diff options
Diffstat (limited to 'net-dns/djbdns')
| -rw-r--r-- | net-dns/djbdns/Manifest | 5 | ||||
| -rw-r--r-- | net-dns/djbdns/djbdns-1.05-r40.ebuild | 143 | ||||
| -rw-r--r-- | net-dns/djbdns/files/djbdns-udp-overflow-response-buffer-truncate-nov6.patch | 13 | ||||
| -rw-r--r-- | net-dns/djbdns/files/djbdns-udp-overflow-response-buffer-truncate-v6.patch | 34 | ||||
| -rw-r--r-- | net-dns/djbdns/metadata.xml | 20 |
5 files changed, 208 insertions, 7 deletions
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest index 6738dda3b484..eb00901eaf84 100644 --- a/net-dns/djbdns/Manifest +++ b/net-dns/djbdns/Manifest @@ -9,6 +9,8 @@ AUX CVE2012-1191_0001-ghost-domain-attack.patch 642 BLAKE2B 0d20b60b4f606a84f100 AUX djbdns-dnscache-configurable-truncate-manpages.patch 1437 BLAKE2B 9ce45b62daeaf5d7a20ed3753da637d42837d2fd572a71b410e68c2c6ed5807fa5d0f7dd47a1cb7c5fa5af3b86eed69800f19c8b190f9a6c0c256493094cfa1c SHA512 464cf51a40317bb5a055463a3ccd0806a7d90b8b8ec02e95082a66e9decbb28714e8af6bf761bdf3f48dd33b9863381a2f0a4a6438a72d43ceeaa8e50d305dd8 AUX djbdns-dnscache-configurable-truncate-size-nov6.patch 2005 BLAKE2B 01637f9b3c94831cb31688faa35a099b23d79dd57a3292d53b7b9a1b33f7feabb1fa64b6ad8578e760ace13a4de7a9e3c8d8d22588c74433774928cd87261216 SHA512 c8e1a01089d45952babff325339074c5235308a5f2788bdde967b3dc015d86f3687b589d1e8c17bb97a52f1893d94bd190a449711ab206988852c02b6715a895 AUX djbdns-dnscache-configurable-truncate-size-v6.patch 2943 BLAKE2B 00e8547f0918ee29d1c1f38f67ea9fcacc2a773fd3d874690c588d71e6dfbc0405101e49039c231122660b8168039a6dce9012857e8d8b1aa59cee7747720dda SHA512 0aba025b163cd727b80711888cf8f329ca3f0dc14fa0b1de8f2c94bd5051ed02d5c3c84069fcc539baa797871309a1f42932e664bcd3e456831c26be19d5f5fa +AUX djbdns-udp-overflow-response-buffer-truncate-nov6.patch 574 BLAKE2B 0af6d690af4eee6e2f050b56d790e05691e177207c81e4c06c5e8c8464d4abd1bf0d62b6d62a69b3d1d5c25180bcb04d0037a6649903754ab336f43a1d5822a1 SHA512 5a6f0492b091e1fedc40ed9dea74ee5dc26c136e5a0a6e227ff61790ec639ded6445f31cdbe984206fef9e3af8f9a8b03b71466e0d8038cd75b0ff6f3a77ac3a +AUX djbdns-udp-overflow-response-buffer-truncate-v6.patch 1592 BLAKE2B d462b83b54580bb4a221cf0732b9523a2da74eb6494771fb43bd04896709b51cfe829c26da080de92ea12c21e5404434e4a6dc8da2388a46c22ade53f2d2cb26 SHA512 e1c06c9d0ff829e2670b8dfcb1e11cc4e061b55514bed4af3500a9e6922650afd4b002182cfdeec7591be63fffb8f02a6434d7ab38de9a65dcde1087c0f4eb73 AUX dnsroots.patch 296 BLAKE2B 8a4375b01aab95400dd85966b6b2ddaf5734307fa66710778d5e8a1d5cce4692baad16a2b6ce0a9a85b7fb90c56ca1ab964fa0d7b57e899616fee23aaeec1029 SHA512 2c745f2545d791ed6646406e749ef8e85c30b4546657ce241c413103e42cf3cfb5001c46481bd2966390563a9cc42e53e44519747350da2b8bb0fdf1d0f5c62e AUX dnstracesort.patch 327 BLAKE2B 483b4a4407b3df88d91a3474a5ba29080d5e0f12c87f97052ce4dfa481f8bb3a3307c923c78f2664aa2154ca41c58c5d4159f8db81161c323198f8b177774bc1 SHA512 ae9cd51f24041aed135b5ba88d1efd0310b8095bccd6fb60a986756b460a4f98a93e163c3ddae7c146d56a9d41778d17449f772b91fdc58d9e69523cf6c2a6e9 AUX implicit-declarations-nov6.patch 1590 BLAKE2B 8bd687e92e22fa195d585664c254b280741602d939ff23e05ecbf4183bef05ea093580754568c2cb4e2c11015c147d92924526fd537d0dcd6d97b459507e24ec SHA512 d22e3b14c8410fbebe329002451b21a28d36a9df021000f1f0a6f8d0a3e36295fb413b7299c923dc674b14abbd7ddb08e9bd5f694326ff0a6c75146702ded6b8 @@ -21,4 +23,5 @@ DIST djbdns-1.05-test32.diff.xz 31096 BLAKE2B 0bd6948ba3930f7d6e657f91ff76b1101f DIST djbdns-1.05.tar.gz 85648 BLAKE2B 51918fcc8944e64e72709636ee7d56975a138a2806e22c019fa836770de3a338bb8f682216b89c09d6b2861c2423e60e28dc60639f5a86aca2040e1788e4cf5c SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9 EBUILD djbdns-1.05-r38.ebuild 3865 BLAKE2B 48ad84b7063fe3bad4f85a31cabf347cf190184d8ba53a1f58e41a687dcdf4ab4073a2e81745f475eeeb5eb2e9b4d90db2525e9db76fbd43e3669be435722f03 SHA512 cde9e09279e6934bd862d3e8962b2aa40348eeff2bb1ba03c7d4b8788ffc9a895a484bd7fee63b0ead42dadfb34c8cc26f700056f3417f2c26565fb443a5e2a2 EBUILD djbdns-1.05-r39.ebuild 4289 BLAKE2B 9945ba00fa1d8ba613245a7dc86cedc0470bd43de7541419c4bbd999f469a31d8f408bc3f0cfc08d0ff9893428597907f5e8762096e6ec1b4c188aceafb40b10 SHA512 3392601d470e4e1830f23d7a7daac0dcd9149cbfcf827db762c0f6e3369ef53c8a65bdf9707591ad6c1237af62f375d8e2f9e3b5d7a7ee4b0d7107e6bd072f4c -MISC metadata.xml 339 BLAKE2B 96fff35d31b4d0d68ddcacc52217855fa8a9273e72591c3a2eb21119dd01c7b0726cdd0f62007ee04192dd5a4999b7fe3f5a422f54432d7d35b13ba2893cc71a SHA512 e009dd7d1ab046ac9b0e2dd3d15f7371c889900beffcf9e5e0c3fc447ad513ba73186915a8c8d1518c77efc7448ca91337ed5d72c8e07d074c1577b7e06ff493 +EBUILD djbdns-1.05-r40.ebuild 4434 BLAKE2B c2cec8e3016d5b0711791f63e042f8bf263f7d58bdbb91fc1ecd112ec1d27b7f91f0956daf60a6cbab4f2d826307acc6e2c582b25504111830a8204043bd5c71 SHA512 6d0b9a11bcac2d0c1cbc2e67f990c708fb499b8b072e9e03575086968f4ea1ac978f1ae960fc24fc46492b5fbf471dfd709cea2110c95f1d43eda5ccd843e46b +MISC metadata.xml 576 BLAKE2B ade984b384316960d3ea8de1f6ef83c8a578901cf644af5e42543038d52cdac99a834a3881e244fe6f3999f1aac030f4e39cd3cd83d4eed39dbf24b4a55ea9be SHA512 7d85669a1c841d3ea2a97ab5efcd4c18e03062526827f8ae9a97e7becddcf9e3222fee03a67933d01675b605c51dbf0ed6b1e17b9130829545c7c5bad651b5fd diff --git a/net-dns/djbdns/djbdns-1.05-r40.ebuild b/net-dns/djbdns/djbdns-1.05-r40.ebuild new file mode 100644 index 000000000000..f5a5afde9b70 --- /dev/null +++ b/net-dns/djbdns/djbdns-1.05-r40.ebuild @@ -0,0 +1,143 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit flag-o-matic readme.gentoo-r1 toolchain-funcs + +DESCRIPTION="Collection of DNS client/server software" +HOMEPAGE="https://cr.yp.to/djbdns.html" +IPV6_PATCH="test32" + +SRC_URI="https://cr.yp.to/djbdns/${P}.tar.gz + https://smarden.org/pape/djb/manpages/${P}-man.tar.gz + ipv6? ( https://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.xz )" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" +IUSE="ipv6 selinux" + +RDEPEND=" + acct-user/dnscache + acct-user/dnslog + acct-user/tinydns + sys-apps/ucspi-tcp + virtual/daemontools + selinux? ( sec-policy/selinux-djbdns )" + +src_unpack() { + # Unpack both djbdns and its man pages to separate directories. + default + + # Now move the man pages under ${S} so that user patches can be + # applied to them as well in src_prepare(). + mv "${PN}-man" "${P}/man" || die "failed to transplant man pages" +} + +PATCHES=( + "${FILESDIR}/dnsroots.patch" + "${FILESDIR}/dnstracesort.patch" + "${FILESDIR}/string_length_255.patch" + "${FILESDIR}/srv_record_support.patch" + "${FILESDIR}/increase-cname-recustion-depth.patch" + "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" + "${FILESDIR}/CVE2012-1191_0001-ghost-domain-attack.patch" + "${FILESDIR}/AR-and-RANLIB-support.patch" + "${FILESDIR}/tinydns-softlimit.patch" + "${FILESDIR}/${PN}-dnscache-configurable-truncate-manpages.patch" +) + +src_prepare() { + if use ipv6; then + PATCHES=(${PATCHES[@]} + # The big ipv6 patch. + "${WORKDIR}/${P}-${IPV6_PATCH}.diff" + # Fix CVE2008-4392 (ipv6) + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test32.patch" + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6-test29.patch" + "${FILESDIR}/${PN}-dnscache-configurable-truncate-size-v6.patch" + "${FILESDIR}/${PN}-udp-overflow-response-buffer-truncate-v6.patch" + ) + else + PATCHES=(${PATCHES[@]} + "${FILESDIR}/implicit-declarations-nov6.patch" + # Fix CVE2008-4392 (no ipv6) + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch" + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch" + # Later versions of the ipv6 patch include this + "${FILESDIR}/${PV}-errno-r1.patch" + "${FILESDIR}/${PN}-dnscache-configurable-truncate-size-nov6.patch" + "${FILESDIR}/${PN}-udp-overflow-response-buffer-truncate-nov6.patch" + ) + fi + + default + + # Change "head -X" to the posix-compatible "head -nX" within the + # Makefile. We do this with sed instead of a patch because the ipv6 + # patch uses some of the surrounding lines; we'd need two versions + # of the patch. + sed -i Makefile \ + -e 's/head[[:space:]]\{1,\}\-\([0-9]\{1,\}\)/head -n\1/g' \ + || die 'failed to sed head in the Makefile' +} + +src_compile() { + # Bug 927539. This is beyond our ability to realistically fix due + # to patch conflicts. + append-cflags $(test-flags-CC -Wno-error=incompatible-pointer-types) + + echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die + echo "/usr" > conf-home || die + emake AR=$(tc-getAR) RANLIB=$(tc-getRANLIB) +} + +src_install() { + insinto /etc + doins dnsroots.global + + into /usr + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \ + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \ + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort + + if use ipv6; then + dobin dnsip6 dnsip6q + fi + + dodoc CHANGES README + + doman man/*.[158] + + readme.gentoo_create_doc +} + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=' +To configure djbdns, please follow the instructions at, + + http://cr.yp.to/djbdns.html + +Of particular interest are, + + axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html + dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html + tinydns : http://cr.yp.to/djbdns/run-server.html + +Portage has created users for axfrdns, dnscache, and tinydns; the +commands to configure these programs are, + + 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip + 2. dnscache-conf dnscache dnslog /var/dnscache $ip + 3. tinydns-conf tinydns dnslog /var/tinydns $ip + +(replace $ip with the ip address on which the server will run). + +If you wish to configure rbldns or walldns, you will need to create +those users yourself (although you should still use the "dnslog" +user for the logs): + + 4. rbldns-conf $username dnslog /var/rbldns $ip $base + 5. walldns-conf $username dnslog /var/walldns $ip +' diff --git a/net-dns/djbdns/files/djbdns-udp-overflow-response-buffer-truncate-nov6.patch b/net-dns/djbdns/files/djbdns-udp-overflow-response-buffer-truncate-nov6.patch new file mode 100644 index 000000000000..058691cb94ff --- /dev/null +++ b/net-dns/djbdns/files/djbdns-udp-overflow-response-buffer-truncate-nov6.patch @@ -0,0 +1,13 @@ +--- djbdns-1.05.o/dns_transmit.c 2001-02-11 23:11:45.000000000 +0200 ++++ djbdns-1.05/dns_transmit.c 2024-05-27 16:25:11.857369652 +0200 +@@ -265,9 +265,9 @@ + if (errno == error_connrefused) if (d->udploop == 2) return 0; + return nextudp(d); + } +- if (r + 1 > sizeof udpbuf) return 0; + + if (irrelevant(d,udpbuf,r)) return 0; ++ if ((size_t)r + 1 > sizeof udpbuf) return firsttcp(d); /* if udp overflowed, retry with TCP */ + if (serverwantstcp(udpbuf,r)) return firsttcp(d); + if (serverfailed(udpbuf,r)) { + if (d->udploop == 2) return 0; diff --git a/net-dns/djbdns/files/djbdns-udp-overflow-response-buffer-truncate-v6.patch b/net-dns/djbdns/files/djbdns-udp-overflow-response-buffer-truncate-v6.patch new file mode 100644 index 000000000000..bf55e7dd86df --- /dev/null +++ b/net-dns/djbdns/files/djbdns-udp-overflow-response-buffer-truncate-v6.patch @@ -0,0 +1,34 @@ +Deal with local recv() truncation. + +In the case where an upstream cache sends a UDP response that would overflow +the djb cache's default receive buffer, then djbdns would treat this as an +invalid response. The norm nowadays is the send >512b UDP responses, +especially for TXT RRs. It looks like up to around 4KB is deemed acceptable in +most cases I've investigated. + +So, in the case where we locally end up reciving a truncated packet by way of +recv() because the local UDP buffer is too small, treat that like the TC bit +was set, because really we can know the response was truncated. + +Therefor check the irrelevant (inappropriate response) data first, then if the +buffer was fully received (it might be that the response fits exactly, but +short of parsing this buffer there is no simple way to confirm this, so just +assume it's unlikely to get an exact sized buffer back and retry using TCP +anyway). Yes, this is a waste of resources in this specific case, but so be +it. + +Signed-off-by: <jaco@uls.co.za> + +--- djbdns-1.05.o/dns_transmit.c 2024-05-27 13:20:25.788463090 +0200 ++++ djbdns-1.05/dns_transmit.c 2024-05-27 14:13:38.786335627 +0200 +@@ -266,9 +266,9 @@ + if (errno == error_connrefused) if (d->udploop == 2) return 0; + return nextudp(d); + } +- if ((size_t)r + 1 > sizeof udpbuf) return 0; + + if (irrelevant(d,udpbuf,r)) return 0; ++ if ((size_t)r + 1 > sizeof udpbuf) return firsttcp(d); /* if udp overflowed, retry with TCP */ + if (serverwantstcp(udpbuf,r)) return firsttcp(d); + if (serverfailed(udpbuf,r)) { + if (d->udploop == 2) return 0; diff --git a/net-dns/djbdns/metadata.xml b/net-dns/djbdns/metadata.xml index 6e76cd2b88bd..7fb0b75a8609 100644 --- a/net-dns/djbdns/metadata.xml +++ b/net-dns/djbdns/metadata.xml @@ -1,10 +1,18 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <use> - <!-- leave this global flag defined here to avoid a pkgcheck warning --> - <flag name="ipv6"> - Apply Fefe's patch (https://www.fefe.de/dns/) for ipv6 support. - </flag> - </use> + <maintainer type="person" proxied="yes"> + <email>jaco@uls.co.za</email> + <name>Jaco Kroon</name> + </maintainer> + <maintainer type="project" proxied="proxy"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <use> + <!-- leave this global flag defined here to avoid a pkgcheck warning --> + <flag name="ipv6"> + Apply Fefe's patch (https://www.fefe.de/dns/) for ipv6 support. + </flag> + </use> </pkgmetadata> |