diff options
Diffstat (limited to 'net-dns')
28 files changed, 1120 insertions, 107 deletions
diff --git a/net-dns/Manifest.gz b/net-dns/Manifest.gz Binary files differindex c34b57632fc1..4889a3e8824e 100644 --- a/net-dns/Manifest.gz +++ b/net-dns/Manifest.gz diff --git a/net-dns/avahi/Manifest b/net-dns/avahi/Manifest index 9fde17b6f221..a114cbcf2676 100644 --- a/net-dns/avahi/Manifest +++ b/net-dns/avahi/Manifest @@ -10,13 +10,13 @@ AUX avahi-0.6.31-invalid_packet.patch 1073 BLAKE2B a6ae5008e20f620c2314616483cc9 AUX avahi-0.6.31-so_reuseport-may-not-exist-in-running-kernel.patch 1265 BLAKE2B 093a68402eee840ea72b9c09e1cfff5ba9c2c75df385dc483bca0381bdff4e5e01b6a64aff988448b71e5bb50e4dbcf28c96b10932be1964469ec8755a03f301 SHA512 f575e3ba1c704ec3bf92ffd8344a104f35026e6738720955caa23549f602f491c5e209188c5c00189b269e79e6120021d02cc07fbdea22a7c99ce7682f017fe7 AUX avahi-0.6.32-openrc-0.21.7-fix-init-scripts.patch 918 BLAKE2B 3ed83f437b82bc98253df8a72dbd9e5a2d018e3b3e7711f04919b4926d6c8e8b0ec9531c9021453ae576cbb9919a8daaec85b721b5858355f9f6fd2fd609bffd SHA512 c62167c538af81362abba5a4012336f5d12aa20edc3cbb69f305ba89be90e4c62e1ce1613779d3ad0cbfba99e4ff46b803e4a26fe72cefefd628827a610318a3 AUX avahi-0.6.x-openrc-0.9.x-init-scripts-fixes.patch 633 BLAKE2B 900926dbe6a0716ef37d95bc37c0115d02e48d3cfdda26ce86dc020ae0ab3b5fedbe6f5a50631b17fb210621839ac25a1bd43bfdd95a908e248a226670153d95 SHA512 c2d11b243acdc058cde03b872dccbbbd44a7a584adf168f16016f29c7a5d9d8668095b781f53102feba8b9c80b2cbbd788c9b327d9d1e2e552fbdcf3c2960517 -DIST avahi-0.6.31.tar.gz 1268686 SHA256 8372719b24e2dd75de6f59bb1315e600db4fd092805bd1201ed0cb651a2dab48 SHA512 53eb00d570a274d841e1e6ad07da077950089ae39b4f7aa21fcd21cc5320b30b506b43e7e57e56198e155cc7bd289b779a48b2b2fc002dc6194a946110451858 WHIRLPOOL a6d97b87dfbb81be359ee03d8f32ebafdbb311bd596d686aeb55a2952ecb6c7c84466b1230e70392ffe23a20a56da7e0a5bd00c8dc1812b2156c0b4a8022144f -DIST avahi-0.6.32.tar.gz 934004 SHA256 7eb693d878246f0cd05034173fb3ed53447a84dd3b7f01745313cad11071226e SHA512 e6dc788cc8691288ef001007006719b5eb022d484ee6fc84e68a7d227af5993e4d09484b824998155e5b25fc0ffc014beb8961d312982f63b82b10a6e2edee18 WHIRLPOOL e139eca2d1698976a5fca21361c037dd2b1c075654b01674bea3fa22db70067999aba2a61cbfcf69281d5274f5080450e24cf64f9cec1702d142e129fbf03dc7 -DIST avahi-0.7.tar.gz 940047 SHA256 fd45480cef0559b3eab965ea3ad4fe2d7a8f27db32c851a032ee0b487c378329 SHA512 61f656da7614d8cca1862180038f571db3474c84f05db4d3509f614cdbf8b1a1047661b7e24d63682d5b48ed1bfa1b08b3c9e6dbe9222bcd62d99bc168a11abe WHIRLPOOL bb6f2763309f8426bc65e81f41ac2205076d6f5f9e84f1bba6ed998595c5c2db126b30bf376286f5bd6e61605c3b219fbce9ee325585d2e463d3ef43bc6bcc1a +DIST avahi-0.6.31.tar.gz 1268686 BLAKE2B 959526c69855495948222709227c7c0d07653bb91f223d80e3d1b6ee16b03952015634984fe754c2c828f76035cd966131eeb047fe4c922493c129a77b14d2be SHA512 53eb00d570a274d841e1e6ad07da077950089ae39b4f7aa21fcd21cc5320b30b506b43e7e57e56198e155cc7bd289b779a48b2b2fc002dc6194a946110451858 +DIST avahi-0.6.32.tar.gz 934004 BLAKE2B 76bbff65075bbc49d52b1e406373c4856622c22364cb5f1a4ccc0bf04a6dc7d54c58753a8cce6622e4fc62dc22086659ffbd157aeb1a6a30de353d08fd08a307 SHA512 e6dc788cc8691288ef001007006719b5eb022d484ee6fc84e68a7d227af5993e4d09484b824998155e5b25fc0ffc014beb8961d312982f63b82b10a6e2edee18 +DIST avahi-0.7.tar.gz 940047 BLAKE2B 8299577bf27ee65fad5d743dbf94202b148a6fc86825cae303f94c44482eea07cf6570d970ca286e81a787d6a64598b7123f2ac17a259ddc50ef431b9c94b530 SHA512 61f656da7614d8cca1862180038f571db3474c84f05db4d3509f614cdbf8b1a1047661b7e24d63682d5b48ed1bfa1b08b3c9e6dbe9222bcd62d99bc168a11abe EBUILD avahi-0.6.31-r10.ebuild 6444 BLAKE2B deee480926a554f671ba7d6a3425ac1292b429581952c377f440fae12da2f0896037dbe885a8c7991b8c55329098d07c2fcbf87bca8a1bb2c1ef9427378003b2 SHA512 231567dcc74fbe09a4d18cc52074430b2f8c552c2e1212207af5879d6234f0067eebef495872c0c589d77f8fad177d05247f9927dc648963ee9f1e792335da81 EBUILD avahi-0.6.31-r11.ebuild 6261 BLAKE2B a11de83cced8adec29e5a3df8ad09fc2dd16d8247dc2e72b208ddb3de86a695d8d164920e2f3e96086d5ead5b251a49c380f2a61764bbdb6b3500dd39e98c7d4 SHA512 0a0645d1c38fcde7d34dfdd38f21ab177cfac21bbc01def180ec9fb0f311ce0273565f425c096c6ee29ec20651818136da166d4c3b26d29c8d7f8473a0cd4ed1 EBUILD avahi-0.6.32-r1.ebuild 5732 BLAKE2B 6b17c7e9d223e288e309ef3f51326bff5d3e895e12a1db585f0fe3a086ba0a80bfaccb0d9ef79b769200fe985be92826efb64eb071ca93c79d82a4addde91b98 SHA512 d26256a031d5d7ce6cf58ff4c98d5a88ed93498d0383e1a425e88bc9f1de4ee18c0b2ab6e987163b5a27acc807199c8f91276e449dc6d951607c1dfddfaa74c4 EBUILD avahi-0.6.32-r2.ebuild 5855 BLAKE2B bf094e3aafa5e289cd9f36290b649c2d152598583d90c19f1cb92c5a5a8c3d0d40c238fa428ac3beb355a6c7e7ed8e8584c19c7af8fc4dfaafb8cb234fa65534 SHA512 44aef809779706e5f0e8c5e047b69a795a7d450a59e7fed174c2f7cb5043f6c9d547daff6699ee9e28e9af3ba02caa54a5293ec8ef11219c35bda4b9f3cfdb00 EBUILD avahi-0.6.32.ebuild 5584 BLAKE2B 48672b141bd86b76838acae05f4d6e3f4fffeb686e42e058b8b8c3c771568df7ca12bee6a215079729d585d6415c30146787e73aeb1b84abafbff5da00ec9b48 SHA512 031b6ea7962717de7f984c78a2814312610b86ce391a2474117b34b2e8c542a6de49b75998c99639f866f415b878ed58f807a12ea713d3b1d15ef0657013e4a0 -EBUILD avahi-0.7.ebuild 5077 BLAKE2B 174c1a56ca82c9fa152293c221bbc39ac7e18e96bfca0f781071152881e346bc0dc063f9e21425eb561f50c3e27676d4b7dd451381f48b8226c4037ded5aaffd SHA512 94164abcfddac6512881bac7966bb927cd7c00f7448bbf73e3239d0f267714688f312f2cca498d09c329785be13c6fe38afeafacd67667f280b1d4b3a936fc69 +EBUILD avahi-0.7.ebuild 5076 BLAKE2B e07c7c60560512c6cc81d23cb513deb28dcc262572ad142229c9455c655d0d0f69188e03e9f99872c59e167a24b1320845e490ac392bd8cd8d7fa36cea1bf9ee SHA512 bf426937dc7c980aa252e2c627e54b2187624a0548e9961b23a04b7a513bbddaca69eace9d2ccee60c55add7acfd47da81b4c76f7c236f2da5713a3d30569aa0 MISC metadata.xml 970 BLAKE2B 26904ceb3a89833caa77e2315d99be8ef729277a021faa3800a1cd0abe94c516d53176e65668d00687a6bb6ee807a2011106268f14a4d5012c27132e4fca4f3c SHA512 b9498d4757b6bd793846e4cbdd5c37da601a8e1430cafd1a6039ff54f8ff10576684c58801ebc679061f975cefa5909c94c30976e84354a5fcc7d2a586f7fa8e diff --git a/net-dns/avahi/avahi-0.7.ebuild b/net-dns/avahi/avahi-0.7.ebuild index 21c675f3d422..9c41455180c0 100644 --- a/net-dns/avahi/avahi-0.7.ebuild +++ b/net-dns/avahi/avahi-0.7.ebuild @@ -19,7 +19,7 @@ S="${WORKDIR}/${P}" LICENSE="LGPL-2.1" SLOT="0" #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~mips ~ppc ~ppc64 sparc x86" +KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~mips ppc ~ppc64 sparc x86" IUSE="autoipd bookmarks dbus doc gdbm gtk gtk3 howl-compat +introspection ipv6 kernel_linux mdnsresponder-compat mono nls python qt4 selinux test" REQUIRED_USE=" diff --git a/net-dns/knot/Manifest b/net-dns/knot/Manifest index f9223aa0132e..21d4e503b52d 100644 --- a/net-dns/knot/Manifest +++ b/net-dns/knot/Manifest @@ -1,11 +1,10 @@ AUX knot-1.service 337 BLAKE2B a6645b2ab92612f3c6640f4e9601cefe087a519d8a40b222e05dbd44c8b8c5c87a01d500d5ac328fdee1cae3f9dd126448a8b82b979e13a4ff5285fa48b983d5 SHA512 58c4186e57ebd00b86dae34d5d208ed8801c0376da40cccb23b3d4542a7ee04a1003a12a4b89347b76a384b50eae4a61f96164bf22ec987ce05b1c65691659e7 AUX knot.init 861 BLAKE2B 30ffe287f4f83058407ceab00b2113dade3b60b38d76c86f156cc31c33cc4f2ec8cf7f22172823755b71385ca18cc1044605b5479c9de05284f911d500b5dc40 SHA512 e5faa96cbee618e9042bdfd0628f06c4bc4d23c7295521771e16f6eae715835a240799e8425317b03b1ea162966defb5d6b6592139cb1d9d61b47a24961ec9b9 AUX knot.service 275 BLAKE2B c39b50630a84cb20d33a02ad82c0fc0c994b098766af0cd3e11b4ac6e2f6e6ebc38d6e5b99c358d5e771022fd6ad14fb7e04e95fd77ba677d10950e1fc52e9a9 SHA512 37c4700320a2781aa93ca92bc2634c3e080c87337b7d632d0e2fa23f6e2e8fa1985d1d8e2516fed02b612da4d340472d5f8d0ae37c5b323ac17bbd61ca243a86 -DIST knot-2.4.5.tar.xz 1111536 SHA256 87ce8ccc83511c5a1f4eadd3f0122f2f5ae86fb68e9b72f0700c6f5340ba95cb SHA512 db4919dbe2dc688f401e6611d784d47e1d40a0f8ec8c8cd6240d89ab9dd2ce7dd1976ac7cb24c712ed8aa074e0026ff0a10e9d6d5e685929d271ae554d9a1cff WHIRLPOOL cdfdf0bc2591df8436f8ab0959581129cb1a4d86138f6bb75b507d83280c7d567eb794e3b76b8374d4087721de53e4afd7566411b8e51fa2655e9e5462357ef4 -DIST knot-2.5.6.tar.xz 1081756 SHA256 37d1625c2aaefe2394c85f6742a6ae9421e8348318c13119a6c451796c387cfc SHA512 dcc58791469c8e4724a47b47105bf0c047bcf62611d6803a07a856bb281d72a397b186210087ff8f145232315bbd9baa194a7cdef10d1ebb36ca3b8c0a0c7379 WHIRLPOOL 199470662eb55971f5581a97d396342664789eb5803ae570598b4254bc14ad8f8fb9ca21198a42a26506fb7d29ed9417c42730651bd9ec38c48c50dbedf4726a -DIST knot-2.6.1.tar.xz 1112956 SHA256 3013d45b4c7484268f3cad078f66f730a5bc9606e6b1061488dd821c1dce41e3 SHA512 f4eaf311adcdfd13628c7174333bcc766b300be573f7df32eaaf162c5857e0ba35ce5a5e022f799c95618203abbe8db93e2364f172a87c4dd4eaf90b30ef8428 WHIRLPOOL f69c58c9211b18e512e851044ba830c4011618175f6b78a37702e1afe9ed70ab244b1077a2d6ece745d064d2ad0131f61405c5fe811b108e85d86cd428fa4d7b -EBUILD knot-2.4.5.ebuild 1531 BLAKE2B 3b35f384213778ef51d951a3096cb229da09605980ef3d7852d93a0c6b55faddbace2bc8aeeed9e215f44bd89d78524b960d02c49f7999fb5324cb2e7ef9e479 SHA512 908ebfce7b6ecd87171efe02b39ac43b8fd91aabf17da072fddd270b8bb10063e161dad188036dcf68d21046b56c8611fc9f443ebea39949747e1d4403a94405 +DIST knot-2.5.6.tar.xz 1081756 BLAKE2B a016be4b7080175cc83bacc23cbf08b15e5c8dcdd63da0d6ca61dcbd8aa2d75952a2becf7c9f2f65b43e004bd54641198afc6402a0714046a4f631aaa193ae2d SHA512 dcc58791469c8e4724a47b47105bf0c047bcf62611d6803a07a856bb281d72a397b186210087ff8f145232315bbd9baa194a7cdef10d1ebb36ca3b8c0a0c7379 +DIST knot-2.6.1.tar.xz 1112956 BLAKE2B 28c2c2318713c63ce389ab768bedbcf3b2799d9d660d978e77ba68e40aff40de8eb0e31cc7b42d00230beff418ba2d20032e2e01c5dc26a6813e02e10711195a SHA512 f4eaf311adcdfd13628c7174333bcc766b300be573f7df32eaaf162c5857e0ba35ce5a5e022f799c95618203abbe8db93e2364f172a87c4dd4eaf90b30ef8428 +DIST knot-2.6.3.tar.xz 1112408 BLAKE2B c2a04e951427fe667b1bef63f4ca4fca8fa099f7c7a0a7e61562a5a5f9f44208118f59debbf67eabba72c5f924412c54f650450e71c592f033d99d061060f103 SHA512 51e1c2abe6149173ded2c48e70ca9a563f76013aae95e53e9c4b5c2325bce44b21b410f7ce773012bc6e6d0b3db21aeffd697669fbeb34137af70af5dcd3f157 EBUILD knot-2.5.6.ebuild 1913 BLAKE2B 86572fd9237d904d497bf488eaa5c97d1d3b3800ab5d0ea9b198f9a5a32b945d384dc7f683ea0530712f1bba6a3cfbf20e7534b0b317736d2b3f078f5ceaa0c0 SHA512 d2c4e59cb2ba96561f23b8b22be8c494689549d569d2fe785793723ed7035bf778db5494ad2c5ce0e90e72b41bf3080ef7cd3791d4b943cede97a9428bc7aee6 EBUILD knot-2.6.1-r1.ebuild 1921 BLAKE2B 30e12315e77029da6f88dbfbbe262ca0f800f5599b7ffc093adf7ac7897dcd212dbc445c8666899ab8705370ac81b0324950a889fbcc370e8ecdf555972f29e7 SHA512 78467d6a4ab72ca5e310865324f953d8f57a2f96be2eeb2b3212684b25d449639d99ec8df24daab6f43ef853394dbf7ce047faacce9547c86adcde946975fadf -EBUILD knot-2.6.1.ebuild 1913 BLAKE2B 86572fd9237d904d497bf488eaa5c97d1d3b3800ab5d0ea9b198f9a5a32b945d384dc7f683ea0530712f1bba6a3cfbf20e7534b0b317736d2b3f078f5ceaa0c0 SHA512 d2c4e59cb2ba96561f23b8b22be8c494689549d569d2fe785793723ed7035bf778db5494ad2c5ce0e90e72b41bf3080ef7cd3791d4b943cede97a9428bc7aee6 +EBUILD knot-2.6.3.ebuild 1921 BLAKE2B 30e12315e77029da6f88dbfbbe262ca0f800f5599b7ffc093adf7ac7897dcd212dbc445c8666899ab8705370ac81b0324950a889fbcc370e8ecdf555972f29e7 SHA512 78467d6a4ab72ca5e310865324f953d8f57a2f96be2eeb2b3212684b25d449639d99ec8df24daab6f43ef853394dbf7ce047faacce9547c86adcde946975fadf MISC metadata.xml 1539 BLAKE2B c07704f4bbf249b7953403a33c71d7565ef2219b019dbccdc15d9d459ff57f0aa200ed5ae9ab74b07e352d8dcd12f62f5d7bb392b064dbeedad3257ced653675 SHA512 8b39c687fb8b9fb4bf25e0baa8c851ffb4980c0028bf0f64a3c642146139429e292c6ca3fbd01b7bb311ecbbe7bf1df128885b53971b836f541fe97bedf6f056 diff --git a/net-dns/knot/knot-2.4.5.ebuild b/net-dns/knot/knot-2.4.5.ebuild deleted file mode 100644 index 50af785a49d1..000000000000 --- a/net-dns/knot/knot-2.4.5.ebuild +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit bash-completion-r1 eutils systemd user - -DESCRIPTION="High-performance authoritative-only DNS server" -HOMEPAGE="http://www.knot-dns.cz/" -SRC_URI="https://secure.nic.cz/files/knot-dns/${P/_/-}.tar.xz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="dnstap doc caps +fastparser idn systemd" - -RDEPEND=" - >=net-libs/gnutls-3.3:= - >=dev-libs/jansson-2.3 - >=dev-db/lmdb-0.9.15 - >=dev-libs/userspace-rcu-0.5.4 - caps? ( >=sys-libs/libcap-ng-0.6.4 ) - dnstap? ( - dev-libs/fstrm - dev-libs/protobuf-c - ) - idn? ( net-dns/libidn ) - dev-libs/libedit - systemd? ( sys-apps/systemd ) -" -DEPEND="${RDEPEND} - virtual/pkgconfig - doc? ( dev-python/sphinx ) -" - -S="${WORKDIR}/${P/_/-}" - -src_configure() { - econf \ - --with-storage="${EPREFIX}/var/lib/${PN}" \ - --with-rundir="${EPREFIX}/var/run/${PN}" \ - --with-lmdb \ - --with-bash-completions="$(get_bashcompdir)" \ - $(use_enable fastparser) \ - $(use_enable dnstap) \ - $(use_enable doc documentation) \ - $(use_with idn libidn) \ - --enable-systemd=$(usex systemd) -} - -src_compile() { - default - - if use doc; then - emake -C doc html - HTML_DOCS=( doc/_build/html/{*.html,*.js,_sources,_static} ) - fi -} - -src_test() { - emake check -} - -src_install() { - default - - keepdir /var/lib/${PN} - - newinitd "${FILESDIR}/knot.init" knot - systemd_dounit "${FILESDIR}/knot.service" - - prune_libtool_files -} - -pkg_postinst() { - enewgroup knot 53 - enewuser knot 53 -1 /var/lib/knot knot -} diff --git a/net-dns/knot/knot-2.6.1.ebuild b/net-dns/knot/knot-2.6.3.ebuild index 0baf4877502e..90e03e2d7048 100644 --- a/net-dns/knot/knot-2.6.1.ebuild +++ b/net-dns/knot/knot-2.6.3.ebuild @@ -90,7 +90,7 @@ src_install() { newinitd "${FILESDIR}/knot.init" knot if use systemd; then - systemd_newunit "${FILESDIR}/knot-1.service" knot + systemd_newunit "${FILESDIR}/knot-1.service" knot.service fi find "${D}" -name '*.la' -delete || die diff --git a/net-dns/libidn/Manifest b/net-dns/libidn/Manifest index e1bcd73501c6..79294f0e34da 100644 --- a/net-dns/libidn/Manifest +++ b/net-dns/libidn/Manifest @@ -1,6 +1,8 @@ AUX 50libidn-gentoo.el 455 BLAKE2B d6d3a0576c1d0b5030ae32ed5c99e198f06faa897864d06251b07ee2fd3ecbac16347d633644f30dc7428e5bdf9747b0a4d51d7541601d3fbd4be6f9f746693f SHA512 13bcc7078ae8e088014323707d451c0bfdb53414e550945248a9648afa81681db013cb523eae71116c84f1dcfbb3b87e8743971775b75c4ce6dad914b3b0a501 -AUX libidn-1.33-CVE-2017-14062.patch 938 BLAKE2B df990e1f45dd055707bf1918a63444000588ca877e754d9909b062370fca99004654e0439be4e68a13214135a90ec47719679f5794c8b32fa709c4c3abbaa811 SHA512 a78a57fe5583cb02239fbff11d33b1ee1f84b91817c5376ed441173be5fa47337019b0b098a5134c19f1f62ab5efac0621dd8fc922ec09de21481b9905638f20 -DIST libidn-1.33.tar.gz 3501056 SHA256 44a7aab635bb721ceef6beecc4d49dfd19478325e1b47f3196f7d2acc4930e19 SHA512 38dd459eaeda0c9e3cc2d24d967113515a499747550a2a9157f32357def90d71a3a3b52398e96a44a28cd5948dc353b0473c4ff0453a69720191c4cb49cac2c6 WHIRLPOOL 3b0c44742c2515e09eaf8f16f32f30bc37478a6273765d71dd9a9283f501998b6d85583cd38810bbdbd6103855e77831360010d707d29956798e3f5d066b0e82 +AUX libidn-1.33-CVE-2017-14062.patch 2348 BLAKE2B 4f9606d25405d950f23444886e423008d928991b23c5a05a8de794eea18f236aa8f4b53b7945f4340aa3b2f4f7aa9c63d5dadaf3bc0513ee3f5e27ecb9040a7a SHA512 25e6ff17d2d6886fec51db7e9584bbb7aff9b717c23accf7c956611f1bf4c965cc5f51837367c410b7c8c29c58170e94e2e0146e9e2921b3a0c5bc411bcddfbb +AUX libidn-1.33-parallel-make.patch 3584 BLAKE2B fbd1f372b11bc1da38bdeb3a8c0f01708339e0a7c23da7f22b450985a2b69c31887a5f686430e5014d1a5c116ae7e03b922c0350f3926e5a43e5cbc6cdbbfb83 SHA512 de98b4122c272bcd38a673beab8da56fac5b4c877d4bc0930505979addf4cc4e85fcf065ee9044d1196e83b1d2d5389ee8dceac4ffe7bf623a3f3c7bc7aca4f1 +DIST libidn-1.33.tar.gz 3501056 BLAKE2B ce6319dc61dd825cf7ddb33f4279c178709e16ce2815c3d1a464bba6b5c6cc493107a10a686f349247a0d6023b1b834a650046e68da9f2f559870dba13a59384 SHA512 38dd459eaeda0c9e3cc2d24d967113515a499747550a2a9157f32357def90d71a3a3b52398e96a44a28cd5948dc353b0473c4ff0453a69720191c4cb49cac2c6 EBUILD libidn-1.33-r1.ebuild 2985 BLAKE2B 55e2923d045ba06bb02ac9a56cbe3c05f8828cc088062fb90a809d9522612a27714314bc7f6151a2812ba4bb43c08113f6f24401863888c68e74814ef9d532c5 SHA512 e63496fa71b9ad23a725f0be9dbbf864970a506fc92033efa178c92d515cf21785ebeccf33065b7c096e052a1f0c60c4c9d5dd98586b0ed5ae0f17d7808daa14 +EBUILD libidn-1.33-r2.ebuild 3033 BLAKE2B 5dcb80c32820b2e70ec0e49a4bcbae937024152a63857defbfe72eeeb6bd9b14fafd1b9ac2f564faf4062073800d240e1bd02f4933d77bc1a48a3819652bb18d SHA512 74f704b27b17b215de6908cfd6b1c853892a856010200052bfcd74f0969d9c652e3306fca092890f4de0ac8dc03ea8f19c5fd0e0f44742544b5e29cc32be078c EBUILD libidn-1.33.ebuild 2805 BLAKE2B 6a59cccf9c5152341e304217d6a5e162158b0b8c3fcc8f60b74f1aebf1c76493d1542f67eb278ddfb0db5c942bee992b7706e694179318685f62ae065ea54f54 SHA512 863f325f2ed868a6b78d542fe584538d67ff6bbe99b1e181416b43c919cfdfc417bd92dc424657d0a632c838735826be7bbfdc82632e04cdeaf5e3bbd4351a15 MISC metadata.xml 244 BLAKE2B 9c6750147c240d7416fad33e04b53730dc89cbb615648a7f3defeed3ec058aeee6dbed55a1f81241417b42ca9f7daec177c725692166a5ba08765b5dcf5a6bc5 SHA512 1da71f4fae0251c97a8fcfa1e13b0a3f8b95a856fa919ebd30bf4f2f1b8fa900841db09ebc2a0ae9fe0d91f786ac40b63290382668412fcb05bca15b0746f1db diff --git a/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch b/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch index 2ddf3fdd6be2..5c2e0a91b2e3 100644 --- a/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch +++ b/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch @@ -30,3 +30,48 @@ index 86819a7..49250a1 100644 -- 1.9.1 +From 6c8a9375641ca283b50f9680c90dcd57f9c44798 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Wed, 4 Oct 2017 15:22:43 +0200 +Subject: [PATCH] lib/punycode.c (decode_digit): Really fix integer overflow + +The fix in commit e9e81b8063b095b02cf104bb992fa9bf9515b9d8 +was incomplete. + +Reported-by: Christian Weisgerber +--- + lib/punycode.c | 4 ++-- + tests/tst_idna.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/punycode.c b/lib/punycode.c +index 49250a1..d475b6d 100644 +--- a/lib/punycode.c ++++ b/lib/punycode.c +@@ -91,8 +91,8 @@ enum + static unsigned + decode_digit (int cp) + { +- return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : +- cp - 97 < 26 ? cp - 97 : base; ++ return (unsigned) (cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : ++ cp - 97 < 26 ? cp - 97 : base); + } + + /* encode_digit(d,flag) returns the basic code point whose value */ +diff --git a/tests/tst_idna.c b/tests/tst_idna.c +index 4ac046f..7fb58b9 100644 +--- a/tests/tst_idna.c ++++ b/tests/tst_idna.c +@@ -211,7 +211,7 @@ static const struct idna idna[] = { + 'x', 'n', '-', '-', 'f', 'o', 0x3067}, + IDNA_ACE_PREFIX "too long too long too long too long too long too " + "long too long too long too long too long ", 0, +- IDNA_CONTAINS_ACE_PREFIX, IDNA_PUNYCODE_ERROR} ++ IDNA_CONTAINS_ACE_PREFIX, IDNA_INVALID_LENGTH} + }; + + void +-- +1.9.1 + diff --git a/net-dns/libidn/files/libidn-1.33-parallel-make.patch b/net-dns/libidn/files/libidn-1.33-parallel-make.patch new file mode 100644 index 000000000000..2d237f3e27b1 --- /dev/null +++ b/net-dns/libidn/files/libidn-1.33-parallel-make.patch @@ -0,0 +1,115 @@ +From 4709e64fef29ca8ddd5b0878e3126640bd1480c2 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de> +Date: Wed, 4 Oct 2017 15:02:49 +0200 +Subject: [PATCH] * src/Makefile.am: Fix rule for parallel builds + +--- + src/Makefile.am | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 6832c20..218d52e 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -35,7 +35,8 @@ libidn_cmd_la_SOURCES = idn.ggo idn_cmd.c idn_cmd.h + libidn_cmd_la_LIBADD = ../gl/libgnu.la + libidn_cmd_la_CFLAGS = + +-idn_cmd.c idn_cmd.h: idn.ggo Makefile.am ++# pattern rule (%) needed for parallel make (-j) ++idn_cmd%c idn_cmd%h: idn.ggo + gengetopt --unamed-opts --no-handle-version --no-handle-help \ + --set-package="idn" \ + --input $^ --file-name idn_cmd +-- +1.9.1 + +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -1,7 +1,7 @@ +-# Makefile.in generated by automake 1.14.1 from Makefile.am. ++# Makefile.in generated by automake 1.15.1 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++# Copyright (C) 1994-2017 Free Software Foundation, Inc. + + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -34,7 +34,17 @@ + + + VPATH = @srcdir@ +-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__is_gnu_make = { \ ++ if test -z '$(MAKELEVEL)'; then \ ++ false; \ ++ elif test -n '$(MAKE_HOST)'; then \ ++ true; \ ++ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ ++ true; \ ++ else \ ++ false; \ ++ fi; \ ++} + am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ +@@ -99,8 +109,6 @@ + host_triplet = @host@ + bin_PROGRAMS = idn$(EXEEXT) + subdir = src +-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ +- $(top_srcdir)/build-aux/depcomp $(dist_lisp_DATA) + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/lib/gl/m4/ctype.m4 \ + $(top_srcdir)/lib/gl/m4/gnulib-comp.m4 \ +@@ -184,6 +192,8 @@ + $(top_srcdir)/m4/wint_t.m4 $(top_srcdir)/configure.ac + am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) ++DIST_COMMON = $(srcdir)/Makefile.am $(dist_lisp_DATA) \ ++ $(am__DIST_COMMON) + mkinstalldirs = $(install_sh) -d + CONFIG_HEADER = $(top_builddir)/config.h + CONFIG_CLEAN_FILES = +@@ -294,6 +304,8 @@ + done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags ++am__DIST_COMMON = $(srcdir)/Makefile.in \ ++ $(top_srcdir)/build-aux/depcomp + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + ALLOCA = @ALLOCA@ +@@ -863,6 +875,7 @@ + LT_AGE = @LT_AGE@ + LT_CURRENT = @LT_CURRENT@ + LT_REVISION = @LT_REVISION@ ++LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ + MAKEINFO = @MAKEINFO@ + MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ +@@ -1200,7 +1213,6 @@ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/Makefile +-.PRECIOUS: Makefile + Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ +@@ -1562,10 +1574,13 @@ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-dist_lispDATA + ++.PRECIOUS: Makefile ++ + + idn.c: $(BUILT_SOURCES) + +-idn_cmd.c idn_cmd.h: idn.ggo Makefile.am ++# pattern rule (%) needed for parallel make (-j) ++idn_cmd%c idn_cmd%h: idn.ggo + gengetopt --unamed-opts --no-handle-version --no-handle-help \ + --set-package="idn" \ + --input $^ --file-name idn_cmd diff --git a/net-dns/libidn/libidn-1.33-r2.ebuild b/net-dns/libidn/libidn-1.33-r2.ebuild new file mode 100644 index 000000000000..5e498c6299e0 --- /dev/null +++ b/net-dns/libidn/libidn-1.33-r2.ebuild @@ -0,0 +1,126 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit elisp-common java-pkg-opt-2 mono-env multilib-minimal libtool + +DESCRIPTION="Internationalized Domain Names (IDN) implementation" +HOMEPAGE="https://www.gnu.org/software/libidn/" +SRC_URI="mirror://gnu/libidn/${P}.tar.gz" + +LICENSE="GPL-2 GPL-3 LGPL-3 java? ( Apache-2.0 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="doc emacs java mono nls static-libs" + +DOCS=( AUTHORS ChangeLog FAQ NEWS README THANKS TODO ) +COMMON_DEPEND=" + emacs? ( virtual/emacs ) + mono? ( >=dev-lang/mono-0.95 ) +" +DEPEND="${COMMON_DEPEND} + nls? ( + >=sys-devel/gettext-0.17 + ) + java? ( + >=virtual/jdk-1.5 + ) +" +RDEPEND="${COMMON_DEPEND} + nls? ( + >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] + ) + java? ( + >=virtual/jre-1.5 + ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r5 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + ) +" +PATCHES=( + "${FILESDIR}"/${PN}-1.33-CVE-2017-14062.patch + "${FILESDIR}"/${PN}-1.33-parallel-make.patch +) + +pkg_setup() { + mono-env_pkg_setup + java-pkg-opt-2_pkg_setup +} + +src_prepare() { + default + + # bundled, with wrong bytecode + rm "${S}/java/${P}.jar" || die + + # prevent triggering doc updates after punycode.c patch + touch doc/texi/punycode* doc/man/punycode* doc/libidn.info || die + + elibtoolize # for Solaris shared objects +} + +multilib_src_configure() { + ECONF_SOURCE=${S} GJDOC=javadoc \ + econf \ + $(multilib_native_use_enable java) \ + $(multilib_native_use_enable mono csharp mono) \ + $(use_enable nls) \ + $(use_enable static-libs static) \ + --disable-silent-rules \ + --disable-valgrind-tests \ + --with-lispdir="${EPREFIX}${SITELISP}/${PN}" \ + --with-packager-bug-reports="https://bugs.gentoo.org" \ + --with-packager-version="r${PR}" \ + --with-packager="Gentoo" +} + +multilib_src_compile() { + default + + if multilib_is_native_abi; then + use emacs && elisp-compile "${S}"/src/*.el + use java && use doc && emake -C java/src/main/java javadoc + fi +} + +multilib_src_test() { + # only run libidn specific tests and not gnulib tests (bug #539356) + emake -C tests check +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if multilib_is_native_abi && use java; then + java-pkg_newjar java/${P}.jar ${PN}.jar + rm -r "${ED}"/usr/share/java || die + use doc && java-pkg_dojavadoc "${S}"/doc/java + fi +} + +multilib_src_install_all() { + if use emacs; then + # *.el are installed by the build system + elisp-install ${PN} "${S}"/src/*.elc + elisp-site-file-install "${FILESDIR}/50${PN}-gentoo.el" + else + rm -r "${ED}/usr/share/emacs" || die + fi + + einstalldocs + + if use doc ; then + dodoc -r doc/reference/html/ + fi + + prune_libtool_files +} + +pkg_postinst() { + use emacs && elisp-site-regen +} + +pkg_postrm() { + use emacs && elisp-site-regen +} diff --git a/net-dns/nsd/Manifest b/net-dns/nsd/Manifest index 48a6080f42b9..b28f7c7cea08 100644 --- a/net-dns/nsd/Manifest +++ b/net-dns/nsd/Manifest @@ -4,6 +4,8 @@ AUX nsd.service 272 BLAKE2B 66a7d4132246589f71341afd98361f6b02082be3d4e230c86ae6 AUX nsd_munin_.patch 542 BLAKE2B 13ff49c41683d5bf505e257cd17bf5f3ad06662c00032d79b36be3f96486eb89fdd62a42b5ed4816ad99835366864603568613e27504894340ebb64057e2b2c3 SHA512 6034086d6b6f6980468766c901e92291fea8a32df179561ede2add5918c37bfe3aabf122735d4ae2e28efece394fd3398f9a0cc4d8fdcc1e5da1ca709d2ba6ae DIST nsd-4.1.16.tar.gz 1088633 SHA256 7f8367ad23cc5cddffa885e7e2f549123c8b4123db9726df41d99f255d6baab2 SHA512 51135bbf412cdc5d6d9be02af9fef16513f0529155c102debfd6bd68b025d289c684777a8fca57de86b25f68bc94aef89d2cfefb871b8d63048d262f6c8eb8e3 WHIRLPOOL 030da2551abef8cb29e16574155605eb9377836f1a43422e200ba5bc6ede319893d4293018cf0be242d1ac0cfad4c3b40f566c7ad587792186c64102d8c9785f DIST nsd-4.1.17.tar.gz 1089526 SHA256 107fa506d18ed6fd0a922d1b96774afd9270ec38ec6b17cd7c46fb9433a03a6c SHA512 4cffa261b1832d0daac095e92542359ffd725918f07ec605c78a9346b1cf4a4bc21bdc59ab388eb7324a170bbd8b122cfa75e7448015b38572b47d18add24a8f WHIRLPOOL c8892dca5f5c625d435cfde3f556ccc7518f3e37b7242892f9c101f4ffa5da1a2ea09083a30942bb1dad91ab70b40b2647339b2a4988f08478db9b6dd2b1c3df +DIST nsd-4.1.18.tar.gz 1095673 BLAKE2B e3dc86e64614323dbefb334769a8095dc674f422f8e62c91e2918f4622ceac0ebef7dec42d5a714b15ad2f3af368ba817239a0027d3a685abf603cf00e9fa9d1 SHA512 d9939b8813677127ccd3e87e709b27a8a4f96cc0221ab77563d9349cb6dd56ae39bb7349ede9aed9aaa07de9310bcaeb8be8b17f608e9c4714b4fb084f2e756f EBUILD nsd-4.1.16.ebuild 2785 BLAKE2B 70dbdff83803797fdc08266b117554715aa74f577ed5c1681bc913cd0d60f189a1a25291e23b9a4b544530e140f79182c5dd4b6938df529c13d4f1b449cc1200 SHA512 92ddc87fb87c7534969bb5fa10b6365dcf586d461440c82e8c2d48668a02e1cc314641e4f5230474572c1f176498bcf75a115983d80a33c91061ce0aa2dafe2a EBUILD nsd-4.1.17.ebuild 2787 BLAKE2B 936a4eb30655c074403f323f8111c034aa5d8704cb76fa08d486694ba989a3a7bf3485e11126fdea399fa3da403a0ab65359a1a325cfaeabab019cfd8b49dacb SHA512 2d7fc76f8228583eba7944f490e2f25f6ba8defdff0cc71f7c447b1f1cce1584fddd768371a9fa7f6b0a80eee12e4d9d125f7e03c4417893dfa0acaa3d3c0e26 +EBUILD nsd-4.1.18.ebuild 2796 BLAKE2B b9974cfd43dbaecd1babb1cc477b8b2743679bb933407e4e39518b207b84de771e2b56057590dfc2178f8536323bc8ef9c7660e09ba6d8be6461f8f2a3f7d80f SHA512 744c2364db1b41edec79bbba3604c12417ece1bb1e0c0064d74dd72ce70b1dd19520845c48ce969055beca72a42a4ab5dda547cb0b6a7a235301d5e46d80b5b7 MISC metadata.xml 1013 BLAKE2B b989a1ccafac96d48d6f1b72bace164fcb1c04885ec9436e37fb29d94bf8c5feb4a02a1b4fc04241b6fa3c9d6d89ec993e3a06b6efc7ccd45d4ace3fad16cb18 SHA512 e7c0d6a267fd06546ac58278ffb75280aa0c0ed55ddf0097614906c1863e55cf572ff7660e021ac8861c506ed0de126c0c5e68dd2d88aea1a395be3234607ce5 diff --git a/net-dns/nsd/nsd-4.1.18.ebuild b/net-dns/nsd/nsd-4.1.18.ebuild new file mode 100644 index 000000000000..4a7e4dbabe2b --- /dev/null +++ b/net-dns/nsd/nsd-4.1.18.ebuild @@ -0,0 +1,102 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit user systemd + +# version voodoo needed only for non-release tarballs: 4.0.0_rc1 => 4.0.0rc1 +MY_PV="${PV/_rc/rc}" +MY_PV="${MY_PV/_beta/b}" +MY_P="${PN}-${MY_PV}" + +DESCRIPTION="An authoritative only, high performance, open source name server" +HOMEPAGE="http://www.nlnetlabs.nl/projects/nsd" +SRC_URI="http://www.nlnetlabs.nl/downloads/${PN}/${MY_P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="bind8-stats ipv6 libevent minimal-responses mmap munin +nsec3 ratelimit root-server runtime-checks ssl libressl" + +S="${WORKDIR}/${MY_P}" + +RDEPEND=" + virtual/yacc + libevent? ( dev-libs/libevent ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:= ) + ) + munin? ( net-analyzer/munin ) +" +DEPEND=" + ${RDEPEND} + sys-devel/flex +" + +src_prepare() { + # Fix the paths in the munin plugin to match our install + eapply "${FILESDIR}"/nsd_munin_.patch + eapply_user +} + +src_configure() { + local myeconfargs=( + --enable-pie + --enable-relro-now + --enable-largefile + --with-logfile="${EPREFIX}"/var/log/nsd.log + --with-pidfile="${EPREFIX}"/run/nsd/nsd.pid + --with-dbfile="${EPREFIX}"/var/db/nsd/nsd.db + --with-xfrdir="${EPREFIX}"/var/db/nsd + --with-xfrdfile="${EPREFIX}"/var/db/nsd/xfrd.state + --with-zonelistfile="${EPREFIX}"/var/db/nsd/zone.list + --with-zonesdir="${EPREFIX}"/var/lib/nsd + $(use_enable bind8-stats) + $(use_enable bind8-stats zone-stats) + $(use_enable ipv6) + $(use_enable minimal-responses) + $(use_enable mmap) + $(use_enable nsec3) + $(use_enable ratelimit) + $(use_enable root-server) + $(use_enable runtime-checks checking) + $(use_with libevent) + $(use_with ssl) + ) + econf "${myeconfargs[@]}" +} + +src_install() { + emake DESTDIR="${D}" install + + dodoc doc/{ChangeLog,CREDITS,NSD-4-features,NSD-FOR-BIND-USERS,README,RELNOTES,REQUIREMENTS} + + newinitd "${FILESDIR}"/nsd.initd-r1 nsd + + # install munin plugin and config + if use munin ; then + exeinto /usr/libexec/munin/plugins + doexe contrib/nsd_munin_ + insinto /etc/munin/plugin-conf.d + newins "${FILESDIR}"/nsd.munin-conf nsd_munin + fi + + systemd_dounit "${FILESDIR}"/nsd.service + + # remove the /run directory that usually resides on tmpfs and is + # being taken care of by the nsd init script anyway (checkpath) + rm -r "${ED%/}"/run || die "Failed to remove /run" +} + +pkg_postinst() { + # Do this in postinst to ensure the uid/gid is consistent for binpkgs + enewgroup nsd + enewuser nsd -1 -1 -1 nsd + + # database directory, writable by nsd for database updates and zone transfers + install -d -m 750 -o nsd -g nsd "${EROOT%/}"/var/db/nsd + + # zones directory, writable by nsd for zone file updates (nsd-control write) + install -d -m 750 -o nsd -g nsd "${EROOT%/}"/var/lib/nsd +} diff --git a/net-dns/pdns-recursor/Manifest b/net-dns/pdns-recursor/Manifest index 3379c28da292..475a17d4ef1a 100644 --- a/net-dns/pdns-recursor/Manifest +++ b/net-dns/pdns-recursor/Manifest @@ -1,6 +1,13 @@ +AUX CVE-2017-15090-4.0.6.patch 659 BLAKE2B b710ca3c84f5b7d7936155a67f8d3fd82ad6b58f0edf69079498a1896f5ab4a3387fb4c6c9999a726b38e439b506f6ebbcec53866b556f3d0e297c30ffe8f50a SHA512 ce747ae0c747d70597bf3b386db0390c34dce03d6dab98f7f30e43fa21a87f133e66438bf53bcd66ae364cdc451dc4469b95bf479540b90c7282ba4cf150f3ad +AUX CVE-2017-15092-4.0.6.patch 2798 BLAKE2B 6770cb303a86457338776abb95d198315f643c96337f857ab83979ae5978b52210621fdee557d9c0ba07d457b8eadfb88dca994fbd8bab6fcdf885948a5c4c97 SHA512 d4d22dd0ee26fd750e517796cda7c0517c0e05743b8acff013e48f3c9b3748c5301ecb8e781ecae966c58cc96fe202375c55a5c3593fb475d526fbd079ff971a +AUX CVE-2017-15093-4.0.6.patch 1581 BLAKE2B b3604c997b30805bf883879a65e30a96bfeef52eb04fbe7b741c2a41884134c145059359daed0db7d419eadc76909366d19af719a1cb0a978319028c6cbb4614 SHA512 e367895d54c0fe989812195bef0e904c79e16d5bcb1239b074e9587d0e69bab2ae4d675a74c485179c5bb3d4e18fd1f8d505bae0ef1dc72b3a649db596f8c222 +AUX CVE-2017-15094-4.0.6.patch 1031 BLAKE2B 7be45cc770e92fb156b563e32855576ec79f230edd751e14d5bb6b55b859a83acfb9cad30f1e4dace94c316895241a2da2f46e9335b1f3138b4cbd535e62131f SHA512 164370b3667fbe8f19c55068a5d250651ef9873df05d4516f093f98a9bd8f1cd48e95530b2e8cca3b5c54c26bdde8718d7dcd739c922c8d25ac25d2418642393 AUX pdns-recursor-r1 1135 BLAKE2B 90f28d33c126882e5b5e29209ec12f336797720832f7750262329cc5d47fefdf8bcb5208807e47638037a704abbbebd0ee2b1380a3d1d54feab6d4900c250176 SHA512 9dce3cd454ed6b61af8d70c90a8464c60d16eb8342ffc46558f5dcc5089c77aff4581f208684ddb25c4512ce6f39c54afaf267dcade667d812511ae3fa3a1f48 -DIST pdns-recursor-4.0.6.tar.bz2 1105423 SHA256 f2182ac644268bb08b865a71351f11d75c5015ac0608a1469eb4c1cd5494d60d SHA512 2203fd96469deded1da677344485da221eec036b1ad9fb418a89cd4477d73f2a6fcf984a39b574561df6946f440ddf1982de20cd39d7204da9c27e74216d1159 WHIRLPOOL a2eece8a6cdfcd6c791cb6fa42053d524b4e54f1431d78345640d7f2d9f3079939c7905767abe65abb977bce45647fb7232d1148dac13737625ee4bfae221da8 -DIST pdns-recursor-4.1.0-rc3.tar.bz2 1191353 SHA256 0b8bc3fec4cd39c62e53993ab7a87fc1f2b3d200df071a401775f33e47392169 SHA512 141e3fcbf5e7c81ae0228fb7a15c599ef5ae41e2c2d169e2f7b4f57c6c832ac40d3e20302d219ba565c4a514b1297906684247a1a56cd740e3ea0bff4a7da51d WHIRLPOOL b6e1c3cb233aff0ac10e1d0d4b5e3de508cf657e1f3fa27c3692e38c90f7af82cc6afe499915d1dbd78cdd5d5eb2ec814b2f3ae86ae6a3f353321abfbe191691 -EBUILD pdns-recursor-4.0.6.ebuild 1619 BLAKE2B 7445475cf2912584ae43b880ca3d138ffca61100582a950ec486425726df07147b05fdffe3372806a43eee1ce91b7f0210c941961de62f16b4122ab3a734d1f9 SHA512 d7bab4a391b40acc2e78c51ce7d1ba1b77a62a0bc4cb3285ceec92d370e875141984d7d289e6c110ed914a4f9ad714f2d8ca1e4cdb7aa534fd9457d64ce05b47 -EBUILD pdns-recursor-4.1.0_rc3.ebuild 1603 BLAKE2B 068eab0abd4546abf3c1988ad87c663951e15769eab808db22a49188116202549eaa42a3ac9ed4822fe25f51d5fb13fec563dbecd9930cee10a69ab08f1fc3f0 SHA512 2f4a6b3cb2db63dab166f53844e58f358097e7607c70c00ebe4be9d25ad7e3d0a983fd589906c7db2f9ccfd174742f64fea5386f6c56195b35db45d243f5c8c6 -MISC metadata.xml 997 BLAKE2B 0ec5da2bba75b0e3fb5a45e64e1863b06ed9e2cfb088aeff89633ee9c4ee4f26787c0769c70dbf021c651ff67e59b5e8ed8bdbd70ce69179fb929f5deacd525d SHA512 43d84c29e22bece3fc87a925c309229dd5867c3457e3378a0000c046b06b5a7fc75f6e204111cbdc90a02fba3a987ba376bd96dd2b81e498fa19955f16b5a58e +DIST pdns-recursor-4.0.6.tar.bz2 1105423 BLAKE2B 50cc52f118630d4d8ce9876c2e11494a3c972ec90003c40fea36801eb08bd8b6173f876e6f53eb672ad8ff3da04e669946740a50f653a21459f25c1137d91297 SHA512 2203fd96469deded1da677344485da221eec036b1ad9fb418a89cd4477d73f2a6fcf984a39b574561df6946f440ddf1982de20cd39d7204da9c27e74216d1159 +DIST pdns-recursor-4.0.7.tar.bz2 1107546 BLAKE2B 3ccda73878599e3ade69e4dc6b0787e588a8403fb7cacfbe574409513b8723cbfd29a3c73d857120def801da60a4bedbc0f0c396e6642adb0287204cde301331 SHA512 0c8873adcce5ed9b41f161bc71635da23496b4ae48dbffff7dcdf9c5181e720f9aa94e18bd64e0dff9fa03eae8410dc93585a74d13f0c16d38b0d1c0f4146bb2 +DIST pdns-recursor-4.1.0-rc3.tar.bz2 1191353 BLAKE2B fcbc6f08f962c9c2f459448770406734eff2caab43b615690e9d910b65327e45182aa2c9bcadadeaa6eb3984a8cb463849d5e001ffb98bb618966da5b8557a8a SHA512 141e3fcbf5e7c81ae0228fb7a15c599ef5ae41e2c2d169e2f7b4f57c6c832ac40d3e20302d219ba565c4a514b1297906684247a1a56cd740e3ea0bff4a7da51d +EBUILD pdns-recursor-4.0.6-r1.ebuild 1775 BLAKE2B 68e4f90e18abfede00cc903b32013ea89e608bbb1b9cbdb1003fd24f02bb278bd9c7c30c58f7416976cc702e7330064c6c2d327dec29ca069465b2972cd10c38 SHA512 ffd7d04fa63cb931ed3c4171e4e0ec2de8d1665c897382117d8e20b26a46e61b4e900a406c751e5848fd1c673102b93ecb8f29631da8c8e8553814f36169abc3 +EBUILD pdns-recursor-4.0.6.ebuild 1698 BLAKE2B bf67849d5f47c1f0d148596aea3fbc4268ad6696761f76f7fdb3b3b574708b01a464f12ae2a6c1df8979d60ec0cb877542dbf927af91bb2709e4510ce675a691 SHA512 358312b26fad4c6f2c473b7756f9c6d71c77045d6c7d0e92a10555848bc1643d9fc59454f61f8286d0891d181a1f6b20eeae055598dc7b150ba06faa0af44650 +EBUILD pdns-recursor-4.0.7.ebuild 1698 BLAKE2B bf67849d5f47c1f0d148596aea3fbc4268ad6696761f76f7fdb3b3b574708b01a464f12ae2a6c1df8979d60ec0cb877542dbf927af91bb2709e4510ce675a691 SHA512 358312b26fad4c6f2c473b7756f9c6d71c77045d6c7d0e92a10555848bc1643d9fc59454f61f8286d0891d181a1f6b20eeae055598dc7b150ba06faa0af44650 +EBUILD pdns-recursor-4.1.0_rc3-r1.ebuild 1889 BLAKE2B e8a915231e5cdaf6cfcd64d4e78a56b183cb7a37a41262c275d203d00b62de05a8975aa7574ec46ccc089aeeeeafa497b6755a344e718bf9d2db75dd5d09f635 SHA512 216143fbd3c7c869ec09f0bc0fc0785d8f5ca2335c53028d8942cf97e3b25aa0cfc08921130589f97ebea642ba505b908a126921bea60f095d377d4f44453227 +MISC metadata.xml 1076 BLAKE2B 4f68267d5dfcf3cff38f306f440ed2e9a7f5193c14c1029bcfcbbfca4f8f310c94969001c781e1b78a14cec2a6e313e44d82bebbd9694fe46f97759372e63711 SHA512 374be5aa98c4bab340d8d63c859ab08a392e926fbb4d55e1f5a2967d41c401d13d5e8d5997c0790c3b8f96662b56e4492343248d7c8e0a067dc7eaf3f4b56e95 diff --git a/net-dns/pdns-recursor/files/CVE-2017-15090-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15090-4.0.6.patch new file mode 100644 index 000000000000..fa0bfd099abf --- /dev/null +++ b/net-dns/pdns-recursor/files/CVE-2017-15090-4.0.6.patch @@ -0,0 +1,15 @@ +diff -ru pdns-recursor-4.0.6.orig/validate-recursor.cc pdns-recursor-4.0.6/validate-recursor.cc +--- pdns-recursor-4.0.6.orig/validate-recursor.cc 2017-07-04 17:43:07.000000000 +0200 ++++ pdns-recursor-4.0.6/validate-recursor.cc 2017-11-02 18:29:16.612520450 +0100 +@@ -87,6 +87,11 @@ + bool first = true; + for(const auto& csp : cspmap) { + for(const auto& sig : csp.second.signatures) { ++ ++ if (!csp.first.first.isPartOf(sig->d_signer)) { ++ return increaseDNSSECStateCounter(Bogus); ++ } ++ + vState newState = getKeysFor(sro, sig->d_signer, keys); // XXX check validity here + + if (newState == Bogus) // No hope diff --git a/net-dns/pdns-recursor/files/CVE-2017-15092-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15092-4.0.6.patch new file mode 100644 index 000000000000..1425c33586c2 --- /dev/null +++ b/net-dns/pdns-recursor/files/CVE-2017-15092-4.0.6.patch @@ -0,0 +1,85 @@ +diff -ru pdns-recursor-4.0.6.orig/html/local.js pdns-recursor-4.0.6/html/local.js +--- pdns-recursor-4.0.6.orig/html/local.js 2017-07-04 17:43:07.000000000 +0200 ++++ pdns-recursor-4.0.6/html/local.js 2017-11-02 18:26:04.624586674 +0100 +@@ -63,7 +63,7 @@ + + $.getJSON(qstring, + function(data) { +- var bouw="<table><tr><th>Number</th><th>Domain</th><th>Type</th></tr>"; ++ var table = $('<table><tr><th>Number</th><th>Domain</th><th>Type</th></tr></table>'); + var num=0; + var total=0, rest=0; + $.each(data["entries"], function(a,b) { +@@ -75,12 +75,26 @@ + if(b[1].length > 25) + b[1]=b[1].substring(0,25); + +- bouw=bouw+("<tr><td>"+b[0]+"</td><td>"+b[1]+"</td><td>"+b[2]+"</td></tr>"); +- }); +- bouw+="<tr><td>"+rest+"</td><td>Rest</td></tr>"; +- bouw=bouw+"</table>"; +- $("#queryring").html(bouw); +- ++ var line = $('<tr />'); ++ var number = $('<td />'); ++ number.text(b[0]); ++ var domain = $('<td />'); ++ domain.text(b[1]); ++ var type = $('<td />'); ++ type.text(b[2]); ++ line.append(number); ++ line.append(domain); ++ line.append(type); ++ table.append(line); ++ }); ++ var line = $('<tr />'); ++ var number = $('<td />'); ++ number.text(rest); ++ var label = $('<td>Rest</td>'); ++ line.append(number); ++ line.append(label); ++ table.append(line); ++ $("#queryring").html(table); + }); + + filtered=$("#filter2").is(':checked') +@@ -91,7 +105,7 @@ + + $.getJSON(qstring, + function(data) { +- var bouw="<table><tr><th>Number</th><th>Servfail domain</th><th>Type</th></tr>"; ++ var table = $('<table><tr><th>Number</th><th>Servfail domain</th><th>Type</th></tr></table>'); + var num=0, total=0, rest=0; + $.each(data["entries"], function(a,b) { + total+=b[0]; +@@ -101,11 +115,26 @@ + } + if(b[1].length > 25) + b[1]=b[1].substring(0,25); +- bouw=bouw+("<tr><td>"+b[0]+"</td><td>"+b[1]+"</td><td>"+b[2]+"</td></tr>"); ++ var line = $('<tr />'); ++ var number = $('<td />'); ++ number.text(b[0]); ++ var domain = $('<td />'); ++ domain.text(b[1]); ++ var type = $('<td />'); ++ type.text(b[2]); ++ line.append(number); ++ line.append(domain); ++ line.append(type); ++ table.append(line); + }); +- bouw+="<tr><td>"+rest+"</td><td>Rest</td></tr>"; +- bouw=bouw+"</table>"; +- $("#servfailqueryring").html(bouw); ++ var line = $('<tr />'); ++ var number = $('<td />'); ++ number.text(rest); ++ var label = $('<td>Rest</td>'); ++ line.append(number); ++ line.append(label); ++ table.append(line); ++ $("#servfailqueryring").html(table); + + }); + diff --git a/net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch new file mode 100644 index 000000000000..2695830b4420 --- /dev/null +++ b/net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch @@ -0,0 +1,47 @@ +diff -ru pdns-recursor-4.0.6.orig/ws-recursor.cc pdns-recursor-4.0.6/ws-recursor.cc +--- pdns-recursor-4.0.6.orig/ws-recursor.cc 2017-07-04 17:43:07.000000000 +0200 ++++ pdns-recursor-4.0.6/ws-recursor.cc 2017-11-02 18:13:55.762458134 +0100 +@@ -76,10 +76,11 @@ + throw ApiException("'value' must be an array"); + } + ++ NetmaskGroup nmg; + for (auto value : jlist.array_items()) { + try { +- Netmask(value.string_value()); +- } catch (NetmaskException &e) { ++ nmg.addMask(value.string_value()); ++ } catch (const NetmaskException &e) { + throw ApiException(e.reason); + } + } +@@ -91,9 +92,7 @@ + + // Clear allow-from, and provide a "parent" value + ss << "allow-from=" << endl; +- for (auto value : jlist.array_items()) { +- ss << "allow-from+=" << value.string_value() << endl; +- } ++ ss << "allow-from+=" << nmg.toString() << endl; + + apiWriteConfigFile("allow-from", ss.str()); + +@@ -201,10 +200,15 @@ + if (server == "") { + throw ApiException("Forwarded-to server must not be an empty string"); + } +- if (!serverlist.empty()) { +- serverlist += ";"; ++ try { ++ ComboAddress ca = parseIPAndPort(server, 53); ++ if (!serverlist.empty()) { ++ serverlist += ";"; ++ } ++ serverlist += ca.toStringWithPort(); ++ } catch (const PDNSException &e) { ++ throw ApiException(e.reason); + } +- serverlist += server; + } + if (serverlist == "") + throw ApiException("Need at least one upstream server when forwarding"); diff --git a/net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch new file mode 100644 index 000000000000..ee7cf6878d98 --- /dev/null +++ b/net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch @@ -0,0 +1,28 @@ +diff -ru pdns-recursor-4.0.6.orig/opensslsigners.cc pdns-recursor-4.0.6/opensslsigners.cc +--- pdns-recursor-4.0.6.orig/opensslsigners.cc 2017-07-04 17:43:07.000000000 +0200 ++++ pdns-recursor-4.0.6/opensslsigners.cc 2017-11-02 18:18:37.489408103 +0100 +@@ -474,7 +474,7 @@ + if (iqmp == NULL) { + RSA_free(key); + BN_clear_free(dmq1); +- BN_clear_free(iqmp); ++ BN_clear_free(dmp1); + throw runtime_error(getName()+" allocation of BIGNUM iqmp failed"); + } + RSA_set0_crt_params(key, dmp1, dmq1, iqmp); +@@ -562,6 +562,7 @@ + BIGNUM *n = BN_bin2bn((unsigned char*)modulus.c_str(), modulus.length(), NULL); + if (!n) { + RSA_free(key); ++ BN_clear_free(e); + throw runtime_error(getName()+" error loading n value of public key"); + } + +@@ -866,6 +867,7 @@ + + int ret = EC_POINT_oct2point(d_ecgroup, pub_key, (unsigned char*) ecdsaPoint.c_str(), ecdsaPoint.length(), d_ctx); + if (ret != 1) { ++ EC_POINT_free(pub_key); + throw runtime_error(getName()+" reading ECP point from binary failed"); + } + diff --git a/net-dns/pdns-recursor/metadata.xml b/net-dns/pdns-recursor/metadata.xml index a5208407eaa3..e8c54bc6eb5f 100644 --- a/net-dns/pdns-recursor/metadata.xml +++ b/net-dns/pdns-recursor/metadata.xml @@ -18,5 +18,6 @@ nameserver performance. <use> <flag name="luajit">Enable support for <pkg>dev-lang/luajit</pkg>.</flag> <flag name="protobuf">Enable support for <pkg>dev-libs/protobuf</pkg>.</flag> + <flag name="sodium">Use <pkg>dev-libs/libsodium</pkg> for cryptography</flag> </use> </pkgmetadata> diff --git a/net-dns/pdns-recursor/pdns-recursor-4.0.6-r1.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.0.6-r1.ebuild new file mode 100644 index 000000000000..30f31e4cc5bb --- /dev/null +++ b/net-dns/pdns-recursor/pdns-recursor-4.0.6-r1.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit toolchain-funcs flag-o-matic eutils versionator + +DESCRIPTION="The PowerDNS Recursor" +HOMEPAGE="https://www.powerdns.com/" +SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="libressl lua luajit protobuf systemd" +REQUIRED_USE="?? ( lua luajit )" + +DEPEND="lua? ( >=dev-lang/lua-5.1:= ) + luajit? ( dev-lang/luajit:= ) + protobuf? ( + dev-libs/protobuf + >=dev-libs/boost-1.42:= + ) + systemd? ( sys-apps/systemd:0= ) + libressl? ( dev-libs/libressl:= ) + !libressl? ( dev-libs/openssl:= ) + >=dev-libs/boost-1.35:=" +RDEPEND="${DEPEND} + !<net-dns/pdns-2.9.20-r1" +DEPEND="${DEPEND} + virtual/pkgconfig" + +S="${WORKDIR}"/${P/_/-} + +PATCHES=( + "${FILESDIR}"/CVE-2017-{15090,15092,15093,15094}-4.0.6.patch +) + +pkg_setup() { + filter-flags -ftree-vectorize +} + +src_configure() { + econf \ + --sysconfdir=/etc/powerdns \ + $(use_enable systemd) \ + $(use_with lua) \ + $(use_with luajit) \ + $(use_with protobuf) +} + +src_install() { + default + + mv "${D}"/etc/powerdns/recursor.conf{-dist,} + + # set defaults: setuid=nobody, setgid=nobody + sed -i \ + -e 's/^# set\([ug]\)id=$/set\1id=nobody/' \ + -e 's/^# quiet=$/quiet=on/' \ + -e 's/^# chroot=$/chroot=\/var\/lib\/powerdns/' \ + "${D}"/etc/powerdns/recursor.conf + + newinitd "${FILESDIR}"/pdns-recursor-r1 pdns-recursor + + keepdir /var/lib/powerdns +} + +pkg_postinst() { + local old + + for old in ${REPLACING_VERSIONS}; do + version_compare ${old} 4.0.0-r1 + [[ $? -eq 1 ]] || continue + + ewarn "Starting with 4.0.0-r1 the init script has been renamed from precursor" + ewarn "to pdns-recursor, please update your runlevels accordingly." + + break + done +} diff --git a/net-dns/pdns-recursor/pdns-recursor-4.0.6.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.0.6.ebuild index 60e59cefe9fe..8ad027121b3c 100644 --- a/net-dns/pdns-recursor/pdns-recursor-4.0.6.ebuild +++ b/net-dns/pdns-recursor/pdns-recursor-4.0.6.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2" LICENSE="GPL-2" SLOT="0" KEYWORDS="amd64 ~arm x86" -IUSE="lua luajit protobuf systemd" +IUSE="libressl lua luajit protobuf systemd" REQUIRED_USE="?? ( lua luajit )" DEPEND="lua? ( >=dev-lang/lua-5.1:= ) @@ -22,6 +22,8 @@ DEPEND="lua? ( >=dev-lang/lua-5.1:= ) >=dev-libs/boost-1.42:= ) systemd? ( sys-apps/systemd:0= ) + libressl? ( dev-libs/libressl:= ) + !libressl? ( dev-libs/openssl:= ) >=dev-libs/boost-1.35:=" RDEPEND="${DEPEND} !<net-dns/pdns-2.9.20-r1" diff --git a/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.0.7.ebuild index 7cb168d0b3b7..8ad027121b3c 100644 --- a/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3.ebuild +++ b/net-dns/pdns-recursor/pdns-recursor-4.0.7.ebuild @@ -11,16 +11,19 @@ SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~arm ~x86" -IUSE="luajit protobuf systemd" +KEYWORDS="amd64 ~arm x86" +IUSE="libressl lua luajit protobuf systemd" +REQUIRED_USE="?? ( lua luajit )" -DEPEND="!luajit? ( >=dev-lang/lua-5.1:= ) +DEPEND="lua? ( >=dev-lang/lua-5.1:= ) luajit? ( dev-lang/luajit:= ) protobuf? ( dev-libs/protobuf >=dev-libs/boost-1.42:= ) systemd? ( sys-apps/systemd:0= ) + libressl? ( dev-libs/libressl:= ) + !libressl? ( dev-libs/openssl:= ) >=dev-libs/boost-1.35:=" RDEPEND="${DEPEND} !<net-dns/pdns-2.9.20-r1" @@ -37,8 +40,8 @@ src_configure() { econf \ --sysconfdir=/etc/powerdns \ $(use_enable systemd) \ - $(use_with !luajit lua) \ - $(use_with luajit luajit) \ + $(use_with lua) \ + $(use_with luajit) \ $(use_with protobuf) } diff --git a/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild new file mode 100644 index 000000000000..224ae2f7537a --- /dev/null +++ b/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit toolchain-funcs flag-o-matic eutils versionator + +DESCRIPTION="The PowerDNS Recursor" +HOMEPAGE="https://www.powerdns.com/" +SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~x86" +IUSE="libressl luajit protobuf snmp sodium systemd" + +DEPEND="!luajit? ( >=dev-lang/lua-5.1:= ) + luajit? ( dev-lang/luajit:= ) + protobuf? ( + dev-libs/protobuf + >=dev-libs/boost-1.42:= + ) + systemd? ( sys-apps/systemd:0= ) + snmp? ( net-analyzer/net-snmp ) + sodium? ( dev-libs/libsodium:= ) + libressl? ( dev-libs/libressl:= ) + !libressl? ( dev-libs/openssl:= ) + >=dev-libs/boost-1.35:=" +RDEPEND="${DEPEND} + !<net-dns/pdns-2.9.20-r1" +DEPEND="${DEPEND} + virtual/pkgconfig" + +S="${WORKDIR}"/${P/_/-} + +PATCHES=( + "${FILESDIR}"/CVE-2017-{15093,15094}-4.0.6.patch +) + +pkg_setup() { + filter-flags -ftree-vectorize +} + +src_configure() { + econf \ + --sysconfdir=/etc/powerdns \ + $(use_enable systemd) \ + $(use_enable sodium libsodium) \ + $(use_with !luajit lua) \ + $(use_with luajit luajit) \ + $(use_with protobuf) \ + $(use_with snmp net-snmp) +} + +src_install() { + default + + mv "${D}"/etc/powerdns/recursor.conf{-dist,} + + # set defaults: setuid=nobody, setgid=nobody + sed -i \ + -e 's/^# set\([ug]\)id=$/set\1id=nobody/' \ + -e 's/^# quiet=$/quiet=on/' \ + -e 's/^# chroot=$/chroot=\/var\/lib\/powerdns/' \ + "${D}"/etc/powerdns/recursor.conf + + newinitd "${FILESDIR}"/pdns-recursor-r1 pdns-recursor + + keepdir /var/lib/powerdns +} + +pkg_postinst() { + local old + + for old in ${REPLACING_VERSIONS}; do + version_compare ${old} 4.0.0-r1 + [[ $? -eq 1 ]] || continue + + ewarn "Starting with 4.0.0-r1 the init script has been renamed from precursor" + ewarn "to pdns-recursor, please update your runlevels accordingly." + + break + done +} diff --git a/net-dns/pdns/Manifest b/net-dns/pdns/Manifest index dff1cc5f3011..97b436375702 100644 --- a/net-dns/pdns/Manifest +++ b/net-dns/pdns/Manifest @@ -1,7 +1,11 @@ +AUX CVE-2017-15091-4.0.4.patch 1127 BLAKE2B 0fd529b76fdfbb0c6f534f46eb1130ea66d349e4241680459bbeb3a87bc34f34e8485850639986754264005de094dca758e9f7c6cf6d8b86184337a918327b37 SHA512 78d991e755ca9e94eea7f027fff2e2cef7a7e290c1fafd74ee2821880b004c55237334e4b1ea307032be5bfd6d20843640d711e2c0b6b9a932786ac571c4eb0a AUX dnsdomain2.schema 6640 BLAKE2B d3efc6bc16390f35979f1184632e7184cf403453422888e2cb44fa4fed7891241919a39c8c6f539a61de032654650a45ea548a6983777ea1bfe029e817f2c315 SHA512 ac16f8d528d6138d3c2cbf997fd8fbb467d388aa63eb6ed4e7780a3dad11ea885b91252ff0809b1d2cf7d5200814b8963aab890af84741ea86d35b2f5955a7ea AUX pdns-r1 2533 BLAKE2B 0d4af8f9cd4568cde40b44c72cb10a29662daa514df1a1d8174dd02f2ad4324cb7c99a05736bac7cbe80e1b9081832cac95d8c482eb4d1a8c344a6b55da623e3 SHA512 6392f59f82b82621b6cab6823f7761cd875bc6818c48db846df289057c02d8119a1024c5ecdf70a5ca8a55c00a2c3c56240d36b42cc038a25e8616ab9b966dd6 -DIST pdns-4.0.4.tar.bz2 1320327 SHA256 d974ab89de69477c7f581a3233bc731eacbb43d479291e472b2c531c83b6d763 SHA512 4ef4705cd990b03976775167c7c37850d45907e198549feda5f5701172e008e3f1f74a35a9bebdb24b63dec15ff63cb2cc9dfc8f92e4e1012e0539c5a88b845b WHIRLPOOL 5ac68a15155424d42fb4b84be1b34eb2e51498ae5193ae104215e4bb52a72845923f82dc6b112ce165444cdbfe3aaf01557d2f6ab42f6531dd525aee15ee1b19 -DIST pdns-4.1.0-rc3.tar.bz2 1112366 SHA256 889e2135ad4fa716afdd762a1c1551881e96f656f4434b0b1dcd57c63e87ffe2 SHA512 19485bf95a68cbe2ac4cc826b44c3a8670f66cedc2ab426c589a3f67d96f70bd6dd297bd95301c29cda10ff9a7e429fa702bdc7368ce08862140d7097013ea7f WHIRLPOOL 2e6e6b0a1b173aaa4ac61ac6b11204b30c2fde527476a218e13e62100d82a14b676075ce76e6b830e4c0e5d7f79c4421df9a4539ff9c0a9c110f9509c2d3a8a4 +DIST pdns-4.0.4.tar.bz2 1320327 BLAKE2B 5c11a0245408f8448b41ed4229718e6f7244e0c8f36b60b07c280f82c7dea0065cce93c3814b3a396666be8d3b012ad4eb646cf55f531d22ce325190e0fd6e22 SHA512 4ef4705cd990b03976775167c7c37850d45907e198549feda5f5701172e008e3f1f74a35a9bebdb24b63dec15ff63cb2cc9dfc8f92e4e1012e0539c5a88b845b +DIST pdns-4.0.5.tar.bz2 1323468 BLAKE2B 7e10cc98177bfa4f81888e2598ab4f0ce83ee45e6349372c065940424a74015302da879536dea8346fe7b86f35c0524a5449489bdf71d1a091b7c6a82fac4b6f SHA512 4b0fa932c1d9caf35b988916447aa21c64ebe2a58bdd84417cf09321a21b264cf1057206dc6993a45a3b591eb1dfa49463710c06b6bdfaf6fb17ae6dec6086d9 +DIST pdns-4.1.0.tar.bz2 1116905 BLAKE2B 91ec0f0cfa70966ff71dfb6302ed01355120ca1429d3c610c4abfb1b964cff78a6332700991bc259387e9095be03d3850da41750e93bb3ffe3db0e23562d156c SHA512 4b2b42f4893f8aac3cf07a6c8a3c999cb728a5907a710f1a5c9c8d08377ecb63e202e5eececbefc069c8f1d97a29b2aa607da7cf2bcc6335a72222418e409e77 +EBUILD pdns-4.0.4-r1.ebuild 4201 BLAKE2B d54e8e387ba8b5d623bf81ac09914ff40b9dcb0cf470ed9ac47c1fafa87d0a8f7bb9a18678b5cef4f891ad229014e574267de5dbcd2a77a197afbfe907a1337f SHA512 bf382471ddb2de96a0ecff1076402c1d5a0f1b5f40d9dd61640049ef979339235549452b75b68de0fed4aac31e5bc038be77b8f8801a244d4f6e6c320c47bf7e EBUILD pdns-4.0.4.ebuild 4144 BLAKE2B a5a33e8b5af9d03165cd3984b4626963d8bec9ea3414164006ced76bf3b2eedf6219f79f4dd4384df819be309641be1e7474ff51bccd950a9cf72aa7fd808830 SHA512 2491bd5013165ef666ca5c077c5d6330d016ba8d87950e6875fbdf780d212624616569a708ab6bdb7016ad10bfee18605d9136541d92166253a50e4ea0729ba0 -EBUILD pdns-4.1.0_rc3.ebuild 4044 BLAKE2B c0e7c5700c5b0e6bae38adfb70b5f1303e0346f7ee7e25f720fd4d372d89c4340cf5144aff4b52d1cf3c4c66da2c3c06af30d07fd6d78f649b49909f431e99d0 SHA512 d2e5892da35209c6aff25ffeb8e93936a382c728f7fdf7ceeb8b1ff5f2844b58f94a8dd5b8220014f69b8c2ee1f485cfe3fb58534133ab89cb9577b899ee6257 -MISC metadata.xml 1372 BLAKE2B 4f3cd59b044cef62a72ffc47b68d56ce471a781dad4dfd7a6a9a8b381cd15deb97b874bebb03c263fce0ba0714ff39fbbeb548b93040da6e44d6ff7a9eb2df5f SHA512 5031d165e37113c51d9c608a6493594825bbef8f35ea6e85eae0c4b515df91522c99c574bc0fac141fdd1d428065a66a45e8367c67b459f730d0171a3bb85080 +EBUILD pdns-4.0.5.ebuild 4122 BLAKE2B 80a41ec242413b88df4097d848fb3d84e6a7596ebb172250fe64b5eb4411ddc463a829d5fb1221556158347840090acfa0bcfd119b04f101553d7bc99a470024 SHA512 8da958850313422f711f05a6b9332f35abd8478249f863e071e69d6f30a38a86b9cb4b59b2d4aa85c83962a168c888167088eacc5fb27aa3d5669a6e7688d830 +EBUILD pdns-4.1.0.ebuild 4139 BLAKE2B 3b1c1baf7910e0b72d4c27ca34efb03e87d0983ac85a400adbe76d071edb5c274c68012365ac51b2af2a0c7442675e0a69a0e18e892b5115960093252076475b SHA512 befcd3c0e7e71a73e7c46e76592b71d843ec9b042029f60c952e6b4c9e1860d85cb910d29b40e7e5740c1e88f2314756fd251dec829c146120aaad9147c47853 +MISC metadata.xml 1451 BLAKE2B 69fede20eb18ba4d8bf397c51528a5b5ea4869802215c9851b21b4f71dd3545f7eb358e5e7581e23e5b5df67b29ec96d7da0caa69719951302d614b87f90f10b SHA512 ea054e8d7bdf7d4251ce00c342fda57fc3785a7ba8a8cd3ccd95c86eb8e1b5fbe155997210b67f65bcddab81e39ae136a99e61adf32de55e066d81f89ea50323 diff --git a/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch b/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch new file mode 100644 index 000000000000..a9506af8ef95 --- /dev/null +++ b/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch @@ -0,0 +1,30 @@ +diff -ru pdns-4.0.4.orig/pdns/ws-auth.cc pdns-4.0.4/pdns/ws-auth.cc +--- pdns-4.0.4.orig/pdns/ws-auth.cc 2017-06-22 22:07:25.000000000 +0200 ++++ pdns-4.0.4/pdns/ws-auth.cc 2017-11-02 18:07:20.986764858 +0100 +@@ -860,7 +860,7 @@ + static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) { + DNSName zonename = apiZoneIdToName(req->parameters["id"]); + +- if(req->method != "PUT") ++ if(req->method != "PUT" || ::arg().mustDo("api-readonly")) + throw HttpMethodNotAllowedException(); + + UeberBackend B; +@@ -879,7 +879,7 @@ + static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) { + DNSName zonename = apiZoneIdToName(req->parameters["id"]); + +- if(req->method != "PUT") ++ if(req->method != "PUT" || ::arg().mustDo("api-readonly")) + throw HttpMethodNotAllowedException(); + + UeberBackend B; +@@ -1191,7 +1191,7 @@ + } + + void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) { +- if(req->method != "PUT") ++ if(req->method != "PUT" || ::arg().mustDo("api-readonly")) + throw HttpMethodNotAllowedException(); + + DNSName canon = apiNameToDNSName(req->getvars["domain"]); diff --git a/net-dns/pdns/metadata.xml b/net-dns/pdns/metadata.xml index 264c58531540..03c68c6fd102 100644 --- a/net-dns/pdns/metadata.xml +++ b/net-dns/pdns/metadata.xml @@ -18,6 +18,7 @@ standards documents. Furthermore, PowerDNS interfaces with almost any database. <flag name="opendbx">Use a database supported by <pkg>dev-db/opendbx</pkg> as backend.</flag> <flag name="protobuf">Enable support for <pkg>dev-libs/protobuf</pkg>.</flag> <flag name="remote">Use a generic socket or pipe as a backend (via JSON RPC requests).</flag> + <flag name="sodium">Use <pkg>dev-libs/libsodium</pkg> for cryptography</flag> <flag name="tinydns">Use a TinyDNS CDB database as backend.</flag> <flag name="tools">Build optional tools (dnsscan, dnsscope, etc..).</flag> </use> diff --git a/net-dns/pdns/pdns-4.0.4-r1.ebuild b/net-dns/pdns/pdns-4.0.4-r1.ebuild new file mode 100644 index 000000000000..9fa2350de534 --- /dev/null +++ b/net-dns/pdns/pdns-4.0.4-r1.ebuild @@ -0,0 +1,157 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit eutils multilib user toolchain-funcs versionator + +DESCRIPTION="The PowerDNS Daemon" +HOMEPAGE="https://www.powerdns.com/" +SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +# other possible flags: +# db2: we lack the dep +# oracle: dito (need Oracle Client Libraries) +# xdb: (almost) dead, surely not supported + +IUSE="botan debug doc geoip ldap libressl lua luajit mydns mysql opendbx postgres protobuf remote sqlite systemd tools tinydns test" + +REQUIRED_USE="mydns? ( mysql ) ?? ( lua luajit )" + +RDEPEND=" + libressl? ( dev-libs/libressl:= ) + !libressl? ( dev-libs/openssl:= ) + >=dev-libs/boost-1.35:= + botan? ( =dev-libs/botan-1.10*[threads] ) + lua? ( dev-lang/lua:= ) + luajit? ( dev-lang/luajit:= ) + mysql? ( virtual/mysql ) + postgres? ( dev-db/postgresql:= ) + ldap? ( >=net-nds/openldap-2.0.27-r4 ) + sqlite? ( dev-db/sqlite:3 ) + opendbx? ( dev-db/opendbx ) + geoip? ( >=dev-cpp/yaml-cpp-0.5.1 dev-libs/geoip ) + tinydns? ( >=dev-db/tinycdb-0.77 ) + protobuf? ( dev-libs/protobuf )" +DEPEND="${RDEPEND} + virtual/pkgconfig + doc? ( app-doc/doxygen )" + +S="${WORKDIR}"/${P/_/-} + +PATCHES=( + "${FILESDIR}"/CVE-2017-15091-4.0.4.patch +) + +src_configure() { + local dynmodules="pipe bind" # the default backends, always enabled + + #use db2 && dynmodules+=" db2" + use ldap && dynmodules+=" ldap" + use lua && dynmodules+=" lua" + use mydns && dynmodules+=" mydns" + use mysql && dynmodules+=" gmysql" + use opendbx && dynmodules+=" opendbx" + #use oracle && dynmodules+=" goracle oracle" + use postgres && dynmodules+=" gpgsql" + use remote && dynmodules+=" remote" + use sqlite && dynmodules+=" gsqlite3" + use tinydns && dynmodules+=" tinydns" + use geoip && dynmodules+=" geoip" + #use xdb && dynmodules+=" xdb" + + econf \ + --disable-static \ + --sysconfdir=/etc/powerdns \ + --libdir=/usr/$(get_libdir)/powerdns \ + --with-modules= \ + --with-dynmodules="${dynmodules}" \ + --with-pgsql-includes=/usr/include \ + --with-pgsql-lib=/usr/$(get_libdir) \ + --with-mysql-lib=/usr/$(get_libdir) \ + $(use_enable botan botan1.10) \ + $(use_enable debug verbose-logging) \ + $(use_enable test unit-tests) \ + $(use_enable tools) \ + $(use_enable systemd) \ + $(use_with lua) \ + $(use_with luajit) \ + $(use_with protobuf) \ + ${myconf} +} + +src_compile() { + default + use doc && emake -C codedocs codedocs +} + +src_install() { + default + + mv "${D}"/etc/powerdns/pdns.conf{-dist,} + + fperms 0700 /etc/powerdns + fperms 0600 /etc/powerdns/pdns.conf + + # set defaults: setuid=pdns, setgid=pdns + sed -i \ + -e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \ + "${D}"/etc/powerdns/pdns.conf + + newinitd "${FILESDIR}"/pdns-r1 pdns + + keepdir /var/empty + + use doc && dohtml -r codedocs/html/. + + # Install development headers + insinto /usr/include/pdns + doins pdns/*.hh + insinto /usr/include/pdns/backends/gsql + doins pdns/backends/gsql/*.hh + + if use ldap ; then + insinto /etc/openldap/schema + doins "${FILESDIR}"/dnsdomain2.schema + fi + + prune_libtool_files --all +} + +pkg_preinst() { + enewgroup pdns + enewuser pdns -1 -1 /var/empty pdns +} + +pkg_postinst() { + elog "PowerDNS provides multiple instances support. You can create more instances" + elog "by symlinking the pdns init script to another name." + elog + elog "The name must be in the format pdns.<suffix> and PowerDNS will use the" + elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default." + + if use ldap ; then + ewarn "The official LDAP backend module is only compile-tested by upstream." + ewarn "Try net-dns/pdns-ldap-backend if you have problems with it." + fi + + local old + for old in ${REPLACING_VERSIONS}; do + version_compare ${old} 3.2 + [[ $? -eq 1 ]] || continue + + ewarn "To fix a security bug (bug #458018) had the following" + ewarn "files/directories the world-readable bit removed (if set):" + ewarn " ${EPREFIX}/etc/powerdns" + ewarn " ${EPREFIX}/etc/powerdns/pdns.conf" + ewarn "Check if this is correct for your setup" + ewarn "This is a one-time change and will not happen on subsequent updates." + chmod o-rwx "${EPREFIX}"/etc/powerdns/{,pdns.conf} + + break + done +} diff --git a/net-dns/pdns/pdns-4.1.0_rc3.ebuild b/net-dns/pdns/pdns-4.0.5.ebuild index 8ec74d1ac285..891179a4bdbb 100644 --- a/net-dns/pdns/pdns-4.1.0_rc3.ebuild +++ b/net-dns/pdns/pdns-4.0.5.ebuild @@ -11,7 +11,7 @@ SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="~amd64 x86" # other possible flags: # db2: we lack the dep @@ -66,6 +66,8 @@ src_configure() { --libdir=/usr/$(get_libdir)/powerdns \ --with-modules= \ --with-dynmodules="${dynmodules}" \ + --with-pgsql-includes=/usr/include \ + --with-pgsql-lib=/usr/$(get_libdir) \ --with-mysql-lib=/usr/$(get_libdir) \ $(use_enable botan) \ $(use_enable debug verbose-logging) \ diff --git a/net-dns/pdns/pdns-4.1.0.ebuild b/net-dns/pdns/pdns-4.1.0.ebuild new file mode 100644 index 000000000000..476a969f8a9a --- /dev/null +++ b/net-dns/pdns/pdns-4.1.0.ebuild @@ -0,0 +1,153 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit eutils multilib user toolchain-funcs versionator + +DESCRIPTION="The PowerDNS Daemon" +HOMEPAGE="https://www.powerdns.com/" +SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +# other possible flags: +# db2: we lack the dep +# oracle: dito (need Oracle Client Libraries) +# xdb: (almost) dead, surely not supported + +IUSE="botan debug doc geoip ldap libressl lua luajit mydns mysql opendbx postgres protobuf remote sodium sqlite systemd tools tinydns test" + +REQUIRED_USE="mydns? ( mysql ) ?? ( lua luajit )" + +RDEPEND=" + libressl? ( dev-libs/libressl:= ) + !libressl? ( dev-libs/openssl:= ) + >=dev-libs/boost-1.35:= + botan? ( dev-libs/botan:2= ) + lua? ( dev-lang/lua:= ) + luajit? ( dev-lang/luajit:= ) + mysql? ( virtual/mysql ) + postgres? ( dev-db/postgresql:= ) + ldap? ( >=net-nds/openldap-2.0.27-r4 app-crypt/mit-krb5 ) + sqlite? ( dev-db/sqlite:3 ) + opendbx? ( dev-db/opendbx ) + geoip? ( >=dev-cpp/yaml-cpp-0.5.1 dev-libs/geoip ) + sodium? ( dev-libs/libsodium:= ) + tinydns? ( >=dev-db/tinycdb-0.77 ) + protobuf? ( dev-libs/protobuf )" +DEPEND="${RDEPEND} + virtual/pkgconfig + doc? ( app-doc/doxygen )" + +S="${WORKDIR}"/${P/_/-} + +src_configure() { + local dynmodules="pipe bind" # the default backends, always enabled + + #use db2 && dynmodules+=" db2" + use ldap && dynmodules+=" ldap" + use lua && dynmodules+=" lua" + use mydns && dynmodules+=" mydns" + use mysql && dynmodules+=" gmysql" + use opendbx && dynmodules+=" opendbx" + #use oracle && dynmodules+=" goracle oracle" + use postgres && dynmodules+=" gpgsql" + use remote && dynmodules+=" remote" + use sqlite && dynmodules+=" gsqlite3" + use tinydns && dynmodules+=" tinydns" + use geoip && dynmodules+=" geoip" + #use xdb && dynmodules+=" xdb" + + econf \ + --disable-static \ + --sysconfdir=/etc/powerdns \ + --libdir=/usr/$(get_libdir)/powerdns \ + --with-modules= \ + --with-dynmodules="${dynmodules}" \ + --with-mysql-lib=/usr/$(get_libdir) \ + $(use_enable botan) \ + $(use_enable debug verbose-logging) \ + $(use_enable test unit-tests) \ + $(use_enable tools) \ + $(use_enable systemd) \ + $(use_enable sodium libsodium) \ + $(use_with lua) \ + $(use_with luajit) \ + $(use_with protobuf) \ + ${myconf} +} + +src_compile() { + default + use doc && emake -C codedocs codedocs +} + +src_install() { + default + + mv "${D}"/etc/powerdns/pdns.conf{-dist,} + + fperms 0700 /etc/powerdns + fperms 0600 /etc/powerdns/pdns.conf + + # set defaults: setuid=pdns, setgid=pdns + sed -i \ + -e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \ + "${D}"/etc/powerdns/pdns.conf + + newinitd "${FILESDIR}"/pdns-r1 pdns + + keepdir /var/empty + + use doc && dohtml -r codedocs/html/. + + # Install development headers + insinto /usr/include/pdns + doins pdns/*.hh + insinto /usr/include/pdns/backends/gsql + doins pdns/backends/gsql/*.hh + + if use ldap ; then + insinto /etc/openldap/schema + doins "${FILESDIR}"/dnsdomain2.schema + fi + + prune_libtool_files --all +} + +pkg_preinst() { + enewgroup pdns + enewuser pdns -1 -1 /var/empty pdns +} + +pkg_postinst() { + elog "PowerDNS provides multiple instances support. You can create more instances" + elog "by symlinking the pdns init script to another name." + elog + elog "The name must be in the format pdns.<suffix> and PowerDNS will use the" + elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default." + + if use ldap ; then + ewarn "The official LDAP backend module is only compile-tested by upstream." + ewarn "Try net-dns/pdns-ldap-backend if you have problems with it." + fi + + local old + for old in ${REPLACING_VERSIONS}; do + version_compare ${old} 3.2 + [[ $? -eq 1 ]] || continue + + ewarn "To fix a security bug (bug #458018) had the following" + ewarn "files/directories the world-readable bit removed (if set):" + ewarn " ${EPREFIX}/etc/powerdns" + ewarn " ${EPREFIX}/etc/powerdns/pdns.conf" + ewarn "Check if this is correct for your setup" + ewarn "This is a one-time change and will not happen on subsequent updates." + chmod o-rwx "${EPREFIX}"/etc/powerdns/{,pdns.conf} + + break + done +} |