[gentoo-commits] repo/gentoo:master commit in: net-dns/unbound/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-dns/unbound/
Date:	Fri, 14 Sep 2018 22:13:59
Message-Id:	`1536962625.d2dac37b7f5220aa1ca458c50977c404efc69d32.whissi@gentoo`

1

commit:     d2dac37b7f5220aa1ca458c50977c404efc69d32

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Fri Sep 14 18:19:56 2018 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Fri Sep 14 22:03:45 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2dac37b

7

8

net-dns/unbound: move EDNS client subnet support behind USE flag due to privacy concerns

9

10

With EDNS client subnet support enabled, unbound will add client IP address

11

to requests. This could lead to an unexpected IP address leak. Therefore

12

we hide that feature behind a USE flag (ecs) and let user decide.

13

14

Package-Manager: Portage-2.3.49, Repoman-2.3.10

15

16

 net-dns/unbound/metadata.xml            | 1 +

17

 net-dns/unbound/unbound-1.8.0-r1.ebuild | 4 ++--

18

 2 files changed, 3 insertions(+), 2 deletions(-)

19

20

diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml

21

index 01e8dfa9bcc..322609af4ff 100644

22

--- a/net-dns/unbound/metadata.xml

23

+++ b/net-dns/unbound/metadata.xml

24

@@ -23,6 +23,7 @@

25

     <flag name="dnscrypt">Enable DNSCrypt support</flag>

26

     <flag name="dnstap">Enable dnstap support</flag>

27

     <flag name="ecdsa">Enable ECDSA support</flag>

28

+    <flag name="ecs">Enable EDNS client subnet support</flag>

29

     <flag name="gost">Enable GOST support</flag>

30

     <flag name="redis">Enable cache db backend which uses <pkg>dev-libs/hiredis</pkg></flag>

31

   </use>

32

33

diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild

34

index f544060754e..6d9dee1cdfc 100644

35

--- a/net-dns/unbound/unbound-1.8.0-r1.ebuild

36

+++ b/net-dns/unbound/unbound-1.8.0-r1.ebuild

37

@@ -14,7 +14,7 @@ SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"

38

 LICENSE="BSD GPL-2"

39

 SLOT="0/8" # ABI version of libunbound.so

40

 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"

41

-IUSE="debug dnscrypt dnstap +ecdsa gost libressl python redis selinux static-libs systemd test threads"

42

+IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads"

43

 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"

44

45

 # Note: expat is needed by executable only but the Makefile is custom

46

@@ -96,6 +96,7 @@ multilib_src_configure() {

47

 		$(use_enable dnscrypt) \

48

 		$(use_enable dnstap) \

49

 		$(use_enable ecdsa) \

50

+		$(use_enable ecs subnet) \

51

 		$(multilib_native_use_enable redis cachedb) \

52

 		$(use_enable static-libs static) \

53

 		$(use_enable systemd) \

54

@@ -105,7 +106,6 @@ multilib_src_configure() {

55

 		--disable-flto \

56

 		--disable-rpath \

57

 		--enable-ipsecmod \

58

-		--enable-subnet \

59

 		--enable-tfo-client \

60

 		--enable-tfo-server \

61

 		--with-libevent="${EPREFIX%/}"/usr \

1	commit: d2dac37b7f5220aa1ca458c50977c404efc69d32
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Fri Sep 14 18:19:56 2018 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Fri Sep 14 22:03:45 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2dac37b
7
8	net-dns/unbound: move EDNS client subnet support behind USE flag due to privacy concerns
9
10	With EDNS client subnet support enabled, unbound will add client IP address
11	to requests. This could lead to an unexpected IP address leak. Therefore
12	we hide that feature behind a USE flag (ecs) and let user decide.
13
14	Package-Manager: Portage-2.3.49, Repoman-2.3.10
15
16	net-dns/unbound/metadata.xml \| 1 +
17	net-dns/unbound/unbound-1.8.0-r1.ebuild \| 4 ++--
18	2 files changed, 3 insertions(+), 2 deletions(-)
19
20	diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml
21	index 01e8dfa9bcc..322609af4ff 100644
22	--- a/net-dns/unbound/metadata.xml
23	+++ b/net-dns/unbound/metadata.xml
24	@@ -23,6 +23,7 @@
25	<flag name="dnscrypt">Enable DNSCrypt support</flag>
26	<flag name="dnstap">Enable dnstap support</flag>
27	<flag name="ecdsa">Enable ECDSA support</flag>
28	+ <flag name="ecs">Enable EDNS client subnet support</flag>
29	<flag name="gost">Enable GOST support</flag>
30	<flag name="redis">Enable cache db backend which uses <pkg>dev-libs/hiredis</pkg></flag>
31	</use>
32
33	diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild
34	index f544060754e..6d9dee1cdfc 100644
35	--- a/net-dns/unbound/unbound-1.8.0-r1.ebuild
36	+++ b/net-dns/unbound/unbound-1.8.0-r1.ebuild
37	@@ -14,7 +14,7 @@ SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"
38	LICENSE="BSD GPL-2"
39	SLOT="0/8" # ABI version of libunbound.so
40	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
41	-IUSE="debug dnscrypt dnstap +ecdsa gost libressl python redis selinux static-libs systemd test threads"
42	+IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads"
43	REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
44
45	# Note: expat is needed by executable only but the Makefile is custom
46	@@ -96,6 +96,7 @@ multilib_src_configure() {
47	$(use_enable dnscrypt) \
48	$(use_enable dnstap) \
49	$(use_enable ecdsa) \
50	+ $(use_enable ecs subnet) \
51	$(multilib_native_use_enable redis cachedb) \
52	$(use_enable static-libs static) \
53	$(use_enable systemd) \
54	@@ -105,7 +106,6 @@ multilib_src_configure() {
55	--disable-flto \
56	--disable-rpath \
57	--enable-ipsecmod \
58	- --enable-subnet \
59	--enable-tfo-client \
60	--enable-tfo-server \
61	--with-libevent="${EPREFIX%/}"/usr \

Gentoo Archives: gentoo-commits