diff options
Diffstat (limited to 'net-dns/bind')
| -rw-r--r-- | net-dns/bind/Manifest | 14 | ||||
| -rw-r--r-- | net-dns/bind/bind-9.11.2_p1.ebuild | 423 | ||||
| -rw-r--r-- | net-dns/bind/bind-9.11.3-r1.ebuild | 402 | ||||
| -rw-r--r-- | net-dns/bind/bind-9.11.4_p2.ebuild | 2 | ||||
| -rw-r--r-- | net-dns/bind/bind-9.12.2_p2-r1.ebuild | 2 | ||||
| -rw-r--r-- | net-dns/bind/bind-9.12.3_p1-r1.ebuild (renamed from net-dns/bind/bind-9.12.3_p1.ebuild) | 2 | ||||
| -rw-r--r-- | net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch | 110 | ||||
| -rw-r--r-- | net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch | 95 | ||||
| -rw-r--r-- | net-dns/bind/metadata.xml | 1 |
9 files changed, 7 insertions, 1044 deletions
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest index d302381ec4e0..6ec0d701eb67 100644 --- a/net-dns/bind/Manifest +++ b/net-dns/bind/Manifest @@ -1,6 +1,4 @@ AUX 10bind.env 27 BLAKE2B e5ddb2daced1b9430cb8e4b691bc0f1164f71a6e2032fa4efd18b629a6aeb971336d5eaa38c6474a3143cb34691c22d4564ebb010d9efd00cf6e2634daa8e68c SHA512 8ae5326b158b8a3eeaab667c84dd712fefd25d10832598783fa497285183cbdee554796c22d32fec54cd00461469f29ed473a730304a00aacdf06c1bb6c33d55 -AUX bind-9.11.3-CVE-2018-5738.patch 3925 BLAKE2B cda7036cfe855496b9a073eac7248bdc4743d52af1309cdaec9dc787a2e252e04a91ea367b031b2692e0c5b90f305c9e5187c3d2acbfecbad4a812f9fcb59d5c SHA512 39a8900eb859491dc58b7d15c34455ed7580c3d11f914663f599adfc10ba2c42f04234e7b92d6d350f20e5aa4b397d7e9905881719962d8ea1ebf72c8f47de8a -AUX bind-9.12.1_p2-CVE-2018-5738.patch 3476 BLAKE2B cc414e207ea8598a56ce6917adb96e243a60c921643bc36ab0a45dd1cae491bd4471f9b0f55e6b4e38c10172929884b039ad437bfbd1ab84a9142f5b083e4af4 SHA512 0a9b4fe8e404e8b68b851b85b5b10c87f3653c81c0cef747bca880a37c8bd64fa1100cc210fa33ac7504197c1e81d064af90cf362dba6897c9bf87b19ea467fe AUX generate-rndc-key.sh 183 BLAKE2B 33f2297745ef8e5aed09107cee6d0017d3870ea9db249a17850ae7a55f613b03a136bc61b8ac4526858178a0f8713eabda6c5f30917415f9a3ad6b34668f45ab SHA512 6c611120185c1a61b2b6da228efc28302ebd36c819b97793920543ce2cfff4da84f43ec53ddd072f008b04c7087cc19108c4279cb962d12a7e073b47235d14ee AUX localhost.zone-r3 426 BLAKE2B d34cf12d484c6bb705d3bd8bfbf93514e504497a99da983f6176234239cc664131502744f3cd743d938dec0309f0d8df2c1d0c5325b5cb61023ed192d32bbedd SHA512 979d8693046033c24490dca536f0d649795bbdf57eed32017b32d07d7d3c51b35197e4edd79d8258074a1bf14b71376472ba6ae749f62ceaf74d7a6a0559fa89 AUX named.cache-r3 3316 BLAKE2B 09a17fbb29f2122a61c7e17a8dfc8eef3b0fdaa94e8dbe17a0b188946fe8017c65599fbb84c0f88123f0e0f17faae2b9a1ffbc0ee17bcf62c1cbf34f064b9c36 SHA512 3608f29d356bf853145e14c1f81fdccf7090f63e95573234221711b7b6084fbc806817c41daa5d6072a4955a714f9e1cbd6cdcabd7cd1833c3e5f8387bc1ba20 @@ -9,15 +7,11 @@ AUX named.conf-r8 4020 BLAKE2B beb900a89be0f2acc1b08a8d29443c87b098e5ac1f1de9c63 AUX named.confd-r7 1364 BLAKE2B cfb72f221bc6657c5a8ef8b9cd804afeaf5f642d2046880f5bae6c2313485808b99a1a46fc10431913d187ed67cc1e6bad019a9192638bc7fdf97c951e2326ce SHA512 68fa7c8963ac59349de3d05972c07aa0123b7bebbe0ba9604463ccfd1b377c2babe01eed4745cbe0f7d3831d1b47c2fa620f8092c67465fb771cae4932b0861a AUX named.init-r13 6202 BLAKE2B 1968806c9580517b8443a08b90f7b425913b2dc17d9503834c0d7d7d56f1a987175cb413bc7fec10249002b84b6580d87cb61d2b6a1965cd34d05807abe0390c SHA512 c675adec65796989dc8524d533868975d4e2c3b2ed5f09aa3cd92ec21b8dfb161582dd5afdf08ab78174873f3e1458e90c2d50958f0b5a303078540a675ec0c9 AUX named.service-r1 327 BLAKE2B b0471100b425a1d4db29c1ef577dd6f14b2c3d040fd826bed03105f514bf1ea2c58c19d59557d0eafe27a96588adaf60156f31b6befdd9be96a8ca1fe8613678 SHA512 1d3dbf9d1de0c23c398a523b05c0fb266b6b699e54d232818b28205f697ca227acae9f2778d6f41309b117a6cd78eee170b745594b786b1c1571d5f66d6c3de4 -DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597 -DIST bind-9.11.3.tar.gz 9523375 BLAKE2B 978986e02767b8ac9f015b52e87b3bc161a7ea72f59f343dcb23f50fbe8474528c4b27ee4fd54bdbe6bd825ce6e8b164e8ad145260b2cdcd004e8892bacd313b SHA512 1f0da13165d1ee872800fe10bb8b0f69c6c76515f9861c1528fb6005213bb71b21a1270906d2ea9ded3eaf6df1a1bac0f2c80aa511683b8d57dcff4f278d8c35 DIST bind-9.11.4_p2.tar.gz 9617963 BLAKE2B 409cad7e0976f2e46406d45e87241d61d4d4f00bf08442c4dddbad490ea3d6e42eaad5851fddb83c61a897689a8fdba0cd920aaa0d36329868d26100ba48f946 SHA512 6c01810526fc40485a6c0403d1ddc3b76d2e59b3426b5789436bd671f158d2fa0ea7c0aef2de81998ec715dabd06683fed7b17224d5c794c61e7100a69d4cb60 DIST bind-9.12.2_p2.tar.gz 9422128 BLAKE2B c7d56f025f381a0136aa67ccd49a3254fcfe566d5e3601410e5cada26ccab32a901fe6e14bc14e6e287fa2b3904a4eee8e3ef63329f9bc4cb11f204590ff3623 SHA512 458adf6b3d0df286e7d345a21c40b639efcb275e76f9e0bf4e40a5d76dcac875016324393e129f29397be326d1017367c506ec9cbb35871c98fad4281bc4e05a DIST bind-9.12.3_p1.tar.gz 8625693 BLAKE2B 1899e04e409d3dafe63494fb7a0d8b813a6487754149bbfd01888cddc5e134ac675e9ac790684fb6fd8de4b1484e23ed7f1881c01234c9f16b27180c9a4594a9 SHA512 c1c91de88e4297e79b527775edd525c6fa948f169977563ab2e6ca93cac7317f8ca85863567f5cc151d4c6e3c081864ab1cf813bcfdd1165b52e9471b8317c28 DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac -EBUILD bind-9.11.2_p1.ebuild 12446 BLAKE2B fe6955788d154964b51fa1fc891070dad6183da778f10d0fb9d0089032e3fe55b7aaf814aacff6de1685c447b44717827a765e47e347bd9c4d1e692e4aebbeb5 SHA512 10bd18014db1837d12398d1978c65a20595de1fed0227b5117c702cc749fbf5b19a37f236e4fe8907e7d50868e4d88fa28103b5c9e7a6c447836c9ddfa658862 -EBUILD bind-9.11.3-r1.ebuild 12181 BLAKE2B 8efe68cae507e1d58df6081419c9db121d7b5d9ef8345defbfb52323390b248b8d3864736df2b6a8dfa393c53534aab0e8b433f21444ec6869d745386e3987de SHA512 cde50f5355c5efc37600c2cae49eed83d296b8fd862fcb512acb8fd4838efd738d890e29d7664a820ac3a93cd23b3844b9357c4f3c0301843876598d8163e8d6 -EBUILD bind-9.11.4_p2.ebuild 12220 BLAKE2B 76cb827bbb59bc620e82d302e5262d209b443d9f428cc0458f1f07ccac3faab92992583636705191e4a1b24723a079f296d5e820d434d848bc780b4ec9e130eb SHA512 2c2c122fa820c75319d5225cc00237c44df462ce0acadfb08a32ba1aca8f332aada6f51aff6077b67937de144c95083bcdc0dd450b7423240f1e3959d7dbef6f -EBUILD bind-9.12.2_p2-r1.ebuild 12356 BLAKE2B b6a6d19c733dbaefeb72e811d82f9720346219c9daee650b57645d2a21d6d6c61d1bb77266bd0f573eb63ab62a7c9631d1daaa98186e7018467fa0d7c062ecbc SHA512 3b19be7c8883c6b7e5ac4398d43f7da6643c88b376581ef9c20483306cc23e68dd46d6587bfe7ac2b0378f98b195369ad3459a70408f4f6659892fb39ff87a6b -EBUILD bind-9.12.3_p1.ebuild 12175 BLAKE2B df76e16927d1de12d756dad7aa26e7fd4f61ef1b4ecfe211347e4cdfe9448b23bf299e284d0210d005286948e16e80d8567dd524be8440a6bcffdbd3091bc05c SHA512 0f27b94e5ae9de431c07321bec344a1a723eb03f07811ebae93a0bb3967d6a07bcb43010de903300834721db5816936ace56930aa7e6cd562568e0f0c126770c -MISC metadata.xml 1352 BLAKE2B 89e5d161d824bd1b9a9e9c6ab49457b12d856a8eeb4dba9fb2f3ea987fb88ef708aca88d0d654aeba4ade9d49dc190f9d3e18f86e2c2c874e017aabe7ea8f079 SHA512 47171fcafd8b7b316166e8ba565cc3126ccf2cca4b447abffb7120c34f9ea22243539857d040bf17c509862a9d42d564ccbe151e533a4961516799c5d73d30ab +EBUILD bind-9.11.4_p2.ebuild 12218 BLAKE2B 162deefbee5ad4b59226627ab698f0e4f3382e21eaf890bc97f19a66aef3924a94a1ea36a9ceaf46c048a04b5365370d1023458c23472e79bd44e096ce0777b4 SHA512 ba964fb8a2038f8585a934ddbc9a33f3650a143557fb5e74bac38f639bea2d40c5bfb15ef5c7b5a70b21a815ac724db0a5f497115c7d0aff3d204822db3f7bfd +EBUILD bind-9.12.2_p2-r1.ebuild 12355 BLAKE2B 8dcbb0f8a8f24aab4cd99dce950defaf77f001eca4012a0c6789a5cbc00014eaaa83e51ad40607b58f55ebee178317b55052baf72d8aa821d2f8574de80fe894 SHA512 e81aec10d07476636db05eeae2599af9d9b74d9319cdcacb003248f4720955ff105b50bd931acf59fc79c80c58ec795ad212de0ae0c72358d7c3382a96471876 +EBUILD bind-9.12.3_p1-r1.ebuild 12183 BLAKE2B e2916dc110ec5a63cf6b9504b4396c307fa42c4fb6efe375abdcf7b24df8a796f17afdbb15797823422d75c15289289d6a33ab3eb8d6ffb67856dd8ff20358e9 SHA512 285a425d8fa4a194abff3dd8e87f5fc9a0d5c8e8a24aebd360a1871761fbf9d112201438da1d04d901405642697d054b70543ec08dcc81f675df3f6873a071a5 +MISC metadata.xml 1289 BLAKE2B 5a9f80066f06ced2a74c97cc083402d8ffcca40784426341c7bc9b756162d5d108a0dae6fa543fe3307252b15c4c9e3e389b7857d535e80b49e5175143d99a13 SHA512 5caccd1aa31115066a715b79616ac6e7eb8be04ccf36b2880fb956e97b74e13b524d841a362e52ed92cd7c9815c6d43dbb6df5275d336ad62eeccf0f7c17d12f diff --git a/net-dns/bind/bind-9.11.2_p1.ebuild b/net-dns/bind/bind-9.11.2_p1.ebuild deleted file mode 100644 index d02197d6ec2d..000000000000 --- a/net-dns/bind/bind-9.11.2_p1.ebuild +++ /dev/null @@ -1,423 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# Re dlz/mysql and threads, needs to be verified.. -# MySQL uses thread local storage in its C api. Thus MySQL -# requires that each thread of an application execute a MySQL -# thread initialization to setup the thread local storage. -# This is impossible to do safely while staying within the DLZ -# driver API. This is a limitation caused by MySQL, and not the DLZ API. -# Because of this BIND MUST only run with a single thread when -# using the MySQL driver. - -EAPI="5" - -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) - -inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd - -MY_PV="${PV/_p/-P}" -MY_PV="${MY_PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" - -SDB_LDAP_VER="1.1.0-fc14" - -RRL_PV="${MY_PV}" - -NSLINT_DIR="contrib/nslint-3.0a2/" - -# SDB-LDAP: http://bind9-ldap.bayour.com/ - -DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" -HOMEPAGE="http://www.isc.org/software/bind" -SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz - doc? ( mirror://gentoo/dyndns-samples.tbz2 )" -# sdb-ldap? ( -# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 -# )" - -LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# -berkdb by default re bug 602682 -IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 -json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs -+threads urandom xml +zlib" -# sdb-ldap - patch broken -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 - -REQUIRED_USE="postgres? ( dlz ) - berkdb? ( dlz ) - mysql? ( dlz !threads ) - odbc? ( dlz ) - ldap? ( dlz ) - gost? ( !libressl ssl ) - threads? ( caps ) - dnstap? ( threads ) - python? ( ${PYTHON_REQUIRED_USE} )" -# sdb-ldap? ( dlz ) - -DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0[-bindist] ) - libressl? ( dev-libs/libressl ) - ) - mysql? ( >=virtual/mysql-4.0 ) - odbc? ( >=dev-db/unixODBC-2.2.6 ) - ldap? ( net-nds/openldap ) - idn? ( net-dns/idnkit ) - postgres? ( dev-db/postgresql:= ) - caps? ( >=sys-libs/libcap-2.1.0 ) - xml? ( dev-libs/libxml2 ) - geoip? ( >=dev-libs/geoip-1.4.6 ) - gssapi? ( virtual/krb5 ) - gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) - seccomp? ( sys-libs/libseccomp ) - json? ( dev-libs/json-c:= ) - lmdb? ( dev-db/lmdb ) - zlib? ( sys-libs/zlib ) - dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) - python? ( - ${PYTHON_DEPS} - dev-python/ply[${PYTHON_USEDEP}] - )" -# sdb-ldap? ( net-nds/openldap ) - -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-bind ) - || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" - -S="${WORKDIR}/${MY_P}" - -# bug 479092, requires networking -RESTRICT="test" - -pkg_setup() { - ebegin "Creating named group and user" - enewgroup named 40 - enewuser named 40 -1 /etc/bind named - eend ${?} -} - -src_prepare() { - # Adjusting PATHs in manpages - for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do - sed -i \ - -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ - -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ - -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ - "${i}" || die "sed failed, ${i} doesn't exist" - done - -# if use dlz; then -# # sdb-ldap patch as per bug #160567 -# # Upstream URL: http://bind9-ldap.bayour.com/ -# # New patch take from bug 302735 -# if use sdb-ldap; then -# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch -# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ -# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ -# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ -# fi -# fi - - # should be installed by bind-tools - sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die - - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die - - if use nslint; then - sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die - fi - - # bug #220361 - rm aclocal.m4 - rm -rf libtool.m4/ - eautoreconf -} - -src_configure() { - local myconf="" - - if use urandom; then - myconf="${myconf} --with-randomdev=/dev/urandom" - else - myconf="${myconf} --with-randomdev=/dev/random" - fi - - use geoip && myconf="${myconf} --with-geoip" - - # bug #158664 -# gcc-specs-ssp && replace-flags -O[23s] -O - - # To include db.h from proper path - use berkdb && append-flags "-I$(db_includedir)" - - export BUILD_CC=$(tc-getBUILD_CC) - econf \ - --sysconfdir=/etc/bind \ - --localstatedir=/var \ - --with-libtool \ - --enable-full-report \ - --without-readline \ - $(use_enable caps linux-caps) \ - $(use_enable filter-aaaa) \ - $(use_enable fixed-rrset) \ - $(use_enable ipv6) \ - $(use_enable rpz rpz-nsdname) \ - $(use_enable rpz rpz-nsip) \ - $(use_enable seccomp) \ - $(use_enable threads) \ - $(use_with berkdb dlz-bdb) \ - $(use_with dlz dlopen) \ - $(use_with dlz dlz-filesystem) \ - $(use_with dlz dlz-stub) \ - $(use_with gost) \ - $(use_with gssapi) \ - $(use_with idn) \ - $(use_with json libjson) \ - $(use_with ldap dlz-ldap) \ - $(use_with mysql dlz-mysql) \ - $(use_with odbc dlz-odbc) \ - $(use_with postgres dlz-postgres) \ - $(use_with lmdb) \ - $(use_with python) \ - $(use_with ssl ecdsa) \ - $(use_with ssl openssl "${EPREFIX}"/usr) \ - $(use_with xml libxml2) \ - $(use_with zlib) \ - ${myconf} - - # $(use_enable static-libs static) \ - - # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h - - if use nslint; then - cd $NSLINT_DIR - econf - fi -} - -src_compile() { - emake - - if use nslint; then - emake -C $NSLINT_DIR CCOPT="${CFLAGS}" - fi -} - -src_install() { - emake DESTDIR="${D}" install - - if use nslint; then - cd $NSLINT_DIR - dobin nslint - doman nslint.8 - cd "${S}" - fi - - dodoc CHANGES README - - if use idn; then - dodoc contrib/idn/README.idnkit - fi - - if use doc; then - dodoc doc/arm/Bv9ARM.pdf - - docinto misc - dodoc doc/misc/* - - # might a 'html' useflag make sense? - docinto html - dohtml -r doc/arm/* - - docinto contrib - dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} - - # some handy-dandy dynamic dns examples - pushd "${D}"/usr/share/doc/${PF} 1>/dev/null - tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die - popd 1>/dev/null - fi - - insinto /etc/bind - newins "${FILESDIR}"/named.conf-r8 named.conf - - # ftp://ftp.rs.internic.net/domain/named.cache: - insinto /var/bind - newins "${FILESDIR}"/named.cache-r3 named.cache - - insinto /var/bind/pri - newins "${FILESDIR}"/localhost.zone-r3 localhost.zone - - newinitd "${FILESDIR}"/named.init-r13 named - newconfd "${FILESDIR}"/named.confd-r7 named - - if use gost; then - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die - else - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die - fi - - newenvd "${FILESDIR}"/10bind.env 10bind - - # Let's get rid of those tools and their manpages since they're provided by bind-tools - rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* - rm -f "${D}"/usr/share/man/man8/nsupdate.8* - rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} - rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} - for tool in dsfromkey importkey keyfromlabel keygen \ - revoke settime signzone verify; do - rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" - rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* - done - - # bug 405251, library archives aren't properly handled by --enable/disable-static - if ! use static-libs; then - find "${D}" -type f -name '*.a' -delete || die - fi - - # bug 405251 - find "${D}" -type f -name '*.la' -delete || die - - if use python; then - install_python_tools() { - dosbin bin/python/dnssec-{checkds,coverage} - } - python_foreach_impl install_python_tools - - python_replicate_script "${D}usr/sbin/dnssec-checkds" - python_replicate_script "${D}usr/sbin/dnssec-coverage" - fi - - # bug 450406 - dosym named.cache /var/bind/root.cache - - dosym /var/bind/pri /etc/bind/pri - dosym /var/bind/sec /etc/bind/sec - dosym /var/bind/dyn /etc/bind/dyn - keepdir /var/bind/{pri,sec,dyn} - - dodir /var/log/named - - fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} - fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0750 /etc/bind /var/bind/pri - fperms 0770 /var/log/named /var/bind/{,sec,dyn} - - systemd_newunit "${FILESDIR}/named.service-r1" named.service - systemd_dotmpfilesd "${FILESDIR}"/named.conf - exeinto /usr/libexec - doexe "${FILESDIR}/generate-rndc-key.sh" -} - -pkg_postinst() { - if [ ! -f '/etc/bind/rndc.key' ]; then - if use urandom; then - einfo "Using /dev/urandom for generating rndc.key" - /usr/sbin/rndc-confgen -r /dev/urandom -a - echo - else - einfo "Using /dev/random for generating rndc.key" - /usr/sbin/rndc-confgen -a - echo - fi - chown root:named /etc/bind/rndc.key - chmod 0640 /etc/bind/rndc.key - fi - - einfo - einfo "You can edit /etc/conf.d/named to customize named settings" - einfo - use mysql || use postgres || use ldap && { - elog "If your named depends on MySQL/PostgreSQL or LDAP," - elog "uncomment the specified rc_named_* lines in your" - elog "/etc/conf.d/named config to ensure they'll start before bind" - einfo - } - einfo "If you'd like to run bind in a chroot AND this is a new" - einfo "install OR your bind doesn't already run in a chroot:" - einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." - einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" - einfo - - CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) - if [[ -n ${CHROOT} ]]; then - elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - elog "To enable the old behaviour (without using mount) uncomment the" - elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - elog "If you decide to use the new/default method, ensure to make backup" - elog "first and merge your existing configs/zones to /etc/bind and" - elog "/var/bind because bind will now mount the needed directories into" - elog "the chroot dir." - fi -} - -pkg_config() { - CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) - CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) - CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) - - if [[ -z "${CHROOT}" ]]; then - eerror "This config script is designed to automate setting up" - eerror "a chrooted bind/named. To do so, please first uncomment" - eerror "and set the CHROOT variable in '/etc/conf.d/named'." - die "Unset CHROOT" - fi - if [[ -d "${CHROOT}" ]]; then - ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - ewarn "To enable the old behaviour (without using mount) uncomment the" - ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - ewarn - ewarn "${CHROOT} already exists... some things might become overridden" - ewarn "press CTRL+C if you don't want to continue" - sleep 10 - fi - - echo; einfo "Setting up the chroot directory..." - - mkdir -m 0750 -p ${CHROOT} - mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} - mkdir -m 0750 -p ${CHROOT}/etc/bind - mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ - # As of bind 9.8.0 - if has_version net-dns/bind[gost]; then - if [ "$(get_libdir)" = "lib64" ]; then - mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines - ln -s lib64 ${CHROOT}/usr/lib - else - mkdir -m 0755 -p ${CHROOT}/usr/lib/engines - fi - fi - chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind - - mknod ${CHROOT}/dev/null c 1 3 - chmod 0666 ${CHROOT}/dev/null - - mknod ${CHROOT}/dev/zero c 1 5 - chmod 0666 ${CHROOT}/dev/zero - - if use urandom; then - mknod ${CHROOT}/dev/urandom c 1 9 - chmod 0666 ${CHROOT}/dev/urandom - else - mknod ${CHROOT}/dev/random c 1 8 - chmod 0666 ${CHROOT}/dev/random - fi - - if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then - cp -a /etc/bind ${CHROOT}/etc/ - cp -a /var/bind ${CHROOT}/var/ - fi - - if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then - mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP - fi - - elog "You may need to add the following line to your syslog-ng.conf:" - elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" -} diff --git a/net-dns/bind/bind-9.11.3-r1.ebuild b/net-dns/bind/bind-9.11.3-r1.ebuild deleted file mode 100644 index 74e4fcd1fc13..000000000000 --- a/net-dns/bind/bind-9.11.3-r1.ebuild +++ /dev/null @@ -1,402 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# Re dlz/mysql and threads, needs to be verified.. -# MySQL uses thread local storage in its C api. Thus MySQL -# requires that each thread of an application execute a MySQL -# thread initialization to setup the thread local storage. -# This is impossible to do safely while staying within the DLZ -# driver API. This is a limitation caused by MySQL, and not the DLZ API. -# Because of this BIND MUST only run with a single thread when -# using the MySQL driver. - -EAPI="5" - -PYTHON_COMPAT=( python2_7 python3_{4,5,6} ) - -inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd - -MY_PV="${PV/_p/-P}" -MY_PV="${MY_PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" - -SDB_LDAP_VER="1.1.0-fc14" - -RRL_PV="${MY_PV}" - -NSLINT_DIR="contrib/nslint-3.0a2/" - -# SDB-LDAP: http://bind9-ldap.bayour.com/ - -DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" -HOMEPAGE="http://www.isc.org/software/bind" -SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar.gz - doc? ( mirror://gentoo/dyndns-samples.tbz2 )" -# sdb-ldap? ( -# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 -# )" - -LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# -berkdb by default re bug 602682 -IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 -json ldap libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs -+threads urandom xml +zlib" -# sdb-ldap - patch broken -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 - -REQUIRED_USE="postgres? ( dlz ) - berkdb? ( dlz ) - mysql? ( dlz !threads ) - odbc? ( dlz ) - ldap? ( dlz ) - gost? ( !libressl ssl ) - threads? ( caps ) - dnstap? ( threads ) - python? ( ${PYTHON_REQUIRED_USE} )" -# sdb-ldap? ( dlz ) - -DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0[-bindist] ) - libressl? ( dev-libs/libressl ) - ) - mysql? ( >=virtual/mysql-4.0 ) - odbc? ( >=dev-db/unixODBC-2.2.6 ) - ldap? ( net-nds/openldap ) - idn? ( net-dns/idnkit ) - postgres? ( dev-db/postgresql:= ) - caps? ( >=sys-libs/libcap-2.1.0 ) - xml? ( dev-libs/libxml2 ) - geoip? ( >=dev-libs/geoip-1.4.6 ) - gssapi? ( virtual/krb5 ) - gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) - seccomp? ( sys-libs/libseccomp ) - json? ( dev-libs/json-c:= ) - lmdb? ( dev-db/lmdb ) - zlib? ( sys-libs/zlib ) - dnstap? ( dev-libs/fstrm dev-libs/protobuf-c ) - python? ( - ${PYTHON_DEPS} - dev-python/ply[${PYTHON_USEDEP}] - )" -# sdb-ldap? ( net-nds/openldap ) - -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-bind ) - || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" - -S="${WORKDIR}/${MY_P}" - -# bug 479092, requires networking -RESTRICT="test" - -pkg_setup() { - ebegin "Creating named group and user" - enewgroup named 40 - enewuser named 40 -1 /etc/bind named - eend ${?} -} - -src_prepare() { - # Adjusting PATHs in manpages - for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do - sed -i \ - -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ - -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ - -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ - "${i}" || die "sed failed, ${i} doesn't exist" - done - - # bug 657654 / CVE-2018-5738 - epatch "${FILESDIR}/${P}-CVE-2018-5738.patch" - -# if use dlz; then -# # sdb-ldap patch as per bug #160567 -# # Upstream URL: http://bind9-ldap.bayour.com/ -# # New patch take from bug 302735 -# if use sdb-ldap; then -# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch -# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ -# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ -# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ -# fi -# fi - - # should be installed by bind-tools - sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die - - # Disable tests for now, bug 406399 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die - - # bug #220361 - rm aclocal.m4 - rm -rf libtool.m4/ - eautoreconf -} - -src_configure() { - local myconf="" - - if use urandom; then - myconf="${myconf} --with-randomdev=/dev/urandom" - else - myconf="${myconf} --with-randomdev=/dev/random" - fi - - use geoip && myconf="${myconf} --with-geoip" - - # bug #158664 -# gcc-specs-ssp && replace-flags -O[23s] -O - - # To include db.h from proper path - use berkdb && append-flags "-I$(db_includedir)" - - export BUILD_CC=$(tc-getBUILD_CC) - econf \ - --sysconfdir=/etc/bind \ - --localstatedir=/var \ - --with-libtool \ - --enable-full-report \ - --without-readline \ - $(use_enable caps linux-caps) \ - $(use_enable filter-aaaa) \ - $(use_enable fixed-rrset) \ - $(use_enable ipv6) \ - $(use_enable rpz rpz-nsdname) \ - $(use_enable rpz rpz-nsip) \ - $(use_enable seccomp) \ - $(use_enable threads) \ - $(use_with berkdb dlz-bdb) \ - $(use_with dlz dlopen) \ - $(use_with dlz dlz-filesystem) \ - $(use_with dlz dlz-stub) \ - $(use_with gost) \ - $(use_with gssapi) \ - $(use_with idn) \ - $(use_with json libjson) \ - $(use_with ldap dlz-ldap) \ - $(use_with mysql dlz-mysql) \ - $(use_with odbc dlz-odbc) \ - $(use_with postgres dlz-postgres) \ - $(use_with lmdb) \ - $(use_with python) \ - $(use_with ssl ecdsa) \ - $(use_with ssl openssl "${EPREFIX}"/usr) \ - $(use_with xml libxml2) \ - $(use_with zlib) \ - ${myconf} - - # $(use_enable static-libs static) \ - - # bug #151839 - echo '#undef SO_BSDCOMPAT' >> config.h -} - -src_install() { - emake DESTDIR="${D}" install - - dodoc CHANGES README - - if use idn; then - dodoc contrib/idn/README.idnkit - fi - - if use doc; then - dodoc doc/arm/Bv9ARM.pdf - - docinto misc - dodoc doc/misc/* - - # might a 'html' useflag make sense? - docinto html - dohtml -r doc/arm/* - - docinto contrib - dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} - - # some handy-dandy dynamic dns examples - pushd "${D}"/usr/share/doc/${PF} 1>/dev/null - tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die - popd 1>/dev/null - fi - - insinto /etc/bind - newins "${FILESDIR}"/named.conf-r8 named.conf - - # ftp://ftp.rs.internic.net/domain/named.cache: - insinto /var/bind - newins "${FILESDIR}"/named.cache-r3 named.cache - - insinto /var/bind/pri - newins "${FILESDIR}"/localhost.zone-r3 localhost.zone - - newinitd "${FILESDIR}"/named.init-r13 named - newconfd "${FILESDIR}"/named.confd-r7 named - - if use gost; then - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die - else - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die - fi - - newenvd "${FILESDIR}"/10bind.env 10bind - - # Let's get rid of those tools and their manpages since they're provided by bind-tools - rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* - rm -f "${D}"/usr/share/man/man8/nsupdate.8* - rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} - rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} - for tool in dsfromkey importkey keyfromlabel keygen \ - revoke settime signzone verify; do - rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" - rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* - done - - # bug 405251, library archives aren't properly handled by --enable/disable-static - if ! use static-libs; then - find "${D}" -type f -name '*.a' -delete || die - fi - - # bug 405251 - find "${D}" -type f -name '*.la' -delete || die - - if use python; then - install_python_tools() { - dosbin bin/python/dnssec-{checkds,coverage} - } - python_foreach_impl install_python_tools - - python_replicate_script "${D}usr/sbin/dnssec-checkds" - python_replicate_script "${D}usr/sbin/dnssec-coverage" - fi - - # bug 450406 - dosym named.cache /var/bind/root.cache - - dosym /var/bind/pri /etc/bind/pri - dosym /var/bind/sec /etc/bind/sec - dosym /var/bind/dyn /etc/bind/dyn - keepdir /var/bind/{pri,sec,dyn} - - dodir /var/log/named - - fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} - fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} - fperms 0750 /etc/bind /var/bind/pri - fperms 0770 /var/log/named /var/bind/{,sec,dyn} - - systemd_newunit "${FILESDIR}/named.service-r1" named.service - systemd_dotmpfilesd "${FILESDIR}"/named.conf - exeinto /usr/libexec - doexe "${FILESDIR}/generate-rndc-key.sh" -} - -pkg_postinst() { - if [ ! -f '/etc/bind/rndc.key' ]; then - if use urandom; then - einfo "Using /dev/urandom for generating rndc.key" - /usr/sbin/rndc-confgen -r /dev/urandom -a - echo - else - einfo "Using /dev/random for generating rndc.key" - /usr/sbin/rndc-confgen -a - echo - fi - chown root:named /etc/bind/rndc.key - chmod 0640 /etc/bind/rndc.key - fi - - einfo - einfo "You can edit /etc/conf.d/named to customize named settings" - einfo - use mysql || use postgres || use ldap && { - elog "If your named depends on MySQL/PostgreSQL or LDAP," - elog "uncomment the specified rc_named_* lines in your" - elog "/etc/conf.d/named config to ensure they'll start before bind" - einfo - } - einfo "If you'd like to run bind in a chroot AND this is a new" - einfo "install OR your bind doesn't already run in a chroot:" - einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." - einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" - einfo - - CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) - if [[ -n ${CHROOT} ]]; then - elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - elog "To enable the old behaviour (without using mount) uncomment the" - elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - elog "If you decide to use the new/default method, ensure to make backup" - elog "first and merge your existing configs/zones to /etc/bind and" - elog "/var/bind because bind will now mount the needed directories into" - elog "the chroot dir." - fi -} - -pkg_config() { - CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) - CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) - CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) - - if [[ -z "${CHROOT}" ]]; then - eerror "This config script is designed to automate setting up" - eerror "a chrooted bind/named. To do so, please first uncomment" - eerror "and set the CHROOT variable in '/etc/conf.d/named'." - die "Unset CHROOT" - fi - if [[ -d "${CHROOT}" ]]; then - ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" - ewarn "To enable the old behaviour (without using mount) uncomment the" - ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." - ewarn - ewarn "${CHROOT} already exists... some things might become overridden" - ewarn "press CTRL+C if you don't want to continue" - sleep 10 - fi - - echo; einfo "Setting up the chroot directory..." - - mkdir -m 0750 -p ${CHROOT} - mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} - mkdir -m 0750 -p ${CHROOT}/etc/bind - mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ - # As of bind 9.8.0 - if has_version net-dns/bind[gost]; then - if [ "$(get_libdir)" = "lib64" ]; then - mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines - ln -s lib64 ${CHROOT}/usr/lib - else - mkdir -m 0755 -p ${CHROOT}/usr/lib/engines - fi - fi - chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind - - mknod ${CHROOT}/dev/null c 1 3 - chmod 0666 ${CHROOT}/dev/null - - mknod ${CHROOT}/dev/zero c 1 5 - chmod 0666 ${CHROOT}/dev/zero - - if use urandom; then - mknod ${CHROOT}/dev/urandom c 1 9 - chmod 0666 ${CHROOT}/dev/urandom - else - mknod ${CHROOT}/dev/random c 1 8 - chmod 0666 ${CHROOT}/dev/random - fi - - if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then - cp -a /etc/bind ${CHROOT}/etc/ - cp -a /var/bind ${CHROOT}/var/ - fi - - if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then - mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP - fi - - elog "You may need to add the following line to your syslog-ng.conf:" - elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" -} diff --git a/net-dns/bind/bind-9.11.4_p2.ebuild b/net-dns/bind/bind-9.11.4_p2.ebuild index d01ae4435027..b9ad5d4514c3 100644 --- a/net-dns/bind/bind-9.11.4_p2.ebuild +++ b/net-dns/bind/bind-9.11.4_p2.ebuild @@ -38,7 +38,7 @@ SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar. LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" -KEYWORDS="~alpha amd64 arm hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # -berkdb by default re bug 602682 IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 json ldap libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs diff --git a/net-dns/bind/bind-9.12.2_p2-r1.ebuild b/net-dns/bind/bind-9.12.2_p2-r1.ebuild index 4726fbb2ca4c..f6702e205b72 100644 --- a/net-dns/bind/bind-9.12.2_p2-r1.ebuild +++ b/net-dns/bind/bind-9.12.2_p2-r1.ebuild @@ -36,7 +36,7 @@ SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${P}.tar. LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0" SLOT="0" -KEYWORDS="alpha amd64 arm hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # -berkdb by default re bug 602682 IUSE="-berkdb +caps dlz dnstap doc dnsrps fixed-rrset geoip gost gssapi idn ipv6 json ldap libidn2 libressl lmdb mysql odbc postgres python rpz seccomp selinux ssl static-libs diff --git a/net-dns/bind/bind-9.12.3_p1.ebuild b/net-dns/bind/bind-9.12.3_p1-r1.ebuild index 0bc4957e1874..214450407536 100644 --- a/net-dns/bind/bind-9.12.3_p1.ebuild +++ b/net-dns/bind/bind-9.12.3_p1-r1.ebuild @@ -61,7 +61,7 @@ DEPEND=" !libressl? ( dev-libs/openssl:0[-bindist] ) libressl? ( dev-libs/libressl ) ) - mysql? ( >=virtual/mysql-4.0 ) + mysql? ( dev-db/mysql-connector-c:0= ) odbc? ( >=dev-db/unixODBC-2.2.6 ) ldap? ( net-nds/openldap ) postgres? ( dev-db/postgresql:= ) diff --git a/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch b/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch deleted file mode 100644 index 4a2c7832ebfe..000000000000 --- a/net-dns/bind/files/bind-9.11.3-CVE-2018-5738.patch +++ /dev/null @@ -1,110 +0,0 @@ -diff --git a/bin/named/server.c b/bin/named/server.c -index 64a5180..41a1826 100644 ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -3376,10 +3376,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - dns_acache_setcachesize(view->acache, max_acache_size); - } - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query", NULL, actx, -- ns_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -4258,9 +4254,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - INSIST(result == ISC_R_SUCCESS); - view->trust_anchor_telemetry = cfg_obj_asboolean(obj); - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query-cache-on", NULL, actx, -- ns_g_mctx, &view->cacheonacl)); - /* - * Set sources where additional data and CNAME/DNAME - * targets for authoritative answers may be found. -@@ -4287,22 +4280,40 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - view->additionalfromcache = ISC_TRUE; - } - -+ CHECK(configure_view_acl(vconfig, config, ns_g_config, -+ "allow-query-cache-on", NULL, actx, -+ ns_g_mctx, &view->cacheonacl)); -+ - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, ns_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ ns_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ ns_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - ns_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - ns_g_mctx, &view->recursiononacl)); -@@ -4340,18 +4351,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion", NULL, - actx, ns_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion-on", NULL, - actx, ns_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-query-cache", NULL, - actx, ns_g_mctx, -@@ -4365,6 +4379,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, ns_g_config, -+ "allow-query", NULL, -+ actx, ns_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, diff --git a/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch b/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch deleted file mode 100644 index 75c98d4f1755..000000000000 --- a/net-dns/bind/files/bind-9.12.1_p2-CVE-2018-5738.patch +++ /dev/null @@ -1,95 +0,0 @@ -diff --git a/bin/named/server.c b/bin/named/server.c -index f63554e..847c4ff 100644 ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -3725,10 +3725,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - CHECKM(named_config_getport(config, &port), "port"); - dns_view_setdstport(view, port); - -- CHECK(configure_view_acl(vconfig, config, named_g_config, -- "allow-query", NULL, actx, -- named_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -4692,21 +4688,35 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - "allow-query-cache-on", NULL, actx, - named_g_mctx, &view->cacheonacl)); - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, named_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ named_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ named_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - named_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - named_g_mctx, &view->recursiononacl)); -@@ -4744,18 +4754,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-recursion", NULL, - actx, named_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-recursion-on", NULL, - actx, named_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, named_g_config, - "allow-query-cache", NULL, - actx, named_g_mctx, -@@ -4769,6 +4782,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, named_g_config, -+ "allow-query", NULL, -+ actx, named_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, diff --git a/net-dns/bind/metadata.xml b/net-dns/bind/metadata.xml index 8ccec0f9e0a2..06a3fa600f23 100644 --- a/net-dns/bind/metadata.xml +++ b/net-dns/bind/metadata.xml @@ -17,7 +17,6 @@ <flag name="json">Enable JSON statistics channel</flag> <flag name="libidn2">Enables IDN support using <pkg>net-dns/libidn2</pkg> rather than using <pkg>net-dns/idnkit</pkg></flag> <flag name="lmdb">Enable LMDB support to store configuration for 'addzone' zones</flag> - <flag name="nslint">Build and install the nslint util</flag> <flag name="rpz">Enable response policy rewriting (rpz)</flag> <flag name="urandom">Use /dev/urandom instead of /dev/random</flag> </use> |