From 76cba73c47c8694e74377004634daca18f2d9c08 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 14 Apr 2018 01:05:40 +0100 Subject: gentoo resync : 14.04.2018 --- net-dns/Manifest.gz | Bin 9723 -> 9721 bytes net-dns/djbdns/Manifest | 3 + net-dns/djbdns/djbdns-1.05-r33.ebuild | 132 ++++++++ ...erge-similar-outgoing-queries-ipv6-test28.patch | 351 +++++++++++++++++++++ net-dns/unbound/Manifest | 2 + net-dns/unbound/unbound-1.7.0.ebuild | 156 +++++++++ 6 files changed, 644 insertions(+) create mode 100644 net-dns/djbdns/djbdns-1.05-r33.ebuild create mode 100644 net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch create mode 100644 net-dns/unbound/unbound-1.7.0.ebuild (limited to 'net-dns') diff --git a/net-dns/Manifest.gz b/net-dns/Manifest.gz index 05ec84d00e88..3f2589c36257 100644 Binary files a/net-dns/Manifest.gz and b/net-dns/Manifest.gz differ diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest index 6e6c04b9e179..0abb2d0e335f 100644 --- a/net-dns/djbdns/Manifest +++ b/net-dns/djbdns/Manifest @@ -1,5 +1,6 @@ AUX 1.05-errno-r1.patch 242 BLAKE2B b02d686bbdad4178de2e8ba822feeeec5a3aa4549119c86ec806bfc34d0bebdcef7ee6bb2f57ffe73dc42e9d96b2bf08a28be7502aa8974f8f96cd32dcece178 SHA512 086d02600034d486f084fd2500aba9041dfa02110781594cdc3781a3ad7823f61f11c54c053c8c1241f58660527abe536906aba0e7f6c49ed3b8dbd74ba8f2b7 AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch 9944 BLAKE2B 05be2d88ff5e8c212370cea199d7e817d07fa9ecb807c567d48b34c963e101c18bd1d785be9d46ee6cbf6f8a84ca53e4dd1432c868d9acecabbb3ffcc326f878 SHA512 6c40018bfe97f9ed2ab1bb4034ceb20089edc93514a4c9931a5e1f09cb6d9a8f221eb9652b3b1485f80df643a1fb1d2c88ff148421e86af7cf7b1485b9c61c30 +AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch 9954 BLAKE2B ab189b25421c016bd24ecc34d9eae3552eeeb1303d158a2adeeb9c27b48a8935425d76f803104ba0be4bcc1bacd6cac48fb9b800c7401ea306d017525404b0cb SHA512 3ff6e971739bfe7f0fd7defd6520f4a03f88dd907668018c10efd91d03e4dbc2068773953d6feed22308d82fb2d38066b2102c6f6fd738c15c4bee6835a52dce AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch 9914 BLAKE2B 3224e58eac5ac254359158a193b8a4c7618ff12826cce0f71b7c45e9c886ff54d1fb883d02a6b2d80801f395b721dee46390b6b5191e22cc5f2d75da06f2b08c SHA512 59e9aae2fd8e7c1e4d275066afceaade3b1276c6cda78cd58fef1dfbe9749c9e1bb415a80643b3c50a33372166aec055a9b3a6bcb3ed4cfd77e6e6038e069cff AUX CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch 3043 BLAKE2B 224cf29a7db357c3c421212cc240c16801ea544e1cbad65605e0ba8413139c09d37144f2f784a751015abbb99c2f36e3716c28a821b8f66edf02310c72d28417 SHA512 f830bfd2fabd4d9b4e2649bcc4061d656d4645b93829415d070b26c6a22e8e17d941666b8e776947bf9a8ef93007f77d8be57fc9911dcc6dc2b7ac607d556ba0 AUX CVE2008-4392_0002-dnscache-cache-soa-records.patch 2944 BLAKE2B 22d0fa17c99e3b979faa3a1f1d7dae72834d47f8362efbe917f321847847147f3e7992599b27489a6ea898e1bcc0df5193f64202dc594e2840df6932dcc428d4 SHA512 f65ca7dfc8e85f469f22d72a1c79126c35243dc077abf4b688eb7d057f19456dc8a3665f558a8a3c1908f96fa1838792aa1bc317d2e89f4953020828c05926e6 @@ -14,6 +15,8 @@ AUX srv_record_support.patch 5423 BLAKE2B 28167fbf8b404b926e484a4cf93ddf4b1ff450 AUX string_length_255.patch 299 BLAKE2B 083d963d8d67baec402321c7fb8be2e485985ce03daea1d198912204dda6a90b794d5df3519b4177de8720122b46600cc9fe669f265cf9b81c75e4335ae081d6 SHA512 b451d23e1a45636dfae7cf69c64e3edde6b655bc0c7407586429e0d8282f17ef6215c6c33a6d238115c39d34fa57fa7699a7a10f146344c677fde10c0e207ac3 DIST djbdns-1.05-man.tar.gz 17170 BLAKE2B 2fef7e1be8a427b2c426c2af58bf4c22795e64d03e0f605ca333e38f187ff65b333e88a7cea0e8a9ec867b446b5ca34a5c97dd24ae18b28ee4c747f2fd1f1608 SHA512 98af7bd9033a2205fbbc0f23b7eab45b9756f6ceff5199a62952e19c89c9fe3c03495cb6f8621d388f883c40650309a1509095417df3f54af21a71350c4aa183 DIST djbdns-1.05-test27.diff.bz2 20695 BLAKE2B 5eb2b5deeb81ec802bec4787b844f8b072e46a06ea28cf28a2702f8d545c3248256357669471f78b61f30c656b6f325bb8c0710dbdfa3ad2c2b00d5fb02bfc66 SHA512 e5acf26ff353ae20b6c2186140255bf0ae478a75a9946163d4474a003afbf8c2f47e61a12fc3ed4b9eff17ec8732e9d91bfbb10fb2762310b067180b6d471ba0 +DIST djbdns-1.05-test28.diff.xz 22072 BLAKE2B fff6c13220adfa056a0ac5942ff9385d83b75f8622adaebab65f557a2ca8d014fe3c255fe55ba9afca56b24880b7cd28597b26b5bcc3bbbd3ef9f581b67004fd SHA512 7fbfeda10221a0a09897c2e744df5606c83113c394ce055d822b0d8733873d72567a88c37905d21c7d2395170fc12b9e9eb133a941aa809f1b9856872ab48230 DIST djbdns-1.05.tar.gz 85648 BLAKE2B 51918fcc8944e64e72709636ee7d56975a138a2806e22c019fa836770de3a338bb8f682216b89c09d6b2861c2423e60e28dc60639f5a86aca2040e1788e4cf5c SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9 EBUILD djbdns-1.05-r32.ebuild 4351 BLAKE2B ef4774774e33fc267e4a4f9f94c82c5d0e909cf32a8edbcec301991325e83c9d48a5ddc96f01a0f7fb5fc8e0f775133410fc97f61da861753f83bc774d8d6ea4 SHA512 03311e521344f266b46fa0e72e319363c22f344d330422343f6f4fb7474017ca97b6361decb7956a5e396b067a00aa11c82769945bec34ae285302a99804fd95 +EBUILD djbdns-1.05-r33.ebuild 3678 BLAKE2B b64b85007e2e0aa3620af5898b2abc737d5efbb6989ff3e7d8e45a90b1660c481a01d0441c83fadf690ef4945cfd202a0dbaed599bcf0c0cddb43686f428f693 SHA512 fa5078523925f715933dea95fd1b8cb6c50ea46e73841d0ca05e477ea95e362c05750bf5a7dbb8174a13cf617d113c02ab7a5ee627b7f8e87b03a33d6987fed6 MISC metadata.xml 244 BLAKE2B c21c7a6cd7f859220baee98b22912e06955a7d63b4fc954a40507126ef6cb30659a3b7e89e798bb7d074814810f9625d3979ed2ac8877e213dc378da841bc786 SHA512 125b00b9e85650a6dcc365871f9f8be44d85cde4b938a66f7d96b6dc0237a1cae68b30be1ee16d7850998fc31be35eaf459df1bb7d9ea169904854b532f37bab diff --git a/net-dns/djbdns/djbdns-1.05-r33.ebuild b/net-dns/djbdns/djbdns-1.05-r33.ebuild new file mode 100644 index 000000000000..ad80420e697d --- /dev/null +++ b/net-dns/djbdns/djbdns-1.05-r33.ebuild @@ -0,0 +1,132 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit flag-o-matic readme.gentoo-r1 toolchain-funcs user + +DESCRIPTION="Collection of DNS client/server software" +HOMEPAGE="http://cr.yp.to/djbdns.html" +IPV6_PATCH="test28" + +SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz + http://smarden.org/pape/djb/manpages/${P}-man.tar.gz + ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.xz )" + +SLOT="0" +LICENSE="public-domain" +KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" +IUSE="ipv6 selinux" + +DEPEND="" +RDEPEND="sys-apps/ucspi-tcp + virtual/daemontools + selinux? ( sec-policy/selinux-djbdns )" + +src_unpack(){ + # Unpack both djbdns and its man pages to separate directories. + default + + # Now move the man pages under ${S} so that user patches can be + # applied to them as well in src_prepare(). + mv "${PN}-man" "${P}/man" || die "failed to transplant man pages" +} + +PATCHES=( + "${FILESDIR}/headtail-r1.patch" + "${FILESDIR}/dnsroots.patch" + "${FILESDIR}/dnstracesort.patch" + "${FILESDIR}/string_length_255.patch" + "${FILESDIR}/srv_record_support.patch" + "${FILESDIR}/increase-cname-recustion-depth.patch" + "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" + "${FILESDIR}/CVE2012-1191_0001-ghost-domain-attack.patch" +) + +src_prepare() { + if use ipv6; then + PATCHES=(${PATCHES[@]} + # The big ipv6 patch. + "${WORKDIR}/${P}-${IPV6_PATCH}.diff" + # Fix CVE2008-4392 (ipv6) + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch" + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" + "${FILESDIR}/makefile-parallel-test25.patch" + ) + else + PATCHES=(${PATCHES[@]} + # Fix CVE2008-4392 (no ipv6) + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch" + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch" + # Later versions of the ipv6 patch include this + "${FILESDIR}/${PV}-errno-r1.patch" + ) + fi + + default +} + +src_compile() { + echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die + echo "/usr" > conf-home || die + emake +} + +src_install() { + insinto /etc + doins dnsroots.global + + into /usr + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \ + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \ + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort + + if use ipv6; then + dobin dnsip6 dnsip6q + fi + + dodoc CHANGES README + + doman man/*.[158] + + readme.gentoo_create_doc +} + +pkg_preinst() { + # The nofiles group is no longer provided by baselayout. + # Share it with qmail if possible. + enewgroup nofiles 200 + + enewuser dnscache -1 -1 -1 nofiles + enewuser dnslog -1 -1 -1 nofiles + enewuser tinydns -1 -1 -1 nofiles +} + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=' +To configure djbdns, please follow the instructions at, + + http://cr.yp.to/djbdns.html + +Of particular interest are, + + axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html + dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html + tinydns : http://cr.yp.to/djbdns/run-server.html + +Portage has created users for axfrdns, dnscache, and tinydns; the +commands to configure these programs are, + + 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip + 2. dnscache-conf dnscache dnslog /var/dnscache $ip + 3. tinydns-conf tinydns dnslog /var/tinydns $ip + +(replace $ip with the ip address on which the server will run). + +If you wish to configure rbldns or walldns, you will need to create +those users yourself (although you should still use the "dnslog" +user for the logs): + + 4. rbldns-conf $username dnslog /var/rbldns $ip $base + 5. walldns-conf $username dnslog /var/walldns $ip +' diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch new file mode 100644 index 000000000000..d493b8985e05 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch @@ -0,0 +1,351 @@ +diff --git a/Makefile b/Makefile +index 5ccd647..eee09dd 100644 +--- a/Makefile ++++ b/Makefile +@@ -346,11 +346,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h + ./compile dns_txt.c + + dnscache: \ +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \ ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \ + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \ + libtai.a unix.a byte.a socket.lib + ./load dnscache droproot.o okclient.o log.o cache.o \ +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \ ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \ + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \ + socket.lib` + +@@ -371,7 +371,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \ + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \ + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \ + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \ +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h + ./compile dnscache.c + + dnsfilter: \ +@@ -749,11 +749,16 @@ qlog.o: \ + compile qlog.c buffer.h qlog.h uint16.h + ./compile qlog.c + ++qmerge.o: \ ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \ ++taia.h tai.h uint64.h log.h maxclient.h ++ ./compile qmerge.c ++ + query.o: \ + compile query.c error.h roots.h log.h uint64.h case.h cache.h \ + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \ + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \ +-response.h uint32.h query.h dns.h uint32.h ++response.h uint32.h query.h dns.h uint32.h qmerge.h + ./compile query.c + + random-ip: \ +diff --git a/dnscache.c b/dnscache.c +index abcba69..c84e4b8 100644 +--- a/dnscache.c ++++ b/dnscache.c +@@ -23,6 +23,7 @@ + #include "okclient.h" + #include "droproot.h" + #include "openreadclose.h" ++#include "maxclient.h" + + long interface; + +@@ -59,7 +60,6 @@ uint64 numqueries = 0; + + static int udp53; + +-#define MAXUDP 200 + static struct udpclient { + struct query q; + struct taia start; +@@ -136,7 +136,6 @@ void u_new(void) + + static int tcp53; + +-#define MAXTCP 20 + struct tcpclient { + struct query q; + struct taia start; +diff --git a/log.c b/log.c +index df465e2..1b0d98c 100644 +--- a/log.c ++++ b/log.c +@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser + line(); + } + ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control) ++{ ++ string("txpb "); ++ logtype(qtype); space(); name(q); space(); name(control); ++ line(); ++} ++ + void log_cachedanswer(const char *q,const char type[2]) + { + string("cached "); logtype(type); space(); +diff --git a/log.h b/log.h +index fe62fa3..d9a829b 100644 +--- a/log.h ++++ b/log.h +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *); + extern void log_cachedns(const char *,const char *); + + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); ++extern void log_tx_piggyback(const char *,const char *,const char *); + + extern void log_nxdomain(const char *,const char *,unsigned int); + extern void log_nodata(const char *,const char *,const char *,unsigned int); +diff --git a/maxclient.h b/maxclient.h +new file mode 100644 +index 0000000..e52fcd1 +--- /dev/null ++++ b/maxclient.h +@@ -0,0 +1,7 @@ ++#ifndef MAXCLIENT_H ++#define MAXCLIENT_H ++ ++#define MAXUDP 200 ++#define MAXTCP 20 ++ ++#endif /* MAXCLIENT_H */ +diff --git a/qmerge.c b/qmerge.c +new file mode 100644 +index 0000000..7c92299 +--- /dev/null ++++ b/qmerge.c +@@ -0,0 +1,115 @@ ++#include "qmerge.h" ++#include "byte.h" ++#include "log.h" ++#include "maxclient.h" ++ ++#define QMERGE_MAX (MAXUDP+MAXTCP) ++struct qmerge inprogress[QMERGE_MAX]; ++ ++static ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2], ++ const char *control) ++{ ++ if (!dns_domain_copy(&qmk->q, q)) return 0; ++ byte_copy(qmk->qtype, 2, qtype); ++ if (!dns_domain_copy(&qmk->control, control)) return 0; ++ return 1; ++} ++ ++static ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b) ++{ ++ return ++ byte_equal(a->qtype, 2, b->qtype) && ++ dns_domain_equal(a->q, b->q) && ++ dns_domain_equal(a->control, b->control); ++} ++ ++static ++void qmerge_key_free(struct qmerge_key *qmk) ++{ ++ dns_domain_free(&qmk->q); ++ dns_domain_free(&qmk->control); ++} ++ ++void qmerge_free(struct qmerge **x) ++{ ++ struct qmerge *qm; ++ ++ qm = *x; ++ *x = 0; ++ if (!qm || !qm->active) return; ++ ++ qm->active--; ++ if (!qm->active) { ++ qmerge_key_free(&qm->key); ++ dns_transmit_free(&qm->dt); ++ } ++} ++ ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive, ++ const char *q, const char qtype[2], const char localip[4], ++ const char *control) ++{ ++ struct qmerge_key k; ++ int i; ++ int r; ++ ++ qmerge_free(qm); ++ ++ byte_zero(&k, sizeof k); ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1; ++ for (i = 0; i < QMERGE_MAX; i++) { ++ if (!inprogress[i].active) continue; ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue; ++ log_tx_piggyback(q, qtype, control); ++ inprogress[i].active++; ++ *qm = &inprogress[i]; ++ qmerge_key_free(&k); ++ return 0; ++ } ++ ++ for (i = 0; i < QMERGE_MAX; i++) ++ if (!inprogress[i].active) ++ break; ++ if (i == QMERGE_MAX) return -1; ++ ++ log_tx(q, qtype, control, servers, 0); ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip); ++ if (r == -1) { qmerge_key_free(&k); return -1; } ++ inprogress[i].active++; ++ inprogress[i].state = 0; ++ qmerge_key_free(&inprogress[i].key); ++ byte_copy(&inprogress[i].key, sizeof k, &k); ++ *qm = &inprogress[i]; ++ return 0; ++} ++ ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline) ++{ ++ if (qm->state == 0) { ++ dns_transmit_io(&qm->dt, io, deadline); ++ qm->state = 1; ++ } ++ else { ++ io->fd = -1; ++ io->events = 0; ++ } ++} ++ ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when) ++{ ++ int r; ++ struct qmerge *qm; ++ ++ qm = *x; ++ if (qm->state == -1) return -1; /* previous error */ ++ if (qm->state == 0) return 0; /* no packet */ ++ if (qm->state == 2) return 1; /* already got packet */ ++ ++ r = dns_transmit_get(&qm->dt, io, when); ++ if (r == -1) { qm->state = -1; return -1; } /* error */ ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */ ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */ ++ return -1; /* bug */ ++} +diff --git a/qmerge.h b/qmerge.h +new file mode 100644 +index 0000000..9a58157 +--- /dev/null ++++ b/qmerge.h +@@ -0,0 +1,24 @@ ++#ifndef QMERGE_H ++#define QMERGE_H ++ ++#include "dns.h" ++ ++struct qmerge_key { ++ char *q; ++ char qtype[2]; ++ char *control; ++}; ++ ++struct qmerge { ++ int active; ++ struct qmerge_key key; ++ struct dns_transmit dt; ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */ ++}; ++ ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *); ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *); ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *); ++extern void qmerge_free(struct qmerge **); ++ ++#endif /* QMERGE_H */ +diff --git a/query.c b/query.c +index d61b20c..d9be8b8 100644 +--- a/query.c ++++ b/query.c +@@ -84,7 +84,7 @@ static void cleanup(struct query *z) + int j; + int k; + +- dns_transmit_free(&z->dt); ++ qmerge_free(&z->qm); + for (j = 0;j < QUERY_MAXALIAS;++j) + dns_domain_free(&z->alias[j]); + for (j = 0;j < QUERY_MAXLEVEL;++j) { +@@ -624,15 +624,9 @@ static int doit(struct query *z,int state) + if (j == 256) goto SERVFAIL; + + dns_sortip6(z->servers[z->level],256); +- if (z->level) { +- dtype = z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A; +- log_tx(z->name[z->level],dtype,z->control[z->level],z->servers[z->level],z->level); +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip) == -1) goto DIE; +- } +- else { +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0); +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE; +- } ++ dtype = z->level ? (z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A) : z->type; ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE; ++ + return 0; + + +@@ -646,10 +640,10 @@ static int doit(struct query *z,int state) + + HAVEPACKET: + if (++z->loop == 200) goto DIE; +- buf = z->dt.packet; +- len = z->dt.packetlen; ++ buf = z->qm->dt.packet; ++ len = z->qm->dt.packetlen; + +- whichserver = z->dt.servers + 16 * z->dt.curserver; ++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver; + control = z->control[z->level]; + d = z->name[z->level]; + /* dtype = z->level ? DNS_T_A : z->type; */ +@@ -1071,7 +1065,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip + + int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + { +- switch(dns_transmit_get(&z->dt,x,stamp)) { ++ switch(qmerge_get(&z->qm,x,stamp)) { + case 1: + return doit(z,1); + case -1: +@@ -1082,5 +1076,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + + void query_io(struct query *z,iopause_fd *x,struct taia *deadline) + { +- dns_transmit_io(&z->dt,x,deadline); ++ qmerge_io(z->qm,x,deadline); + } +diff --git a/query.h b/query.h +index 61812aa..93a322e 100644 +--- a/query.h ++++ b/query.h +@@ -1,7 +1,7 @@ + #ifndef QUERY_H + #define QUERY_H + +-#include "dns.h" ++#include "qmerge.h" + #include "uint32.h" + + #define QUERY_MAXLEVEL 5 +@@ -22,7 +22,7 @@ struct query { + uint32 scope_id; + char type[2]; + char class[2]; +- struct dns_transmit dt; ++ struct qmerge *qm; + } ; + + extern int query_start(struct query *,char *,char *,char *,char *,unsigned int); diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest index 73c086eabc78..c0174410c388 100644 --- a/net-dns/unbound/Manifest +++ b/net-dns/unbound/Manifest @@ -14,6 +14,7 @@ DIST unbound-1.6.4.tar.gz 5477897 BLAKE2B b78c80e9a18649f6a12da820f15915f0508f4f DIST unbound-1.6.6.tar.gz 5460482 BLAKE2B af0d9ca0e5eeaebc3a2023dc7179a3bc80952d0e4c75ae92035ace648952f0ec1d0760aeb9d5104dda1abea2498a15f668b610c39ad79e86774c376647c94613 SHA512 910fd0956b8828d3db0511a85bf6ab6c4c3982f17c70ccb7123d1de1650d24c2906bc29ac4ea83fd7d95d8af29e2cbc88df666f365e51296f552292ef9753016 DIST unbound-1.6.7.tar.gz 5466931 BLAKE2B 57a051d5ac6d7fbc3d51613305651987670d0f50fbebf661505b42b6c8980543b34b52a4f9ca9e6ee4dbad59d9acf547b78cf35a691d0c00884da979ae22d8c4 SHA512 6e3d1a057081252183343d0d1b8ace742ab15e8f5244e61287340f49289d7449bed93fbfdaa3194c0e99ca23948f4b33038f75af5c5b26c938004d06fc3031e0 DIST unbound-1.6.8.tar.gz 5467536 BLAKE2B 06caffbd905c339b3d0667382114bb3e5d5da90988402c8f488f789f9bf6ab87377e6a26aa083a7e9ba3d023f37d3eeba1e069adf8a8a266b23fb8361aeb6e26 SHA512 653d88d5dbc8cf25f7261e4a9869b6591843c7ff27b5d63f979a94505daafbbb61e05d46bedd2d01230355d5f08dd9fe14ed04c5c7340f3f27581b61ad6edfa3 +DIST unbound-1.7.0.tar.gz 5538228 BLAKE2B a825e2cbef74b3a78f9802056d6f0992f77e0d40d4d28889c98b9ffa224ec3281b6873eab59134dcca8dc56bdd17202b3817dd28ab30d0a0bb72d749426b7675 SHA512 49b07643da2a89d8ceedce1295f550f74a76f4f11c2df54df55e9c42f03bad1b133789c7b36fb3c4f37d6b331ac302ecfd1249e8ebaaa4333beda8fa250b61d9 EBUILD unbound-1.5.1-r2.ebuild 3427 BLAKE2B 193c35ecb00ae6303e6ab97852f79dffdf2bef64ce0b7c6e961370eb87d9506569e8aadfa6386624ce121162380b24fde713b36865b18bf228aacb3651defde8 SHA512 d3630f81fd44b40f5deb155473dc5835cc68e444be26afd0207fa734f285b566694b92dc073185cb24c9588a0ca5cb9ebf9c9268c2725c24a6c61d7ca73d1bcf EBUILD unbound-1.5.10.ebuild 3465 BLAKE2B 765d3f8f6a987a22195a235e515fb4fd29005a8e2b8d2eeadc9328993ba41d95655db10e1f8426b449311b08516b8dbd4abae382bf6d9b2f3608716c7f57f30c SHA512 28fb9da2c9bf08fbdd8e440c7c0f61da5ef25f7ca179b18e7c189e5c23f70dea295e1dd9b0fa289c75f5a4ee24ed9e1b3248f62fb0dc05d78068f22c00d100a7 EBUILD unbound-1.6.3.ebuild 3689 BLAKE2B 8bdfd0f5b48ed66d7eb167e187cac4c64c3c0a044f0523662f253514717a273671fa15e6e931ec03f3ea16a6f2f727701811f41a10ecd49326a9c855f694a2d1 SHA512 15d464ec999b6c98e05d5904e52af977036c2c7ea2bf1d54cebf05f6841f8c28adda1b5d6fa9f344d12ea8417f512a1f0c0487aad62627a7761e97e71f3b018c @@ -22,4 +23,5 @@ EBUILD unbound-1.6.6.ebuild 3696 BLAKE2B 224feff7eaac4169dcd877ce794df745a5e67c7 EBUILD unbound-1.6.7.ebuild 3696 BLAKE2B 224feff7eaac4169dcd877ce794df745a5e67c73b8c3df2e4f15036de9003a67aea5233bda8289c1ac1d5f36bcc9fa6aef4adc6e20afb968041756a349f2ddae SHA512 8cfa83700c737afd168d4998de69eea199a3c695bd038315afb16a1aa8e3f141b2c7aa364a8efb0952179dc79b6a42ac43fb148394ae7c96e2bb29f72f070970 EBUILD unbound-1.6.8-r2.ebuild 4814 BLAKE2B 4a22ffd38aa1a4c39d603f85a2fff0adb767bab5a1feea6386fb95f6f3d1dba5ed1749c99fe7f5d310fadfee95de628e077dca25c3800d1a1490ecea37341549 SHA512 8270d337d8b7241208406cd5b06320a624856aae1caa921b26d7115b77df27b93838c73ccb02ad0a5588e7bf41f82646f650c328b0c991afc9d319c77e59a303 EBUILD unbound-1.6.8.ebuild 3696 BLAKE2B 2b520948c09e02bba9a1685e25a46b94280d9ef65fc69091b0a6a33b176b8538033d3347aa828e6bb66df85383d1b33f343085f52b3a1e3150e6aa1bf8808c37 SHA512 06c2a8cc24f9ef503eacfcc0a6dd19c63651163dc7b6523f75360f6902deb8f74b616d370c3f93b4633cc823a93be7dc833d8427c70c1b5530cf96a77b056ee9 +EBUILD unbound-1.7.0.ebuild 4814 BLAKE2B 4a22ffd38aa1a4c39d603f85a2fff0adb767bab5a1feea6386fb95f6f3d1dba5ed1749c99fe7f5d310fadfee95de628e077dca25c3800d1a1490ecea37341549 SHA512 8270d337d8b7241208406cd5b06320a624856aae1caa921b26d7115b77df27b93838c73ccb02ad0a5588e7bf41f82646f650c328b0c991afc9d319c77e59a303 MISC metadata.xml 1008 BLAKE2B 1852e514f97f9305848144ae0f9aaf8fb49546cd9afcd873ab67dcefee0503d5047809dc8c650006ccdb236c9ba9ff02cc5ecf726d61c25e17167409f91d3fb1 SHA512 f6654d6d254a4d51a8c454c542f1fbbff16bfeaa1cb681f110b9ae99a4231cdb7c073a5d42faba71168079330f9e01781df7a5b3e1bd70d771c874a5bbe9742a diff --git a/net-dns/unbound/unbound-1.7.0.ebuild b/net-dns/unbound/unbound-1.7.0.ebuild new file mode 100644 index 000000000000..9edf230ed88d --- /dev/null +++ b/net-dns/unbound/unbound-1.7.0.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user + +MY_P=${PN}-${PV/_/} +DESCRIPTION="A validating, recursive and caching DNS resolver" +HOMEPAGE="http://unbound.net/" +SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" +IUSE="debug dnscrypt dnstap +ecdsa gost libressl python selinux static-libs systemd test threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +# Note: expat is needed by executable only but the Makefile is custom +# and doesn't make it possible to easily install the library without +# the executables. MULTILIB_USEDEP may be dropped once build system +# is fixed. + +CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] + >=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}] + libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] ) + !libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] ) + dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] ) + dnstap? ( + dev-libs/fstrm[${MULTILIB_USEDEP}] + >=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}] + ) + ecdsa? ( + !libressl? ( dev-libs/openssl:0[-bindist] ) + ) + python? ( ${PYTHON_DEPS} )" + +DEPEND="${CDEPEND} + python? ( dev-lang/swig ) + test? ( + net-dns/ldns-utils[examples] + dev-util/splint + app-text/wdiff + ) + systemd? ( sys-apps/systemd ) + virtual/pkgconfig" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-bind )" + +# bug #347415 +RDEPEND="${RDEPEND} + net-dns/dnssec-root" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + enewgroup unbound + enewuser unbound -1 -1 /etc/unbound unbound + # improve security on existing installs (bug #641042) + # as well as new installs where unbound homedir has just been created + if [[ -d "${ROOT}/etc/unbound" ]]; then + chown --no-dereference --from=unbound root "${ROOT}/etc/unbound" + fi + + use python && python-single-r1_pkg_setup +} + +src_prepare() { + # To avoid below error messages, set 'trust-anchor-file' to same value in + # 'auto-trust-anchor-file'. + # [23109:0] error: Could not open autotrust file for writing, + # /etc/dnssec/root-anchors.txt: Permission denied + epatch "${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch + + # required for the python part + multilib_copy_sources +} + +src_configure() { + [[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack + multilib-minimal_src_configure +} + +multilib_src_configure() { + econf \ + $(use_enable debug) \ + $(use_enable gost) \ + $(use_enable dnscrypt) \ + $(use_enable dnstap) \ + $(use_enable ecdsa) \ + $(use_enable static-libs static) \ + $(use_enable systemd) \ + $(multilib_native_use_with python pythonmodule) \ + $(multilib_native_use_with python pyunbound) \ + $(use_with threads pthreads) \ + --disable-flto \ + --disable-rpath \ + --with-libevent="${EPREFIX}"/usr \ + --with-pidfile="${EPREFIX}"/var/run/unbound.pid \ + --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \ + --with-ssl="${EPREFIX}"/usr \ + --with-libexpat="${EPREFIX}"/usr + + # http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html + # $(use_enable debug lock-checks) \ + # $(use_enable debug alloc-checks) \ + # $(use_enable debug alloc-lite) \ + # $(use_enable debug alloc-nonregional) \ +} + +multilib_src_install_all() { + prune_libtool_files --modules + use python && python_optimize + + newinitd "${FILESDIR}"/unbound.initd unbound + newconfd "${FILESDIR}"/unbound.confd unbound + + systemd_dounit "${FILESDIR}"/unbound.service + systemd_dounit "${FILESDIR}"/unbound.socket + systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service" + systemd_dounit "${FILESDIR}"/unbound-anchor.service + + dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES} + + # bug #315519 + dodoc contrib/unbound_munin_ + + docinto selinux + dodoc contrib/selinux/* + + exeinto /usr/share/${PN} + doexe contrib/update-anchor.sh + + # create space for auto-trust-anchor-file... + keepdir /etc/unbound/var + # ... and point example config to it + sed -i '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' "${ED}/etc/unbound/unbound.conf" +} + +pkg_postinst() { + # make var/ writable by unbound + if [[ -d "${ROOT}/etc/unbound/var" ]]; then + chown --no-dereference --from=root unbound: "${ROOT}/etc/unbound/var" + fi + einfo "" + einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation" + einfo "set 'auto-trust-anchor-file: /etc/unbound/var/root-anchors.txt' in /etc/unbound/unbound.conf" + einfo "and run" + einfo "" + einfo " su -s /bin/sh -c '/usr/sbin/unbound-anchor -a /etc/unbound/var/root-anchors.txt' unbound" + einfo "" + einfo "as root to create it initially before starting unbound for the first time after enabling this." + einfo "" +} -- cgit v1.2.3