1 |
commit: d2dac37b7f5220aa1ca458c50977c404efc69d32 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Sep 14 18:19:56 2018 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Sep 14 22:03:45 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2dac37b |
7 |
|
8 |
net-dns/unbound: move EDNS client subnet support behind USE flag due to privacy concerns |
9 |
|
10 |
With EDNS client subnet support enabled, unbound will add client IP address |
11 |
to requests. This could lead to an unexpected IP address leak. Therefore |
12 |
we hide that feature behind a USE flag (ecs) and let user decide. |
13 |
|
14 |
Package-Manager: Portage-2.3.49, Repoman-2.3.10 |
15 |
|
16 |
net-dns/unbound/metadata.xml | 1 + |
17 |
net-dns/unbound/unbound-1.8.0-r1.ebuild | 4 ++-- |
18 |
2 files changed, 3 insertions(+), 2 deletions(-) |
19 |
|
20 |
diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml |
21 |
index 01e8dfa9bcc..322609af4ff 100644 |
22 |
--- a/net-dns/unbound/metadata.xml |
23 |
+++ b/net-dns/unbound/metadata.xml |
24 |
@@ -23,6 +23,7 @@ |
25 |
<flag name="dnscrypt">Enable DNSCrypt support</flag> |
26 |
<flag name="dnstap">Enable dnstap support</flag> |
27 |
<flag name="ecdsa">Enable ECDSA support</flag> |
28 |
+ <flag name="ecs">Enable EDNS client subnet support</flag> |
29 |
<flag name="gost">Enable GOST support</flag> |
30 |
<flag name="redis">Enable cache db backend which uses <pkg>dev-libs/hiredis</pkg></flag> |
31 |
</use> |
32 |
|
33 |
diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild |
34 |
index f544060754e..6d9dee1cdfc 100644 |
35 |
--- a/net-dns/unbound/unbound-1.8.0-r1.ebuild |
36 |
+++ b/net-dns/unbound/unbound-1.8.0-r1.ebuild |
37 |
@@ -14,7 +14,7 @@ SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" |
38 |
LICENSE="BSD GPL-2" |
39 |
SLOT="0/8" # ABI version of libunbound.so |
40 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" |
41 |
-IUSE="debug dnscrypt dnstap +ecdsa gost libressl python redis selinux static-libs systemd test threads" |
42 |
+IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" |
43 |
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
44 |
|
45 |
# Note: expat is needed by executable only but the Makefile is custom |
46 |
@@ -96,6 +96,7 @@ multilib_src_configure() { |
47 |
$(use_enable dnscrypt) \ |
48 |
$(use_enable dnstap) \ |
49 |
$(use_enable ecdsa) \ |
50 |
+ $(use_enable ecs subnet) \ |
51 |
$(multilib_native_use_enable redis cachedb) \ |
52 |
$(use_enable static-libs static) \ |
53 |
$(use_enable systemd) \ |
54 |
@@ -105,7 +106,6 @@ multilib_src_configure() { |
55 |
--disable-flto \ |
56 |
--disable-rpath \ |
57 |
--enable-ipsecmod \ |
58 |
- --enable-subnet \ |
59 |
--enable-tfo-client \ |
60 |
--enable-tfo-server \ |
61 |
--with-libevent="${EPREFIX%/}"/usr \ |