From 16449a80e28af2209916cc66d19c9a44ca2b90d9 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 20 Feb 2019 15:11:50 +0000 Subject: gentoo resync : 20.02.2019 --- net-dns/Manifest.gz | Bin 9207 -> 9206 bytes net-dns/bind-tools/Manifest | 2 +- net-dns/bind-tools/bind-tools-9.12.2_p2-r1.ebuild | 2 +- net-dns/bind/Manifest | 14 +- net-dns/bind/bind-9.11.2_p1.ebuild | 423 --------------------- net-dns/bind/bind-9.11.3-r1.ebuild | 402 -------------------- net-dns/bind/bind-9.11.4_p2.ebuild | 2 +- net-dns/bind/bind-9.12.2_p2-r1.ebuild | 2 +- net-dns/bind/bind-9.12.3_p1-r1.ebuild | 407 ++++++++++++++++++++ net-dns/bind/bind-9.12.3_p1.ebuild | 407 -------------------- net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch | 110 ------ .../bind/files/bind-9.12.1_p2-CVE-2018-5738.patch | 95 ----- net-dns/bind/metadata.xml | 1 - net-dns/djbdns/Manifest | 2 +- net-dns/djbdns/djbdns-1.05-r33.ebuild | 4 +- net-dns/opendnssec/Manifest | 5 +- .../opendnssec/files/opendnssec-openssl1.1.patch | 55 +++ .../files/opendnssec-use-system-trang.patch | 4 +- net-dns/opendnssec/opendnssec-2.0.3-r1.ebuild | 236 ++++++++++++ net-dns/opendnssec/opendnssec-2.0.3.ebuild | 239 ------------ 20 files changed, 714 insertions(+), 1698 deletions(-) delete mode 100644 net-dns/bind/bind-9.11.2_p1.ebuild delete mode 100644 net-dns/bind/bind-9.11.3-r1.ebuild create mode 100644 net-dns/bind/bind-9.12.3_p1-r1.ebuild delete mode 100644 net-dns/bind/bind-9.12.3_p1.ebuild delete mode 100644 net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch delete mode 100644 net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch create mode 100644 net-dns/opendnssec/files/opendnssec-openssl1.1.patch create mode 100644 net-dns/opendnssec/opendnssec-2.0.3-r1.ebuild delete mode 100644 net-dns/opendnssec/opendnssec-2.0.3.ebuild (limited to 'net-dns') diff --git a/net-dns/Manifest.gz b/net-dns/Manifest.gz index 15779271c518..407636b2e230 100644 Binary files a/net-dns/Manifest.gz and b/net-dns/Manifest.gz differ diff --git a/net-dns/bind-tools/Manifest b/net-dns/bind-tools/Manifest index 22282baa54d3..b4556178d95c 100644 --- a/net-dns/bind-tools/Manifest +++ b/net-dns/bind-tools/Manifest @@ -9,7 +9,7 @@ EBUILD bind-tools-9.11.2_p1.ebuild 3150 BLAKE2B d27676a209a1c10af67af40fb8e4cca5 EBUILD bind-tools-9.11.4_p2.ebuild 3208 BLAKE2B 2283d2ace001715cb60542f169c5604fa049b2105a848991b4b7b2a2b66d8630c10e1d65cb832209ff74a26184e1dd93762fbd63348fa9bfe1850cfce1634f4d SHA512 7d5e6d989b952e6400e272fa02383c201342c0373f36a8561f22df549ec12fb7d414adf60689bb9801006e552779b13f5efd1b339ca1a161c1b9166bf4e0f92b EBUILD bind-tools-9.12.1.ebuild 3368 BLAKE2B 800b01b9fb04b2729beb94f422b64dbff471e21490a1f70864f2a535426194960430de58e0547e487a8f95b6898f5557a5776bded565aded00b8d50548432c89 SHA512 d787f6ce937c47a94eb9e1e9654647403746056f2b0fd4d8a57615de03bd490fa50ad7651ab7cea6a9818a85de0d4926e6c07f868755c92e551d8734285c3a8b EBUILD bind-tools-9.12.2_p1.ebuild 3438 BLAKE2B 8cb59aed873b3c1d460bec195852db75341c45d38737c445e28d33436e5fc81dde4cae32edd78847da259442bf1b6a68f349d6f8f9d72cf1786941db8c4ac146 SHA512 060a78f687599fc7083503030858e0ed25df9ba0edac85a56177676531800ddc4f10d07c4558c711729c684db92f3c71352b517f7bcb202b95420d2c81f0acbf -EBUILD bind-tools-9.12.2_p2-r1.ebuild 3566 BLAKE2B 05cb14e938b7392d55d2d45bb7769fbb1e7b5db6716bcf3d8898f8e1a3b869772d301feeb339e3f2459defb7642232126380e02af31ae7dfcd465c7343282f13 SHA512 5cf9260c7b44ef7801db833d39d3d1641df188b00016bca1e9a6d623609ec747b0796ac2fd019bbb448cbb86b0417c3f7912b1139c477326ea7c559dc147fc0a +EBUILD bind-tools-9.12.2_p2-r1.ebuild 3565 BLAKE2B 52f3490864991f0e54651322f2b7c7eb97d14bbb98a2cba2a6ea3d958cdf7bffac80962536377a8e366db15caa08bed5669cd19f6fcfedc642e8d82db7f99a76 SHA512 0e1428925a44bc6948305737449be883d2936a7f11f5320c351bd322cee00fd45bf3d7d952989ce773c591302f81a858d140322e3a89550aa1557145e3efe385 EBUILD bind-tools-9.12.2_p2.ebuild 3502 BLAKE2B 5d419e729479f76536bcb23b934a55c208d91ae8ee3e9a89c2252707d1a96b533fbb2379294798c19952079d9367f2a7d236ed4adf4b35b301bdb24f98cab458 SHA512 bf49480f605635ca80d2d89487c12bd275e7e09ad6b661d9c184c262397803c2f6923be9dcce9ee7730e0b4ca25bcf793472a0f2cb6479186478afe8fab64666 EBUILD bind-tools-9.12.3_p1.ebuild 3573 BLAKE2B 9f3c35a11c6047252ce852cedc471b1b7ea6841ef1d675ad93037fe11d290bba329fe3acc5fcb0e44054abb46690a278d5d1cb095265644b8e174d8d04b850cb SHA512 40bb1e5c5a271baa3b74ef8ce5a7a803deb9405b7f094aabfbefd71fbbb9eb8e02e2705f934c5cec3375ed67ffbd75b9826e1bf1aca58c74461a5a5c2c8deaaa MISC metadata.xml 640 BLAKE2B e563c600c07069fbcf6b9c6a650c4ea47004973757ee685ef12d88c012d70dc2d50831f238aa0ce557531dc91fe8dbb606e526a3b3a72d56725024d76329bcf7 SHA512 e87aa31e416bf3051f213c22b744262a6f4700254a42ab684da2a99eb2b9efb848ccbd2ec747f7c9f309556e6ba5426edaaf3a877cc620758cbde0b40d8c6b37 diff --git a/net-dns/bind-tools/bind-tools-9.12.2_p2-r1.ebuild b/net-dns/bind-tools/bind-tools-9.12.2_p2-r1.ebuild index 9e904935f74a..dccc65bc6702 100644 --- a/net-dns/bind-tools/bind-tools-9.12.2_p2-r1.ebuild +++ b/net-dns/bind-tools/bind-tools-9.12.2_p2-r1.ebuild @@ -16,7 +16,7 @@ SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${MY_PN}- LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" -KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" IUSE="doc gost gssapi idn ipv6 libedit libidn2 libressl readline seccomp ssl urandom xml" # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest index d302381ec4e0..6ec0d701eb67 100644 --- a/net-dns/bind/Manifest +++ b/net-dns/bind/Manifest @@ -1,6 +1,4 @@ AUX 10bind.env 27 BLAKE2B e5ddb2daced1b9430cb8e4b691bc0f1164f71a6e2032fa4efd18b629a6aeb971336d5eaa38c6474a3143cb34691c22d4564ebb010d9efd00cf6e2634daa8e68c SHA512 8ae5326b158b8a3eeaab667c84dd712fefd25d10832598783fa497285183cbdee554796c22d32fec54cd00461469f29ed473a730304a00aacdf06c1bb6c33d55 -AUX bind-9.11.3-CVE-2018-5738.patch 3925 BLAKE2B cda7036cfe855496b9a073eac7248bdc4743d52af1309cdaec9dc787a2e252e04a91ea367b031b2692e0c5b90f305c9e5187c3d2acbfecbad4a812f9fcb59d5c SHA512 39a8900eb859491dc58b7d15c34455ed7580c3d11f914663f599adfc10ba2c42f04234e7b92d6d350f20e5aa4b397d7e9905881719962d8ea1ebf72c8f47de8a -AUX bind-9.12.1_p2-CVE-2018-5738.patch 3476 BLAKE2B cc414e207ea8598a56ce6917adb96e243a60c921643bc36ab0a45dd1cae491bd4471f9b0f55e6b4e38c10172929884b039ad437bfbd1ab84a9142f5b083e4af4 SHA512 0a9b4fe8e404e8b68b851b85b5b10c87f3653c81c0cef747bca880a37c8bd64fa1100cc210fa33ac7504197c1e81d064af90cf362dba6897c9bf87b19ea467fe AUX generate-rndc-key.sh 183 BLAKE2B 33f2297745ef8e5aed09107cee6d0017d3870ea9db249a17850ae7a55f613b03a136bc61b8ac4526858178a0f8713eabda6c5f30917415f9a3ad6b34668f45ab SHA512 6c611120185c1a61b2b6da228efc28302ebd36c819b97793920543ce2cfff4da84f43ec53ddd072f008b04c7087cc19108c4279cb962d12a7e073b47235d14ee AUX localhost.zone-r3 426 BLAKE2B d34cf12d484c6bb705d3bd8bfbf93514e504497a99da983f6176234239cc664131502744f3cd743d938dec0309f0d8df2c1d0c5325b5cb61023ed192d32bbedd SHA512 979d8693046033c24490dca536f0d649795bbdf57eed32017b32d07d7d3c51b35197e4edd79d8258074a1bf14b71376472ba6ae749f62ceaf74d7a6a0559fa89 AUX named.cache-r3 3316 BLAKE2B 09a17fbb29f2122a61c7e17a8dfc8eef3b0fdaa94e8dbe17a0b188946fe8017c65599fbb84c0f88123f0e0f17faae2b9a1ffbc0ee17bcf62c1cbf34f064b9c36 SHA512 3608f29d356bf853145e14c1f81fdccf7090f63e95573234221711b7b6084fbc806817c41daa5d6072a4955a714f9e1cbd6cdcabd7cd1833c3e5f8387bc1ba20 @@ -9,15 +7,11 @@ AUX named.conf-r8 4020 BLAKE2B beb900a89be0f2acc1b08a8d29443c87b098e5ac1f1de9c63 AUX named.confd-r7 1364 BLAKE2B cfb72f221bc6657c5a8ef8b9cd804afeaf5f642d2046880f5bae6c2313485808b99a1a46fc10431913d187ed67cc1e6bad019a9192638bc7fdf97c951e2326ce SHA512 68fa7c8963ac59349de3d05972c07aa0123b7bebbe0ba9604463ccfd1b377c2babe01eed4745cbe0f7d3831d1b47c2fa620f8092c67465fb771cae4932b0861a AUX named.init-r13 6202 BLAKE2B 1968806c9580517b8443a08b90f7b425913b2dc17d9503834c0d7d7d56f1a987175cb413bc7fec10249002b84b6580d87cb61d2b6a1965cd34d05807abe0390c SHA512 c675adec65796989dc8524d533868975d4e2c3b2ed5f09aa3cd92ec21b8dfb161582dd5afdf08ab78174873f3e1458e90c2d50958f0b5a303078540a675ec0c9 AUX named.service-r1 327 BLAKE2B b0471100b425a1d4db29c1ef577dd6f14b2c3d040fd826bed03105f514bf1ea2c58c19d59557d0eafe27a96588adaf60156f31b6befdd9be96a8ca1fe8613678 SHA512 1d3dbf9d1de0c23c398a523b05c0fb266b6b699e54d232818b28205f697ca227acae9f2778d6f41309b117a6cd78eee170b745594b786b1c1571d5f66d6c3de4 -DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597 -DIST bind-9.11.3.tar.gz 9523375 BLAKE2B 978986e02767b8ac9f015b52e87b3bc161a7ea72f59f343dcb23f50fbe8474528c4b27ee4fd54bdbe6bd825ce6e8b164e8ad145260b2cdcd004e8892bacd313b SHA512 1f0da13165d1ee872800fe10bb8b0f69c6c76515f9861c1528fb6005213bb71b21a1270906d2ea9ded3eaf6df1a1bac0f2c80aa511683b8d57dcff4f278d8c35 DIST bind-9.11.4_p2.tar.gz 9617963 BLAKE2B 409cad7e0976f2e46406d45e87241d61d4d4f00bf08442c4dddbad490ea3d6e42eaad5851fddb83c61a897689a8fdba0cd920aaa0d36329868d26100ba48f946 SHA512 6c01810526fc40485a6c0403d1ddc3b76d2e59b3426b5789436bd671f158d2fa0ea7c0aef2de81998ec715dabd06683fed7b17224d5c794c61e7100a69d4cb60 DIST bind-9.12.2_p2.tar.gz 9422128 BLAKE2B c7d56f025f381a0136aa67ccd49a3254fcfe566d5e3601410e5cada26ccab32a901fe6e14bc14e6e287fa2b3904a4eee8e3ef63329f9bc4cb11f204590ff3623 SHA512 458adf6b3d0df286e7d345a21c40b639efcb275e76f9e0bf4e40a5d76dcac875016324393e129f29397be326d1017367c506ec9cbb35871c98fad4281bc4e05a DIST bind-9.12.3_p1.tar.gz 8625693 BLAKE2B 1899e04e409d3dafe63494fb7a0d8b813a6487754149bbfd01888cddc5e134ac675e9ac790684fb6fd8de4b1484e23ed7f1881c01234c9f16b27180c9a4594a9 SHA512 c1c91de88e4297e79b527775edd525c6fa948f169977563ab2e6ca93cac7317f8ca85863567f5cc151d4c6e3c081864ab1cf813bcfdd1165b52e9471b8317c28 DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac -EBUILD bind-9.11.2_p1.ebuild 12446 BLAKE2B fe6955788d154964b51fa1fc891070dad6183da778f10d0fb9d0089032e3fe55b7aaf814aacff6de1685c447b44717827a765e47e347bd9c4d1e692e4aebbeb5 SHA512 10bd18014db1837d12398d1978c65a20595de1fed0227b5117c702cc749fbf5b19a37f236e4fe8907e7d50868e4d88fa28103b5c9e7a6c447836c9ddfa658862 -EBUILD bind-9.11.3-r1.ebuild 12181 BLAKE2B 8efe68cae507e1d58df6081419c9db121d7b5d9ef8345defbfb52323390b248b8d3864736df2b6a8dfa393c53534aab0e8b433f21444ec6869d745386e3987de SHA512 cde50f5355c5efc37600c2cae49eed83d296b8fd862fcb512acb8fd4838efd738d890e29d7664a820ac3a93cd23b3844b9357c4f3c0301843876598d8163e8d6 -EBUILD bind-9.11.4_p2.ebuild 12220 BLAKE2B 76cb827bbb59bc620e82d302e5262d209b443d9f428cc0458f1f07ccac3faab92992583636705191e4a1b24723a079f296d5e820d434d848bc780b4ec9e130eb SHA512 2c2c122fa820c75319d5225cc00237c44df462ce0acadfb08a32ba1aca8f332aada6f51aff6077b67937de144c95083bcdc0dd450b7423240f1e3959d7dbef6f -EBUILD bind-9.12.2_p2-r1.ebuild 12356 BLAKE2B b6a6d19c733dbaefeb72e811d82f9720346219c9daee650b57645d2a21d6d6c61d1bb77266bd0f573eb63ab62a7c9631d1daaa98186e7018467fa0d7c062ecbc SHA512 3b19be7c8883c6b7e5ac4398d43f7da6643c88b376581ef9c20483306cc23e68dd46d6587bfe7ac2b0378f98b195369ad3459a70408f4f6659892fb39ff87a6b -EBUILD bind-9.12.3_p1.ebuild 12175 BLAKE2B df76e16927d1de12d756dad7aa26e7fd4f61ef1b4ecfe211347e4cdfe9448b23bf299e284d0210d005286948e16e80d8567dd524be8440a6bcffdbd3091bc05c SHA512 0f27b94e5ae9de431c07321bec344a1a723eb03f07811ebae93a0bb3967d6a07bcb43010de903300834721db5816936ace56930aa7e6cd562568e0f0c126770c -MISC metadata.xml 1352 BLAKE2B 89e5d161d824bd1b9a9e9c6ab49457b12d856a8eeb4dba9fb2f3ea987fb88ef708aca88d0d654aeba4ade9d49dc190f9d3e18f86e2c2c874e017aabe7ea8f079 SHA512 47171fcafd8b7b316166e8ba565cc3126ccf2cca4b447abffb7120c34f9ea22243539857d040bf17c509862a9d42d564ccbe151e533a4961516799c5d73d30ab +EBUILD bind-9.11.4_p2.ebuild 12218 BLAKE2B 162deefbee5ad4b59226627ab698f0e4f3382e21eaf890bc97f19a66aef3924a94a1ea36a9ceaf46c048a04b5365370d1023458c23472e79bd44e096ce0777b4 SHA512 ba964fb8a2038f8585a934ddbc9a33f3650a143557fb5e74bac38f639bea2d40c5bfb15ef5c7b5a70b21a815ac724db0a5f497115c7d0aff3d204822db3f7bfd +EBUILD bind-9.12.2_p2-r1.ebuild 12355 BLAKE2B 8dcbb0f8a8f24aab4cd99dce950defaf77f001eca4012a0c6789a5cbc00014eaaa83e51ad40607b58f55ebee178317b55052baf72d8aa821d2f8574de80fe894 SHA512 e81aec10d07476636db05eeae2599af9d9b74d9319cdcacb003248f4720955ff105b50bd931acf59fc79c80c58ec795ad212de0ae0c72358d7c3382a96471876 +EBUILD bind-9.12.3_p1-r1.ebuild 12183 BLAKE2B e2916dc110ec5a63cf6b9504b4396c307fa42c4fb6efe375abdcf7b24df8a796f17afdbb15797823422d75c15289289d6a33ab3eb8d6ffb67856dd8ff20358e9 SHA512 285a425d8fa4a194abff3dd8e87f5fc9a0d5c8e8a24aebd360a1871761fbf9d112201438da1d04d901405642697d054b70543ec08dcc81f675df3f6873a071a5 +MISC metadata.xml 1289 BLAKE2B 5a9f80066f06ced2a74c97cc083402d8ffcca40784426341c7bc9b756162d5d108a0dae6fa543fe3307252b15c4c9e3e389b7857d535e80b49e5175143d99a13 SHA512 5caccd1aa31115066a715b79616ac6e7eb8be04ccf36b2880fb956e97b74e13b524d841a362e52ed92cd7c9815c6d43dbb6df5275d336ad62eeccf0f7c17d12f diff --git a/net-dns/bind/bind-9.11.2_p1.ebuild b/net-dns/bind/bind-9.11.2_p1.ebuild deleted file mode 100644 index d02197d6ec2d..000000000000 --- a/net-dns/bind/bind-9.11.2_p1.ebuild +++ /dev/null @@ -1,423 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# Re dlz/mysql and threads, needs to be verified.. -# MySQL uses thread local storage in its C api. Thus MySQL -# requires that each thread of an application execute a MySQL -# thread initialization to setup the thread local storage. -# This is impossible to do safely while staying within the DLZ -# driver API. This is a limitation caused by MySQL, and not the DLZ API. -# Because of this BIND MUST only run with a single thread when -# using the MySQL driver. - -EAPI="5" - -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) - -inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd - -MY_PV="${PV/_p/-P}" -MY_PV="${MY_PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" - -SDB_LDAP_VER="1.1.0-fc14" - -RRL_PV="${MY_PV}" - -NSLINT_DIR="contrib/nslint-3.0a2/" - -# SDB-LDAP: http://bind9-ldap.bayour.com/ - -DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" -HOMEPAGE="http://www.isc.org/software/bind" -SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz - doc? ( mirror://gentoo/dyndns-samples.tbz2 )" -# sdb-ldap? ( -# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 -# )" - -LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# -berkdb by default re bug 602682 -IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 -json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs -+threads urandom xml +zlib" -# sdb-ldap - patch broken -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 - -REQUIRED_USE="postgres? ( dlz ) - berkdb? ( dlz ) - mysql? ( dlz !threads ) - odbc? ( dlz ) - ldap? ( dlz ) - gost? ( !libressl ssl ) - threads? ( caps ) - dnstap? ( threads ) - python? ( ${PYTHON_REQUIRED_USE} )" -# sdb-ldap? ( dlz ) - -DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0[-bindist] ) - libressl? ( dev-libs/libressl ) - ) - mysql? ( >=virtual/mysql-4.0 ) - odbc? ( >=dev-db/unixODBC-2.2.6 ) - ldap? ( net-nds/openldap ) - idn? ( net-dns/idnkit ) - postgres? ( dev-db/postgresql:= ) - caps? ( >=sys-libs/libcap-2.1.0 ) - xml? ( dev-libs/libxml2 ) - geoip? ( >=dev-libs/geoip-1.4.6 ) - gssapi? ( virtual/krb5 ) - gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) - seccomp? ( sys-libs/libseccomp ) - json? ( dev-libs/json-c:= ) - lmdb? ( dev-db/lmdb ) - zlib? ( sys-libs/zlib ) - dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) - python? ( - ${PYTHON_DEPS} - dev-python/ply[${PYTHON_USEDEP}] - )" -# sdb-ldap? ( net-nds/openldap ) - -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-bind ) - || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" - -S="${WORKDIR}/${MY_P}" - -# bug 479092, requires networking -RESTRICT="test" - -pkg_setup() { - ebegin "Creating named group and user" - enewgroup named 40 - enewuser named 40 -1 /etc/bind named - eend ${?} -} - -src_prepare() { - # Adjusting PATHs in manpages - for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do - sed -i \ - -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ - -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ - -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ - "${i}" || die "sed failed, ${i} doesn't exist" - done - -# if use dlz; then -# # sdb-ldap patch as per bug #160567 -# # Upstream URL: http://bind9-ldap.bayour.com/ -# # New patch take from bug 302735 -# if use sdb-ldap; then -# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch -# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ -# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ -# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ -# fi -# fi - - # should be installed by bind-tools - sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die - - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die - - if use nslint; then - sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die - fi - - # bug #220361 - rm aclocal.m4 - rm -rf libtool.m4/ - eautoreconf -} - -src_configure() { - local myconf="" - - if use urandom; then - myconf="${myconf} --with-randomdev=/dev/urandom" - else - myconf="${myconf} --with-randomdev=/dev/random" - fi - - use geoip && myconf="${myconf} --with-geoip" - - # bug #158664 -# gcc-specs-ssp && replace-flags -O[23s] -O - - # To include db.h from proper path - use berkdb && append-flags "-I$(db_includedir)" - - export BUILD_CC=$(tc-getBUILD_CC) - econf \ - --sysconfdir=/etc/bind \ - --localstatedir=/var \ - --with-libtool \ - --enable-full-report \ - --without-readline \ - $(use_enable caps linux-caps) \ - $(use_enable filter-aaaa) \ - $(use_enable fixed-rrset) \ - $(use_enable ipv6) \ - $(use_enable rpz rpz-nsdname) \ - $(use_enable rpz rpz-nsip) \ - $(use_enable seccomp) \ - $(use_enable threads) \ - $(use_with berkdb dlz-bdb) \ - $(use_with dlz dlopen) \ - $(use_with dlz dlz-filesystem) \ - $(use_with dlz dlz-stub) \ - $(use_with gost) \ - $(use_with gssapi) \ - $(use_with idn) \ - $(use_with json libjson) \ - $(use_with ldap dlz-ldap) \ - $(use_with mysql dlz-mysql) \ - $(use_with odbc dlz-odbc) \ - $(use_with postgres dlz-postgres) \ - $(use_with lmdb) \ - $(use_with python) \ - $(use_with ssl ecdsa) \ - $(use_with ssl openssl "${EPREFIX}"/usr) \ - $(use_with xml libxml2) \ - $(use_with zlib) \ - ${myconf} - - # $(use_enable static-libs static) \ - - # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h - - if use nslint; then - cd $NSLINT_DIR - econf - fi -} - -src_compile() { - emake - - if use nslint; then - emake -C $NSLINT_DIR CCOPT="${CFLAGS}" - fi -} - -src_install() { - emake DESTDIR="${D}" install - - if use nslint; then - cd $NSLINT_DIR - dobin nslint - doman nslint.8 - cd "${S}" - fi - - dodoc CHANGES README - - if use idn; then - dodoc contrib/idn/README.idnkit - fi - - if use doc; then - dodoc doc/arm/Bv9ARM.pdf - - docinto misc - dodoc doc/misc/* - - # might a 'html' useflag make sense? - docinto html - dohtml -r doc/arm/* - - docinto contrib - dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} - - # some handy-dandy dynamic dns examples - pushd "${D}"/usr/share/doc/${PF} 1>/dev/null - tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die - popd 1>/dev/null - fi - - insinto /etc/bind - newins "${FILESDIR}"/named.conf-r8 named.conf - - # ftp://ftp.rs.internic.net/domain/named.cache: - insinto /var/bind - newins "${FILESDIR}"/named.cache-r3 named.cache - - insinto /var/bind/pri - newins "${FILESDIR}"/localhost.zone-r3 localhost.zone - - newinitd "${FILESDIR}"/named.init-r13 named - newconfd "${FILESDIR}"/named.confd-r7 named - - if use gost; then - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die - else - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die - fi - - newenvd "${FILESDIR}"/10bind.env 10bind - - # Let's get rid of those tools and their manpages since they're provided by bind-tools - rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* - rm -f "${D}"/usr/share/man/man8/nsupdate.8* - rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} - rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} - for tool in dsfromkey importkey keyfromlabel keygen \ - revoke settime signzone verify; do - rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" - rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* - done - - # bug 405251, library archives aren't properly handled by --enable/disable-static - if ! use static-libs; then - find "${D}" -type f -name '*.a' -delete || die - fi - - # bug 405251 - find "${D}" -type f -name '*.la' -delete || die - - if use python; then - install_python_tools() { - dosbin bin/python/dnssec-{checkds,coverage} - } - python_foreach_impl install_python_tools - - python_replicate_script "${D}usr/sbin/dnssec-checkds" - python_replicate_script "${D}usr/sbin/dnssec-coverage" - fi - - # bug 450406 - dosym named.cache /var/bind/root.cache - - dosym /var/bind/pri /etc/bind/pri - dosym /var/bind/sec /etc/bind/sec - dosym /var/bind/dyn /etc/bind/dyn - keepdir /var/bind/{pri,sec,dyn} - - dodir /var/log/named - - fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} - fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0750 /etc/bind /var/bind/pri - fperms 0770 /var/log/named /var/bind/{,sec,dyn} - - systemd_newunit "${FILESDIR}/named.service-r1" named.service - systemd_dotmpfilesd "${FILESDIR}"/named.conf - exeinto /usr/libexec - doexe "${FILESDIR}/generate-rndc-key.sh" -} - -pkg_postinst() { - if [ ! -f '/etc/bind/rndc.key' ]; then - if use urandom; then - einfo "Using /dev/urandom for generating rndc.key" - /usr/sbin/rndc-confgen -r /dev/urandom -a - echo - else - einfo "Using /dev/random for generating rndc.key" - /usr/sbin/rndc-confgen -a - echo - fi - chown root:named /etc/bind/rndc.key - chmod 0640 /etc/bind/rndc.key - fi - - einfo - einfo "You can edit /etc/conf.d/named to customize named settings" - einfo - use mysql || use postgres || use ldap && { - elog "If your named depends on MySQL/PostgreSQL or LDAP," - elog "uncomment the specified rc_named_* lines in your" - elog "/etc/conf.d/named config to ensure they'll start before bind" - einfo - } - einfo "If you'd like to run bind in a chroot AND this is a new" - einfo "install OR your bind doesn't already run in a chroot:" - einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." - einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" - einfo - - CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) - if [[ -n ${CHROOT} ]]; then - elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - elog "To enable the old behaviour (without using mount) uncomment the" - elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - elog "If you decide to use the new/default method, ensure to make backup" - elog "first and merge your existing configs/zones to /etc/bind and" - elog "/var/bind because bind will now mount the needed directories into" - elog "the chroot dir." - fi -} - -pkg_config() { - CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) - CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) - CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) - - if [[ -z "${CHROOT}" ]]; then - eerror "This config script is designed to automate setting up" - eerror "a chrooted bind/named. To do so, please first uncomment" - eerror "and set the CHROOT variable in '/etc/conf.d/named'." - die "Unset CHROOT" - fi - if [[ -d "${CHROOT}" ]]; then - ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - ewarn "To enable the old behaviour (without using mount) uncomment the" - ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - ewarn - ewarn "${CHROOT} already exists... some things might become overridden" - ewarn "press CTRL+C if you don't want to continue" - sleep 10 - fi - - echo; einfo "Setting up the chroot directory..." - - mkdir -m 0750 -p ${CHROOT} - mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} - mkdir -m 0750 -p ${CHROOT}/etc/bind - mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ - # As of bind 9.8.0 - if has_version net-dns/bind[gost]; then - if [ "$(get_libdir)" = "lib64" ]; then - mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines - ln -s lib64 ${CHROOT}/usr/lib - else - mkdir -m 0755 -p ${CHROOT}/usr/lib/engines - fi - fi - chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind - - mknod ${CHROOT}/dev/null c 1 3 - chmod 0666 ${CHROOT}/dev/null - - mknod ${CHROOT}/dev/zero c 1 5 - chmod 0666 ${CHROOT}/dev/zero - - if use urandom; then - mknod ${CHROOT}/dev/urandom c 1 9 - chmod 0666 ${CHROOT}/dev/urandom - else - mknod ${CHROOT}/dev/random c 1 8 - chmod 0666 ${CHROOT}/dev/random - fi - - if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then - cp -a /etc/bind ${CHROOT}/etc/ - cp -a /var/bind ${CHROOT}/var/ - fi - - if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then - mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP - fi - - elog "You may need to add the following line to your syslog-ng.conf:" - elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" -} diff --git a/net-dns/bind/bind-9.11.3-r1.ebuild b/net-dns/bind/bind-9.11.3-r1.ebuild deleted file mode 100644 index 74e4fcd1fc13..000000000000 --- a/net-dns/bind/bind-9.11.3-r1.ebuild +++ /dev/null @@ -1,402 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# Re dlz/mysql and threads, needs to be verified.. -# MySQL uses thread local storage in its C api. Thus MySQL -# requires that each thread of an application execute a MySQL -# thread initialization to setup the thread local storage. -# This is impossible to do safely while staying within the DLZ -# driver API. This is a limitation caused by MySQL, and not the DLZ API. -# Because of this BIND MUST only run with a single thread when -# using the MySQL driver. - -EAPI="5" - -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) - -inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd - -MY_PV="${PV/_p/-P}" -MY_PV="${MY_PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" - -SDB_LDAP_VER="1.1.0-fc14" - -RRL_PV="${MY_PV}" - -NSLINT_DIR="contrib/nslint-3.0a2/" - -# SDB-LDAP: http://bind9-ldap.bayour.com/ - -DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" -HOMEPAGE="http://www.isc.org/software/bind" -SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz - doc? ( mirror://gentoo/dyndns-samples.tbz2 )" -# sdb-ldap? ( -# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 -# )" - -LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# -berkdb by default re bug 602682 -IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 -json ldap libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs -+threads urandom xml +zlib" -# sdb-ldap - patch broken -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 - -REQUIRED_USE="postgres? ( dlz ) - berkdb? ( dlz ) - mysql? ( dlz !threads ) - odbc? ( dlz ) - ldap? ( dlz ) - gost? ( !libressl ssl ) - threads? ( caps ) - dnstap? ( threads ) - python? ( ${PYTHON_REQUIRED_USE} )" -# sdb-ldap? ( dlz ) - -DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0[-bindist] ) - libressl? ( dev-libs/libressl ) - ) - mysql? ( >=virtual/mysql-4.0 ) - odbc? ( >=dev-db/unixODBC-2.2.6 ) - ldap? ( net-nds/openldap ) - idn? ( net-dns/idnkit ) - postgres? ( dev-db/postgresql:= ) - caps? ( >=sys-libs/libcap-2.1.0 ) - xml? ( dev-libs/libxml2 ) - geoip? ( >=dev-libs/geoip-1.4.6 ) - gssapi? ( virtual/krb5 ) - gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) - seccomp? ( sys-libs/libseccomp ) - json? ( dev-libs/json-c:= ) - lmdb? ( dev-db/lmdb ) - zlib? ( sys-libs/zlib ) - dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) - python? ( - ${PYTHON_DEPS} - dev-python/ply[${PYTHON_USEDEP}] - )" -# sdb-ldap? ( net-nds/openldap ) - -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-bind ) - || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" - -S="${WORKDIR}/${MY_P}" - -# bug 479092, requires networking -RESTRICT="test" - -pkg_setup() { - ebegin "Creating named group and user" - enewgroup named 40 - enewuser named 40 -1 /etc/bind named - eend ${?} -} - -src_prepare() { - # Adjusting PATHs in manpages - for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do - sed -i \ - -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ - -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ - -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ - "${i}" || die "sed failed, ${i} doesn't exist" - done - - # bug 657654 / CVE-2018-5738 - epatch "${FILESDIR}/${P}-CVE-2018-5738.patch" - -# if use dlz; then -# # sdb-ldap patch as per bug #160567 -# # Upstream URL: http://bind9-ldap.bayour.com/ -# # New patch take from bug 302735 -# if use sdb-ldap; then -# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch -# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ -# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ -# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ -# fi -# fi - - # should be installed by bind-tools - sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die - - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die - - # bug #220361 - rm aclocal.m4 - rm -rf libtool.m4/ - eautoreconf -} - -src_configure() { - local myconf="" - - if use urandom; then - myconf="${myconf} --with-randomdev=/dev/urandom" - else - myconf="${myconf} --with-randomdev=/dev/random" - fi - - use geoip && myconf="${myconf} --with-geoip" - - # bug #158664 -# gcc-specs-ssp && replace-flags -O[23s] -O - - # To include db.h from proper path - use berkdb && append-flags "-I$(db_includedir)" - - export BUILD_CC=$(tc-getBUILD_CC) - econf \ - --sysconfdir=/etc/bind \ - --localstatedir=/var \ - --with-libtool \ - --enable-full-report \ - --without-readline \ - $(use_enable caps linux-caps) \ - $(use_enable filter-aaaa) \ - $(use_enable fixed-rrset) \ - $(use_enable ipv6) \ - $(use_enable rpz rpz-nsdname) \ - $(use_enable rpz rpz-nsip) \ - $(use_enable seccomp) \ - $(use_enable threads) \ - $(use_with berkdb dlz-bdb) \ - $(use_with dlz dlopen) \ - $(use_with dlz dlz-filesystem) \ - $(use_with dlz dlz-stub) \ - $(use_with gost) \ - $(use_with gssapi) \ - $(use_with idn) \ - $(use_with json libjson) \ - $(use_with ldap dlz-ldap) \ - $(use_with mysql dlz-mysql) \ - $(use_with odbc dlz-odbc) \ - $(use_with postgres dlz-postgres) \ - $(use_with lmdb) \ - $(use_with python) \ - $(use_with ssl ecdsa) \ - $(use_with ssl openssl "${EPREFIX}"/usr) \ - $(use_with xml libxml2) \ - $(use_with zlib) \ - ${myconf} - - # $(use_enable static-libs static) \ - - # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h -} - -src_install() { - emake DESTDIR="${D}" install - - dodoc CHANGES README - - if use idn; then - dodoc contrib/idn/README.idnkit - fi - - if use doc; then - dodoc doc/arm/Bv9ARM.pdf - - docinto misc - dodoc doc/misc/* - - # might a 'html' useflag make sense? - docinto html - dohtml -r doc/arm/* - - docinto contrib - dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} - - # some handy-dandy dynamic dns examples - pushd "${D}"/usr/share/doc/${PF} 1>/dev/null - tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die - popd 1>/dev/null - fi - - insinto /etc/bind - newins "${FILESDIR}"/named.conf-r8 named.conf - - # ftp://ftp.rs.internic.net/domain/named.cache: - insinto /var/bind - newins "${FILESDIR}"/named.cache-r3 named.cache - - insinto /var/bind/pri - newins "${FILESDIR}"/localhost.zone-r3 localhost.zone - - newinitd "${FILESDIR}"/named.init-r13 named - newconfd "${FILESDIR}"/named.confd-r7 named - - if use gost; then - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die - else - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die - fi - - newenvd "${FILESDIR}"/10bind.env 10bind - - # Let's get rid of those tools and their manpages since they're provided by bind-tools - rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* - rm -f "${D}"/usr/share/man/man8/nsupdate.8* - rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} - rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} - for tool in dsfromkey importkey keyfromlabel keygen \ - revoke settime signzone verify; do - rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" - rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* - done - - # bug 405251, library archives aren't properly handled by --enable/disable-static - if ! use static-libs; then - find "${D}" -type f -name '*.a' -delete || die - fi - - # bug 405251 - find "${D}" -type f -name '*.la' -delete || die - - if use python; then - install_python_tools() { - dosbin bin/python/dnssec-{checkds,coverage} - } - python_foreach_impl install_python_tools - - python_replicate_script "${D}usr/sbin/dnssec-checkds" - python_replicate_script "${D}usr/sbin/dnssec-coverage" - fi - - # bug 450406 - dosym named.cache /var/bind/root.cache - - dosym /var/bind/pri /etc/bind/pri - dosym /var/bind/sec /etc/bind/sec - dosym /var/bind/dyn /etc/bind/dyn - keepdir /var/bind/{pri,sec,dyn} - - dodir /var/log/named - - fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} - fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0750 /etc/bind /var/bind/pri - fperms 0770 /var/log/named /var/bind/{,sec,dyn} - - systemd_newunit "${FILESDIR}/named.service-r1" named.service - systemd_dotmpfilesd "${FILESDIR}"/named.conf - exeinto /usr/libexec - doexe "${FILESDIR}/generate-rndc-key.sh" -} - -pkg_postinst() { - if [ ! -f '/etc/bind/rndc.key' ]; then - if use urandom; then - einfo "Using /dev/urandom for generating rndc.key" - /usr/sbin/rndc-confgen -r /dev/urandom -a - echo - else - einfo "Using /dev/random for generating rndc.key" - /usr/sbin/rndc-confgen -a - echo - fi - chown root:named /etc/bind/rndc.key - chmod 0640 /etc/bind/rndc.key - fi - - einfo - einfo "You can edit /etc/conf.d/named to customize named settings" - einfo - use mysql || use postgres || use ldap && { - elog "If your named depends on MySQL/PostgreSQL or LDAP," - elog "uncomment the specified rc_named_* lines in your" - elog "/etc/conf.d/named config to ensure they'll start before bind" - einfo - } - einfo "If you'd like to run bind in a chroot AND this is a new" - einfo "install OR your bind doesn't already run in a chroot:" - einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." - einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" - einfo - - CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) - if [[ -n ${CHROOT} ]]; then - elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - elog "To enable the old behaviour (without using mount) uncomment the" - elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - elog "If you decide to use the new/default method, ensure to make backup" - elog "first and merge your existing configs/zones to /etc/bind and" - elog "/var/bind because bind will now mount the needed directories into" - elog "the chroot dir." - fi -} - -pkg_config() { - CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) - CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) - CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) - - if [[ -z "${CHROOT}" ]]; then - eerror "This config script is designed to automate setting up" - eerror "a chrooted bind/named. To do so, please first uncomment" - eerror "and set the CHROOT variable in '/etc/conf.d/named'." - die "Unset CHROOT" - fi - if [[ -d "${CHROOT}" ]]; then - ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - ewarn "To enable the old behaviour (without using mount) uncomment the" - ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - ewarn - ewarn "${CHROOT} already exists... some things might become overridden" - ewarn "press CTRL+C if you don't want to continue" - sleep 10 - fi - - echo; einfo "Setting up the chroot directory..." - - mkdir -m 0750 -p ${CHROOT} - mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} - mkdir -m 0750 -p ${CHROOT}/etc/bind - mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ - # As of bind 9.8.0 - if has_version net-dns/bind[gost]; then - if [ "$(get_libdir)" = "lib64" ]; then - mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines - ln -s lib64 ${CHROOT}/usr/lib - else - mkdir -m 0755 -p ${CHROOT}/usr/lib/engines - fi - fi - chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind - - mknod ${CHROOT}/dev/null c 1 3 - chmod 0666 ${CHROOT}/dev/null - - mknod ${CHROOT}/dev/zero c 1 5 - chmod 0666 ${CHROOT}/dev/zero - - if use urandom; then - mknod ${CHROOT}/dev/urandom c 1 9 - chmod 0666 ${CHROOT}/dev/urandom - else - mknod ${CHROOT}/dev/random c 1 8 - chmod 0666 ${CHROOT}/dev/random - fi - - if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then - cp -a /etc/bind ${CHROOT}/etc/ - cp -a /var/bind ${CHROOT}/var/ - fi - - if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then - mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP - fi - - elog "You may need to add the following line to your syslog-ng.conf:" - elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" -} diff --git a/net-dns/bind/bind-9.11.4_p2.ebuild b/net-dns/bind/bind-9.11.4_p2.ebuild index d01ae4435027..b9ad5d4514c3 100644 --- a/net-dns/bind/bind-9.11.4_p2.ebuild +++ b/net-dns/bind/bind-9.11.4_p2.ebuild @@ -38,7 +38,7 @@ SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar. LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" -KEYWORDS="~alpha amd64 arm hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # -berkdb by default re bug 602682 IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 json ldap libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs diff --git a/net-dns/bind/bind-9.12.2_p2-r1.ebuild b/net-dns/bind/bind-9.12.2_p2-r1.ebuild index 4726fbb2ca4c..f6702e205b72 100644 --- a/net-dns/bind/bind-9.12.2_p2-r1.ebuild +++ b/net-dns/bind/bind-9.12.2_p2-r1.ebuild @@ -36,7 +36,7 @@ SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar. LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" -KEYWORDS="alpha amd64 arm hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # -berkdb by default re bug 602682 IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip gost gssapi idn ipv6 json ldap libidn2 libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs diff --git a/net-dns/bind/bind-9.12.3_p1-r1.ebuild b/net-dns/bind/bind-9.12.3_p1-r1.ebuild new file mode 100644 index 000000000000..214450407536 --- /dev/null +++ b/net-dns/bind/bind-9.12.3_p1-r1.ebuild @@ -0,0 +1,407 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# Re dlz/mysql and threads, needs to be verified.. +# MySQL uses thread local storage in its C api. Thus MySQL +# requires that each thread of an application execute a MySQL +# thread initialization to setup the thread local storage. +# This is impossible to do safely while staying within the DLZ +# driver API. This is a limitation caused by MySQL, and not the DLZ API. +# Because of this BIND MUST only run with a single thread when +# using the MySQL driver. + +EAPI=7 + +PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} ) + +inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd + +MY_PV="${PV/_p/-P}" +MY_PV="${MY_PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" + +SDB_LDAP_VER="1.1.0-fc14" + +RRL_PV="${MY_PV}" + +# SDB-LDAP: http://bind9-ldap.bayour.com/ + +DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" +HOMEPAGE="http://www.isc.org/software/bind" +SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz + doc? ( mirror://gentoo/dyndns-samples.tbz2 )" +# sdb-ldap? ( +# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 +# )" + +LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# -berkdb by default re bug 602682 +IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip gost gssapi ipv6 +json ldap libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs ++threads urandom xml +zlib" +# sdb-ldap - patch broken +# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 + +REQUIRED_USE=" + postgres? ( dlz ) + berkdb? ( dlz ) + mysql? ( dlz !threads ) + odbc? ( dlz ) + ldap? ( dlz ) + gost? ( !libressl ssl ) + threads? ( caps ) + dnstap? ( threads ) + python? ( ${PYTHON_REQUIRED_USE} )" +# sdb-ldap? ( dlz ) + +DEPEND=" + ssl? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + libressl? ( dev-libs/libressl ) + ) + mysql? ( dev-db/mysql-connector-c:0= ) + odbc? ( >=dev-db/unixODBC-2.2.6 ) + ldap? ( net-nds/openldap ) + postgres? ( dev-db/postgresql:= ) + caps? ( >=sys-libs/libcap-2.1.0 ) + xml? ( dev-libs/libxml2 ) + geoip? ( >=dev-libs/geoip-1.4.6 ) + gssapi? ( virtual/krb5 ) + gost? ( + || ( + =dev-libs/openssl-1.0*[-bindist] + ( + >=dev-libs/openssl-1.1 + dev-libs/gost-engine + ) + ) + ) + seccomp? ( sys-libs/libseccomp ) + json? ( dev-libs/json-c:= ) + lmdb? ( dev-db/lmdb ) + zlib? ( sys-libs/zlib ) + dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) + python? ( + ${PYTHON_DEPS} + dev-python/ply[${PYTHON_USEDEP}] + )" +# sdb-ldap? ( net-nds/openldap ) + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-bind ) + || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" + +S="${WORKDIR}/${MY_P}" + +# bug 479092, requires networking +RESTRICT="test" + +pkg_setup() { + ebegin "Creating named group and user" + enewgroup named 40 + enewuser named 40 -1 /etc/bind named + eend ${?} +} + +src_prepare() { + default + + # Adjusting PATHs in manpages + for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do + sed -i \ + -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ + -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ + -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ + "${i}" || die "sed failed, ${i} doesn't exist" + done + +# if use dlz; then +# # sdb-ldap patch as per bug #160567 +# # Upstream URL: http://bind9-ldap.bayour.com/ +# # New patch take from bug 302735 +# if use sdb-ldap; then +# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch +# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ +# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ +# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ +# fi +# fi + + # should be installed by bind-tools + sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die + + # Disable tests for now, bug 406399 + sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die + + # bug #220361 + rm aclocal.m4 + rm -rf libtool.m4/ + eautoreconf +} + +src_configure() { + local myeconfargs=( + --sysconfdir=/etc/bind + --localstatedir=/var + --with-libtool + --enable-full-report + --without-readline + $(use_enable caps linux-caps) + $(use_enable dnsrps) + $(use_enable dnstap) + $(use_enable fixed-rrset) + $(use_enable ipv6) + $(use_enable rpz rpz-nsdname) + $(use_enable rpz rpz-nsip) + $(use_enable seccomp) + # $(use_enable static-libs static) + $(use_enable threads) + $(use_with berkdb dlz-bdb) + $(use_with dlz dlopen) + $(use_with dlz dlz-filesystem) + $(use_with dlz dlz-stub) + $(use_with gost) + $(use_with gssapi) + $(use_with json libjson) + $(use_with ldap dlz-ldap) + $(use_with mysql dlz-mysql) + $(use_with odbc dlz-odbc) + $(use_with postgres dlz-postgres) + $(use_with lmdb) + $(use_with python) + $(use_with ssl ecdsa) + $(use_with ssl openssl "${EPREFIX}"/usr) + $(use_with xml libxml2) + $(use_with zlib) + ) + + if use urandom; then + myeconfargs+=( --with-randomdev=/dev/urandom ) + else + myeconfargs+=( --with-randomdev=/dev/random ) + fi + + use geoip && myeconfargs+=( --with-geoip ) + + # bug #158664 +# gcc-specs-ssp && replace-flags -O[23s] -O + + # To include db.h from proper path + use berkdb && append-flags "-I$(db_includedir)" + + export BUILD_CC=$(tc-getBUILD_CC) + econf "${myeconfargs[@]}" + + # bug #151839 + echo '#undef SO_BSDCOMPAT' >> config.h +} + +src_install() { + emake DESTDIR="${D}" install + + dodoc CHANGES README + + if use doc; then + dodoc doc/arm/Bv9ARM.pdf + + docinto misc + dodoc doc/misc/* + + # might a 'html' useflag make sense? + docinto html + dodoc -r doc/arm/* + + docinto contrib + dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} + + # some handy-dandy dynamic dns examples + pushd "${ED%/}"/usr/share/doc/${PF} 1>/dev/null || die + tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die + popd 1>/dev/null || die + fi + + insinto /etc/bind + newins "${FILESDIR}"/named.conf-r8 named.conf + + # ftp://ftp.rs.internic.net/domain/named.cache: + insinto /var/bind + newins "${FILESDIR}"/named.cache-r3 named.cache + + insinto /var/bind/pri + newins "${FILESDIR}"/localhost.zone-r3 localhost.zone + + newinitd "${FILESDIR}"/named.init-r13 named + newconfd "${FILESDIR}"/named.confd-r7 named + + if use gost; then + sed -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' \ + -i "${ED%/}/etc/init.d/named" || die + else + sed -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' \ + -i "${ED%/}/etc/init.d/named" || die + fi + + newenvd "${FILESDIR}"/10bind.env 10bind + + # Let's get rid of those tools and their manpages since they're provided by bind-tools + rm -f "${ED%/}"/usr/share/man/man1/{dig,host,nslookup}.1* + rm -f "${ED%/}"/usr/share/man/man8/nsupdate.8* + rm -f "${ED%/}"/usr/bin/{dig,host,nslookup,nsupdate} + rm -f "${ED%/}"/usr/sbin/{dig,host,nslookup,nsupdate} + for tool in dsfromkey importkey keyfromlabel keygen \ + revoke settime signzone verify; do + rm -f "${ED%/}"/usr/{,s}bin/dnssec-"${tool}" + rm -f "${ED%/}"/usr/share/man/man8/dnssec-"${tool}".8* + done + + # bug 405251, library archives aren't properly handled by --enable/disable-static + if ! use static-libs; then + find "${ED}" -type f -name '*.a' -delete || die + fi + + # bug 405251 + find "${ED}" -type f -name '*.la' -delete || die + + if use python; then + install_python_tools() { + dosbin bin/python/dnssec-{checkds,coverage} + } + python_foreach_impl install_python_tools + + python_replicate_script "${ED%/}/usr/sbin/dnssec-checkds" + python_replicate_script "${ED%/}/usr/sbin/dnssec-coverage" + fi + + # bug 450406 + dosym named.cache /var/bind/root.cache + + dosym /var/bind/pri /etc/bind/pri + dosym /var/bind/sec /etc/bind/sec + dosym /var/bind/dyn /etc/bind/dyn + keepdir /var/bind/{pri,sec,dyn} + + dodir /var/log/named + + fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} + fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} + fperms 0750 /etc/bind /var/bind/pri + fperms 0770 /var/log/named /var/bind/{,sec,dyn} + + systemd_newunit "${FILESDIR}/named.service-r1" named.service + systemd_dotmpfilesd "${FILESDIR}"/named.conf + exeinto /usr/libexec + doexe "${FILESDIR}/generate-rndc-key.sh" +} + +pkg_postinst() { + if [ ! -f '/etc/bind/rndc.key' ]; then + if use urandom; then + einfo "Using /dev/urandom for generating rndc.key" + /usr/sbin/rndc-confgen -r /dev/urandom -a + echo + else + einfo "Using /dev/random for generating rndc.key" + /usr/sbin/rndc-confgen -a + echo + fi + chown root:named /etc/bind/rndc.key || die + chmod 0640 /etc/bind/rndc.key || die + fi + + einfo + einfo "You can edit /etc/conf.d/named to customize named settings" + einfo + use mysql || use postgres || use ldap && { + elog "If your named depends on MySQL/PostgreSQL or LDAP," + elog "uncomment the specified rc_named_* lines in your" + elog "/etc/conf.d/named config to ensure they'll start before bind" + einfo + } + einfo "If you'd like to run bind in a chroot AND this is a new" + einfo "install OR your bind doesn't already run in a chroot:" + einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." + einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" + einfo + + CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) + if [[ -n ${CHROOT} ]]; then + elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + elog "To enable the old behaviour (without using mount) uncomment the" + elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + elog "If you decide to use the new/default method, ensure to make backup" + elog "first and merge your existing configs/zones to /etc/bind and" + elog "/var/bind because bind will now mount the needed directories into" + elog "the chroot dir." + fi +} + +pkg_config() { + CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) + CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) + CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) + + if [[ -z "${CHROOT}" ]]; then + eerror "This config script is designed to automate setting up" + eerror "a chrooted bind/named. To do so, please first uncomment" + eerror "and set the CHROOT variable in '/etc/conf.d/named'." + die "Unset CHROOT" + fi + if [[ -d "${CHROOT}" ]]; then + ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" + ewarn "To enable the old behaviour (without using mount) uncomment the" + ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." + ewarn + ewarn "${CHROOT} already exists... some things might become overridden" + ewarn "press CTRL+C if you don't want to continue" + sleep 10 + fi + + echo; einfo "Setting up the chroot directory..." + + mkdir -m 0750 -p ${CHROOT} || die + mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die + mkdir -m 0750 -p ${CHROOT}/etc/bind || die + mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die + # As of bind 9.8.0 + if has_version net-dns/bind[gost]; then + mkdir -m 0755 -p ${CHROOT}/usr/$(get_libdir)/engines || die + if [ "$(get_libdir)" = "lib64" ]; then + ln -s lib64 ${CHROOT}/usr/lib || die + fi + fi + chown root:named \ + ${CHROOT} \ + ${CHROOT}/var/{bind,log/named} \ + ${CHROOT}/run/named/ \ + ${CHROOT}/etc/bind \ + || die + + mknod ${CHROOT}/dev/null c 1 3 || die + chmod 0666 ${CHROOT}/dev/null || die + + mknod ${CHROOT}/dev/zero c 1 5 || die + chmod 0666 ${CHROOT}/dev/zero || die + + if use urandom; then + mknod ${CHROOT}/dev/urandom c 1 9 || die + chmod 0666 ${CHROOT}/dev/urandom || die + else + mknod ${CHROOT}/dev/random c 1 8 || die + chmod 0666 ${CHROOT}/dev/random || die + fi + + if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then + cp -a /etc/bind ${CHROOT}/etc/ || die + cp -a /var/bind ${CHROOT}/var/ || die + fi + + if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then + mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die + fi + + elog "You may need to add the following line to your syslog-ng.conf:" + elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" +} diff --git a/net-dns/bind/bind-9.12.3_p1.ebuild b/net-dns/bind/bind-9.12.3_p1.ebuild deleted file mode 100644 index 0bc4957e1874..000000000000 --- a/net-dns/bind/bind-9.12.3_p1.ebuild +++ /dev/null @@ -1,407 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -# Re dlz/mysql and threads, needs to be verified.. -# MySQL uses thread local storage in its C api. Thus MySQL -# requires that each thread of an application execute a MySQL -# thread initialization to setup the thread local storage. -# This is impossible to do safely while staying within the DLZ -# driver API. This is a limitation caused by MySQL, and not the DLZ API. -# Because of this BIND MUST only run with a single thread when -# using the MySQL driver. - -EAPI=7 - -PYTHON_COMPAT=( python2_7 python3_{4,5,6,7} ) - -inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd - -MY_PV="${PV/_p/-P}" -MY_PV="${MY_PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" - -SDB_LDAP_VER="1.1.0-fc14" - -RRL_PV="${MY_PV}" - -# SDB-LDAP: http://bind9-ldap.bayour.com/ - -DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" -HOMEPAGE="http://www.isc.org/software/bind" -SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz - doc? ( mirror://gentoo/dyndns-samples.tbz2 )" -# sdb-ldap? ( -# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 -# )" - -LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# -berkdb by default re bug 602682 -IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip gost gssapi ipv6 -json ldap libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs -+threads urandom xml +zlib" -# sdb-ldap - patch broken -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 - -REQUIRED_USE=" - postgres? ( dlz ) - berkdb? ( dlz ) - mysql? ( dlz !threads ) - odbc? ( dlz ) - ldap? ( dlz ) - gost? ( !libressl ssl ) - threads? ( caps ) - dnstap? ( threads ) - python? ( ${PYTHON_REQUIRED_USE} )" -# sdb-ldap? ( dlz ) - -DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0[-bindist] ) - libressl? ( dev-libs/libressl ) - ) - mysql? ( >=virtual/mysql-4.0 ) - odbc? ( >=dev-db/unixODBC-2.2.6 ) - ldap? ( net-nds/openldap ) - postgres? ( dev-db/postgresql:= ) - caps? ( >=sys-libs/libcap-2.1.0 ) - xml? ( dev-libs/libxml2 ) - geoip? ( >=dev-libs/geoip-1.4.6 ) - gssapi? ( virtual/krb5 ) - gost? ( - || ( - =dev-libs/openssl-1.0*[-bindist] - ( - >=dev-libs/openssl-1.1 - dev-libs/gost-engine - ) - ) - ) - seccomp? ( sys-libs/libseccomp ) - json? ( dev-libs/json-c:= ) - lmdb? ( dev-db/lmdb ) - zlib? ( sys-libs/zlib ) - dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) - python? ( - ${PYTHON_DEPS} - dev-python/ply[${PYTHON_USEDEP}] - )" -# sdb-ldap? ( net-nds/openldap ) - -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-bind ) - || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" - -S="${WORKDIR}/${MY_P}" - -# bug 479092, requires networking -RESTRICT="test" - -pkg_setup() { - ebegin "Creating named group and user" - enewgroup named 40 - enewuser named 40 -1 /etc/bind named - eend ${?} -} - -src_prepare() { - default - - # Adjusting PATHs in manpages - for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do - sed -i \ - -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ - -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ - -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ - "${i}" || die "sed failed, ${i} doesn't exist" - done - -# if use dlz; then -# # sdb-ldap patch as per bug #160567 -# # Upstream URL: http://bind9-ldap.bayour.com/ -# # New patch take from bug 302735 -# if use sdb-ldap; then -# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch -# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ -# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ -# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ -# fi -# fi - - # should be installed by bind-tools - sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die - - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die - - # bug #220361 - rm aclocal.m4 - rm -rf libtool.m4/ - eautoreconf -} - -src_configure() { - local myeconfargs=( - --sysconfdir=/etc/bind - --localstatedir=/var - --with-libtool - --enable-full-report - --without-readline - $(use_enable caps linux-caps) - $(use_enable dnsrps) - $(use_enable dnstap) - $(use_enable fixed-rrset) - $(use_enable ipv6) - $(use_enable rpz rpz-nsdname) - $(use_enable rpz rpz-nsip) - $(use_enable seccomp) - # $(use_enable static-libs static) - $(use_enable threads) - $(use_with berkdb dlz-bdb) - $(use_with dlz dlopen) - $(use_with dlz dlz-filesystem) - $(use_with dlz dlz-stub) - $(use_with gost) - $(use_with gssapi) - $(use_with json libjson) - $(use_with ldap dlz-ldap) - $(use_with mysql dlz-mysql) - $(use_with odbc dlz-odbc) - $(use_with postgres dlz-postgres) - $(use_with lmdb) - $(use_with python) - $(use_with ssl ecdsa) - $(use_with ssl openssl "${EPREFIX}"/usr) - $(use_with xml libxml2) - $(use_with zlib) - ) - - if use urandom; then - myeconfargs+=( --with-randomdev=/dev/urandom ) - else - myeconfargs+=( --with-randomdev=/dev/random ) - fi - - use geoip && myeconfargs+=( --with-geoip ) - - # bug #158664 -# gcc-specs-ssp && replace-flags -O[23s] -O - - # To include db.h from proper path - use berkdb && append-flags "-I$(db_includedir)" - - export BUILD_CC=$(tc-getBUILD_CC) - econf "${myeconfargs[@]}" - - # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h -} - -src_install() { - emake DESTDIR="${D}" install - - dodoc CHANGES README - - if use doc; then - dodoc doc/arm/Bv9ARM.pdf - - docinto misc - dodoc doc/misc/* - - # might a 'html' useflag make sense? - docinto html - dodoc -r doc/arm/* - - docinto contrib - dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} - - # some handy-dandy dynamic dns examples - pushd "${ED%/}"/usr/share/doc/${PF} 1>/dev/null || die - tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die - popd 1>/dev/null || die - fi - - insinto /etc/bind - newins "${FILESDIR}"/named.conf-r8 named.conf - - # ftp://ftp.rs.internic.net/domain/named.cache: - insinto /var/bind - newins "${FILESDIR}"/named.cache-r3 named.cache - - insinto /var/bind/pri - newins "${FILESDIR}"/localhost.zone-r3 localhost.zone - - newinitd "${FILESDIR}"/named.init-r13 named - newconfd "${FILESDIR}"/named.confd-r7 named - - if use gost; then - sed -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' \ - -i "${ED%/}/etc/init.d/named" || die - else - sed -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' \ - -i "${ED%/}/etc/init.d/named" || die - fi - - newenvd "${FILESDIR}"/10bind.env 10bind - - # Let's get rid of those tools and their manpages since they're provided by bind-tools - rm -f "${ED%/}"/usr/share/man/man1/{dig,host,nslookup}.1* - rm -f "${ED%/}"/usr/share/man/man8/nsupdate.8* - rm -f "${ED%/}"/usr/bin/{dig,host,nslookup,nsupdate} - rm -f "${ED%/}"/usr/sbin/{dig,host,nslookup,nsupdate} - for tool in dsfromkey importkey keyfromlabel keygen \ - revoke settime signzone verify; do - rm -f "${ED%/}"/usr/{,s}bin/dnssec-"${tool}" - rm -f "${ED%/}"/usr/share/man/man8/dnssec-"${tool}".8* - done - - # bug 405251, library archives aren't properly handled by --enable/disable-static - if ! use static-libs; then - find "${ED}" -type f -name '*.a' -delete || die - fi - - # bug 405251 - find "${ED}" -type f -name '*.la' -delete || die - - if use python; then - install_python_tools() { - dosbin bin/python/dnssec-{checkds,coverage} - } - python_foreach_impl install_python_tools - - python_replicate_script "${ED%/}/usr/sbin/dnssec-checkds" - python_replicate_script "${ED%/}/usr/sbin/dnssec-coverage" - fi - - # bug 450406 - dosym named.cache /var/bind/root.cache - - dosym /var/bind/pri /etc/bind/pri - dosym /var/bind/sec /etc/bind/sec - dosym /var/bind/dyn /etc/bind/dyn - keepdir /var/bind/{pri,sec,dyn} - - dodir /var/log/named - - fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} - fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0750 /etc/bind /var/bind/pri - fperms 0770 /var/log/named /var/bind/{,sec,dyn} - - systemd_newunit "${FILESDIR}/named.service-r1" named.service - systemd_dotmpfilesd "${FILESDIR}"/named.conf - exeinto /usr/libexec - doexe "${FILESDIR}/generate-rndc-key.sh" -} - -pkg_postinst() { - if [ ! -f '/etc/bind/rndc.key' ]; then - if use urandom; then - einfo "Using /dev/urandom for generating rndc.key" - /usr/sbin/rndc-confgen -r /dev/urandom -a - echo - else - einfo "Using /dev/random for generating rndc.key" - /usr/sbin/rndc-confgen -a - echo - fi - chown root:named /etc/bind/rndc.key || die - chmod 0640 /etc/bind/rndc.key || die - fi - - einfo - einfo "You can edit /etc/conf.d/named to customize named settings" - einfo - use mysql || use postgres || use ldap && { - elog "If your named depends on MySQL/PostgreSQL or LDAP," - elog "uncomment the specified rc_named_* lines in your" - elog "/etc/conf.d/named config to ensure they'll start before bind" - einfo - } - einfo "If you'd like to run bind in a chroot AND this is a new" - einfo "install OR your bind doesn't already run in a chroot:" - einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." - einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" - einfo - - CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) - if [[ -n ${CHROOT} ]]; then - elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - elog "To enable the old behaviour (without using mount) uncomment the" - elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - elog "If you decide to use the new/default method, ensure to make backup" - elog "first and merge your existing configs/zones to /etc/bind and" - elog "/var/bind because bind will now mount the needed directories into" - elog "the chroot dir." - fi -} - -pkg_config() { - CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) - CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) - CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) - - if [[ -z "${CHROOT}" ]]; then - eerror "This config script is designed to automate setting up" - eerror "a chrooted bind/named. To do so, please first uncomment" - eerror "and set the CHROOT variable in '/etc/conf.d/named'." - die "Unset CHROOT" - fi - if [[ -d "${CHROOT}" ]]; then - ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - ewarn "To enable the old behaviour (without using mount) uncomment the" - ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - ewarn - ewarn "${CHROOT} already exists... some things might become overridden" - ewarn "press CTRL+C if you don't want to continue" - sleep 10 - fi - - echo; einfo "Setting up the chroot directory..." - - mkdir -m 0750 -p ${CHROOT} || die - mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} || die - mkdir -m 0750 -p ${CHROOT}/etc/bind || die - mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ || die - # As of bind 9.8.0 - if has_version net-dns/bind[gost]; then - mkdir -m 0755 -p ${CHROOT}/usr/$(get_libdir)/engines || die - if [ "$(get_libdir)" = "lib64" ]; then - ln -s lib64 ${CHROOT}/usr/lib || die - fi - fi - chown root:named \ - ${CHROOT} \ - ${CHROOT}/var/{bind,log/named} \ - ${CHROOT}/run/named/ \ - ${CHROOT}/etc/bind \ - || die - - mknod ${CHROOT}/dev/null c 1 3 || die - chmod 0666 ${CHROOT}/dev/null || die - - mknod ${CHROOT}/dev/zero c 1 5 || die - chmod 0666 ${CHROOT}/dev/zero || die - - if use urandom; then - mknod ${CHROOT}/dev/urandom c 1 9 || die - chmod 0666 ${CHROOT}/dev/urandom || die - else - mknod ${CHROOT}/dev/random c 1 8 || die - chmod 0666 ${CHROOT}/dev/random || die - fi - - if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then - cp -a /etc/bind ${CHROOT}/etc/ || die - cp -a /var/bind ${CHROOT}/var/ || die - fi - - if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then - mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP || die - fi - - elog "You may need to add the following line to your syslog-ng.conf:" - elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" -} diff --git a/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch b/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch deleted file mode 100644 index 4a2c7832ebfe..000000000000 --- a/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch +++ /dev/null @@ -1,110 +0,0 @@ -diff --git a/bin/named/server.c b/bin/named/server.c -index 64a5180..41a1826 100644 ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -3376,10 +3376,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - dns_acache_setcachesize(view->acache, max_acache_size); - } - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query", NULL, actx, -- ns_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -4258,9 +4254,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - INSIST(result == ISC_R_SUCCESS); - view->trust_anchor_telemetry = cfg_obj_asboolean(obj); - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query-cache-on", NULL, actx, -- ns_g_mctx, &view->cacheonacl)); - /* - * Set sources where additional data and CNAME/DNAME - * targets for authoritative answers may be found. -@@ -4287,22 +4280,40 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - view->additionalfromcache = ISC_TRUE; - } - -+ CHECK(configure_view_acl(vconfig, config, ns_g_config, -+ "allow-query-cache-on", NULL, actx, -+ ns_g_mctx, &view->cacheonacl)); -+ - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, ns_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ ns_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ ns_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - ns_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - ns_g_mctx, &view->recursiononacl)); -@@ -4340,18 +4351,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion", NULL, - actx, ns_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion-on", NULL, - actx, ns_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-query-cache", NULL, - actx, ns_g_mctx, -@@ -4365,6 +4379,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, ns_g_config, -+ "allow-query", NULL, -+ actx, ns_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, diff --git a/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch b/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch deleted file mode 100644 index 75c98d4f1755..000000000000 --- a/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch +++ /dev/null @@ -1,95 +0,0 @@ -diff --git a/bin/named/server.c b/bin/named/server.c -index f63554e..847c4ff 100644 ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -3725,10 +3725,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - CHECKM(named_config_getport(config, &port), "port"); - dns_view_setdstport(view, port); - -- CHECK(configure_view_acl(vconfig, config, named_g_config, -- "allow-query", NULL, actx, -- named_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -4692,21 +4688,35 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - "allow-query-cache-on", NULL, actx, - named_g_mctx, &view->cacheonacl)); - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, named_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ named_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ named_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - named_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - named_g_mctx, &view->recursiononacl)); -@@ -4744,18 +4754,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-recursion", NULL, - actx, named_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-recursion-on", NULL, - actx, named_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-query-cache", NULL, - actx, named_g_mctx, -@@ -4769,6 +4782,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, named_g_config, -+ "allow-query", NULL, -+ actx, named_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml index 8ccec0f9e0a2..06a3fa600f23 100644 --- a/net-dns/bind/metadata.xml +++ b/net-dns/bind/metadata.xml @@ -17,7 +17,6 @@ Enable JSON statistics channel Enables IDN support using net-dns/libidn2 rather than using net-dns/idnkit Enable LMDB support to store configuration for 'addzone' zones - Build and install the nslint util Enable response policy rewriting (rpz) Use /dev/urandom instead of /dev/random diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest index 0abb2d0e335f..70736b03d009 100644 --- a/net-dns/djbdns/Manifest +++ b/net-dns/djbdns/Manifest @@ -18,5 +18,5 @@ DIST djbdns-1.05-test27.diff.bz2 20695 BLAKE2B 5eb2b5deeb81ec802bec4787b844f8b07 DIST djbdns-1.05-test28.diff.xz 22072 BLAKE2B fff6c13220adfa056a0ac5942ff9385d83b75f8622adaebab65f557a2ca8d014fe3c255fe55ba9afca56b24880b7cd28597b26b5bcc3bbbd3ef9f581b67004fd SHA512 7fbfeda10221a0a09897c2e744df5606c83113c394ce055d822b0d8733873d72567a88c37905d21c7d2395170fc12b9e9eb133a941aa809f1b9856872ab48230 DIST djbdns-1.05.tar.gz 85648 BLAKE2B 51918fcc8944e64e72709636ee7d56975a138a2806e22c019fa836770de3a338bb8f682216b89c09d6b2861c2423e60e28dc60639f5a86aca2040e1788e4cf5c SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9 EBUILD djbdns-1.05-r32.ebuild 4351 BLAKE2B ef4774774e33fc267e4a4f9f94c82c5d0e909cf32a8edbcec301991325e83c9d48a5ddc96f01a0f7fb5fc8e0f775133410fc97f61da861753f83bc774d8d6ea4 SHA512 03311e521344f266b46fa0e72e319363c22f344d330422343f6f4fb7474017ca97b6361decb7956a5e396b067a00aa11c82769945bec34ae285302a99804fd95 -EBUILD djbdns-1.05-r33.ebuild 3678 BLAKE2B b64b85007e2e0aa3620af5898b2abc737d5efbb6989ff3e7d8e45a90b1660c481a01d0441c83fadf690ef4945cfd202a0dbaed599bcf0c0cddb43686f428f693 SHA512 fa5078523925f715933dea95fd1b8cb6c50ea46e73841d0ca05e477ea95e362c05750bf5a7dbb8174a13cf617d113c02ab7a5ee627b7f8e87b03a33d6987fed6 +EBUILD djbdns-1.05-r33.ebuild 3669 BLAKE2B cd377c17efade7cf27320b12a63dd5af23689c9049551803fc0afc78ffc4a1a618784a243557d3269e21b92dffa91905404a79d88134c437bf3be316492b8237 SHA512 327373b911ba458b7410c25a7be52dca868ced6c59aa3e24b74998e65bd433d927a7c1e2f2bd8463ea113fb2a682e3771efd15742f304837f2b658fd3609e0a7 MISC metadata.xml 244 BLAKE2B c21c7a6cd7f859220baee98b22912e06955a7d63b4fc954a40507126ef6cb30659a3b7e89e798bb7d074814810f9625d3979ed2ac8877e213dc378da841bc786 SHA512 125b00b9e85650a6dcc365871f9f8be44d85cde4b938a66f7d96b6dc0237a1cae68b30be1ee16d7850998fc31be35eaf459df1bb7d9ea169904854b532f37bab diff --git a/net-dns/djbdns/djbdns-1.05-r33.ebuild b/net-dns/djbdns/djbdns-1.05-r33.ebuild index ad80420e697d..7f53b8fb3fcd 100644 --- a/net-dns/djbdns/djbdns-1.05-r33.ebuild +++ b/net-dns/djbdns/djbdns-1.05-r33.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -14,7 +14,7 @@ SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz SLOT="0" LICENSE="public-domain" -KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" +KEYWORDS="~alpha amd64 hppa ~mips ppc ppc64 sparc x86" IUSE="ipv6 selinux" DEPEND="" diff --git a/net-dns/opendnssec/Manifest b/net-dns/opendnssec/Manifest index 9f1951c10749..de64a0aff011 100644 --- a/net-dns/opendnssec/Manifest +++ b/net-dns/opendnssec/Manifest @@ -7,7 +7,8 @@ AUX opendnssec-fix-localstatedir-2.0.x.patch 1161 BLAKE2B 28469aaad2878cdb1f58f2 AUX opendnssec-fix-localstatedir.patch 1693 BLAKE2B 82220ef1f5c5da994fd01671436b9e47a5f0a08737e52a440866499792326389bc495de00305853dbdc6a08ef8b6288e509a8b2310461724f6f4d42aa2245614 SHA512 86700c97bb482f5fa6d99fe8f105c41e8798de542e6cf5fd4d6c14da11237e4fd11eccb2900de4893898d7855e31beb6572c709c2dad9774d5fe440673af2627 AUX opendnssec-fix-run-dir-2.0.x.patch 1188 BLAKE2B c11d3e120dac17f4d9bb24c561cf67e33806c906391e0033677e1ecfa423ddae563cb20680a73b8dec4c50e0b1fd2dbc0cf0adb82c77e67f50a5f4a40e26a871 SHA512 293c2ceb336623ed52028ca3144c4249eaf426dd2eb84890be9f1ed53e27d4ff5fd6a699d41426ca57d6362c2f83dd8b3556691da2815235f72e69ab4ef45165 AUX opendnssec-fix-run-dir.patch 1204 BLAKE2B 8109370737931c9172d7e89a02cf08cdb38524f91429c8526d27a18f90672586fc95eed671e3a2222698832e1df4cfad292950bd8b364af67ca9242e7dd074f4 SHA512 f604ab24731bd84498f33dc3213b937335e55f805d4913e80b037b91cc5bf14f406cb2af14cc455a9a23c45a3475ef1b3901c68760188d9e4a36d314d29f8f84 -AUX opendnssec-use-system-trang.patch 614 BLAKE2B 87d80d468c0ab85d88a495d5e2b506520e965645a5b4a7129c8cf9b6bbf9898f01516d08d665d76905e2f2e0c7fa5377137bbcfc6a5669e7bb7ba399d3f32813 SHA512 9e95943d145ce7a05e32af60a944c6ee6d74fdff0fa9f0ea233070b44567bce4f5ca6bde57411effa7bab192ec58face34cddf2c349ccff3b78fc66c1f35074d +AUX opendnssec-openssl1.1.patch 1823 BLAKE2B e94d97755bde512efa87751f99655903a9b9627d0a4896294f643d89adbf7aa6fa1a0edf9098d0d2a1fc059aeaf2e19f6c814807b9fd2716fdf98401e3c15b06 SHA512 17dac7598339ba5a8d1459c93c837344d926cd939b830502040e5c41514bb6261d25486dbfce5e2d9994c01d990dbf88108563aab1b04b02c6a69ba988503a73 +AUX opendnssec-use-system-trang.patch 618 BLAKE2B 32e1b6784f1666e0485e6109af40b06373fbdc974f90bf3a3d6fc564d7c69728151afc5a9f793c96a3be77593bb2679af9dee4456bf69e89367fa459f8b70435 SHA512 316b89a2c6ba56c4fe45d00ad1bc31316fa20ba7177a2cc0979c23f11aba4234cd2f0b8972f98e4f14be9535b704fdc3177a514a41c489eb43016f8ff878795c AUX opendnssec.confd 393 BLAKE2B 47f83e11292c01cb999fae36dbea2d0b45cb970493bfbab43c43682fe26e574e12bbe7f7096e71ff7bd0b8b49827f13e4de858a38868706fa769cc92ceb1f307 SHA512 17bd24efef9bd6b7a907c75126809a6012db23a6c8547169c41dbc62fc91775331f445905282bc6c2ef13357f92eccab5008d4605419d98acdb723806b63a924 AUX opendnssec.confd-1.3.x 477 BLAKE2B e131ba95566a4d9cdab721551c7056c9ab07c0cd62b100ac4a84c4363a8ec96482758c13ec35f6188581764550364936123ea8011359278ef054f2ca03a509e0 SHA512 e45cd05e9d972dce5254f333ce21fd599ed905e8009f67de636c3a72dcd49e43fb75f702e21665dd3f19602fb9a5be5b6ff34e147ac4e29844560cc4f65f727c AUX opendnssec.initd 1854 BLAKE2B 358bcf513123f7a38b7795f142f56e6a186062d1ad80bb70bee46ba7ebe7a137b4d2830a6c27ae690add23e0296ed2bd3a7a5d7ee88e1ee7ee3a8a9631306916 SHA512 75bce27c152b55ba2ba7d0770c6f2149493ef4b145f2257328e7e4b6865ad2d644695a688c3e06be02705ac42752e031846551b80b560e19a73e595e5ad15def @@ -21,5 +22,5 @@ EBUILD opendnssec-1.3.18-r1.ebuild 5693 BLAKE2B 4dd186eb49ed5d4b293c0a43907d8b43 EBUILD opendnssec-1.4.12-r1.ebuild 5780 BLAKE2B 28b72f5541667b5218f5bb631593855394084405d95dfcbf16afe36325ab7171708e3eb0111a3c403f747c52d1e44c897436f4775f1b7cdebb0578d09ca4ac6f SHA512 3e0ac6197e86315794dd604de6adb605845c09f8a00958189f35d3432b748de2e2d8589c217035c4dd167971452026d56a6b2ca38db0af8d7eb18ad8f888237c EBUILD opendnssec-1.4.8.2.ebuild 5830 BLAKE2B 162c6e75f89225d73b455191f65c37ba680eefbeccdc12d21bac984257ff4b5ceb82843c42020b43b4330af2dea4cb70c6a74eb83dc0b00d70f02ae5d91e0fc1 SHA512 d9cb344ca13a2a926f46e4dd041453132cb669d0ae23f4180dda38ca12fa41f6aa6187d7e9cf70ca8e36ec4266cd75569a36d928c9ab65800c68ecc11ec6da80 EBUILD opendnssec-2.0.1-r1.ebuild 6763 BLAKE2B e4f38470013f4d90ba567d3d5520df89fa15d5d77b6b3f7a9faa224fe1f60e1eef6980f20f83b69688d44d860e94f7f56cf98b8259acc07a1d89d03fd17deaf1 SHA512 9398125ccf2e3bc05ffc8c87e9582374075cb89d079e3e01364134f6529f399fa7556afd1d489f43235a31f6e2c7e13726b6552ab59d757df761680668ad7102 -EBUILD opendnssec-2.0.3.ebuild 6763 BLAKE2B e4f38470013f4d90ba567d3d5520df89fa15d5d77b6b3f7a9faa224fe1f60e1eef6980f20f83b69688d44d860e94f7f56cf98b8259acc07a1d89d03fd17deaf1 SHA512 9398125ccf2e3bc05ffc8c87e9582374075cb89d079e3e01364134f6529f399fa7556afd1d489f43235a31f6e2c7e13726b6552ab59d757df761680668ad7102 +EBUILD opendnssec-2.0.3-r1.ebuild 6732 BLAKE2B e1cb04da8eab2d36761f775c9af776665771276bb274cd51d0537069e1e3fd67eecf862f5766b8137dfefef31ba114a14c1f1365e0355324be72bb548e1d0a8c SHA512 0dbc6c60279574513b0d1eb60b4583a845b7961e9615eec81a0f09488cdaa40d6532895bada99c016af7eb59fdf3011c61178e2c149410965c86849d9bf49a43 MISC metadata.xml 906 BLAKE2B 87ce475aaab1ed562daa0c2102e206f32abc25b9fd77932bd6a33e5f31990864dd0da48e48e7165debc10ae0653f6bed364c12a52df48dd448e29590bf6f7141 SHA512 9cddc6b15c7a959cb885bc639c19e166ee202dd4b45db50c9bbb3b61fe9e84311f023a3d34cfc44e689cf81df092211fa4cb88427fb143c113bdfc1e7897112e diff --git a/net-dns/opendnssec/files/opendnssec-openssl1.1.patch b/net-dns/opendnssec/files/opendnssec-openssl1.1.patch new file mode 100644 index 000000000000..b81068c4b9fd --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-openssl1.1.patch @@ -0,0 +1,55 @@ +--- a/signer/src/wire/tsig-openssl.c ++++ b/signer/src/wire/tsig-openssl.c +@@ -126,7 +126,11 @@ static void + cleanup_context(void *data) + { + HMAC_CTX* context = (HMAC_CTX*) data; ++#ifdef HAVE_SSL_NEW_HMAC ++ HMAC_CTX_free(context); ++#else + HMAC_CTX_cleanup(context); ++#endif + } + + static void +@@ -146,8 +150,13 @@ static void* + create_context() + { + HMAC_CTX* context; ++#ifdef HAVE_SSL_NEW_HMAC ++ CHECKALLOC(context = HMAC_CTX_new()); ++ HMAC_CTX_reset(context); ++#else + CHECKALLOC(context = (HMAC_CTX*) malloc(sizeof(HMAC_CTX))); + HMAC_CTX_init(context); ++#endif + context_add_cleanup(context); + return context; + } +--- a/m4/acx_ssl.m4 2016-10-14 09:40:13.000000000 -0400 ++++ b/m4/acx_ssl.m4 2019-02-18 13:52:49.861127549 -0500 +@@ -35,12 +35,21 @@ + if test x_$ssldir = x_/usr/sfw; then + SSL_LIBS="$SSL_LIBS -R$ssldir/lib"; + fi +- AC_CHECK_LIB(crypto, HMAC_CTX_init,, [ +- AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) +- ]) ++ save_LIBS=$LIBS ++ AC_CHECK_LIB(crypto, HMAC_CTX_reset, [ ++ AC_DEFINE_UNQUOTED([HAVE_SSL_NEW_HMAC], [], [Define if you have the SSL libraries with new HMAC related functions.]) ++ ], [ ++ AC_CHECK_LIB(crypto, HMAC_CTX_init,, [ ++ AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) ++ ]) ++ ] ) ++ SSL_LIBS="$SSL_LIBS -lcrypto"; ++ LIBS="$SSL_LIBS $LIBS" + AC_CHECK_FUNCS([EVP_sha1 EVP_sha256]) ++ LIBS=$saveLIBS + fi + AC_SUBST(HAVE_SSL) ++ AC_SUBST(HAVE_SSL_NEW_HMAC) + AC_SUBST(SSL_INCLUDES) + AC_SUBST(SSL_LIBS) + fi diff --git a/net-dns/opendnssec/files/opendnssec-use-system-trang.patch b/net-dns/opendnssec/files/opendnssec-use-system-trang.patch index 745b277e1339..4cc564c265a3 100644 --- a/net-dns/opendnssec/files/opendnssec-use-system-trang.patch +++ b/net-dns/opendnssec/files/opendnssec-use-system-trang.patch @@ -1,5 +1,5 @@ ---- conf/Makefile.am.orig 2013-05-12 22:45:26.514768943 +0200 -+++ conf/Makefile.am 2013-05-12 22:46:33.399545628 +0200 +--- a/conf/Makefile.am.orig 2013-05-12 22:45:26.514768943 +0200 ++++ b/conf/Makefile.am 2013-05-12 22:46:33.399545628 +0200 @@ -7,7 +7,7 @@ XML = addns.xml conf.xml kasp.xml zonelist.xml signconf.xml enforcerstate.xml XSL= kasp2html.xsl diff --git a/net-dns/opendnssec/opendnssec-2.0.3-r1.ebuild b/net-dns/opendnssec/opendnssec-2.0.3-r1.ebuild new file mode 100644 index 000000000000..d8769127684e --- /dev/null +++ b/net-dns/opendnssec/opendnssec-2.0.3-r1.ebuild @@ -0,0 +1,236 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +MY_P="${P/_}" +PKCS11_IUSE="+softhsm opensc external-hsm" +inherit autotools user + +DESCRIPTION="An open-source turn-key solution for DNSSEC" +HOMEPAGE="http://www.opendnssec.org/" +SRC_URI="http://www.${PN}.org/files/source/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug doc +mysql readline +signer sqlite test ${PKCS11_IUSE}" + +RDEPEND=" + dev-lang/perl + dev-libs/libxml2 + dev-libs/libxslt + net-libs/ldns + mysql? ( + dev-db/mysql-connector-c:0= + dev-perl/DBD-mysql + ) + opensc? ( dev-libs/opensc ) + readline? ( sys-libs/readline:0 ) + softhsm? ( dev-libs/softhsm:* ) + sqlite? ( + dev-db/sqlite:3 + dev-perl/DBD-SQLite + ) +" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + test? ( + app-text/trang + ) +" + +REQUIRED_USE=" + ^^ ( mysql sqlite ) + ^^ ( softhsm opensc external-hsm ) +" + +PATCHES=( + "${FILESDIR}/${PN}-fix-localstatedir-2.0.x.patch" + "${FILESDIR}/${PN}-fix-run-dir-2.0.x.patch" + "${FILESDIR}/${PN}-drop-privileges-2.0.x.patch" + "${FILESDIR}/${PN}-use-system-trang.patch" + "${FILESDIR}/${PN}-openssl1.1.patch" +) + +S="${WORKDIR}/${MY_P}" + +DOCS=( MIGRATION NEWS ) + +check_pkcs11_setup() { + # PKCS#11 HSM's are often only available with proprietary drivers not + # available in portage tree. + + if use softhsm; then + PKCS11_LIB=softhsm + if has_version ">=dev-libs/softhsm-1.3.1"; then + PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm.so + else + PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so + fi + elog "Building with SoftHSM PKCS#11 library support." + fi + if use opensc; then + PKCS11_LIB=opensc + PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so + elog "Building with OpenSC PKCS#11 library support." + fi + if use external-hsm; then + if [[ -n ${PKCS11_SCA6000} ]]; then + PKCS11_LIB=sca6000 + PKCS11_PATH=${PKCS11_SCA6000} + elif [[ -n ${PKCS11_ETOKEN} ]]; then + PKCS11_LIB=etoken + PKCS11_PATH=${PKCS11_ETOKEN} + elif [[ -n ${PKCS11_NCIPHER} ]]; then + PKCS11_LIB=ncipher + PKCS11_PATH=${PKCS11_NCIPHER} + elif [[ -n ${PKCS11_AEPKEYPER} ]]; then + PKCS11_LIB=aepkeyper + PKCS11_PATH=${PKCS11_AEPKEYPER} + else + ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11" + ewarn "library. To set a path, set one of the following environment variables:" + ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=" + ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=" + ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=" + ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=" + ewarn "Example:" + ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec" + ewarn "or store the variable into /etc/portage/make.conf" + die "USE flag 'external-hsm' set but no PKCS#11 library path specified." + fi + elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}" + fi +} + +pkg_pretend() { + if has_version "=2.0.0 you need to upgrade to" + eerror "version >=1.4.10 first:" + eerror "" + eerror " emerge \"=1.4.10 first for proper db migraion" + fi + + check_pkcs11_setup +} + +pkg_setup() { + enewgroup opendnssec + enewuser opendnssec -1 -1 -1 opendnssec + + # pretend does not preserve variables so we need to run this once more + check_pkcs11_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + econf \ + --without-cunit \ + --localstatedir="${EPREFIX}/var" \ + --disable-static \ + --with-enforcer-database=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \ + --with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \ + $(use_with readline) \ + $(use_enable signer) +} + +src_compile() { + default + use doc && emake docs +} + +src_install() { + default + + # remove useless .la files + find "${ED}" -name '*.la' -delete + + # Remove subversion tags from config files to avoid useless config updates + sed -i \ + -e '/