summaryrefslogtreecommitdiff
path: root/net-dns
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2024-02-24 17:40:43 +0000
committerV3n3RiX <venerix@koprulu.sector>2024-02-24 17:40:43 +0000
commit24ee8c58752f0dc4376961a28f7364e6d7c7a7aa (patch)
tree0a71618e774dce4efc0ddc7808557a03925de8d9 /net-dns
parenta625efe29cec7f7c437cf33a956ea99eed1e4bd9 (diff)
gentoo auto-resync : 24:02:2024 - 17:40:43
Diffstat (limited to 'net-dns')
-rw-r--r--net-dns/Manifest.gzbin8031 -> 8027 bytes
-rw-r--r--net-dns/djbdns/Manifest6
-rw-r--r--net-dns/djbdns/djbdns-1.05-r39.ebuild136
-rw-r--r--net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-manpages.patch53
-rw-r--r--net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-nov6.patch83
-rw-r--r--net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-v6.patch87
-rw-r--r--net-dns/djbdns/metadata.xml14
-rw-r--r--net-dns/unbound/Manifest2
-rw-r--r--net-dns/unbound/unbound-1.19.1.ebuild2
9 files changed, 376 insertions, 7 deletions
diff --git a/net-dns/Manifest.gz b/net-dns/Manifest.gz
index 317d9c7d0375..1682e00395ba 100644
--- a/net-dns/Manifest.gz
+++ b/net-dns/Manifest.gz
Binary files differ
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest
index eb2d0068dd43..21b49c8c87af 100644
--- a/net-dns/djbdns/Manifest
+++ b/net-dns/djbdns/Manifest
@@ -6,6 +6,9 @@ AUX CVE2008-4392_0002-dnscache-cache-soa-records-ipv6-test29.patch 3020 BLAKE2B
AUX CVE2008-4392_0002-dnscache-cache-soa-records.patch 2944 BLAKE2B 22d0fa17c99e3b979faa3a1f1d7dae72834d47f8362efbe917f321847847147f3e7992599b27489a6ea898e1bcc0df5193f64202dc594e2840df6932dcc428d4 SHA512 f65ca7dfc8e85f469f22d72a1c79126c35243dc077abf4b688eb7d057f19456dc8a3665f558a8a3c1908f96fa1838792aa1bc317d2e89f4953020828c05926e6
AUX CVE2009-0858_0001-check-response-domain-name-length.patch 366 BLAKE2B 9f3b6644c0eba4d9df771f0bfcc80ab0d0b1768de75743ba0e5d6e55b90c3aaab38adaa2eaef6505d80b47bf8c0f63f282a76b384bae8194e65e8009985a7893 SHA512 aa5fe75be9db07b25e313145a209a06a05693141c1dd850987e80062e22014056e3055efee4d219475c9a51f25c04a7a46b3d7a2fb3976226e66585cef076f83
AUX CVE2012-1191_0001-ghost-domain-attack.patch 642 BLAKE2B 0d20b60b4f606a84f1006f426c3e1df8a83cb7e9e5804be38fec4d4b2c35a8e4932a7b941f5edaf4a4b5a559bbb09d595116b3fd841ad8f0a795a7c65f5759f8 SHA512 44e205b9a19dbbd405cb57b119f307e5bbdba8fa1124187b53848791c1538f7c01dab43cb34b9332d3258756eb3c0606d36e8b18adcff3c814f0f2cff4ec6822
+AUX djbdns-dnscache-configurable-truncate-manpages.patch 1437 BLAKE2B 9ce45b62daeaf5d7a20ed3753da637d42837d2fd572a71b410e68c2c6ed5807fa5d0f7dd47a1cb7c5fa5af3b86eed69800f19c8b190f9a6c0c256493094cfa1c SHA512 464cf51a40317bb5a055463a3ccd0806a7d90b8b8ec02e95082a66e9decbb28714e8af6bf761bdf3f48dd33b9863381a2f0a4a6438a72d43ceeaa8e50d305dd8
+AUX djbdns-dnscache-configurable-truncate-size-nov6.patch 2593 BLAKE2B 0409e8d348e79a3bdc7ae87f75842f6745fffee33e582b1d9774dbe4ecfafd4e59c955433ace10461f21fa4880bfe1ec8a442e15e72b8a52d9d6f597ef257719 SHA512 7125c7ebd611480f128de22be4b9107891f4b214473330b4d20ccc98fb97c15615f491a0a634fde4c2b75546c793ecedd19ba122549de8d1a8cd94b00c37ea22
+AUX djbdns-dnscache-configurable-truncate-size-v6.patch 2790 BLAKE2B ed38363682825a359ed9e4efdf2ef901eeac23f68e460ffb0eb345e1f3e31d957483327ede549361ea007b09c5bf38d9135f4b235adc71734443eadf3bdff0c2 SHA512 31f57daf38db944e79969e4fce2fcd8caa6c4cea900503dbbd268d2b9c68c7bdff8ae029bf8fc12868494d6715d224df638149838e61c2b745e4a89e34c6a639
AUX dnsroots.patch 296 BLAKE2B 8a4375b01aab95400dd85966b6b2ddaf5734307fa66710778d5e8a1d5cce4692baad16a2b6ce0a9a85b7fb90c56ca1ab964fa0d7b57e899616fee23aaeec1029 SHA512 2c745f2545d791ed6646406e749ef8e85c30b4546657ce241c413103e42cf3cfb5001c46481bd2966390563a9cc42e53e44519747350da2b8bb0fdf1d0f5c62e
AUX dnstracesort.patch 327 BLAKE2B 483b4a4407b3df88d91a3474a5ba29080d5e0f12c87f97052ce4dfa481f8bb3a3307c923c78f2664aa2154ca41c58c5d4159f8db81161c323198f8b177774bc1 SHA512 ae9cd51f24041aed135b5ba88d1efd0310b8095bccd6fb60a986756b460a4f98a93e163c3ddae7c146d56a9d41778d17449f772b91fdc58d9e69523cf6c2a6e9
AUX increase-cname-recustion-depth.patch 1164 BLAKE2B 1bf7bc18ea55ac7aa4c1fe04d2345e7448bfd7f233938fbb1fcc95818cc1063493d2a4cb3c1519d7d4ea661844fbe80fbfc5ec0dc6e76ba3ccd0b4ea9d8f923e SHA512 a6ff23d44697ebe920bab7be58618f73dbbdd8cde4af4ac3e7455ee2b34a18f94cb2491b4b9ca306525aa5ee43e724f7b0ddddd58ac2702bd3cf75e0bb160431
@@ -16,4 +19,5 @@ DIST djbdns-1.05-man.tar.gz 17170 BLAKE2B 2fef7e1be8a427b2c426c2af58bf4c22795e64
DIST djbdns-1.05-test32.diff.xz 31096 BLAKE2B 0bd6948ba3930f7d6e657f91ff76b1101fa7bb8f3da6849344c2230622fce6c15354e632a9140fefafee5986b522fb85c77c70ac64821d280043d1cd3564be2a SHA512 ed5ea46e3346841a8e8b6a77756c1dba53dab5636f73cf495bf1a182c393bef83d6035f6af26fb903baa75ee689db4abae222b6f85a7e245eb59f9c805163774
DIST djbdns-1.05.tar.gz 85648 BLAKE2B 51918fcc8944e64e72709636ee7d56975a138a2806e22c019fa836770de3a338bb8f682216b89c09d6b2861c2423e60e28dc60639f5a86aca2040e1788e4cf5c SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9
EBUILD djbdns-1.05-r38.ebuild 3865 BLAKE2B 48ad84b7063fe3bad4f85a31cabf347cf190184d8ba53a1f58e41a687dcdf4ab4073a2e81745f475eeeb5eb2e9b4d90db2525e9db76fbd43e3669be435722f03 SHA512 cde9e09279e6934bd862d3e8962b2aa40348eeff2bb1ba03c7d4b8788ffc9a895a484bd7fee63b0ead42dadfb34c8cc26f700056f3417f2c26565fb443a5e2a2
-MISC metadata.xml 245 BLAKE2B 73b051fe35e6e3a8252464f473cfb6b2b87cb42e37e0c9b829a9a97417445f5d9f82bdb3c963daf9a0d914dfe7fffb231c32cd0f43e3ab0286fb9ffcc17051d3 SHA512 b66dbf131c8939413984b638aac6c40c06273035c0d9c0f58189fef258a5ae3589ccd3c4d6f9ca81a5ed363d313e95c657f2bdb0ae58f524399c4a82e2fc9893
+EBUILD djbdns-1.05-r39.ebuild 4065 BLAKE2B aadaf8e41ea316127057ee6d4d1a64c13eedf7177846734f15234d5c69029c33c1645a80b6a08b90e69c1cf6217bf45894b5b05fa61174ce49bedc62d486829e SHA512 659101dd17d786259449273d62779a087036d1a7d26c4872baf7f0a16e5fd2eaaa702dffffbf2b9985482e6896307c085b2bd4283edc4bb168a8980a8f1cfc6d
+MISC metadata.xml 452 BLAKE2B c17e56cddeb305abd668ddffa1589e95184c03ea619102e2b82cb05febdfc21bfcbf1cffc8274f9ead52bcb4e1a5e3aa7d715261c9692c538872587d02ce929f SHA512 9bb5e5f836dd077e476f3035c5aed99ff5965472c8a3a2ac61e18d8a715985cd71dcdc7a9775ba9bda86008156db2c50172697d847629e9abd57eaef423ef0ac
diff --git a/net-dns/djbdns/djbdns-1.05-r39.ebuild b/net-dns/djbdns/djbdns-1.05-r39.ebuild
new file mode 100644
index 000000000000..2801d37b2612
--- /dev/null
+++ b/net-dns/djbdns/djbdns-1.05-r39.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+inherit readme.gentoo-r1 toolchain-funcs
+
+DESCRIPTION="Collection of DNS client/server software"
+HOMEPAGE="https://cr.yp.to/djbdns.html"
+IPV6_PATCH="test32"
+
+SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz
+ http://smarden.org/pape/djb/manpages/${P}-man.tar.gz
+ ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.xz )"
+
+SLOT="0"
+LICENSE="public-domain"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ipv6 selinux"
+
+RDEPEND="
+ acct-user/dnscache
+ acct-user/dnslog
+ acct-user/tinydns
+ sys-apps/ucspi-tcp
+ virtual/daemontools
+ selinux? ( sec-policy/selinux-djbdns )"
+
+src_unpack() {
+ # Unpack both djbdns and its man pages to separate directories.
+ default
+
+ # Now move the man pages under ${S} so that user patches can be
+ # applied to them as well in src_prepare().
+ mv "${PN}-man" "${P}/man" || die "failed to transplant man pages"
+}
+
+PATCHES=(
+ "${FILESDIR}/dnsroots.patch"
+ "${FILESDIR}/dnstracesort.patch"
+ "${FILESDIR}/string_length_255.patch"
+ "${FILESDIR}/srv_record_support.patch"
+ "${FILESDIR}/increase-cname-recustion-depth.patch"
+ "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
+ "${FILESDIR}/CVE2012-1191_0001-ghost-domain-attack.patch"
+ "${FILESDIR}/AR-and-RANLIB-support.patch"
+ "${FILESDIR}/tinydns-softlimit.patch"
+ "${FILESDIR}/${PN}-dnscache-configurable-truncate-manpages.patch"
+)
+
+src_prepare() {
+ if use ipv6; then
+ PATCHES=(${PATCHES[@]}
+ # The big ipv6 patch.
+ "${WORKDIR}/${P}-${IPV6_PATCH}.diff"
+ # Fix CVE2008-4392 (ipv6)
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test32.patch"
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6-test29.patch"
+ "${FILESDIR}/${PN}-dnscache-configurable-truncate-size-v6.patch"
+ )
+ else
+ PATCHES=(${PATCHES[@]}
+ # Fix CVE2008-4392 (no ipv6)
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch"
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+ # Later versions of the ipv6 patch include this
+ "${FILESDIR}/${PV}-errno-r1.patch"
+ "${FILESDIR}/${PN}-dnscache-configurable-truncate-size-nov6.patch"
+ )
+ fi
+
+ default
+
+ # Change "head -X" to the posix-compatible "head -nX" within the
+ # Makefile. We do this with sed instead of a patch because the ipv6
+ # patch uses some of the surrounding lines; we'd need two versions
+ # of the patch.
+ sed -i Makefile \
+ -e 's/head[[:space:]]\{1,\}\-\([0-9]\{1,\}\)/head -n\1/g' \
+ || die 'failed to sed head in the Makefile'
+}
+
+src_compile() {
+ echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die
+ echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die
+ echo "/usr" > conf-home || die
+ emake AR=$(tc-getAR) RANLIB=$(tc-getRANLIB)
+}
+
+src_install() {
+ insinto /etc
+ doins dnsroots.global
+
+ into /usr
+ dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+ *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+ dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
+
+ if use ipv6; then
+ dobin dnsip6 dnsip6q
+ fi
+
+ dodoc CHANGES README
+
+ doman man/*.[158]
+
+ readme.gentoo_create_doc
+}
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS='
+To configure djbdns, please follow the instructions at,
+
+ http://cr.yp.to/djbdns.html
+
+Of particular interest are,
+
+ axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html
+ dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html
+ tinydns : http://cr.yp.to/djbdns/run-server.html
+
+Portage has created users for axfrdns, dnscache, and tinydns; the
+commands to configure these programs are,
+
+ 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip
+ 2. dnscache-conf dnscache dnslog /var/dnscache $ip
+ 3. tinydns-conf tinydns dnslog /var/tinydns $ip
+
+(replace $ip with the ip address on which the server will run).
+
+If you wish to configure rbldns or walldns, you will need to create
+those users yourself (although you should still use the "dnslog"
+user for the logs):
+
+ 4. rbldns-conf $username dnslog /var/rbldns $ip $base
+ 5. walldns-conf $username dnslog /var/walldns $ip
+'
diff --git a/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-manpages.patch b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-manpages.patch
new file mode 100644
index 000000000000..0b022299ab1c
--- /dev/null
+++ b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-manpages.patch
@@ -0,0 +1,53 @@
+From 927121fa9afe047009a2502491d1c7000871b45c Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Wed, 25 Oct 2023 19:28:50 -0400
+Subject: [PATCH] dnscache.8,tinydns.8: document TRUNCATELEN hack for microtiks
+
+---
+ dnscache.8 | 9 +++++++++
+ tinydns.8 | 9 +++++++++
+ 2 files changed, 18 insertions(+)
+
+diff --git a/dnscache.8 b/dnscache.8
+index 54fd357..38dab27 100644
+--- a/man/dnscache.8
++++ b/man/dnscache.8
+@@ -116,6 +116,15 @@ for other caches, not root servers.
+ It forwards queries to those caches the same way that a client does,
+ rather than contacting a chain of servers according to NS records.
+
++.B dnscache
++will use the value of
++.I $TRUNCATELEN
++as the cut-off for a UDP response. The standard value according to the
++RFC is 512 (bytes), but
++.I $TRUNCATELEN
++can be anywhere between 512 and 16384. This may be necessary to work
++around implementation bugs.
++
+ .SH Memory use
+
+ .B dnscache
+diff --git a/tinydns.8 b/tinydns.8
+index ff92edd..bc991dd 100644
+--- a/man/tinydns.8
++++ b/man/tinydns.8
+@@ -47,6 +47,15 @@ as specified by
+ a binary file created by
+ .BR tinydns-data (8).
+
++.B tinydns
++will use the value of
++.I $TRUNCATELEN
++as the cut-off for a UDP response. The standard value according to the
++RFC is 512 (bytes), but
++.I $TRUNCATELEN
++can be anywhere between 512 and 16384. This may be necessary to work
++around implementation bugs.
++
+ .SH Further details
+
+ .B tinydns
+--
+2.41.0
+
diff --git a/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-nov6.patch b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-nov6.patch
new file mode 100644
index 000000000000..9f16531a5441
--- /dev/null
+++ b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-nov6.patch
@@ -0,0 +1,83 @@
+From: Jaco Kroon <jaco@uls.co.za>
+Date: Tue, 24 Oct 2023 06:36:10 +0200
+Subject: [PATCH] dnscache: Enable larger truncation
+
+This variation conflicts with the IPv6 patch.
+
+This is a workaround for https://forum.mikrotik.com/viewtopic.php?t=200627
+where Mikrotik doesn't fall back if the UDP response is truncated.
+
+This is done by enabling larger (configurable) than 512 byte responses on UDP
+such that Mikrotik doesn't have a need to revert to TCP. Since it's impossible
+to truly know the maximum size of a DNS response trivially this is made
+configurable and the upper limit is arbitrarily capped to 16KB.
+
+Signed-off-by: Jaco Kroon <jaco@uls.co.za>
+diff -bru djbdns-1.05.o/dnscache.c djbdns-1.05/dnscache.c
+--- djbdns-1.05.o/dnscache.c 2024-02-23 08:05:00.037623680 +0200
++++ djbdns-1.05/dnscache.c 2024-02-23 08:18:26.320580927 +0200
+@@ -52,6 +52,7 @@
+ static char buf[1024];
+ uint64 numqueries = 0;
+
++static unsigned int truncate_len = 512;
+
+ static int udp53;
+
+@@ -77,7 +78,7 @@
+ {
+ if (!u[j].active) return;
+ response_id(u[j].id);
+- if (response_len > 512) response_tc();
++ if (response_len > truncate_len) response_tc();
+ socket_send4(udp53,response,response_len,u[j].ip,u[j].port);
+ log_querydone(&u[j].active,response_len);
+ u[j].active = 0; --uactive;
+@@ -430,6 +431,15 @@
+ if (!cache_init(cachesize))
+ strerr_die3x(111,FATAL,"not enough memory for cache of size ",x);
+
++ x = env_get("TRUNCATELEN");
++ if (x) {
++ scan_ulong(x,&truncate_len);
++ if (truncate_len < 512)
++ truncate_len = 512;
++ if (truncate_len > 16384)
++ truncate_len = 16384;
++ }
++
+ if (env_get("HIDETTL"))
+ response_hidettl();
+ if (env_get("FORWARDONLY"))
+diff -Nbrau djbdns-1.05.o/server.c djbdns-1.05/server.c
+--- djbdns-1.05.o/server.c 2001-02-11 23:11:45.000000000 +0200
++++ djbdns-1.05/server.c 2024-02-23 08:19:40.020855813 +0200
+@@ -83,6 +83,7 @@
+ {
+ char *x;
+ int udp53;
++ unsigned int truncate_len = 512;
+
+ x = env_get("IP");
+ if (!x)
+@@ -105,11 +106,19 @@
+
+ buffer_putsflush(buffer_2,starting);
+
++ x = env_get("TRUNCATELEN");
++ if (x) {
++ scan_ulong(x,&truncate_len);
++ if (truncate_len < 512)
++ truncate_len = 512;
++ if (truncate_len > 16384)
++ truncate_len = 16384;
++ }
+ for (;;) {
+ len = socket_recv4(udp53,buf,sizeof buf,ip,&port);
+ if (len < 0) continue;
+ if (!doit()) continue;
+- if (response_len > 512) response_tc();
++ if (response_len > truncate_len) response_tc();
+ socket_send4(udp53,response,response_len,ip,port);
+ /* may block for buffer space; if it fails, too bad */
+ }
diff --git a/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-v6.patch b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-v6.patch
new file mode 100644
index 000000000000..291ebe4f5c44
--- /dev/null
+++ b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-v6.patch
@@ -0,0 +1,87 @@
+From: Jaco Kroon <jaco@uls.co.za>
+Date: Tue, 24 Oct 2023 06:36:10 +0200
+Subject: [PATCH] dnscache: Enable larger truncation
+
+This variation applies on top of the IPv6 patch.
+
+This is a workaround for https://forum.mikrotik.com/viewtopic.php?t=200627
+where Mikrotik doesn't fall back if the UDP response is truncated.
+
+This is done by enabling larger (configurable) than 512 byte responses on UDP
+such that Mikrotik doesn't have a need to revert to TCP. Since it's impossible
+to truly know the maximum size of a DNS response trivially this is made
+configurable and the upper limit is arbitrarily capped to 16KB.
+
+Signed-off-by: Jaco Kroon <jaco@uls.co.za>
+diff -bru djbdns-1.05.o/dnscache.c djbdns-1.05/dnscache.c
+--- a/dnscache.c 2023-10-20 00:34:15.788688135 +0200
++++ b/dnscache.c 2023-10-20 00:46:55.030355147 +0200
+@@ -58,6 +58,7 @@
+ static char buf[1024];
+ uint64 numqueries = 0;
+
++static unsigned int truncate_len = 512;
+
+ static int udp53;
+
+@@ -84,7 +85,7 @@
+ {
+ if (!u[j].active) return;
+ response_id(u[j].id);
+- if (response_len > 512) response_tc();
++ if (response_len > truncate_len) response_tc();
+ socket_send6(udp53,response,response_len,u[j].ip,u[j].port,u[j].scope_id);
+ log_querydone(&u[j].active,response_len);
+ u[j].active = 0; --uactive;
+@@ -449,6 +450,15 @@
+ if (!cache_init(cachesize))
+ strerr_die3x(111,FATAL,"not enough memory for cache of size ",x);
+
++ x = env_get("TRUNCATELEN");
++ if (x) {
++ scan_ulong(x,&truncate_len);
++ if (truncate_len < 512)
++ truncate_len = 512;
++ if (truncate_len > 16384)
++ truncate_len = 16384;
++ }
++
+ if (openreadclose("ignoreip",&sa,64) < 0)
+ strerr_die2x(111,FATAL,"trouble reading ignoreip");
+ for(j = k = i = 0; i < sa.len; i++)
+Only in djbdns-1.05/: .dnscache.c.swp
+diff -bru djbdns-1.05.o/server.c djbdns-1.05/server.c
+--- djbdns-1.05.o/server.c 2023-10-20 00:34:15.778688116 +0200
++++ djbdns-1.05/server.c 2023-10-20 00:43:31.519954643 +0200
+@@ -94,6 +94,7 @@
+ int *udp53;
+ unsigned int off;
+ unsigned int cnt;
++ unsigned int truncate_len = 512;
+ iopause_fd *iop;
+
+ x = env_get("IP");
+@@ -154,6 +155,14 @@
+
+ buffer_putsflush(buffer_2,starting);
+
++ x = env_get("TRUNCATELEN");
++ if (x) {
++ scan_ulong(x,&truncate_len);
++ if (truncate_len < 512)
++ truncate_len = 512;
++ if (truncate_len > 16384)
++ truncate_len = 16384;
++ }
+ for (;;) {
+ struct taia stamp;
+ struct taia deadline;
+@@ -168,7 +177,7 @@
+ len = socket_recv6(udp53[i],buf,sizeof buf,ip,&port,&ifid);
+ if (len < 0) continue;
+ if (!doit()) continue;
+- if (response_len > 512) response_tc();
++ if (response_len > truncate_len) response_tc();
+ socket_send6(udp53[i],response,response_len,ip,port,ifid);
+ /* may block for buffer space; if it fails, too bad */
+ }
diff --git a/net-dns/djbdns/metadata.xml b/net-dns/djbdns/metadata.xml
index f5946e0f0cc5..f19ea0598296 100644
--- a/net-dns/djbdns/metadata.xml
+++ b/net-dns/djbdns/metadata.xml
@@ -1,8 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
-<maintainer type="person">
- <email>mjo@gentoo.org</email>
- <name>Michael Orlitzky</name>
-</maintainer>
+ <maintainer type="person">
+ <email>mjo@gentoo.org</email>
+ <name>Michael Orlitzky</name>
+ </maintainer>
+ <use>
+ <!-- leave this global flag defined here to avoid a pkgcheck warning -->
+ <flag name="ipv6">
+ Apply Fefe's patch (https://www.fefe.de/dns/) for ipv6 support.
+ </flag>
+ </use>
</pkgmetadata>
diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest
index 6231b6527281..1d0a9d65b8d5 100644
--- a/net-dns/unbound/Manifest
+++ b/net-dns/unbound/Manifest
@@ -24,5 +24,5 @@ EBUILD unbound-1.17.0.ebuild 6475 BLAKE2B 2760f28a760e30319396ee3d14b64a77d3c37c
EBUILD unbound-1.17.1.ebuild 6385 BLAKE2B 740557cc5e299e7b8bd285d8aae60da1e5de7d455066ec21175674a42db5f7062a246b722311c47ec5a17358d691e31dd2c18af2c8f3f1360bc50943be4be182 SHA512 d1cbe97ad9b5d2144303bd5b8acb182c2b51036077e6982c7b7480d780944298322f7b320c4c94d1be23baa17e8ccfbe9a0ef67f5f7aafcca4c176894f8f4660
EBUILD unbound-1.18.0.ebuild 6426 BLAKE2B cceeb53537a7ee30fb349ce8bac0c288b5513d188d04bcb3b9a810fbd2662fea6d81f9cb7783580039534e3884113cdb6b450e9bd3e4409faba12f4149ce9689 SHA512 9a1082fbf865ba72db83834a8ecc1b6106ac3ca8c5907b3938ec1649fb60971074445295fd5f9d7da1fd24924afd712af8d7078feb936c9d7831c21894d9095d
EBUILD unbound-1.19.0.ebuild 6505 BLAKE2B 1d292d2b036ba92f7d6abbcd3ec9f3090b675a0a999c056250940887e3dcf761f46c458363933f164f83caa118614a5e3beb5b75261f8915af47444e0a70a118 SHA512 3a9a81daa5d08f4ba6d4ee5228839f1d04b944cca5e6985197522b2357cbd213efc021cd32c7d67de49be43a0a0edb83d3b1cb1c36fd6fdce0460fdbd188a097
-EBUILD unbound-1.19.1.ebuild 6504 BLAKE2B 6c963b42d8fa84ad23e8428c08028f16eef1ef119b4f159dab7f24493e2aff722b74311742fac12a66d83bc3a7ec0c1cab29aa3daae4cc5e902053b5a36dd484 SHA512 b020a2655b4dbf89990c930bcf213320146cd174a2c57472702f7a0533e5d3dcd326849bc29990a948378db2e3e9a3b5bae59bc00b11db660c209fb7e45cd89c
+EBUILD unbound-1.19.1.ebuild 6502 BLAKE2B 6c4fde1fbf798a1361fed241fafbcb6fb461a06faeff9a791a07413cde72f7fcc61dc8e3a8a03033b309ba15e109a15ca1946087540faaefacb3100a933289af SHA512 5701520a2abc7fd789902cec33fa8ef35b23448f79d3eba9c745e3f59f1fa5b849fdf3f3509ca88f64b00006c8d3c8efbc49a6058b05f7fcc70d86a44f07b6e6
MISC metadata.xml 1475 BLAKE2B d0e34f4ba056c090af979f2686d5dece53a554c7ea7612fee1991ce6838ce161359bd8405d6358c5e184b6721affeee5d6e1bd93095b92765cd38dba928daa5b SHA512 8fba72eba420d4c06fb3a9119c3f324c5679fe268b65fac23878ef15f3c3d784d372874c7d6428d1c7c2eb3a75380ad2e4d5fc1691e7c2d1b426b8cfa381222b
diff --git a/net-dns/unbound/unbound-1.19.1.ebuild b/net-dns/unbound/unbound-1.19.1.ebuild
index c6f2273ac96e..63cf43fa1de5 100644
--- a/net-dns/unbound/unbound-1.19.1.ebuild
+++ b/net-dns/unbound/unbound-1.19.1.ebuild
@@ -19,7 +19,7 @@ S="${WORKDIR}"/${MY_P}
LICENSE="BSD GPL-2"
SLOT="0/8" # ABI version of libunbound.so
if [[ ${PV} != *_rc* ]] ; then
- KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+ KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc x86"
fi
IUSE="debug dnscrypt dnstap +ecdsa ecs gost +http2 python redis selinux static-libs systemd test +tfo threads"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-22 23:44:48 +0000