12 @@ isc__nm_socket_disable_pmtud(uv_os_sock_t fd, sa_famil
|
||||
UNUSED(fd);
|
||||
#endif
|
||||
} else if (sa_family == AF_INET) {
|
||||
-#if defined(IP_DONTFRAG)
|
||||
+/*
|
||||
+ OpenBSD doesn't have this yet but if we do get it sometime,
|
||||
+ it will probably need the same pledge handling as IPV6_DONTFRAG
|
||||
+ above
|
||||
+ */
|
||||
+#if !defined(__OpenBSD__) && defined(IP_DONTFRAG)
|
||||
if (setsockopt_off(fd, IPPROTO_IP, IP_DONTFRAG) == -1) {
|
||||
return (ISC_R_FAILURE);
|
||||
} else {
|
||||
@@ -3343,7 +3349,11 @@ isc__nm_socket_v6only(uv_os_sock_t fd, sa_family_t sa_
|
||||
* Enable the IPv6-only option on IPv6 sockets
|
||||
*/
|
||||
if (sa_family == AF_INET6) {
|
||||
-#if defined(IPV6_V6ONLY)
|
||||
+/*
|
||||
+ * pledge doesn't allow setting IPV6_V6ONLY, but that's ok,
|
||||
+ * IPV6_V6ONLY is always enabled on OpenBSD
|
||||
+ */
|
||||
+#if !defined(__OpenBSD__) && defined(IPV6_V6ONLY)
|
||||
if (setsockopt_on(fd, IPPROTO_IPV6, IPV6_V6ONLY) == -1) {
|
||||
return (ISC_R_FAILURE);
|
||||
} else {
|
||||
Loading…
Add table
Add a link
Reference in a new issue