From 407525b571b48cfd65e1ad7a02d250a927c967c9 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Fri, 1 Dec 2017 03:04:39 +0000
Subject: gentoo resync : 01.12.2017

---
 net-dns/Manifest.gz                                | Bin 9890 -> 9901 bytes
 net-dns/avahi/Manifest                             |   8 +-
 net-dns/avahi/avahi-0.7.ebuild                     |   2 +-
 net-dns/knot/Manifest                              |   9 +-
 net-dns/knot/knot-2.4.5.ebuild                     |  78 ----------
 net-dns/knot/knot-2.6.1.ebuild                     | 102 -------------
 net-dns/knot/knot-2.6.3.ebuild                     | 102 +++++++++++++
 net-dns/libidn/Manifest                            |   6 +-
 .../libidn/files/libidn-1.33-CVE-2017-14062.patch  |  45 ++++++
 .../libidn/files/libidn-1.33-parallel-make.patch   | 115 +++++++++++++++
 net-dns/libidn/libidn-1.33-r2.ebuild               | 126 +++++++++++++++++
 net-dns/nsd/Manifest                               |   2 +
 net-dns/nsd/nsd-4.1.18.ebuild                      | 102 +++++++++++++
 net-dns/pdns-recursor/Manifest                     |  17 ++-
 .../pdns-recursor/files/CVE-2017-15090-4.0.6.patch |  15 ++
 .../pdns-recursor/files/CVE-2017-15092-4.0.6.patch |  85 +++++++++++
 .../pdns-recursor/files/CVE-2017-15093-4.0.6.patch |  47 ++++++
 .../pdns-recursor/files/CVE-2017-15094-4.0.6.patch |  28 ++++
 net-dns/pdns-recursor/metadata.xml                 |   1 +
 .../pdns-recursor/pdns-recursor-4.0.6-r1.ebuild    |  81 +++++++++++
 net-dns/pdns-recursor/pdns-recursor-4.0.6.ebuild   |   4 +-
 net-dns/pdns-recursor/pdns-recursor-4.0.7.ebuild   |  77 ++++++++++
 .../pdns-recursor-4.1.0_rc3-r1.ebuild              |  84 +++++++++++
 .../pdns-recursor/pdns-recursor-4.1.0_rc3.ebuild   |  74 ----------
 net-dns/pdns/Manifest                              |  12 +-
 net-dns/pdns/files/CVE-2017-15091-4.0.4.patch      |  30 ++++
 net-dns/pdns/metadata.xml                          |   1 +
 net-dns/pdns/pdns-4.0.4-r1.ebuild                  | 157 +++++++++++++++++++++
 net-dns/pdns/pdns-4.0.5.ebuild                     | 153 ++++++++++++++++++++
 net-dns/pdns/pdns-4.1.0.ebuild                     | 153 ++++++++++++++++++++
 net-dns/pdns/pdns-4.1.0_rc3.ebuild                 | 151 --------------------
 31 files changed, 1440 insertions(+), 427 deletions(-)
 delete mode 100644 net-dns/knot/knot-2.4.5.ebuild
 delete mode 100644 net-dns/knot/knot-2.6.1.ebuild
 create mode 100644 net-dns/knot/knot-2.6.3.ebuild
 create mode 100644 net-dns/libidn/files/libidn-1.33-parallel-make.patch
 create mode 100644 net-dns/libidn/libidn-1.33-r2.ebuild
 create mode 100644 net-dns/nsd/nsd-4.1.18.ebuild
 create mode 100644 net-dns/pdns-recursor/files/CVE-2017-15090-4.0.6.patch
 create mode 100644 net-dns/pdns-recursor/files/CVE-2017-15092-4.0.6.patch
 create mode 100644 net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch
 create mode 100644 net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch
 create mode 100644 net-dns/pdns-recursor/pdns-recursor-4.0.6-r1.ebuild
 create mode 100644 net-dns/pdns-recursor/pdns-recursor-4.0.7.ebuild
 create mode 100644 net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild
 delete mode 100644 net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3.ebuild
 create mode 100644 net-dns/pdns/files/CVE-2017-15091-4.0.4.patch
 create mode 100644 net-dns/pdns/pdns-4.0.4-r1.ebuild
 create mode 100644 net-dns/pdns/pdns-4.0.5.ebuild
 create mode 100644 net-dns/pdns/pdns-4.1.0.ebuild
 delete mode 100644 net-dns/pdns/pdns-4.1.0_rc3.ebuild

(limited to 'net-dns')

diff --git a/net-dns/Manifest.gz b/net-dns/Manifest.gz
index c34b57632fc1..4889a3e8824e 100644
Binary files a/net-dns/Manifest.gz and b/net-dns/Manifest.gz differ
diff --git a/net-dns/avahi/Manifest b/net-dns/avahi/Manifest
index 9fde17b6f221..a114cbcf2676 100644
--- a/net-dns/avahi/Manifest
+++ b/net-dns/avahi/Manifest
@@ -10,13 +10,13 @@ AUX avahi-0.6.31-invalid_packet.patch 1073 BLAKE2B a6ae5008e20f620c2314616483cc9
 AUX avahi-0.6.31-so_reuseport-may-not-exist-in-running-kernel.patch 1265 BLAKE2B 093a68402eee840ea72b9c09e1cfff5ba9c2c75df385dc483bca0381bdff4e5e01b6a64aff988448b71e5bb50e4dbcf28c96b10932be1964469ec8755a03f301 SHA512 f575e3ba1c704ec3bf92ffd8344a104f35026e6738720955caa23549f602f491c5e209188c5c00189b269e79e6120021d02cc07fbdea22a7c99ce7682f017fe7
 AUX avahi-0.6.32-openrc-0.21.7-fix-init-scripts.patch 918 BLAKE2B 3ed83f437b82bc98253df8a72dbd9e5a2d018e3b3e7711f04919b4926d6c8e8b0ec9531c9021453ae576cbb9919a8daaec85b721b5858355f9f6fd2fd609bffd SHA512 c62167c538af81362abba5a4012336f5d12aa20edc3cbb69f305ba89be90e4c62e1ce1613779d3ad0cbfba99e4ff46b803e4a26fe72cefefd628827a610318a3
 AUX avahi-0.6.x-openrc-0.9.x-init-scripts-fixes.patch 633 BLAKE2B 900926dbe6a0716ef37d95bc37c0115d02e48d3cfdda26ce86dc020ae0ab3b5fedbe6f5a50631b17fb210621839ac25a1bd43bfdd95a908e248a226670153d95 SHA512 c2d11b243acdc058cde03b872dccbbbd44a7a584adf168f16016f29c7a5d9d8668095b781f53102feba8b9c80b2cbbd788c9b327d9d1e2e552fbdcf3c2960517
-DIST avahi-0.6.31.tar.gz 1268686 SHA256 8372719b24e2dd75de6f59bb1315e600db4fd092805bd1201ed0cb651a2dab48 SHA512 53eb00d570a274d841e1e6ad07da077950089ae39b4f7aa21fcd21cc5320b30b506b43e7e57e56198e155cc7bd289b779a48b2b2fc002dc6194a946110451858 WHIRLPOOL a6d97b87dfbb81be359ee03d8f32ebafdbb311bd596d686aeb55a2952ecb6c7c84466b1230e70392ffe23a20a56da7e0a5bd00c8dc1812b2156c0b4a8022144f
-DIST avahi-0.6.32.tar.gz 934004 SHA256 7eb693d878246f0cd05034173fb3ed53447a84dd3b7f01745313cad11071226e SHA512 e6dc788cc8691288ef001007006719b5eb022d484ee6fc84e68a7d227af5993e4d09484b824998155e5b25fc0ffc014beb8961d312982f63b82b10a6e2edee18 WHIRLPOOL e139eca2d1698976a5fca21361c037dd2b1c075654b01674bea3fa22db70067999aba2a61cbfcf69281d5274f5080450e24cf64f9cec1702d142e129fbf03dc7
-DIST avahi-0.7.tar.gz 940047 SHA256 fd45480cef0559b3eab965ea3ad4fe2d7a8f27db32c851a032ee0b487c378329 SHA512 61f656da7614d8cca1862180038f571db3474c84f05db4d3509f614cdbf8b1a1047661b7e24d63682d5b48ed1bfa1b08b3c9e6dbe9222bcd62d99bc168a11abe WHIRLPOOL bb6f2763309f8426bc65e81f41ac2205076d6f5f9e84f1bba6ed998595c5c2db126b30bf376286f5bd6e61605c3b219fbce9ee325585d2e463d3ef43bc6bcc1a
+DIST avahi-0.6.31.tar.gz 1268686 BLAKE2B 959526c69855495948222709227c7c0d07653bb91f223d80e3d1b6ee16b03952015634984fe754c2c828f76035cd966131eeb047fe4c922493c129a77b14d2be SHA512 53eb00d570a274d841e1e6ad07da077950089ae39b4f7aa21fcd21cc5320b30b506b43e7e57e56198e155cc7bd289b779a48b2b2fc002dc6194a946110451858
+DIST avahi-0.6.32.tar.gz 934004 BLAKE2B 76bbff65075bbc49d52b1e406373c4856622c22364cb5f1a4ccc0bf04a6dc7d54c58753a8cce6622e4fc62dc22086659ffbd157aeb1a6a30de353d08fd08a307 SHA512 e6dc788cc8691288ef001007006719b5eb022d484ee6fc84e68a7d227af5993e4d09484b824998155e5b25fc0ffc014beb8961d312982f63b82b10a6e2edee18
+DIST avahi-0.7.tar.gz 940047 BLAKE2B 8299577bf27ee65fad5d743dbf94202b148a6fc86825cae303f94c44482eea07cf6570d970ca286e81a787d6a64598b7123f2ac17a259ddc50ef431b9c94b530 SHA512 61f656da7614d8cca1862180038f571db3474c84f05db4d3509f614cdbf8b1a1047661b7e24d63682d5b48ed1bfa1b08b3c9e6dbe9222bcd62d99bc168a11abe
 EBUILD avahi-0.6.31-r10.ebuild 6444 BLAKE2B deee480926a554f671ba7d6a3425ac1292b429581952c377f440fae12da2f0896037dbe885a8c7991b8c55329098d07c2fcbf87bca8a1bb2c1ef9427378003b2 SHA512 231567dcc74fbe09a4d18cc52074430b2f8c552c2e1212207af5879d6234f0067eebef495872c0c589d77f8fad177d05247f9927dc648963ee9f1e792335da81
 EBUILD avahi-0.6.31-r11.ebuild 6261 BLAKE2B a11de83cced8adec29e5a3df8ad09fc2dd16d8247dc2e72b208ddb3de86a695d8d164920e2f3e96086d5ead5b251a49c380f2a61764bbdb6b3500dd39e98c7d4 SHA512 0a0645d1c38fcde7d34dfdd38f21ab177cfac21bbc01def180ec9fb0f311ce0273565f425c096c6ee29ec20651818136da166d4c3b26d29c8d7f8473a0cd4ed1
 EBUILD avahi-0.6.32-r1.ebuild 5732 BLAKE2B 6b17c7e9d223e288e309ef3f51326bff5d3e895e12a1db585f0fe3a086ba0a80bfaccb0d9ef79b769200fe985be92826efb64eb071ca93c79d82a4addde91b98 SHA512 d26256a031d5d7ce6cf58ff4c98d5a88ed93498d0383e1a425e88bc9f1de4ee18c0b2ab6e987163b5a27acc807199c8f91276e449dc6d951607c1dfddfaa74c4
 EBUILD avahi-0.6.32-r2.ebuild 5855 BLAKE2B bf094e3aafa5e289cd9f36290b649c2d152598583d90c19f1cb92c5a5a8c3d0d40c238fa428ac3beb355a6c7e7ed8e8584c19c7af8fc4dfaafb8cb234fa65534 SHA512 44aef809779706e5f0e8c5e047b69a795a7d450a59e7fed174c2f7cb5043f6c9d547daff6699ee9e28e9af3ba02caa54a5293ec8ef11219c35bda4b9f3cfdb00
 EBUILD avahi-0.6.32.ebuild 5584 BLAKE2B 48672b141bd86b76838acae05f4d6e3f4fffeb686e42e058b8b8c3c771568df7ca12bee6a215079729d585d6415c30146787e73aeb1b84abafbff5da00ec9b48 SHA512 031b6ea7962717de7f984c78a2814312610b86ce391a2474117b34b2e8c542a6de49b75998c99639f866f415b878ed58f807a12ea713d3b1d15ef0657013e4a0
-EBUILD avahi-0.7.ebuild 5077 BLAKE2B 174c1a56ca82c9fa152293c221bbc39ac7e18e96bfca0f781071152881e346bc0dc063f9e21425eb561f50c3e27676d4b7dd451381f48b8226c4037ded5aaffd SHA512 94164abcfddac6512881bac7966bb927cd7c00f7448bbf73e3239d0f267714688f312f2cca498d09c329785be13c6fe38afeafacd67667f280b1d4b3a936fc69
+EBUILD avahi-0.7.ebuild 5076 BLAKE2B e07c7c60560512c6cc81d23cb513deb28dcc262572ad142229c9455c655d0d0f69188e03e9f99872c59e167a24b1320845e490ac392bd8cd8d7fa36cea1bf9ee SHA512 bf426937dc7c980aa252e2c627e54b2187624a0548e9961b23a04b7a513bbddaca69eace9d2ccee60c55add7acfd47da81b4c76f7c236f2da5713a3d30569aa0
 MISC metadata.xml 970 BLAKE2B 26904ceb3a89833caa77e2315d99be8ef729277a021faa3800a1cd0abe94c516d53176e65668d00687a6bb6ee807a2011106268f14a4d5012c27132e4fca4f3c SHA512 b9498d4757b6bd793846e4cbdd5c37da601a8e1430cafd1a6039ff54f8ff10576684c58801ebc679061f975cefa5909c94c30976e84354a5fcc7d2a586f7fa8e
diff --git a/net-dns/avahi/avahi-0.7.ebuild b/net-dns/avahi/avahi-0.7.ebuild
index 21c675f3d422..9c41455180c0 100644
--- a/net-dns/avahi/avahi-0.7.ebuild
+++ b/net-dns/avahi/avahi-0.7.ebuild
@@ -19,7 +19,7 @@ S="${WORKDIR}/${P}"
 LICENSE="LGPL-2.1"
 SLOT="0"
 #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~mips ~ppc ~ppc64 sparc x86"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~mips ppc ~ppc64 sparc x86"
 IUSE="autoipd bookmarks dbus doc gdbm gtk gtk3 howl-compat +introspection ipv6 kernel_linux mdnsresponder-compat mono nls python qt4 selinux test"
 
 REQUIRED_USE="
diff --git a/net-dns/knot/Manifest b/net-dns/knot/Manifest
index f9223aa0132e..21d4e503b52d 100644
--- a/net-dns/knot/Manifest
+++ b/net-dns/knot/Manifest
@@ -1,11 +1,10 @@
 AUX knot-1.service 337 BLAKE2B a6645b2ab92612f3c6640f4e9601cefe087a519d8a40b222e05dbd44c8b8c5c87a01d500d5ac328fdee1cae3f9dd126448a8b82b979e13a4ff5285fa48b983d5 SHA512 58c4186e57ebd00b86dae34d5d208ed8801c0376da40cccb23b3d4542a7ee04a1003a12a4b89347b76a384b50eae4a61f96164bf22ec987ce05b1c65691659e7
 AUX knot.init 861 BLAKE2B 30ffe287f4f83058407ceab00b2113dade3b60b38d76c86f156cc31c33cc4f2ec8cf7f22172823755b71385ca18cc1044605b5479c9de05284f911d500b5dc40 SHA512 e5faa96cbee618e9042bdfd0628f06c4bc4d23c7295521771e16f6eae715835a240799e8425317b03b1ea162966defb5d6b6592139cb1d9d61b47a24961ec9b9
 AUX knot.service 275 BLAKE2B c39b50630a84cb20d33a02ad82c0fc0c994b098766af0cd3e11b4ac6e2f6e6ebc38d6e5b99c358d5e771022fd6ad14fb7e04e95fd77ba677d10950e1fc52e9a9 SHA512 37c4700320a2781aa93ca92bc2634c3e080c87337b7d632d0e2fa23f6e2e8fa1985d1d8e2516fed02b612da4d340472d5f8d0ae37c5b323ac17bbd61ca243a86
-DIST knot-2.4.5.tar.xz 1111536 SHA256 87ce8ccc83511c5a1f4eadd3f0122f2f5ae86fb68e9b72f0700c6f5340ba95cb SHA512 db4919dbe2dc688f401e6611d784d47e1d40a0f8ec8c8cd6240d89ab9dd2ce7dd1976ac7cb24c712ed8aa074e0026ff0a10e9d6d5e685929d271ae554d9a1cff WHIRLPOOL cdfdf0bc2591df8436f8ab0959581129cb1a4d86138f6bb75b507d83280c7d567eb794e3b76b8374d4087721de53e4afd7566411b8e51fa2655e9e5462357ef4
-DIST knot-2.5.6.tar.xz 1081756 SHA256 37d1625c2aaefe2394c85f6742a6ae9421e8348318c13119a6c451796c387cfc SHA512 dcc58791469c8e4724a47b47105bf0c047bcf62611d6803a07a856bb281d72a397b186210087ff8f145232315bbd9baa194a7cdef10d1ebb36ca3b8c0a0c7379 WHIRLPOOL 199470662eb55971f5581a97d396342664789eb5803ae570598b4254bc14ad8f8fb9ca21198a42a26506fb7d29ed9417c42730651bd9ec38c48c50dbedf4726a
-DIST knot-2.6.1.tar.xz 1112956 SHA256 3013d45b4c7484268f3cad078f66f730a5bc9606e6b1061488dd821c1dce41e3 SHA512 f4eaf311adcdfd13628c7174333bcc766b300be573f7df32eaaf162c5857e0ba35ce5a5e022f799c95618203abbe8db93e2364f172a87c4dd4eaf90b30ef8428 WHIRLPOOL f69c58c9211b18e512e851044ba830c4011618175f6b78a37702e1afe9ed70ab244b1077a2d6ece745d064d2ad0131f61405c5fe811b108e85d86cd428fa4d7b
-EBUILD knot-2.4.5.ebuild 1531 BLAKE2B 3b35f384213778ef51d951a3096cb229da09605980ef3d7852d93a0c6b55faddbace2bc8aeeed9e215f44bd89d78524b960d02c49f7999fb5324cb2e7ef9e479 SHA512 908ebfce7b6ecd87171efe02b39ac43b8fd91aabf17da072fddd270b8bb10063e161dad188036dcf68d21046b56c8611fc9f443ebea39949747e1d4403a94405
+DIST knot-2.5.6.tar.xz 1081756 BLAKE2B a016be4b7080175cc83bacc23cbf08b15e5c8dcdd63da0d6ca61dcbd8aa2d75952a2becf7c9f2f65b43e004bd54641198afc6402a0714046a4f631aaa193ae2d SHA512 dcc58791469c8e4724a47b47105bf0c047bcf62611d6803a07a856bb281d72a397b186210087ff8f145232315bbd9baa194a7cdef10d1ebb36ca3b8c0a0c7379
+DIST knot-2.6.1.tar.xz 1112956 BLAKE2B 28c2c2318713c63ce389ab768bedbcf3b2799d9d660d978e77ba68e40aff40de8eb0e31cc7b42d00230beff418ba2d20032e2e01c5dc26a6813e02e10711195a SHA512 f4eaf311adcdfd13628c7174333bcc766b300be573f7df32eaaf162c5857e0ba35ce5a5e022f799c95618203abbe8db93e2364f172a87c4dd4eaf90b30ef8428
+DIST knot-2.6.3.tar.xz 1112408 BLAKE2B c2a04e951427fe667b1bef63f4ca4fca8fa099f7c7a0a7e61562a5a5f9f44208118f59debbf67eabba72c5f924412c54f650450e71c592f033d99d061060f103 SHA512 51e1c2abe6149173ded2c48e70ca9a563f76013aae95e53e9c4b5c2325bce44b21b410f7ce773012bc6e6d0b3db21aeffd697669fbeb34137af70af5dcd3f157
 EBUILD knot-2.5.6.ebuild 1913 BLAKE2B 86572fd9237d904d497bf488eaa5c97d1d3b3800ab5d0ea9b198f9a5a32b945d384dc7f683ea0530712f1bba6a3cfbf20e7534b0b317736d2b3f078f5ceaa0c0 SHA512 d2c4e59cb2ba96561f23b8b22be8c494689549d569d2fe785793723ed7035bf778db5494ad2c5ce0e90e72b41bf3080ef7cd3791d4b943cede97a9428bc7aee6
 EBUILD knot-2.6.1-r1.ebuild 1921 BLAKE2B 30e12315e77029da6f88dbfbbe262ca0f800f5599b7ffc093adf7ac7897dcd212dbc445c8666899ab8705370ac81b0324950a889fbcc370e8ecdf555972f29e7 SHA512 78467d6a4ab72ca5e310865324f953d8f57a2f96be2eeb2b3212684b25d449639d99ec8df24daab6f43ef853394dbf7ce047faacce9547c86adcde946975fadf
-EBUILD knot-2.6.1.ebuild 1913 BLAKE2B 86572fd9237d904d497bf488eaa5c97d1d3b3800ab5d0ea9b198f9a5a32b945d384dc7f683ea0530712f1bba6a3cfbf20e7534b0b317736d2b3f078f5ceaa0c0 SHA512 d2c4e59cb2ba96561f23b8b22be8c494689549d569d2fe785793723ed7035bf778db5494ad2c5ce0e90e72b41bf3080ef7cd3791d4b943cede97a9428bc7aee6
+EBUILD knot-2.6.3.ebuild 1921 BLAKE2B 30e12315e77029da6f88dbfbbe262ca0f800f5599b7ffc093adf7ac7897dcd212dbc445c8666899ab8705370ac81b0324950a889fbcc370e8ecdf555972f29e7 SHA512 78467d6a4ab72ca5e310865324f953d8f57a2f96be2eeb2b3212684b25d449639d99ec8df24daab6f43ef853394dbf7ce047faacce9547c86adcde946975fadf
 MISC metadata.xml 1539 BLAKE2B c07704f4bbf249b7953403a33c71d7565ef2219b019dbccdc15d9d459ff57f0aa200ed5ae9ab74b07e352d8dcd12f62f5d7bb392b064dbeedad3257ced653675 SHA512 8b39c687fb8b9fb4bf25e0baa8c851ffb4980c0028bf0f64a3c642146139429e292c6ca3fbd01b7bb311ecbbe7bf1df128885b53971b836f541fe97bedf6f056
diff --git a/net-dns/knot/knot-2.4.5.ebuild b/net-dns/knot/knot-2.4.5.ebuild
deleted file mode 100644
index 50af785a49d1..000000000000
--- a/net-dns/knot/knot-2.4.5.ebuild
+++ /dev/null
@@ -1,78 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit bash-completion-r1 eutils systemd user
-
-DESCRIPTION="High-performance authoritative-only DNS server"
-HOMEPAGE="http://www.knot-dns.cz/"
-SRC_URI="https://secure.nic.cz/files/knot-dns/${P/_/-}.tar.xz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="dnstap doc caps +fastparser idn systemd"
-
-RDEPEND="
-	>=net-libs/gnutls-3.3:=
-	>=dev-libs/jansson-2.3
-	>=dev-db/lmdb-0.9.15
-	>=dev-libs/userspace-rcu-0.5.4
-	caps? ( >=sys-libs/libcap-ng-0.6.4 )
-	dnstap? (
-		dev-libs/fstrm
-		dev-libs/protobuf-c
-	)
-	idn? ( net-dns/libidn )
-	dev-libs/libedit
-	systemd? ( sys-apps/systemd )
-"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig
-	doc? ( dev-python/sphinx )
-"
-
-S="${WORKDIR}/${P/_/-}"
-
-src_configure() {
-	econf \
-		--with-storage="${EPREFIX}/var/lib/${PN}" \
-		--with-rundir="${EPREFIX}/var/run/${PN}" \
-		--with-lmdb \
-		--with-bash-completions="$(get_bashcompdir)" \
-		$(use_enable fastparser) \
-		$(use_enable dnstap) \
-		$(use_enable doc documentation) \
-		$(use_with idn libidn) \
-		--enable-systemd=$(usex systemd)
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		emake -C doc html
-		HTML_DOCS=( doc/_build/html/{*.html,*.js,_sources,_static} )
-	fi
-}
-
-src_test() {
-	emake check
-}
-
-src_install() {
-	default
-
-	keepdir /var/lib/${PN}
-
-	newinitd "${FILESDIR}/knot.init" knot
-	systemd_dounit "${FILESDIR}/knot.service"
-
-	prune_libtool_files
-}
-
-pkg_postinst() {
-	enewgroup knot 53
-	enewuser knot 53 -1 /var/lib/knot knot
-}
diff --git a/net-dns/knot/knot-2.6.1.ebuild b/net-dns/knot/knot-2.6.1.ebuild
deleted file mode 100644
index 0baf4877502e..000000000000
--- a/net-dns/knot/knot-2.6.1.ebuild
+++ /dev/null
@@ -1,102 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit systemd user
-
-DESCRIPTION="High-performance authoritative-only DNS server"
-HOMEPAGE="https://www.knot-dns.cz/"
-SRC_URI="https://secure.nic.cz/files/knot-dns/${P/_/-}.tar.xz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-
-KNOT_MODULES=(
-	"+dnsproxy"
-	"dnstap"
-	"+noudp"
-	"+onlinesign"
-	"rosedb"
-	"+rrl"
-	"+stats"
-	"+synthrecord"
-	"+whoami"
-)
-IUSE="doc caps +fastparser idn libidn2 systemd +utils ${KNOT_MODULES[@]}"
-
-RDEPEND="
-	>=dev-db/lmdb-0.9.15
-	dev-libs/libedit
-	>=dev-libs/userspace-rcu-0.5.4
-	dev-python/lmdb
-	>=net-libs/gnutls-3.3:=
-	caps? ( >=sys-libs/libcap-ng-0.6.4 )
-	dnstap? (
-		dev-libs/fstrm
-		dev-libs/protobuf-c
-	)
-	idn? (
-		!libidn2? ( net-dns/libidn )
-		libidn2? ( >=net-dns/libidn2-2.0.0 )
-	)
-	systemd? ( >=sys-apps/systemd-229 )
-"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig
-	doc? ( dev-python/sphinx )
-"
-
-S="${WORKDIR}/${P/_/-}"
-
-src_configure() {
-	local u
-	local my_conf=()
-	for u in "${KNOT_MODULES[@]#+}"; do
-		my_conf+=("$(use_with $u module-$u)")
-	done
-
-	econf \
-		--with-storage="${EPREFIX}/var/lib/${PN}" \
-		--with-rundir="${EPREFIX}/var/run/${PN}" \
-		$(use_enable fastparser) \
-		$(use_enable dnstap) \
-		$(use_enable doc documentation) \
-		$(use_enable utils utilities) \
-		--enable-systemd=$(usex systemd) \
-		$(use_with idn libidn) \
-		"${my_conf[@]}"
-}
-
-src_compile() {
-	default
-
-	if use doc; then
-		emake -C doc html
-		HTML_DOCS=( doc/_build/html/{*.html,*.js,_sources,_static} )
-	fi
-}
-
-src_test() {
-	emake check
-}
-
-src_install() {
-	default
-
-	rmdir "${D}var/run/${PN}" "${D}var/run/" || die
-	keepdir /var/lib/${PN}
-
-	newinitd "${FILESDIR}/knot.init" knot
-	if use systemd; then
-		systemd_newunit "${FILESDIR}/knot-1.service" knot
-	fi
-
-	find "${D}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
-	enewgroup knot 53
-	enewuser knot 53 -1 /var/lib/knot knot
-}
diff --git a/net-dns/knot/knot-2.6.3.ebuild b/net-dns/knot/knot-2.6.3.ebuild
new file mode 100644
index 000000000000..90e03e2d7048
--- /dev/null
+++ b/net-dns/knot/knot-2.6.3.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit systemd user
+
+DESCRIPTION="High-performance authoritative-only DNS server"
+HOMEPAGE="https://www.knot-dns.cz/"
+SRC_URI="https://secure.nic.cz/files/knot-dns/${P/_/-}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+KNOT_MODULES=(
+	"+dnsproxy"
+	"dnstap"
+	"+noudp"
+	"+onlinesign"
+	"rosedb"
+	"+rrl"
+	"+stats"
+	"+synthrecord"
+	"+whoami"
+)
+IUSE="doc caps +fastparser idn libidn2 systemd +utils ${KNOT_MODULES[@]}"
+
+RDEPEND="
+	>=dev-db/lmdb-0.9.15
+	dev-libs/libedit
+	>=dev-libs/userspace-rcu-0.5.4
+	dev-python/lmdb
+	>=net-libs/gnutls-3.3:=
+	caps? ( >=sys-libs/libcap-ng-0.6.4 )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c
+	)
+	idn? (
+		!libidn2? ( net-dns/libidn )
+		libidn2? ( >=net-dns/libidn2-2.0.0 )
+	)
+	systemd? ( >=sys-apps/systemd-229 )
+"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	doc? ( dev-python/sphinx )
+"
+
+S="${WORKDIR}/${P/_/-}"
+
+src_configure() {
+	local u
+	local my_conf=()
+	for u in "${KNOT_MODULES[@]#+}"; do
+		my_conf+=("$(use_with $u module-$u)")
+	done
+
+	econf \
+		--with-storage="${EPREFIX}/var/lib/${PN}" \
+		--with-rundir="${EPREFIX}/var/run/${PN}" \
+		$(use_enable fastparser) \
+		$(use_enable dnstap) \
+		$(use_enable doc documentation) \
+		$(use_enable utils utilities) \
+		--enable-systemd=$(usex systemd) \
+		$(use_with idn libidn) \
+		"${my_conf[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc; then
+		emake -C doc html
+		HTML_DOCS=( doc/_build/html/{*.html,*.js,_sources,_static} )
+	fi
+}
+
+src_test() {
+	emake check
+}
+
+src_install() {
+	default
+
+	rmdir "${D}var/run/${PN}" "${D}var/run/" || die
+	keepdir /var/lib/${PN}
+
+	newinitd "${FILESDIR}/knot.init" knot
+	if use systemd; then
+		systemd_newunit "${FILESDIR}/knot-1.service" knot.service
+	fi
+
+	find "${D}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	enewgroup knot 53
+	enewuser knot 53 -1 /var/lib/knot knot
+}
diff --git a/net-dns/libidn/Manifest b/net-dns/libidn/Manifest
index e1bcd73501c6..79294f0e34da 100644
--- a/net-dns/libidn/Manifest
+++ b/net-dns/libidn/Manifest
@@ -1,6 +1,8 @@
 AUX 50libidn-gentoo.el 455 BLAKE2B d6d3a0576c1d0b5030ae32ed5c99e198f06faa897864d06251b07ee2fd3ecbac16347d633644f30dc7428e5bdf9747b0a4d51d7541601d3fbd4be6f9f746693f SHA512 13bcc7078ae8e088014323707d451c0bfdb53414e550945248a9648afa81681db013cb523eae71116c84f1dcfbb3b87e8743971775b75c4ce6dad914b3b0a501
-AUX libidn-1.33-CVE-2017-14062.patch 938 BLAKE2B df990e1f45dd055707bf1918a63444000588ca877e754d9909b062370fca99004654e0439be4e68a13214135a90ec47719679f5794c8b32fa709c4c3abbaa811 SHA512 a78a57fe5583cb02239fbff11d33b1ee1f84b91817c5376ed441173be5fa47337019b0b098a5134c19f1f62ab5efac0621dd8fc922ec09de21481b9905638f20
-DIST libidn-1.33.tar.gz 3501056 SHA256 44a7aab635bb721ceef6beecc4d49dfd19478325e1b47f3196f7d2acc4930e19 SHA512 38dd459eaeda0c9e3cc2d24d967113515a499747550a2a9157f32357def90d71a3a3b52398e96a44a28cd5948dc353b0473c4ff0453a69720191c4cb49cac2c6 WHIRLPOOL 3b0c44742c2515e09eaf8f16f32f30bc37478a6273765d71dd9a9283f501998b6d85583cd38810bbdbd6103855e77831360010d707d29956798e3f5d066b0e82
+AUX libidn-1.33-CVE-2017-14062.patch 2348 BLAKE2B 4f9606d25405d950f23444886e423008d928991b23c5a05a8de794eea18f236aa8f4b53b7945f4340aa3b2f4f7aa9c63d5dadaf3bc0513ee3f5e27ecb9040a7a SHA512 25e6ff17d2d6886fec51db7e9584bbb7aff9b717c23accf7c956611f1bf4c965cc5f51837367c410b7c8c29c58170e94e2e0146e9e2921b3a0c5bc411bcddfbb
+AUX libidn-1.33-parallel-make.patch 3584 BLAKE2B fbd1f372b11bc1da38bdeb3a8c0f01708339e0a7c23da7f22b450985a2b69c31887a5f686430e5014d1a5c116ae7e03b922c0350f3926e5a43e5cbc6cdbbfb83 SHA512 de98b4122c272bcd38a673beab8da56fac5b4c877d4bc0930505979addf4cc4e85fcf065ee9044d1196e83b1d2d5389ee8dceac4ffe7bf623a3f3c7bc7aca4f1
+DIST libidn-1.33.tar.gz 3501056 BLAKE2B ce6319dc61dd825cf7ddb33f4279c178709e16ce2815c3d1a464bba6b5c6cc493107a10a686f349247a0d6023b1b834a650046e68da9f2f559870dba13a59384 SHA512 38dd459eaeda0c9e3cc2d24d967113515a499747550a2a9157f32357def90d71a3a3b52398e96a44a28cd5948dc353b0473c4ff0453a69720191c4cb49cac2c6
 EBUILD libidn-1.33-r1.ebuild 2985 BLAKE2B 55e2923d045ba06bb02ac9a56cbe3c05f8828cc088062fb90a809d9522612a27714314bc7f6151a2812ba4bb43c08113f6f24401863888c68e74814ef9d532c5 SHA512 e63496fa71b9ad23a725f0be9dbbf864970a506fc92033efa178c92d515cf21785ebeccf33065b7c096e052a1f0c60c4c9d5dd98586b0ed5ae0f17d7808daa14
+EBUILD libidn-1.33-r2.ebuild 3033 BLAKE2B 5dcb80c32820b2e70ec0e49a4bcbae937024152a63857defbfe72eeeb6bd9b14fafd1b9ac2f564faf4062073800d240e1bd02f4933d77bc1a48a3819652bb18d SHA512 74f704b27b17b215de6908cfd6b1c853892a856010200052bfcd74f0969d9c652e3306fca092890f4de0ac8dc03ea8f19c5fd0e0f44742544b5e29cc32be078c
 EBUILD libidn-1.33.ebuild 2805 BLAKE2B 6a59cccf9c5152341e304217d6a5e162158b0b8c3fcc8f60b74f1aebf1c76493d1542f67eb278ddfb0db5c942bee992b7706e694179318685f62ae065ea54f54 SHA512 863f325f2ed868a6b78d542fe584538d67ff6bbe99b1e181416b43c919cfdfc417bd92dc424657d0a632c838735826be7bbfdc82632e04cdeaf5e3bbd4351a15
 MISC metadata.xml 244 BLAKE2B 9c6750147c240d7416fad33e04b53730dc89cbb615648a7f3defeed3ec058aeee6dbed55a1f81241417b42ca9f7daec177c725692166a5ba08765b5dcf5a6bc5 SHA512 1da71f4fae0251c97a8fcfa1e13b0a3f8b95a856fa919ebd30bf4f2f1b8fa900841db09ebc2a0ae9fe0d91f786ac40b63290382668412fcb05bca15b0746f1db
diff --git a/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch b/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch
index 2ddf3fdd6be2..5c2e0a91b2e3 100644
--- a/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch
+++ b/net-dns/libidn/files/libidn-1.33-CVE-2017-14062.patch
@@ -30,3 +30,48 @@ index 86819a7..49250a1 100644
 -- 
 1.9.1
 
+From 6c8a9375641ca283b50f9680c90dcd57f9c44798 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Wed, 4 Oct 2017 15:22:43 +0200
+Subject: [PATCH] lib/punycode.c (decode_digit): Really fix integer overflow
+
+The fix in commit e9e81b8063b095b02cf104bb992fa9bf9515b9d8
+was incomplete.
+
+Reported-by: Christian Weisgerber
+---
+ lib/punycode.c   | 4 ++--
+ tests/tst_idna.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/punycode.c b/lib/punycode.c
+index 49250a1..d475b6d 100644
+--- a/lib/punycode.c
++++ b/lib/punycode.c
+@@ -91,8 +91,8 @@ enum
+ static unsigned
+ decode_digit (int cp)
+ {
+-  return (unsigned) cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
+-    cp - 97 < 26 ? cp - 97 : base;
++  return (unsigned) (cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 :
++    cp - 97 < 26 ? cp - 97 : base);
+ }
+ 
+ /* encode_digit(d,flag) returns the basic code point whose value      */
+diff --git a/tests/tst_idna.c b/tests/tst_idna.c
+index 4ac046f..7fb58b9 100644
+--- a/tests/tst_idna.c
++++ b/tests/tst_idna.c
+@@ -211,7 +211,7 @@ static const struct idna idna[] = {
+     'x', 'n', '-', '-', 'f', 'o', 0x3067},
+    IDNA_ACE_PREFIX "too long too long too long too long too long too "
+    "long too long too long too long too long ", 0,
+-   IDNA_CONTAINS_ACE_PREFIX, IDNA_PUNYCODE_ERROR}
++   IDNA_CONTAINS_ACE_PREFIX, IDNA_INVALID_LENGTH}
+ };
+ 
+ void
+-- 
+1.9.1
+
diff --git a/net-dns/libidn/files/libidn-1.33-parallel-make.patch b/net-dns/libidn/files/libidn-1.33-parallel-make.patch
new file mode 100644
index 000000000000..2d237f3e27b1
--- /dev/null
+++ b/net-dns/libidn/files/libidn-1.33-parallel-make.patch
@@ -0,0 +1,115 @@
+From 4709e64fef29ca8ddd5b0878e3126640bd1480c2 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Wed, 4 Oct 2017 15:02:49 +0200
+Subject: [PATCH] * src/Makefile.am: Fix rule for parallel builds
+
+---
+ src/Makefile.am | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 6832c20..218d52e 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -35,7 +35,8 @@ libidn_cmd_la_SOURCES =  idn.ggo idn_cmd.c idn_cmd.h
+ libidn_cmd_la_LIBADD = ../gl/libgnu.la
+ libidn_cmd_la_CFLAGS =
+ 
+-idn_cmd.c idn_cmd.h: idn.ggo Makefile.am
++# pattern rule (%) needed for parallel make (-j)
++idn_cmd%c idn_cmd%h: idn.ggo
+ 	gengetopt --unamed-opts --no-handle-version --no-handle-help \
+ 		--set-package="idn" \
+ 		--input $^ --file-name idn_cmd
+-- 
+1.9.1
+
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -1,7 +1,7 @@
+-# Makefile.in generated by automake 1.14.1 from Makefile.am.
++# Makefile.in generated by automake 1.15.1 from Makefile.am.
+ # @configure_input@
+ 
+-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
++# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+ 
+ # This Makefile.in is free software; the Free Software Foundation
+ # gives unlimited permission to copy and/or distribute it,
+@@ -34,7 +34,17 @@
+ 
+ 
+ VPATH = @srcdir@
+-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
++am__is_gnu_make = { \
++  if test -z '$(MAKELEVEL)'; then \
++    false; \
++  elif test -n '$(MAKE_HOST)'; then \
++    true; \
++  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
++    true; \
++  else \
++    false; \
++  fi; \
++}
+ am__make_running_with_option = \
+   case $${target_option-} in \
+       ?) ;; \
+@@ -99,8 +109,6 @@
+ host_triplet = @host@
+ bin_PROGRAMS = idn$(EXEEXT)
+ subdir = src
+-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+-	$(top_srcdir)/build-aux/depcomp $(dist_lisp_DATA)
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/lib/gl/m4/ctype.m4 \
+ 	$(top_srcdir)/lib/gl/m4/gnulib-comp.m4 \
+@@ -184,6 +192,8 @@
+ 	$(top_srcdir)/m4/wint_t.m4 $(top_srcdir)/configure.ac
+ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ 	$(ACLOCAL_M4)
++DIST_COMMON = $(srcdir)/Makefile.am $(dist_lisp_DATA) \
++	$(am__DIST_COMMON)
+ mkinstalldirs = $(install_sh) -d
+ CONFIG_HEADER = $(top_builddir)/config.h
+ CONFIG_CLEAN_FILES =
+@@ -294,6 +304,8 @@
+   done | $(am__uniquify_input)`
+ ETAGS = etags
+ CTAGS = ctags
++am__DIST_COMMON = $(srcdir)/Makefile.in \
++	$(top_srcdir)/build-aux/depcomp
+ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ ACLOCAL = @ACLOCAL@
+ ALLOCA = @ALLOCA@
+@@ -863,6 +875,7 @@
+ LT_AGE = @LT_AGE@
+ LT_CURRENT = @LT_CURRENT@
+ LT_REVISION = @LT_REVISION@
++LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+ MAKEINFO = @MAKEINFO@
+ MANIFEST_TOOL = @MANIFEST_TOOL@
+ MKDIR_P = @MKDIR_P@
+@@ -1200,7 +1213,6 @@
+ 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+ 	$(am__cd) $(top_srcdir) && \
+ 	  $(AUTOMAKE) --gnu src/Makefile
+-.PRECIOUS: Makefile
+ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ 	@case '$?' in \
+ 	  *config.status*) \
+@@ -1562,10 +1574,13 @@
+ 	pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
+ 	uninstall-binPROGRAMS uninstall-dist_lispDATA
+ 
++.PRECIOUS: Makefile
++
+ 
+ idn.c: $(BUILT_SOURCES)
+ 
+-idn_cmd.c idn_cmd.h: idn.ggo Makefile.am
++# pattern rule (%) needed for parallel make (-j)
++idn_cmd%c idn_cmd%h: idn.ggo
+ 	gengetopt --unamed-opts --no-handle-version --no-handle-help \
+ 		--set-package="idn" \
+ 		--input $^ --file-name idn_cmd
diff --git a/net-dns/libidn/libidn-1.33-r2.ebuild b/net-dns/libidn/libidn-1.33-r2.ebuild
new file mode 100644
index 000000000000..5e498c6299e0
--- /dev/null
+++ b/net-dns/libidn/libidn-1.33-r2.ebuild
@@ -0,0 +1,126 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit elisp-common java-pkg-opt-2 mono-env multilib-minimal libtool
+
+DESCRIPTION="Internationalized Domain Names (IDN) implementation"
+HOMEPAGE="https://www.gnu.org/software/libidn/"
+SRC_URI="mirror://gnu/libidn/${P}.tar.gz"
+
+LICENSE="GPL-2 GPL-3 LGPL-3 java? ( Apache-2.0 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="doc emacs java mono nls static-libs"
+
+DOCS=( AUTHORS ChangeLog FAQ NEWS README THANKS TODO )
+COMMON_DEPEND="
+	emacs? ( virtual/emacs )
+	mono? ( >=dev-lang/mono-0.95 )
+"
+DEPEND="${COMMON_DEPEND}
+	nls? (
+		>=sys-devel/gettext-0.17
+	)
+	java? (
+		>=virtual/jdk-1.5
+	)
+"
+RDEPEND="${COMMON_DEPEND}
+	nls? (
+		>=virtual/libintl-0-r1[${MULTILIB_USEDEP}]
+	)
+	java? (
+		>=virtual/jre-1.5
+	)
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r5
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)
+"
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.33-CVE-2017-14062.patch
+	"${FILESDIR}"/${PN}-1.33-parallel-make.patch
+)
+
+pkg_setup() {
+	mono-env_pkg_setup
+	java-pkg-opt-2_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# bundled, with wrong bytecode
+	rm "${S}/java/${P}.jar" || die
+
+	# prevent triggering doc updates after punycode.c patch
+	touch doc/texi/punycode* doc/man/punycode* doc/libidn.info || die
+
+	elibtoolize  # for Solaris shared objects
+}
+
+multilib_src_configure() {
+	ECONF_SOURCE=${S} GJDOC=javadoc \
+	econf \
+		$(multilib_native_use_enable java) \
+		$(multilib_native_use_enable mono csharp mono) \
+		$(use_enable nls) \
+		$(use_enable static-libs static) \
+		--disable-silent-rules \
+		--disable-valgrind-tests \
+		--with-lispdir="${EPREFIX}${SITELISP}/${PN}" \
+		--with-packager-bug-reports="https://bugs.gentoo.org" \
+		--with-packager-version="r${PR}" \
+		--with-packager="Gentoo"
+}
+
+multilib_src_compile() {
+	default
+
+	if multilib_is_native_abi; then
+		use emacs && elisp-compile "${S}"/src/*.el
+		use java && use doc && emake -C java/src/main/java javadoc
+	fi
+}
+
+multilib_src_test() {
+	# only run libidn specific tests and not gnulib tests (bug #539356)
+	emake -C tests check
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	if multilib_is_native_abi && use java; then
+		java-pkg_newjar java/${P}.jar ${PN}.jar
+		rm -r "${ED}"/usr/share/java || die
+		use doc && java-pkg_dojavadoc "${S}"/doc/java
+	fi
+}
+
+multilib_src_install_all() {
+	if use emacs; then
+		# *.el are installed by the build system
+		elisp-install ${PN} "${S}"/src/*.elc
+		elisp-site-file-install "${FILESDIR}/50${PN}-gentoo.el"
+	else
+		rm -r "${ED}/usr/share/emacs" || die
+	fi
+
+	einstalldocs
+
+	if use doc ; then
+		dodoc -r doc/reference/html/
+	fi
+
+	prune_libtool_files
+}
+
+pkg_postinst() {
+	use emacs && elisp-site-regen
+}
+
+pkg_postrm() {
+	use emacs && elisp-site-regen
+}
diff --git a/net-dns/nsd/Manifest b/net-dns/nsd/Manifest
index 48a6080f42b9..b28f7c7cea08 100644
--- a/net-dns/nsd/Manifest
+++ b/net-dns/nsd/Manifest
@@ -4,6 +4,8 @@ AUX nsd.service 272 BLAKE2B 66a7d4132246589f71341afd98361f6b02082be3d4e230c86ae6
 AUX nsd_munin_.patch 542 BLAKE2B 13ff49c41683d5bf505e257cd17bf5f3ad06662c00032d79b36be3f96486eb89fdd62a42b5ed4816ad99835366864603568613e27504894340ebb64057e2b2c3 SHA512 6034086d6b6f6980468766c901e92291fea8a32df179561ede2add5918c37bfe3aabf122735d4ae2e28efece394fd3398f9a0cc4d8fdcc1e5da1ca709d2ba6ae
 DIST nsd-4.1.16.tar.gz 1088633 SHA256 7f8367ad23cc5cddffa885e7e2f549123c8b4123db9726df41d99f255d6baab2 SHA512 51135bbf412cdc5d6d9be02af9fef16513f0529155c102debfd6bd68b025d289c684777a8fca57de86b25f68bc94aef89d2cfefb871b8d63048d262f6c8eb8e3 WHIRLPOOL 030da2551abef8cb29e16574155605eb9377836f1a43422e200ba5bc6ede319893d4293018cf0be242d1ac0cfad4c3b40f566c7ad587792186c64102d8c9785f
 DIST nsd-4.1.17.tar.gz 1089526 SHA256 107fa506d18ed6fd0a922d1b96774afd9270ec38ec6b17cd7c46fb9433a03a6c SHA512 4cffa261b1832d0daac095e92542359ffd725918f07ec605c78a9346b1cf4a4bc21bdc59ab388eb7324a170bbd8b122cfa75e7448015b38572b47d18add24a8f WHIRLPOOL c8892dca5f5c625d435cfde3f556ccc7518f3e37b7242892f9c101f4ffa5da1a2ea09083a30942bb1dad91ab70b40b2647339b2a4988f08478db9b6dd2b1c3df
+DIST nsd-4.1.18.tar.gz 1095673 BLAKE2B e3dc86e64614323dbefb334769a8095dc674f422f8e62c91e2918f4622ceac0ebef7dec42d5a714b15ad2f3af368ba817239a0027d3a685abf603cf00e9fa9d1 SHA512 d9939b8813677127ccd3e87e709b27a8a4f96cc0221ab77563d9349cb6dd56ae39bb7349ede9aed9aaa07de9310bcaeb8be8b17f608e9c4714b4fb084f2e756f
 EBUILD nsd-4.1.16.ebuild 2785 BLAKE2B 70dbdff83803797fdc08266b117554715aa74f577ed5c1681bc913cd0d60f189a1a25291e23b9a4b544530e140f79182c5dd4b6938df529c13d4f1b449cc1200 SHA512 92ddc87fb87c7534969bb5fa10b6365dcf586d461440c82e8c2d48668a02e1cc314641e4f5230474572c1f176498bcf75a115983d80a33c91061ce0aa2dafe2a
 EBUILD nsd-4.1.17.ebuild 2787 BLAKE2B 936a4eb30655c074403f323f8111c034aa5d8704cb76fa08d486694ba989a3a7bf3485e11126fdea399fa3da403a0ab65359a1a325cfaeabab019cfd8b49dacb SHA512 2d7fc76f8228583eba7944f490e2f25f6ba8defdff0cc71f7c447b1f1cce1584fddd768371a9fa7f6b0a80eee12e4d9d125f7e03c4417893dfa0acaa3d3c0e26
+EBUILD nsd-4.1.18.ebuild 2796 BLAKE2B b9974cfd43dbaecd1babb1cc477b8b2743679bb933407e4e39518b207b84de771e2b56057590dfc2178f8536323bc8ef9c7660e09ba6d8be6461f8f2a3f7d80f SHA512 744c2364db1b41edec79bbba3604c12417ece1bb1e0c0064d74dd72ce70b1dd19520845c48ce969055beca72a42a4ab5dda547cb0b6a7a235301d5e46d80b5b7
 MISC metadata.xml 1013 BLAKE2B b989a1ccafac96d48d6f1b72bace164fcb1c04885ec9436e37fb29d94bf8c5feb4a02a1b4fc04241b6fa3c9d6d89ec993e3a06b6efc7ccd45d4ace3fad16cb18 SHA512 e7c0d6a267fd06546ac58278ffb75280aa0c0ed55ddf0097614906c1863e55cf572ff7660e021ac8861c506ed0de126c0c5e68dd2d88aea1a395be3234607ce5
diff --git a/net-dns/nsd/nsd-4.1.18.ebuild b/net-dns/nsd/nsd-4.1.18.ebuild
new file mode 100644
index 000000000000..4a7e4dbabe2b
--- /dev/null
+++ b/net-dns/nsd/nsd-4.1.18.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit user systemd
+
+# version voodoo needed only for non-release tarballs: 4.0.0_rc1 => 4.0.0rc1
+MY_PV="${PV/_rc/rc}"
+MY_PV="${MY_PV/_beta/b}"
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="An authoritative only, high performance, open source name server"
+HOMEPAGE="http://www.nlnetlabs.nl/projects/nsd"
+SRC_URI="http://www.nlnetlabs.nl/downloads/${PN}/${MY_P}.tar.gz"
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="bind8-stats ipv6 libevent minimal-responses mmap munin +nsec3 ratelimit root-server runtime-checks ssl libressl"
+
+S="${WORKDIR}/${MY_P}"
+
+RDEPEND="
+	virtual/yacc
+	libevent? ( dev-libs/libevent )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	munin? ( net-analyzer/munin )
+"
+DEPEND="
+	${RDEPEND}
+	sys-devel/flex
+"
+
+src_prepare() {
+	# Fix the paths in the munin plugin to match our install
+	eapply "${FILESDIR}"/nsd_munin_.patch
+	eapply_user
+}
+
+src_configure() {
+	local myeconfargs=(
+		--enable-pie
+		--enable-relro-now
+		--enable-largefile
+		--with-logfile="${EPREFIX}"/var/log/nsd.log
+		--with-pidfile="${EPREFIX}"/run/nsd/nsd.pid
+		--with-dbfile="${EPREFIX}"/var/db/nsd/nsd.db
+		--with-xfrdir="${EPREFIX}"/var/db/nsd
+		--with-xfrdfile="${EPREFIX}"/var/db/nsd/xfrd.state
+		--with-zonelistfile="${EPREFIX}"/var/db/nsd/zone.list
+		--with-zonesdir="${EPREFIX}"/var/lib/nsd
+		$(use_enable bind8-stats)
+		$(use_enable bind8-stats zone-stats)
+		$(use_enable ipv6)
+		$(use_enable minimal-responses)
+		$(use_enable mmap)
+		$(use_enable nsec3)
+		$(use_enable ratelimit)
+		$(use_enable root-server)
+		$(use_enable runtime-checks checking)
+		$(use_with libevent)
+		$(use_with ssl)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	dodoc doc/{ChangeLog,CREDITS,NSD-4-features,NSD-FOR-BIND-USERS,README,RELNOTES,REQUIREMENTS}
+
+	newinitd "${FILESDIR}"/nsd.initd-r1 nsd
+
+	# install munin plugin and config
+	if use munin ; then
+		exeinto /usr/libexec/munin/plugins
+		doexe contrib/nsd_munin_
+		insinto /etc/munin/plugin-conf.d
+		newins "${FILESDIR}"/nsd.munin-conf nsd_munin
+	fi
+
+	systemd_dounit "${FILESDIR}"/nsd.service
+
+	# remove the /run directory that usually resides on tmpfs and is
+	# being taken care of by the nsd init script anyway (checkpath)
+	rm -r "${ED%/}"/run || die "Failed to remove /run"
+}
+
+pkg_postinst() {
+	# Do this in postinst to ensure the uid/gid is consistent for binpkgs
+	enewgroup nsd
+	enewuser nsd -1 -1 -1 nsd
+
+	# database directory, writable by nsd for database updates and zone transfers
+	install -d -m 750 -o nsd -g nsd "${EROOT%/}"/var/db/nsd
+
+	# zones directory, writable by nsd for zone file updates (nsd-control write)
+	install -d -m 750 -o nsd -g nsd "${EROOT%/}"/var/lib/nsd
+}
diff --git a/net-dns/pdns-recursor/Manifest b/net-dns/pdns-recursor/Manifest
index 3379c28da292..475a17d4ef1a 100644
--- a/net-dns/pdns-recursor/Manifest
+++ b/net-dns/pdns-recursor/Manifest
@@ -1,6 +1,13 @@
+AUX CVE-2017-15090-4.0.6.patch 659 BLAKE2B b710ca3c84f5b7d7936155a67f8d3fd82ad6b58f0edf69079498a1896f5ab4a3387fb4c6c9999a726b38e439b506f6ebbcec53866b556f3d0e297c30ffe8f50a SHA512 ce747ae0c747d70597bf3b386db0390c34dce03d6dab98f7f30e43fa21a87f133e66438bf53bcd66ae364cdc451dc4469b95bf479540b90c7282ba4cf150f3ad
+AUX CVE-2017-15092-4.0.6.patch 2798 BLAKE2B 6770cb303a86457338776abb95d198315f643c96337f857ab83979ae5978b52210621fdee557d9c0ba07d457b8eadfb88dca994fbd8bab6fcdf885948a5c4c97 SHA512 d4d22dd0ee26fd750e517796cda7c0517c0e05743b8acff013e48f3c9b3748c5301ecb8e781ecae966c58cc96fe202375c55a5c3593fb475d526fbd079ff971a
+AUX CVE-2017-15093-4.0.6.patch 1581 BLAKE2B b3604c997b30805bf883879a65e30a96bfeef52eb04fbe7b741c2a41884134c145059359daed0db7d419eadc76909366d19af719a1cb0a978319028c6cbb4614 SHA512 e367895d54c0fe989812195bef0e904c79e16d5bcb1239b074e9587d0e69bab2ae4d675a74c485179c5bb3d4e18fd1f8d505bae0ef1dc72b3a649db596f8c222
+AUX CVE-2017-15094-4.0.6.patch 1031 BLAKE2B 7be45cc770e92fb156b563e32855576ec79f230edd751e14d5bb6b55b859a83acfb9cad30f1e4dace94c316895241a2da2f46e9335b1f3138b4cbd535e62131f SHA512 164370b3667fbe8f19c55068a5d250651ef9873df05d4516f093f98a9bd8f1cd48e95530b2e8cca3b5c54c26bdde8718d7dcd739c922c8d25ac25d2418642393
 AUX pdns-recursor-r1 1135 BLAKE2B 90f28d33c126882e5b5e29209ec12f336797720832f7750262329cc5d47fefdf8bcb5208807e47638037a704abbbebd0ee2b1380a3d1d54feab6d4900c250176 SHA512 9dce3cd454ed6b61af8d70c90a8464c60d16eb8342ffc46558f5dcc5089c77aff4581f208684ddb25c4512ce6f39c54afaf267dcade667d812511ae3fa3a1f48
-DIST pdns-recursor-4.0.6.tar.bz2 1105423 SHA256 f2182ac644268bb08b865a71351f11d75c5015ac0608a1469eb4c1cd5494d60d SHA512 2203fd96469deded1da677344485da221eec036b1ad9fb418a89cd4477d73f2a6fcf984a39b574561df6946f440ddf1982de20cd39d7204da9c27e74216d1159 WHIRLPOOL a2eece8a6cdfcd6c791cb6fa42053d524b4e54f1431d78345640d7f2d9f3079939c7905767abe65abb977bce45647fb7232d1148dac13737625ee4bfae221da8
-DIST pdns-recursor-4.1.0-rc3.tar.bz2 1191353 SHA256 0b8bc3fec4cd39c62e53993ab7a87fc1f2b3d200df071a401775f33e47392169 SHA512 141e3fcbf5e7c81ae0228fb7a15c599ef5ae41e2c2d169e2f7b4f57c6c832ac40d3e20302d219ba565c4a514b1297906684247a1a56cd740e3ea0bff4a7da51d WHIRLPOOL b6e1c3cb233aff0ac10e1d0d4b5e3de508cf657e1f3fa27c3692e38c90f7af82cc6afe499915d1dbd78cdd5d5eb2ec814b2f3ae86ae6a3f353321abfbe191691
-EBUILD pdns-recursor-4.0.6.ebuild 1619 BLAKE2B 7445475cf2912584ae43b880ca3d138ffca61100582a950ec486425726df07147b05fdffe3372806a43eee1ce91b7f0210c941961de62f16b4122ab3a734d1f9 SHA512 d7bab4a391b40acc2e78c51ce7d1ba1b77a62a0bc4cb3285ceec92d370e875141984d7d289e6c110ed914a4f9ad714f2d8ca1e4cdb7aa534fd9457d64ce05b47
-EBUILD pdns-recursor-4.1.0_rc3.ebuild 1603 BLAKE2B 068eab0abd4546abf3c1988ad87c663951e15769eab808db22a49188116202549eaa42a3ac9ed4822fe25f51d5fb13fec563dbecd9930cee10a69ab08f1fc3f0 SHA512 2f4a6b3cb2db63dab166f53844e58f358097e7607c70c00ebe4be9d25ad7e3d0a983fd589906c7db2f9ccfd174742f64fea5386f6c56195b35db45d243f5c8c6
-MISC metadata.xml 997 BLAKE2B 0ec5da2bba75b0e3fb5a45e64e1863b06ed9e2cfb088aeff89633ee9c4ee4f26787c0769c70dbf021c651ff67e59b5e8ed8bdbd70ce69179fb929f5deacd525d SHA512 43d84c29e22bece3fc87a925c309229dd5867c3457e3378a0000c046b06b5a7fc75f6e204111cbdc90a02fba3a987ba376bd96dd2b81e498fa19955f16b5a58e
+DIST pdns-recursor-4.0.6.tar.bz2 1105423 BLAKE2B 50cc52f118630d4d8ce9876c2e11494a3c972ec90003c40fea36801eb08bd8b6173f876e6f53eb672ad8ff3da04e669946740a50f653a21459f25c1137d91297 SHA512 2203fd96469deded1da677344485da221eec036b1ad9fb418a89cd4477d73f2a6fcf984a39b574561df6946f440ddf1982de20cd39d7204da9c27e74216d1159
+DIST pdns-recursor-4.0.7.tar.bz2 1107546 BLAKE2B 3ccda73878599e3ade69e4dc6b0787e588a8403fb7cacfbe574409513b8723cbfd29a3c73d857120def801da60a4bedbc0f0c396e6642adb0287204cde301331 SHA512 0c8873adcce5ed9b41f161bc71635da23496b4ae48dbffff7dcdf9c5181e720f9aa94e18bd64e0dff9fa03eae8410dc93585a74d13f0c16d38b0d1c0f4146bb2
+DIST pdns-recursor-4.1.0-rc3.tar.bz2 1191353 BLAKE2B fcbc6f08f962c9c2f459448770406734eff2caab43b615690e9d910b65327e45182aa2c9bcadadeaa6eb3984a8cb463849d5e001ffb98bb618966da5b8557a8a SHA512 141e3fcbf5e7c81ae0228fb7a15c599ef5ae41e2c2d169e2f7b4f57c6c832ac40d3e20302d219ba565c4a514b1297906684247a1a56cd740e3ea0bff4a7da51d
+EBUILD pdns-recursor-4.0.6-r1.ebuild 1775 BLAKE2B 68e4f90e18abfede00cc903b32013ea89e608bbb1b9cbdb1003fd24f02bb278bd9c7c30c58f7416976cc702e7330064c6c2d327dec29ca069465b2972cd10c38 SHA512 ffd7d04fa63cb931ed3c4171e4e0ec2de8d1665c897382117d8e20b26a46e61b4e900a406c751e5848fd1c673102b93ecb8f29631da8c8e8553814f36169abc3
+EBUILD pdns-recursor-4.0.6.ebuild 1698 BLAKE2B bf67849d5f47c1f0d148596aea3fbc4268ad6696761f76f7fdb3b3b574708b01a464f12ae2a6c1df8979d60ec0cb877542dbf927af91bb2709e4510ce675a691 SHA512 358312b26fad4c6f2c473b7756f9c6d71c77045d6c7d0e92a10555848bc1643d9fc59454f61f8286d0891d181a1f6b20eeae055598dc7b150ba06faa0af44650
+EBUILD pdns-recursor-4.0.7.ebuild 1698 BLAKE2B bf67849d5f47c1f0d148596aea3fbc4268ad6696761f76f7fdb3b3b574708b01a464f12ae2a6c1df8979d60ec0cb877542dbf927af91bb2709e4510ce675a691 SHA512 358312b26fad4c6f2c473b7756f9c6d71c77045d6c7d0e92a10555848bc1643d9fc59454f61f8286d0891d181a1f6b20eeae055598dc7b150ba06faa0af44650
+EBUILD pdns-recursor-4.1.0_rc3-r1.ebuild 1889 BLAKE2B e8a915231e5cdaf6cfcd64d4e78a56b183cb7a37a41262c275d203d00b62de05a8975aa7574ec46ccc089aeeeeafa497b6755a344e718bf9d2db75dd5d09f635 SHA512 216143fbd3c7c869ec09f0bc0fc0785d8f5ca2335c53028d8942cf97e3b25aa0cfc08921130589f97ebea642ba505b908a126921bea60f095d377d4f44453227
+MISC metadata.xml 1076 BLAKE2B 4f68267d5dfcf3cff38f306f440ed2e9a7f5193c14c1029bcfcbbfca4f8f310c94969001c781e1b78a14cec2a6e313e44d82bebbd9694fe46f97759372e63711 SHA512 374be5aa98c4bab340d8d63c859ab08a392e926fbb4d55e1f5a2967d41c401d13d5e8d5997c0790c3b8f96662b56e4492343248d7c8e0a067dc7eaf3f4b56e95
diff --git a/net-dns/pdns-recursor/files/CVE-2017-15090-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15090-4.0.6.patch
new file mode 100644
index 000000000000..fa0bfd099abf
--- /dev/null
+++ b/net-dns/pdns-recursor/files/CVE-2017-15090-4.0.6.patch
@@ -0,0 +1,15 @@
+diff -ru pdns-recursor-4.0.6.orig/validate-recursor.cc pdns-recursor-4.0.6/validate-recursor.cc
+--- pdns-recursor-4.0.6.orig/validate-recursor.cc	2017-07-04 17:43:07.000000000 +0200
++++ pdns-recursor-4.0.6/validate-recursor.cc	2017-11-02 18:29:16.612520450 +0100
+@@ -87,6 +87,11 @@
+     bool first = true;
+     for(const auto& csp : cspmap) {
+       for(const auto& sig : csp.second.signatures) {
++
++        if (!csp.first.first.isPartOf(sig->d_signer)) {
++          return increaseDNSSECStateCounter(Bogus);
++        }
++
+         vState newState = getKeysFor(sro, sig->d_signer, keys); // XXX check validity here
+ 
+         if (newState == Bogus) // No hope
diff --git a/net-dns/pdns-recursor/files/CVE-2017-15092-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15092-4.0.6.patch
new file mode 100644
index 000000000000..1425c33586c2
--- /dev/null
+++ b/net-dns/pdns-recursor/files/CVE-2017-15092-4.0.6.patch
@@ -0,0 +1,85 @@
+diff -ru pdns-recursor-4.0.6.orig/html/local.js pdns-recursor-4.0.6/html/local.js
+--- pdns-recursor-4.0.6.orig/html/local.js	2017-07-04 17:43:07.000000000 +0200
++++ pdns-recursor-4.0.6/html/local.js	2017-11-02 18:26:04.624586674 +0100
+@@ -63,7 +63,7 @@
+ 
+ 	$.getJSON(qstring,
+ 		  function(data) {
+-		      var bouw="<table><tr><th>Number</th><th>Domain</th><th>Type</th></tr>";
++		      var table = $('<table><tr><th>Number</th><th>Domain</th><th>Type</th></tr></table>');
+ 		      var num=0;
+ 		      var total=0, rest=0;
+ 		      $.each(data["entries"], function(a,b) {
+@@ -75,12 +75,26 @@
+ 			  if(b[1].length > 25)
+ 			      b[1]=b[1].substring(0,25);
+ 
+-			  bouw=bouw+("<tr><td>"+b[0]+"</td><td>"+b[1]+"</td><td>"+b[2]+"</td></tr>");
+-		      });
+-		      bouw+="<tr><td>"+rest+"</td><td>Rest</td></tr>";
+-		      bouw=bouw+"</table>";
+-		      $("#queryring").html(bouw);
+-
++			  var line = $('<tr />');
++			  var number = $('<td />');
++			  number.text(b[0]);
++			  var domain = $('<td />');
++			  domain.text(b[1]);
++			  var type = $('<td />');
++			  type.text(b[2]);
++			  line.append(number);
++			  line.append(domain);
++			  line.append(type);
++			  table.append(line);
++                      });
++		      var line = $('<tr />');
++		      var number = $('<td />');
++		      number.text(rest);
++		      var label = $('<td>Rest</td>');
++		      line.append(number);
++		      line.append(label);
++		      table.append(line);
++		      $("#queryring").html(table);
+ 		  });
+ 
+ 	filtered=$("#filter2").is(':checked')
+@@ -91,7 +105,7 @@
+ 
+ 	$.getJSON(qstring, 
+ 		  function(data) {
+-		      var bouw="<table><tr><th>Number</th><th>Servfail domain</th><th>Type</th></tr>";
++		      var table = $('<table><tr><th>Number</th><th>Servfail domain</th><th>Type</th></tr></table>');
+ 		      var num=0, total=0, rest=0;
+ 		      $.each(data["entries"], function(a,b) {
+ 			  total+=b[0];
+@@ -101,11 +115,26 @@
+ 			  }
+ 			  if(b[1].length > 25)
+ 			      b[1]=b[1].substring(0,25);
+-			  bouw=bouw+("<tr><td>"+b[0]+"</td><td>"+b[1]+"</td><td>"+b[2]+"</td></tr>");
++			  var line = $('<tr />');
++			  var number = $('<td />');
++			  number.text(b[0]);
++			  var domain = $('<td />');
++			  domain.text(b[1]);
++			  var type = $('<td />');
++			  type.text(b[2]);
++			  line.append(number);
++			  line.append(domain);
++			  line.append(type);
++			  table.append(line);
+ 		      });
+-		      bouw+="<tr><td>"+rest+"</td><td>Rest</td></tr>";
+-		      bouw=bouw+"</table>";
+-		      $("#servfailqueryring").html(bouw);
++		      var line = $('<tr />');
++		      var number = $('<td />');
++		      number.text(rest);
++		      var label = $('<td>Rest</td>');
++		      line.append(number);
++		      line.append(label);
++		      table.append(line);
++		      $("#servfailqueryring").html(table);
+ 
+ 		  });
+ 
diff --git a/net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch
new file mode 100644
index 000000000000..2695830b4420
--- /dev/null
+++ b/net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch
@@ -0,0 +1,47 @@
+diff -ru pdns-recursor-4.0.6.orig/ws-recursor.cc pdns-recursor-4.0.6/ws-recursor.cc
+--- pdns-recursor-4.0.6.orig/ws-recursor.cc	2017-07-04 17:43:07.000000000 +0200
++++ pdns-recursor-4.0.6/ws-recursor.cc	2017-11-02 18:13:55.762458134 +0100
+@@ -76,10 +76,11 @@
+       throw ApiException("'value' must be an array");
+     }
+ 
++    NetmaskGroup nmg;
+     for (auto value : jlist.array_items()) {
+       try {
+-        Netmask(value.string_value());
+-      } catch (NetmaskException &e) {
++        nmg.addMask(value.string_value());
++      } catch (const NetmaskException &e) {
+         throw ApiException(e.reason);
+       }
+     }
+@@ -91,9 +92,7 @@
+ 
+     // Clear allow-from, and provide a "parent" value
+     ss << "allow-from=" << endl;
+-    for (auto value : jlist.array_items()) {
+-      ss << "allow-from+=" << value.string_value() << endl;
+-    }
++    ss << "allow-from+=" << nmg.toString() << endl;
+ 
+     apiWriteConfigFile("allow-from", ss.str());
+ 
+@@ -201,10 +200,15 @@
+       if (server == "") {
+         throw ApiException("Forwarded-to server must not be an empty string");
+       }
+-      if (!serverlist.empty()) {
+-        serverlist += ";";
++      try {
++        ComboAddress ca = parseIPAndPort(server, 53);
++        if (!serverlist.empty()) {
++          serverlist += ";";
++        }
++        serverlist += ca.toStringWithPort();
++      } catch (const PDNSException &e) {
++        throw ApiException(e.reason);
+       }
+-      serverlist += server;
+     }
+     if (serverlist == "")
+       throw ApiException("Need at least one upstream server when forwarding");
diff --git a/net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch
new file mode 100644
index 000000000000..ee7cf6878d98
--- /dev/null
+++ b/net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch
@@ -0,0 +1,28 @@
+diff -ru pdns-recursor-4.0.6.orig/opensslsigners.cc pdns-recursor-4.0.6/opensslsigners.cc
+--- pdns-recursor-4.0.6.orig/opensslsigners.cc	2017-07-04 17:43:07.000000000 +0200
++++ pdns-recursor-4.0.6/opensslsigners.cc	2017-11-02 18:18:37.489408103 +0100
+@@ -474,7 +474,7 @@
+   if (iqmp == NULL) {
+     RSA_free(key);
+     BN_clear_free(dmq1);
+-    BN_clear_free(iqmp);
++    BN_clear_free(dmp1);
+     throw runtime_error(getName()+" allocation of BIGNUM iqmp failed");
+   }
+   RSA_set0_crt_params(key, dmp1, dmq1, iqmp);
+@@ -562,6 +562,7 @@
+   BIGNUM *n = BN_bin2bn((unsigned char*)modulus.c_str(), modulus.length(), NULL);
+   if (!n) {
+     RSA_free(key);
++    BN_clear_free(e);
+     throw runtime_error(getName()+" error loading n value of public key");
+   }
+ 
+@@ -866,6 +867,7 @@
+ 
+   int ret = EC_POINT_oct2point(d_ecgroup, pub_key, (unsigned char*) ecdsaPoint.c_str(), ecdsaPoint.length(), d_ctx);
+   if (ret != 1) {
++    EC_POINT_free(pub_key);
+     throw runtime_error(getName()+" reading ECP point from binary failed");
+   }
+ 
diff --git a/net-dns/pdns-recursor/metadata.xml b/net-dns/pdns-recursor/metadata.xml
index a5208407eaa3..e8c54bc6eb5f 100644
--- a/net-dns/pdns-recursor/metadata.xml
+++ b/net-dns/pdns-recursor/metadata.xml
@@ -18,5 +18,6 @@ nameserver performance.
 <use>
 	<flag name="luajit">Enable support for <pkg>dev-lang/luajit</pkg>.</flag>
 	<flag name="protobuf">Enable support for <pkg>dev-libs/protobuf</pkg>.</flag>
+	<flag name="sodium">Use <pkg>dev-libs/libsodium</pkg> for cryptography</flag>
 </use>
 </pkgmetadata>
diff --git a/net-dns/pdns-recursor/pdns-recursor-4.0.6-r1.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.0.6-r1.ebuild
new file mode 100644
index 000000000000..30f31e4cc5bb
--- /dev/null
+++ b/net-dns/pdns-recursor/pdns-recursor-4.0.6-r1.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs flag-o-matic eutils versionator
+
+DESCRIPTION="The PowerDNS Recursor"
+HOMEPAGE="https://www.powerdns.com/"
+SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="libressl lua luajit protobuf systemd"
+REQUIRED_USE="?? ( lua luajit )"
+
+DEPEND="lua? ( >=dev-lang/lua-5.1:= )
+	luajit? ( dev-lang/luajit:= )
+	protobuf? (
+		dev-libs/protobuf
+		>=dev-libs/boost-1.42:=
+	)
+	systemd? ( sys-apps/systemd:0= )
+	libressl? ( dev-libs/libressl:= )
+	!libressl? ( dev-libs/openssl:= )
+	>=dev-libs/boost-1.35:="
+RDEPEND="${DEPEND}
+	!<net-dns/pdns-2.9.20-r1"
+DEPEND="${DEPEND}
+	virtual/pkgconfig"
+
+S="${WORKDIR}"/${P/_/-}
+
+PATCHES=(
+	"${FILESDIR}"/CVE-2017-{15090,15092,15093,15094}-4.0.6.patch
+)
+
+pkg_setup() {
+	filter-flags -ftree-vectorize
+}
+
+src_configure() {
+	econf \
+		--sysconfdir=/etc/powerdns \
+		$(use_enable systemd) \
+		$(use_with lua) \
+		$(use_with luajit) \
+		$(use_with protobuf)
+}
+
+src_install() {
+	default
+
+	mv "${D}"/etc/powerdns/recursor.conf{-dist,}
+
+	# set defaults: setuid=nobody, setgid=nobody
+	sed -i \
+		-e 's/^# set\([ug]\)id=$/set\1id=nobody/' \
+		-e 's/^# quiet=$/quiet=on/' \
+		-e 's/^# chroot=$/chroot=\/var\/lib\/powerdns/' \
+		"${D}"/etc/powerdns/recursor.conf
+
+	newinitd "${FILESDIR}"/pdns-recursor-r1 pdns-recursor
+
+	keepdir /var/lib/powerdns
+}
+
+pkg_postinst() {
+	local old
+
+	for old in ${REPLACING_VERSIONS}; do
+		version_compare ${old} 4.0.0-r1
+		[[ $? -eq 1 ]] || continue
+
+		ewarn "Starting with 4.0.0-r1 the init script has been renamed from precursor"
+		ewarn "to pdns-recursor, please update your runlevels accordingly."
+
+		break
+	done
+}
diff --git a/net-dns/pdns-recursor/pdns-recursor-4.0.6.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.0.6.ebuild
index 60e59cefe9fe..8ad027121b3c 100644
--- a/net-dns/pdns-recursor/pdns-recursor-4.0.6.ebuild
+++ b/net-dns/pdns-recursor/pdns-recursor-4.0.6.ebuild
@@ -12,7 +12,7 @@ SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="amd64 ~arm x86"
-IUSE="lua luajit protobuf systemd"
+IUSE="libressl lua luajit protobuf systemd"
 REQUIRED_USE="?? ( lua luajit )"
 
 DEPEND="lua? ( >=dev-lang/lua-5.1:= )
@@ -22,6 +22,8 @@ DEPEND="lua? ( >=dev-lang/lua-5.1:= )
 		>=dev-libs/boost-1.42:=
 	)
 	systemd? ( sys-apps/systemd:0= )
+	libressl? ( dev-libs/libressl:= )
+	!libressl? ( dev-libs/openssl:= )
 	>=dev-libs/boost-1.35:="
 RDEPEND="${DEPEND}
 	!<net-dns/pdns-2.9.20-r1"
diff --git a/net-dns/pdns-recursor/pdns-recursor-4.0.7.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.0.7.ebuild
new file mode 100644
index 000000000000..8ad027121b3c
--- /dev/null
+++ b/net-dns/pdns-recursor/pdns-recursor-4.0.7.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs flag-o-matic eutils versionator
+
+DESCRIPTION="The PowerDNS Recursor"
+HOMEPAGE="https://www.powerdns.com/"
+SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm x86"
+IUSE="libressl lua luajit protobuf systemd"
+REQUIRED_USE="?? ( lua luajit )"
+
+DEPEND="lua? ( >=dev-lang/lua-5.1:= )
+	luajit? ( dev-lang/luajit:= )
+	protobuf? (
+		dev-libs/protobuf
+		>=dev-libs/boost-1.42:=
+	)
+	systemd? ( sys-apps/systemd:0= )
+	libressl? ( dev-libs/libressl:= )
+	!libressl? ( dev-libs/openssl:= )
+	>=dev-libs/boost-1.35:="
+RDEPEND="${DEPEND}
+	!<net-dns/pdns-2.9.20-r1"
+DEPEND="${DEPEND}
+	virtual/pkgconfig"
+
+S="${WORKDIR}"/${P/_/-}
+
+pkg_setup() {
+	filter-flags -ftree-vectorize
+}
+
+src_configure() {
+	econf \
+		--sysconfdir=/etc/powerdns \
+		$(use_enable systemd) \
+		$(use_with lua) \
+		$(use_with luajit) \
+		$(use_with protobuf)
+}
+
+src_install() {
+	default
+
+	mv "${D}"/etc/powerdns/recursor.conf{-dist,}
+
+	# set defaults: setuid=nobody, setgid=nobody
+	sed -i \
+		-e 's/^# set\([ug]\)id=$/set\1id=nobody/' \
+		-e 's/^# quiet=$/quiet=on/' \
+		-e 's/^# chroot=$/chroot=\/var\/lib\/powerdns/' \
+		"${D}"/etc/powerdns/recursor.conf
+
+	newinitd "${FILESDIR}"/pdns-recursor-r1 pdns-recursor
+
+	keepdir /var/lib/powerdns
+}
+
+pkg_postinst() {
+	local old
+
+	for old in ${REPLACING_VERSIONS}; do
+		version_compare ${old} 4.0.0-r1
+		[[ $? -eq 1 ]] || continue
+
+		ewarn "Starting with 4.0.0-r1 the init script has been renamed from precursor"
+		ewarn "to pdns-recursor, please update your runlevels accordingly."
+
+		break
+	done
+}
diff --git a/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild
new file mode 100644
index 000000000000..224ae2f7537a
--- /dev/null
+++ b/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs flag-o-matic eutils versionator
+
+DESCRIPTION="The PowerDNS Recursor"
+HOMEPAGE="https://www.powerdns.com/"
+SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86"
+IUSE="libressl luajit protobuf snmp sodium systemd"
+
+DEPEND="!luajit? ( >=dev-lang/lua-5.1:= )
+	luajit? ( dev-lang/luajit:= )
+	protobuf? (
+		dev-libs/protobuf
+		>=dev-libs/boost-1.42:=
+	)
+	systemd? ( sys-apps/systemd:0= )
+	snmp? ( net-analyzer/net-snmp )
+	sodium? ( dev-libs/libsodium:= )
+	libressl? ( dev-libs/libressl:= )
+	!libressl? ( dev-libs/openssl:= )
+	>=dev-libs/boost-1.35:="
+RDEPEND="${DEPEND}
+	!<net-dns/pdns-2.9.20-r1"
+DEPEND="${DEPEND}
+	virtual/pkgconfig"
+
+S="${WORKDIR}"/${P/_/-}
+
+PATCHES=(
+	"${FILESDIR}"/CVE-2017-{15093,15094}-4.0.6.patch
+)
+
+pkg_setup() {
+	filter-flags -ftree-vectorize
+}
+
+src_configure() {
+	econf \
+		--sysconfdir=/etc/powerdns \
+		$(use_enable systemd) \
+		$(use_enable sodium libsodium) \
+		$(use_with !luajit lua) \
+		$(use_with luajit luajit) \
+		$(use_with protobuf) \
+		$(use_with snmp net-snmp)
+}
+
+src_install() {
+	default
+
+	mv "${D}"/etc/powerdns/recursor.conf{-dist,}
+
+	# set defaults: setuid=nobody, setgid=nobody
+	sed -i \
+		-e 's/^# set\([ug]\)id=$/set\1id=nobody/' \
+		-e 's/^# quiet=$/quiet=on/' \
+		-e 's/^# chroot=$/chroot=\/var\/lib\/powerdns/' \
+		"${D}"/etc/powerdns/recursor.conf
+
+	newinitd "${FILESDIR}"/pdns-recursor-r1 pdns-recursor
+
+	keepdir /var/lib/powerdns
+}
+
+pkg_postinst() {
+	local old
+
+	for old in ${REPLACING_VERSIONS}; do
+		version_compare ${old} 4.0.0-r1
+		[[ $? -eq 1 ]] || continue
+
+		ewarn "Starting with 4.0.0-r1 the init script has been renamed from precursor"
+		ewarn "to pdns-recursor, please update your runlevels accordingly."
+
+		break
+	done
+}
diff --git a/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3.ebuild
deleted file mode 100644
index 7cb168d0b3b7..000000000000
--- a/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3.ebuild
+++ /dev/null
@@ -1,74 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit toolchain-funcs flag-o-matic eutils versionator
-
-DESCRIPTION="The PowerDNS Recursor"
-HOMEPAGE="https://www.powerdns.com/"
-SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~x86"
-IUSE="luajit protobuf systemd"
-
-DEPEND="!luajit? ( >=dev-lang/lua-5.1:= )
-	luajit? ( dev-lang/luajit:= )
-	protobuf? (
-		dev-libs/protobuf
-		>=dev-libs/boost-1.42:=
-	)
-	systemd? ( sys-apps/systemd:0= )
-	>=dev-libs/boost-1.35:="
-RDEPEND="${DEPEND}
-	!<net-dns/pdns-2.9.20-r1"
-DEPEND="${DEPEND}
-	virtual/pkgconfig"
-
-S="${WORKDIR}"/${P/_/-}
-
-pkg_setup() {
-	filter-flags -ftree-vectorize
-}
-
-src_configure() {
-	econf \
-		--sysconfdir=/etc/powerdns \
-		$(use_enable systemd) \
-		$(use_with !luajit lua) \
-		$(use_with luajit luajit) \
-		$(use_with protobuf)
-}
-
-src_install() {
-	default
-
-	mv "${D}"/etc/powerdns/recursor.conf{-dist,}
-
-	# set defaults: setuid=nobody, setgid=nobody
-	sed -i \
-		-e 's/^# set\([ug]\)id=$/set\1id=nobody/' \
-		-e 's/^# quiet=$/quiet=on/' \
-		-e 's/^# chroot=$/chroot=\/var\/lib\/powerdns/' \
-		"${D}"/etc/powerdns/recursor.conf
-
-	newinitd "${FILESDIR}"/pdns-recursor-r1 pdns-recursor
-
-	keepdir /var/lib/powerdns
-}
-
-pkg_postinst() {
-	local old
-
-	for old in ${REPLACING_VERSIONS}; do
-		version_compare ${old} 4.0.0-r1
-		[[ $? -eq 1 ]] || continue
-
-		ewarn "Starting with 4.0.0-r1 the init script has been renamed from precursor"
-		ewarn "to pdns-recursor, please update your runlevels accordingly."
-
-		break
-	done
-}
diff --git a/net-dns/pdns/Manifest b/net-dns/pdns/Manifest
index dff1cc5f3011..97b436375702 100644
--- a/net-dns/pdns/Manifest
+++ b/net-dns/pdns/Manifest
@@ -1,7 +1,11 @@
+AUX CVE-2017-15091-4.0.4.patch 1127 BLAKE2B 0fd529b76fdfbb0c6f534f46eb1130ea66d349e4241680459bbeb3a87bc34f34e8485850639986754264005de094dca758e9f7c6cf6d8b86184337a918327b37 SHA512 78d991e755ca9e94eea7f027fff2e2cef7a7e290c1fafd74ee2821880b004c55237334e4b1ea307032be5bfd6d20843640d711e2c0b6b9a932786ac571c4eb0a
 AUX dnsdomain2.schema 6640 BLAKE2B d3efc6bc16390f35979f1184632e7184cf403453422888e2cb44fa4fed7891241919a39c8c6f539a61de032654650a45ea548a6983777ea1bfe029e817f2c315 SHA512 ac16f8d528d6138d3c2cbf997fd8fbb467d388aa63eb6ed4e7780a3dad11ea885b91252ff0809b1d2cf7d5200814b8963aab890af84741ea86d35b2f5955a7ea
 AUX pdns-r1 2533 BLAKE2B 0d4af8f9cd4568cde40b44c72cb10a29662daa514df1a1d8174dd02f2ad4324cb7c99a05736bac7cbe80e1b9081832cac95d8c482eb4d1a8c344a6b55da623e3 SHA512 6392f59f82b82621b6cab6823f7761cd875bc6818c48db846df289057c02d8119a1024c5ecdf70a5ca8a55c00a2c3c56240d36b42cc038a25e8616ab9b966dd6
-DIST pdns-4.0.4.tar.bz2 1320327 SHA256 d974ab89de69477c7f581a3233bc731eacbb43d479291e472b2c531c83b6d763 SHA512 4ef4705cd990b03976775167c7c37850d45907e198549feda5f5701172e008e3f1f74a35a9bebdb24b63dec15ff63cb2cc9dfc8f92e4e1012e0539c5a88b845b WHIRLPOOL 5ac68a15155424d42fb4b84be1b34eb2e51498ae5193ae104215e4bb52a72845923f82dc6b112ce165444cdbfe3aaf01557d2f6ab42f6531dd525aee15ee1b19
-DIST pdns-4.1.0-rc3.tar.bz2 1112366 SHA256 889e2135ad4fa716afdd762a1c1551881e96f656f4434b0b1dcd57c63e87ffe2 SHA512 19485bf95a68cbe2ac4cc826b44c3a8670f66cedc2ab426c589a3f67d96f70bd6dd297bd95301c29cda10ff9a7e429fa702bdc7368ce08862140d7097013ea7f WHIRLPOOL 2e6e6b0a1b173aaa4ac61ac6b11204b30c2fde527476a218e13e62100d82a14b676075ce76e6b830e4c0e5d7f79c4421df9a4539ff9c0a9c110f9509c2d3a8a4
+DIST pdns-4.0.4.tar.bz2 1320327 BLAKE2B 5c11a0245408f8448b41ed4229718e6f7244e0c8f36b60b07c280f82c7dea0065cce93c3814b3a396666be8d3b012ad4eb646cf55f531d22ce325190e0fd6e22 SHA512 4ef4705cd990b03976775167c7c37850d45907e198549feda5f5701172e008e3f1f74a35a9bebdb24b63dec15ff63cb2cc9dfc8f92e4e1012e0539c5a88b845b
+DIST pdns-4.0.5.tar.bz2 1323468 BLAKE2B 7e10cc98177bfa4f81888e2598ab4f0ce83ee45e6349372c065940424a74015302da879536dea8346fe7b86f35c0524a5449489bdf71d1a091b7c6a82fac4b6f SHA512 4b0fa932c1d9caf35b988916447aa21c64ebe2a58bdd84417cf09321a21b264cf1057206dc6993a45a3b591eb1dfa49463710c06b6bdfaf6fb17ae6dec6086d9
+DIST pdns-4.1.0.tar.bz2 1116905 BLAKE2B 91ec0f0cfa70966ff71dfb6302ed01355120ca1429d3c610c4abfb1b964cff78a6332700991bc259387e9095be03d3850da41750e93bb3ffe3db0e23562d156c SHA512 4b2b42f4893f8aac3cf07a6c8a3c999cb728a5907a710f1a5c9c8d08377ecb63e202e5eececbefc069c8f1d97a29b2aa607da7cf2bcc6335a72222418e409e77
+EBUILD pdns-4.0.4-r1.ebuild 4201 BLAKE2B d54e8e387ba8b5d623bf81ac09914ff40b9dcb0cf470ed9ac47c1fafa87d0a8f7bb9a18678b5cef4f891ad229014e574267de5dbcd2a77a197afbfe907a1337f SHA512 bf382471ddb2de96a0ecff1076402c1d5a0f1b5f40d9dd61640049ef979339235549452b75b68de0fed4aac31e5bc038be77b8f8801a244d4f6e6c320c47bf7e
 EBUILD pdns-4.0.4.ebuild 4144 BLAKE2B a5a33e8b5af9d03165cd3984b4626963d8bec9ea3414164006ced76bf3b2eedf6219f79f4dd4384df819be309641be1e7474ff51bccd950a9cf72aa7fd808830 SHA512 2491bd5013165ef666ca5c077c5d6330d016ba8d87950e6875fbdf780d212624616569a708ab6bdb7016ad10bfee18605d9136541d92166253a50e4ea0729ba0
-EBUILD pdns-4.1.0_rc3.ebuild 4044 BLAKE2B c0e7c5700c5b0e6bae38adfb70b5f1303e0346f7ee7e25f720fd4d372d89c4340cf5144aff4b52d1cf3c4c66da2c3c06af30d07fd6d78f649b49909f431e99d0 SHA512 d2e5892da35209c6aff25ffeb8e93936a382c728f7fdf7ceeb8b1ff5f2844b58f94a8dd5b8220014f69b8c2ee1f485cfe3fb58534133ab89cb9577b899ee6257
-MISC metadata.xml 1372 BLAKE2B 4f3cd59b044cef62a72ffc47b68d56ce471a781dad4dfd7a6a9a8b381cd15deb97b874bebb03c263fce0ba0714ff39fbbeb548b93040da6e44d6ff7a9eb2df5f SHA512 5031d165e37113c51d9c608a6493594825bbef8f35ea6e85eae0c4b515df91522c99c574bc0fac141fdd1d428065a66a45e8367c67b459f730d0171a3bb85080
+EBUILD pdns-4.0.5.ebuild 4122 BLAKE2B 80a41ec242413b88df4097d848fb3d84e6a7596ebb172250fe64b5eb4411ddc463a829d5fb1221556158347840090acfa0bcfd119b04f101553d7bc99a470024 SHA512 8da958850313422f711f05a6b9332f35abd8478249f863e071e69d6f30a38a86b9cb4b59b2d4aa85c83962a168c888167088eacc5fb27aa3d5669a6e7688d830
+EBUILD pdns-4.1.0.ebuild 4139 BLAKE2B 3b1c1baf7910e0b72d4c27ca34efb03e87d0983ac85a400adbe76d071edb5c274c68012365ac51b2af2a0c7442675e0a69a0e18e892b5115960093252076475b SHA512 befcd3c0e7e71a73e7c46e76592b71d843ec9b042029f60c952e6b4c9e1860d85cb910d29b40e7e5740c1e88f2314756fd251dec829c146120aaad9147c47853
+MISC metadata.xml 1451 BLAKE2B 69fede20eb18ba4d8bf397c51528a5b5ea4869802215c9851b21b4f71dd3545f7eb358e5e7581e23e5b5df67b29ec96d7da0caa69719951302d614b87f90f10b SHA512 ea054e8d7bdf7d4251ce00c342fda57fc3785a7ba8a8cd3ccd95c86eb8e1b5fbe155997210b67f65bcddab81e39ae136a99e61adf32de55e066d81f89ea50323
diff --git a/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch b/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch
new file mode 100644
index 000000000000..a9506af8ef95
--- /dev/null
+++ b/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch
@@ -0,0 +1,30 @@
+diff -ru pdns-4.0.4.orig/pdns/ws-auth.cc pdns-4.0.4/pdns/ws-auth.cc
+--- pdns-4.0.4.orig/pdns/ws-auth.cc	2017-06-22 22:07:25.000000000 +0200
++++ pdns-4.0.4/pdns/ws-auth.cc	2017-11-02 18:07:20.986764858 +0100
+@@ -860,7 +860,7 @@
+ static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
+   DNSName zonename = apiZoneIdToName(req->parameters["id"]);
+ 
+-  if(req->method != "PUT")
++  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+     throw HttpMethodNotAllowedException();
+ 
+   UeberBackend B;
+@@ -879,7 +879,7 @@
+ static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
+   DNSName zonename = apiZoneIdToName(req->parameters["id"]);
+ 
+-  if(req->method != "PUT")
++  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+     throw HttpMethodNotAllowedException();
+ 
+   UeberBackend B;
+@@ -1191,7 +1191,7 @@
+ }
+ 
+ void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) {
+-  if(req->method != "PUT")
++  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+     throw HttpMethodNotAllowedException();
+ 
+   DNSName canon = apiNameToDNSName(req->getvars["domain"]);
diff --git a/net-dns/pdns/metadata.xml b/net-dns/pdns/metadata.xml
index 264c58531540..03c68c6fd102 100644
--- a/net-dns/pdns/metadata.xml
+++ b/net-dns/pdns/metadata.xml
@@ -18,6 +18,7 @@ standards documents. Furthermore, PowerDNS interfaces with almost any database.
 	<flag name="opendbx">Use a database supported by <pkg>dev-db/opendbx</pkg> as backend.</flag>
 	<flag name="protobuf">Enable support for <pkg>dev-libs/protobuf</pkg>.</flag>
 	<flag name="remote">Use a generic socket or pipe as a backend (via JSON RPC requests).</flag>
+	<flag name="sodium">Use <pkg>dev-libs/libsodium</pkg> for cryptography</flag>
 	<flag name="tinydns">Use a TinyDNS CDB database as backend.</flag>
 	<flag name="tools">Build optional tools (dnsscan, dnsscope, etc..).</flag>
 </use>
diff --git a/net-dns/pdns/pdns-4.0.4-r1.ebuild b/net-dns/pdns/pdns-4.0.4-r1.ebuild
new file mode 100644
index 000000000000..9fa2350de534
--- /dev/null
+++ b/net-dns/pdns/pdns-4.0.4-r1.ebuild
@@ -0,0 +1,157 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils multilib user toolchain-funcs versionator
+
+DESCRIPTION="The PowerDNS Daemon"
+HOMEPAGE="https://www.powerdns.com/"
+SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+# other possible flags:
+# db2: we lack the dep
+# oracle: dito (need Oracle Client Libraries)
+# xdb: (almost) dead, surely not supported
+
+IUSE="botan debug doc geoip ldap libressl lua luajit mydns mysql opendbx postgres protobuf remote sqlite systemd tools tinydns test"
+
+REQUIRED_USE="mydns? ( mysql ) ?? ( lua luajit )"
+
+RDEPEND="
+	libressl? ( dev-libs/libressl:= )
+	!libressl? ( dev-libs/openssl:= )
+	>=dev-libs/boost-1.35:=
+	botan? ( =dev-libs/botan-1.10*[threads] )
+	lua? ( dev-lang/lua:= )
+	luajit? ( dev-lang/luajit:= )
+	mysql? ( virtual/mysql )
+	postgres? ( dev-db/postgresql:= )
+	ldap? ( >=net-nds/openldap-2.0.27-r4 )
+	sqlite? ( dev-db/sqlite:3 )
+	opendbx? ( dev-db/opendbx )
+	geoip? ( >=dev-cpp/yaml-cpp-0.5.1 dev-libs/geoip )
+	tinydns? ( >=dev-db/tinycdb-0.77 )
+	protobuf? ( dev-libs/protobuf )"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	doc? ( app-doc/doxygen )"
+
+S="${WORKDIR}"/${P/_/-}
+
+PATCHES=(
+	"${FILESDIR}"/CVE-2017-15091-4.0.4.patch
+)
+
+src_configure() {
+	local dynmodules="pipe bind" # the default backends, always enabled
+
+	#use db2 && dynmodules+=" db2"
+	use ldap && dynmodules+=" ldap"
+	use lua && dynmodules+=" lua"
+	use mydns && dynmodules+=" mydns"
+	use mysql && dynmodules+=" gmysql"
+	use opendbx && dynmodules+=" opendbx"
+	#use oracle && dynmodules+=" goracle oracle"
+	use postgres && dynmodules+=" gpgsql"
+	use remote && dynmodules+=" remote"
+	use sqlite && dynmodules+=" gsqlite3"
+	use tinydns && dynmodules+=" tinydns"
+	use geoip && dynmodules+=" geoip"
+	#use xdb && dynmodules+=" xdb"
+
+	econf \
+		--disable-static \
+		--sysconfdir=/etc/powerdns \
+		--libdir=/usr/$(get_libdir)/powerdns \
+		--with-modules= \
+		--with-dynmodules="${dynmodules}" \
+		--with-pgsql-includes=/usr/include \
+		--with-pgsql-lib=/usr/$(get_libdir) \
+		--with-mysql-lib=/usr/$(get_libdir) \
+		$(use_enable botan botan1.10) \
+		$(use_enable debug verbose-logging) \
+		$(use_enable test unit-tests) \
+		$(use_enable tools) \
+		$(use_enable systemd) \
+		$(use_with lua) \
+		$(use_with luajit) \
+		$(use_with protobuf) \
+		${myconf}
+}
+
+src_compile() {
+	default
+	use doc && emake -C codedocs codedocs
+}
+
+src_install() {
+	default
+
+	mv "${D}"/etc/powerdns/pdns.conf{-dist,}
+
+	fperms 0700 /etc/powerdns
+	fperms 0600 /etc/powerdns/pdns.conf
+
+	# set defaults: setuid=pdns, setgid=pdns
+	sed -i \
+		-e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \
+		"${D}"/etc/powerdns/pdns.conf
+
+	newinitd "${FILESDIR}"/pdns-r1 pdns
+
+	keepdir /var/empty
+
+	use doc && dohtml -r codedocs/html/.
+
+	# Install development headers
+	insinto /usr/include/pdns
+	doins pdns/*.hh
+	insinto /usr/include/pdns/backends/gsql
+	doins pdns/backends/gsql/*.hh
+
+	if use ldap ; then
+		insinto /etc/openldap/schema
+		doins "${FILESDIR}"/dnsdomain2.schema
+	fi
+
+	prune_libtool_files --all
+}
+
+pkg_preinst() {
+	enewgroup pdns
+	enewuser pdns -1 -1 /var/empty pdns
+}
+
+pkg_postinst() {
+	elog "PowerDNS provides multiple instances support. You can create more instances"
+	elog "by symlinking the pdns init script to another name."
+	elog
+	elog "The name must be in the format pdns.<suffix> and PowerDNS will use the"
+	elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default."
+
+	if use ldap ; then
+		ewarn "The official LDAP backend module is only compile-tested by upstream."
+		ewarn "Try net-dns/pdns-ldap-backend if you have problems with it."
+	fi
+
+	local old
+	for old in ${REPLACING_VERSIONS}; do
+		version_compare ${old} 3.2
+		[[ $? -eq 1 ]] || continue
+
+		ewarn "To fix a security bug (bug #458018) had the following"
+		ewarn "files/directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/etc/powerdns"
+		ewarn "  ${EPREFIX}/etc/powerdns/pdns.conf"
+		ewarn "Check if this is correct for your setup"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		chmod o-rwx "${EPREFIX}"/etc/powerdns/{,pdns.conf}
+
+		break
+	done
+}
diff --git a/net-dns/pdns/pdns-4.0.5.ebuild b/net-dns/pdns/pdns-4.0.5.ebuild
new file mode 100644
index 000000000000..891179a4bdbb
--- /dev/null
+++ b/net-dns/pdns/pdns-4.0.5.ebuild
@@ -0,0 +1,153 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils multilib user toolchain-funcs versionator
+
+DESCRIPTION="The PowerDNS Daemon"
+HOMEPAGE="https://www.powerdns.com/"
+SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 x86"
+
+# other possible flags:
+# db2: we lack the dep
+# oracle: dito (need Oracle Client Libraries)
+# xdb: (almost) dead, surely not supported
+
+IUSE="botan debug doc geoip ldap libressl lua luajit mydns mysql opendbx postgres protobuf remote sqlite systemd tools tinydns test"
+
+REQUIRED_USE="mydns? ( mysql ) ?? ( lua luajit )"
+
+RDEPEND="
+	libressl? ( dev-libs/libressl:= )
+	!libressl? ( dev-libs/openssl:= )
+	>=dev-libs/boost-1.35:=
+	botan? ( dev-libs/botan:2= )
+	lua? ( dev-lang/lua:= )
+	luajit? ( dev-lang/luajit:= )
+	mysql? ( virtual/mysql )
+	postgres? ( dev-db/postgresql:= )
+	ldap? ( >=net-nds/openldap-2.0.27-r4 )
+	sqlite? ( dev-db/sqlite:3 )
+	opendbx? ( dev-db/opendbx )
+	geoip? ( >=dev-cpp/yaml-cpp-0.5.1 dev-libs/geoip )
+	tinydns? ( >=dev-db/tinycdb-0.77 )
+	protobuf? ( dev-libs/protobuf )"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	doc? ( app-doc/doxygen )"
+
+S="${WORKDIR}"/${P/_/-}
+
+src_configure() {
+	local dynmodules="pipe bind" # the default backends, always enabled
+
+	#use db2 && dynmodules+=" db2"
+	use ldap && dynmodules+=" ldap"
+	use lua && dynmodules+=" lua"
+	use mydns && dynmodules+=" mydns"
+	use mysql && dynmodules+=" gmysql"
+	use opendbx && dynmodules+=" opendbx"
+	#use oracle && dynmodules+=" goracle oracle"
+	use postgres && dynmodules+=" gpgsql"
+	use remote && dynmodules+=" remote"
+	use sqlite && dynmodules+=" gsqlite3"
+	use tinydns && dynmodules+=" tinydns"
+	use geoip && dynmodules+=" geoip"
+	#use xdb && dynmodules+=" xdb"
+
+	econf \
+		--disable-static \
+		--sysconfdir=/etc/powerdns \
+		--libdir=/usr/$(get_libdir)/powerdns \
+		--with-modules= \
+		--with-dynmodules="${dynmodules}" \
+		--with-pgsql-includes=/usr/include \
+		--with-pgsql-lib=/usr/$(get_libdir) \
+		--with-mysql-lib=/usr/$(get_libdir) \
+		$(use_enable botan) \
+		$(use_enable debug verbose-logging) \
+		$(use_enable test unit-tests) \
+		$(use_enable tools) \
+		$(use_enable systemd) \
+		$(use_with lua) \
+		$(use_with luajit) \
+		$(use_with protobuf) \
+		${myconf}
+}
+
+src_compile() {
+	default
+	use doc && emake -C codedocs codedocs
+}
+
+src_install() {
+	default
+
+	mv "${D}"/etc/powerdns/pdns.conf{-dist,}
+
+	fperms 0700 /etc/powerdns
+	fperms 0600 /etc/powerdns/pdns.conf
+
+	# set defaults: setuid=pdns, setgid=pdns
+	sed -i \
+		-e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \
+		"${D}"/etc/powerdns/pdns.conf
+
+	newinitd "${FILESDIR}"/pdns-r1 pdns
+
+	keepdir /var/empty
+
+	use doc && dohtml -r codedocs/html/.
+
+	# Install development headers
+	insinto /usr/include/pdns
+	doins pdns/*.hh
+	insinto /usr/include/pdns/backends/gsql
+	doins pdns/backends/gsql/*.hh
+
+	if use ldap ; then
+		insinto /etc/openldap/schema
+		doins "${FILESDIR}"/dnsdomain2.schema
+	fi
+
+	prune_libtool_files --all
+}
+
+pkg_preinst() {
+	enewgroup pdns
+	enewuser pdns -1 -1 /var/empty pdns
+}
+
+pkg_postinst() {
+	elog "PowerDNS provides multiple instances support. You can create more instances"
+	elog "by symlinking the pdns init script to another name."
+	elog
+	elog "The name must be in the format pdns.<suffix> and PowerDNS will use the"
+	elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default."
+
+	if use ldap ; then
+		ewarn "The official LDAP backend module is only compile-tested by upstream."
+		ewarn "Try net-dns/pdns-ldap-backend if you have problems with it."
+	fi
+
+	local old
+	for old in ${REPLACING_VERSIONS}; do
+		version_compare ${old} 3.2
+		[[ $? -eq 1 ]] || continue
+
+		ewarn "To fix a security bug (bug #458018) had the following"
+		ewarn "files/directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/etc/powerdns"
+		ewarn "  ${EPREFIX}/etc/powerdns/pdns.conf"
+		ewarn "Check if this is correct for your setup"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		chmod o-rwx "${EPREFIX}"/etc/powerdns/{,pdns.conf}
+
+		break
+	done
+}
diff --git a/net-dns/pdns/pdns-4.1.0.ebuild b/net-dns/pdns/pdns-4.1.0.ebuild
new file mode 100644
index 000000000000..476a969f8a9a
--- /dev/null
+++ b/net-dns/pdns/pdns-4.1.0.ebuild
@@ -0,0 +1,153 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils multilib user toolchain-funcs versionator
+
+DESCRIPTION="The PowerDNS Daemon"
+HOMEPAGE="https://www.powerdns.com/"
+SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+# other possible flags:
+# db2: we lack the dep
+# oracle: dito (need Oracle Client Libraries)
+# xdb: (almost) dead, surely not supported
+
+IUSE="botan debug doc geoip ldap libressl lua luajit mydns mysql opendbx postgres protobuf remote sodium sqlite systemd tools tinydns test"
+
+REQUIRED_USE="mydns? ( mysql ) ?? ( lua luajit )"
+
+RDEPEND="
+	libressl? ( dev-libs/libressl:= )
+	!libressl? ( dev-libs/openssl:= )
+	>=dev-libs/boost-1.35:=
+	botan? ( dev-libs/botan:2= )
+	lua? ( dev-lang/lua:= )
+	luajit? ( dev-lang/luajit:= )
+	mysql? ( virtual/mysql )
+	postgres? ( dev-db/postgresql:= )
+	ldap? ( >=net-nds/openldap-2.0.27-r4 app-crypt/mit-krb5 )
+	sqlite? ( dev-db/sqlite:3 )
+	opendbx? ( dev-db/opendbx )
+	geoip? ( >=dev-cpp/yaml-cpp-0.5.1 dev-libs/geoip )
+	sodium? ( dev-libs/libsodium:= )
+	tinydns? ( >=dev-db/tinycdb-0.77 )
+	protobuf? ( dev-libs/protobuf )"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	doc? ( app-doc/doxygen )"
+
+S="${WORKDIR}"/${P/_/-}
+
+src_configure() {
+	local dynmodules="pipe bind" # the default backends, always enabled
+
+	#use db2 && dynmodules+=" db2"
+	use ldap && dynmodules+=" ldap"
+	use lua && dynmodules+=" lua"
+	use mydns && dynmodules+=" mydns"
+	use mysql && dynmodules+=" gmysql"
+	use opendbx && dynmodules+=" opendbx"
+	#use oracle && dynmodules+=" goracle oracle"
+	use postgres && dynmodules+=" gpgsql"
+	use remote && dynmodules+=" remote"
+	use sqlite && dynmodules+=" gsqlite3"
+	use tinydns && dynmodules+=" tinydns"
+	use geoip && dynmodules+=" geoip"
+	#use xdb && dynmodules+=" xdb"
+
+	econf \
+		--disable-static \
+		--sysconfdir=/etc/powerdns \
+		--libdir=/usr/$(get_libdir)/powerdns \
+		--with-modules= \
+		--with-dynmodules="${dynmodules}" \
+		--with-mysql-lib=/usr/$(get_libdir) \
+		$(use_enable botan) \
+		$(use_enable debug verbose-logging) \
+		$(use_enable test unit-tests) \
+		$(use_enable tools) \
+		$(use_enable systemd) \
+		$(use_enable sodium libsodium) \
+		$(use_with lua) \
+		$(use_with luajit) \
+		$(use_with protobuf) \
+		${myconf}
+}
+
+src_compile() {
+	default
+	use doc && emake -C codedocs codedocs
+}
+
+src_install() {
+	default
+
+	mv "${D}"/etc/powerdns/pdns.conf{-dist,}
+
+	fperms 0700 /etc/powerdns
+	fperms 0600 /etc/powerdns/pdns.conf
+
+	# set defaults: setuid=pdns, setgid=pdns
+	sed -i \
+		-e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \
+		"${D}"/etc/powerdns/pdns.conf
+
+	newinitd "${FILESDIR}"/pdns-r1 pdns
+
+	keepdir /var/empty
+
+	use doc && dohtml -r codedocs/html/.
+
+	# Install development headers
+	insinto /usr/include/pdns
+	doins pdns/*.hh
+	insinto /usr/include/pdns/backends/gsql
+	doins pdns/backends/gsql/*.hh
+
+	if use ldap ; then
+		insinto /etc/openldap/schema
+		doins "${FILESDIR}"/dnsdomain2.schema
+	fi
+
+	prune_libtool_files --all
+}
+
+pkg_preinst() {
+	enewgroup pdns
+	enewuser pdns -1 -1 /var/empty pdns
+}
+
+pkg_postinst() {
+	elog "PowerDNS provides multiple instances support. You can create more instances"
+	elog "by symlinking the pdns init script to another name."
+	elog
+	elog "The name must be in the format pdns.<suffix> and PowerDNS will use the"
+	elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default."
+
+	if use ldap ; then
+		ewarn "The official LDAP backend module is only compile-tested by upstream."
+		ewarn "Try net-dns/pdns-ldap-backend if you have problems with it."
+	fi
+
+	local old
+	for old in ${REPLACING_VERSIONS}; do
+		version_compare ${old} 3.2
+		[[ $? -eq 1 ]] || continue
+
+		ewarn "To fix a security bug (bug #458018) had the following"
+		ewarn "files/directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/etc/powerdns"
+		ewarn "  ${EPREFIX}/etc/powerdns/pdns.conf"
+		ewarn "Check if this is correct for your setup"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		chmod o-rwx "${EPREFIX}"/etc/powerdns/{,pdns.conf}
+
+		break
+	done
+}
diff --git a/net-dns/pdns/pdns-4.1.0_rc3.ebuild b/net-dns/pdns/pdns-4.1.0_rc3.ebuild
deleted file mode 100644
index 8ec74d1ac285..000000000000
--- a/net-dns/pdns/pdns-4.1.0_rc3.ebuild
+++ /dev/null
@@ -1,151 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils multilib user toolchain-funcs versionator
-
-DESCRIPTION="The PowerDNS Daemon"
-HOMEPAGE="https://www.powerdns.com/"
-SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-
-# other possible flags:
-# db2: we lack the dep
-# oracle: dito (need Oracle Client Libraries)
-# xdb: (almost) dead, surely not supported
-
-IUSE="botan debug doc geoip ldap libressl lua luajit mydns mysql opendbx postgres protobuf remote sqlite systemd tools tinydns test"
-
-REQUIRED_USE="mydns? ( mysql ) ?? ( lua luajit )"
-
-RDEPEND="
-	libressl? ( dev-libs/libressl:= )
-	!libressl? ( dev-libs/openssl:= )
-	>=dev-libs/boost-1.35:=
-	botan? ( dev-libs/botan:2= )
-	lua? ( dev-lang/lua:= )
-	luajit? ( dev-lang/luajit:= )
-	mysql? ( virtual/mysql )
-	postgres? ( dev-db/postgresql:= )
-	ldap? ( >=net-nds/openldap-2.0.27-r4 )
-	sqlite? ( dev-db/sqlite:3 )
-	opendbx? ( dev-db/opendbx )
-	geoip? ( >=dev-cpp/yaml-cpp-0.5.1 dev-libs/geoip )
-	tinydns? ( >=dev-db/tinycdb-0.77 )
-	protobuf? ( dev-libs/protobuf )"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig
-	doc? ( app-doc/doxygen )"
-
-S="${WORKDIR}"/${P/_/-}
-
-src_configure() {
-	local dynmodules="pipe bind" # the default backends, always enabled
-
-	#use db2 && dynmodules+=" db2"
-	use ldap && dynmodules+=" ldap"
-	use lua && dynmodules+=" lua"
-	use mydns && dynmodules+=" mydns"
-	use mysql && dynmodules+=" gmysql"
-	use opendbx && dynmodules+=" opendbx"
-	#use oracle && dynmodules+=" goracle oracle"
-	use postgres && dynmodules+=" gpgsql"
-	use remote && dynmodules+=" remote"
-	use sqlite && dynmodules+=" gsqlite3"
-	use tinydns && dynmodules+=" tinydns"
-	use geoip && dynmodules+=" geoip"
-	#use xdb && dynmodules+=" xdb"
-
-	econf \
-		--disable-static \
-		--sysconfdir=/etc/powerdns \
-		--libdir=/usr/$(get_libdir)/powerdns \
-		--with-modules= \
-		--with-dynmodules="${dynmodules}" \
-		--with-mysql-lib=/usr/$(get_libdir) \
-		$(use_enable botan) \
-		$(use_enable debug verbose-logging) \
-		$(use_enable test unit-tests) \
-		$(use_enable tools) \
-		$(use_enable systemd) \
-		$(use_with lua) \
-		$(use_with luajit) \
-		$(use_with protobuf) \
-		${myconf}
-}
-
-src_compile() {
-	default
-	use doc && emake -C codedocs codedocs
-}
-
-src_install() {
-	default
-
-	mv "${D}"/etc/powerdns/pdns.conf{-dist,}
-
-	fperms 0700 /etc/powerdns
-	fperms 0600 /etc/powerdns/pdns.conf
-
-	# set defaults: setuid=pdns, setgid=pdns
-	sed -i \
-		-e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \
-		"${D}"/etc/powerdns/pdns.conf
-
-	newinitd "${FILESDIR}"/pdns-r1 pdns
-
-	keepdir /var/empty
-
-	use doc && dohtml -r codedocs/html/.
-
-	# Install development headers
-	insinto /usr/include/pdns
-	doins pdns/*.hh
-	insinto /usr/include/pdns/backends/gsql
-	doins pdns/backends/gsql/*.hh
-
-	if use ldap ; then
-		insinto /etc/openldap/schema
-		doins "${FILESDIR}"/dnsdomain2.schema
-	fi
-
-	prune_libtool_files --all
-}
-
-pkg_preinst() {
-	enewgroup pdns
-	enewuser pdns -1 -1 /var/empty pdns
-}
-
-pkg_postinst() {
-	elog "PowerDNS provides multiple instances support. You can create more instances"
-	elog "by symlinking the pdns init script to another name."
-	elog
-	elog "The name must be in the format pdns.<suffix> and PowerDNS will use the"
-	elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default."
-
-	if use ldap ; then
-		ewarn "The official LDAP backend module is only compile-tested by upstream."
-		ewarn "Try net-dns/pdns-ldap-backend if you have problems with it."
-	fi
-
-	local old
-	for old in ${REPLACING_VERSIONS}; do
-		version_compare ${old} 3.2
-		[[ $? -eq 1 ]] || continue
-
-		ewarn "To fix a security bug (bug #458018) had the following"
-		ewarn "files/directories the world-readable bit removed (if set):"
-		ewarn "  ${EPREFIX}/etc/powerdns"
-		ewarn "  ${EPREFIX}/etc/powerdns/pdns.conf"
-		ewarn "Check if this is correct for your setup"
-		ewarn "This is a one-time change and will not happen on subsequent updates."
-		chmod o-rwx "${EPREFIX}"/etc/powerdns/{,pdns.conf}
-
-		break
-	done
-}
-- 
cgit v1.2.3