net-dns/djbdns: update IPv6 patch

Closes: https://bugs.gentoo.org/652156 Closes: #7768 Package-Manager: Portage-2.3.24, Repoman-2.3.6 Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
gentoo · Apr 11, 2018 · 2837acf · 2837acf
1 parent 9834362
commit 2837acf
Show file tree

Hide file tree

Showing 3 changed files with 484 additions and 0 deletions.
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest
@@ -1,3 +1,4 @@
 DIST djbdns-1.05-man.tar.gz 17170 BLAKE2B 2fef7e1be8a427b2c426c2af58bf4c22795e64d03e0f605ca333e38f187ff65b333e88a7cea0e8a9ec867b446b5ca34a5c97dd24ae18b28ee4c747f2fd1f1608 SHA512 98af7bd9033a2205fbbc0f23b7eab45b9756f6ceff5199a62952e19c89c9fe3c03495cb6f8621d388f883c40650309a1509095417df3f54af21a71350c4aa183
 DIST djbdns-1.05-test27.diff.bz2 20695 BLAKE2B 5eb2b5deeb81ec802bec4787b844f8b072e46a06ea28cf28a2702f8d545c3248256357669471f78b61f30c656b6f325bb8c0710dbdfa3ad2c2b00d5fb02bfc66 SHA512 e5acf26ff353ae20b6c2186140255bf0ae478a75a9946163d4474a003afbf8c2f47e61a12fc3ed4b9eff17ec8732e9d91bfbb10fb2762310b067180b6d471ba0
+DIST djbdns-1.05-test28.diff.xz 22072 BLAKE2B fff6c13220adfa056a0ac5942ff9385d83b75f8622adaebab65f557a2ca8d014fe3c255fe55ba9afca56b24880b7cd28597b26b5bcc3bbbd3ef9f581b67004fd SHA512 7fbfeda10221a0a09897c2e744df5606c83113c394ce055d822b0d8733873d72567a88c37905d21c7d2395170fc12b9e9eb133a941aa809f1b9856872ab48230
 DIST djbdns-1.05.tar.gz 85648 BLAKE2B 51918fcc8944e64e72709636ee7d56975a138a2806e22c019fa836770de3a338bb8f682216b89c09d6b2861c2423e60e28dc60639f5a86aca2040e1788e4cf5c SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9
diff --git a/net-dns/djbdns/djbdns-1.05-r33.ebuild b/net-dns/djbdns/djbdns-1.05-r33.ebuild
@@ -0,0 +1,132 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit flag-o-matic readme.gentoo-r1 toolchain-funcs user
+
+DESCRIPTION="Collection of DNS client/server software"
+HOMEPAGE="http://cr.yp.to/djbdns.html"
+IPV6_PATCH="test28"
+
+SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz
+	http://smarden.org/pape/djb/manpages/${P}-man.tar.gz
+	ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.xz )"
+
+SLOT="0"
+LICENSE="public-domain"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ipv6 selinux"
+
+DEPEND=""
+RDEPEND="sys-apps/ucspi-tcp
+	virtual/daemontools
+	selinux? ( sec-policy/selinux-djbdns )"
+
+src_unpack(){
+	# Unpack both djbdns and its man pages to separate directories.
+	default
+
+	# Now move the man pages under ${S} so that user patches can be
+	# applied to them as well in src_prepare().
+	mv "${PN}-man" "${P}/man" || die "failed to transplant man pages"
+}
+
+PATCHES=(
+	"${FILESDIR}/headtail-r1.patch"
+	"${FILESDIR}/dnsroots.patch"
+	"${FILESDIR}/dnstracesort.patch"
+	"${FILESDIR}/string_length_255.patch"
+	"${FILESDIR}/srv_record_support.patch"
+	"${FILESDIR}/increase-cname-recustion-depth.patch"
+	"${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
+	"${FILESDIR}/CVE2012-1191_0001-ghost-domain-attack.patch"
+)
+
+src_prepare() {
+	if use ipv6; then
+		PATCHES=(${PATCHES[@]}
+			# The big ipv6 patch.
+			"${WORKDIR}/${P}-${IPV6_PATCH}.diff"
+			# Fix CVE2008-4392 (ipv6)
+			"${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch"
+			"${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch"
+			"${FILESDIR}/makefile-parallel-test25.patch"
+		)
+	else
+		PATCHES=(${PATCHES[@]}
+			# Fix CVE2008-4392 (no ipv6)
+			"${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch"
+			"${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+			# Later versions of the ipv6 patch include this
+			"${FILESDIR}/${PV}-errno-r1.patch"
+		)
+	fi
+
+	default
+}
+
+src_compile() {
+	echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die
+	echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die
+	echo "/usr" > conf-home || die
+	emake
+}
+
+src_install() {
+	insinto /etc
+	doins dnsroots.global
+
+	into /usr
+	dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+		*-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+		dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
+
+	if use ipv6; then
+		dobin dnsip6 dnsip6q
+	fi
+
+	dodoc CHANGES README
+
+	doman man/*.[158]
+
+	readme.gentoo_create_doc
+}
+
+pkg_preinst() {
+	# The nofiles group is no longer provided by baselayout.
+	# Share it with qmail if possible.
+	enewgroup nofiles 200
+
+	enewuser dnscache -1 -1 -1 nofiles
+	enewuser dnslog -1 -1 -1 nofiles
+	enewuser tinydns -1 -1 -1 nofiles
+}
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS='
+To configure djbdns, please follow the instructions at,
+
+	http://cr.yp.to/djbdns.html
+
+Of particular interest are,
+
+	axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html
+	dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html
+	tinydns : http://cr.yp.to/djbdns/run-server.html
+
+Portage has created users for axfrdns, dnscache, and tinydns; the
+commands to configure these programs are,
+
+	1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip
+	2. dnscache-conf dnscache dnslog /var/dnscache $ip
+	3. tinydns-conf tinydns dnslog /var/tinydns $ip
+
+(replace $ip with the ip address on which the server will run).
+
+If you wish to configure rbldns or walldns, you will need to create
+those users yourself (although you should still use the "dnslog"
+user for the logs):
+
+	4. rbldns-conf $username dnslog /var/rbldns $ip $base
+	5. walldns-conf $username dnslog /var/walldns $ip
+'