1 |
idl0r 09/07/29 19:40:47 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: bind-9.6.1_p1.ebuild |
5 |
Removed: bind-9.6.1.ebuild |
6 |
Log: |
7 |
Version bump to 9.6.1_p1 due to CVE-2009-0696, bug 279508. |
8 |
(Portage version: 2.2_rc33/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.238 net-dns/bind/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-dns/bind/ChangeLog?rev=1.238&view=markup |
14 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-dns/bind/ChangeLog?rev=1.238&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-dns/bind/ChangeLog?r1=1.237&r2=1.238 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v |
20 |
retrieving revision 1.237 |
21 |
retrieving revision 1.238 |
22 |
diff -u -r1.237 -r1.238 |
23 |
--- ChangeLog 29 Jul 2009 09:55:45 -0000 1.237 |
24 |
+++ ChangeLog 29 Jul 2009 19:40:47 -0000 1.238 |
25 |
@@ -1,6 +1,12 @@ |
26 |
# ChangeLog for net-dns/bind |
27 |
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.237 2009/07/29 09:55:45 chainsaw Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/ChangeLog,v 1.238 2009/07/29 19:40:47 idl0r Exp $ |
30 |
+ |
31 |
+*bind-9.6.1_p1 (29 Jul 2009) |
32 |
+ |
33 |
+ 29 Jul 2009; Christian Ruppert <idl0r@g.o> -bind-9.6.1.ebuild, |
34 |
+ +bind-9.6.1_p1.ebuild: |
35 |
+ Version bump to 9.6.1_p1 due to CVE-2009-0696, bug 279508. |
36 |
|
37 |
29 Jul 2009; <chainsaw@g.o> bind-9.4.3_p3.ebuild: |
38 |
Marked stable on AMD64 as requested by Robert Buchholz <rbu@g.o> in |
39 |
|
40 |
|
41 |
|
42 |
1.1 net-dns/bind/bind-9.6.1_p1.ebuild |
43 |
|
44 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-dns/bind/bind-9.6.1_p1.ebuild?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-dns/bind/bind-9.6.1_p1.ebuild?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: bind-9.6.1_p1.ebuild |
48 |
=================================================================== |
49 |
# Copyright 1999-2009 Gentoo Foundation |
50 |
# Distributed under the terms of the GNU General Public License v2 |
51 |
# $Header: /var/cvsroot/gentoo-x86/net-dns/bind/bind-9.6.1_p1.ebuild,v 1.1 2009/07/29 19:40:47 idl0r Exp $ |
52 |
|
53 |
EAPI="2" |
54 |
|
55 |
inherit eutils autotools toolchain-funcs flag-o-matic |
56 |
|
57 |
MY_PV="${PV/_p1/-P1}" |
58 |
MY_P="${PN}-${MY_PV}" |
59 |
|
60 |
SDB_LDAP_VER="1.1.0" |
61 |
|
62 |
DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" |
63 |
HOMEPAGE="https://www.isc.org/software/bind" |
64 |
SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz |
65 |
sdb-ldap? ( mirror://gentoo/bind-sdb-ldap-${SDB_LDAP_VER}.tar.bz2 ) |
66 |
doc? ( mirror://gentoo/dyndns-samples.tbz2 )" |
67 |
|
68 |
LICENSE="as-is" |
69 |
SLOT="0" |
70 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
71 |
IUSE="ssl ipv6 doc dlz postgres berkdb mysql odbc ldap selinux idn threads |
72 |
resolvconf urandom sdb-ldap xml" |
73 |
|
74 |
DEPEND="ssl? ( >=dev-libs/openssl-0.9.6g ) |
75 |
mysql? ( >=virtual/mysql-4.0 ) |
76 |
odbc? ( >=dev-db/unixODBC-2.2.6 ) |
77 |
ldap? ( net-nds/openldap ) |
78 |
idn? ( net-dns/idnkit ) |
79 |
postgres? ( virtual/postgresql-base ) |
80 |
threads? ( >=sys-libs/libcap-2.1.0 ) |
81 |
xml? ( dev-libs/libxml2 )" |
82 |
|
83 |
RDEPEND="${DEPEND} |
84 |
selinux? ( sec-policy/selinux-bind ) |
85 |
resolvconf? ( net-dns/openresolv )" |
86 |
|
87 |
S="${WORKDIR}/${MY_P}" |
88 |
|
89 |
pkg_setup() { |
90 |
use threads && { |
91 |
ewarn |
92 |
ewarn "If you're in vserver enviroment, you're probably want to" |
93 |
ewarn "disable threads support because of linux capabilities dependency" |
94 |
ewarn |
95 |
} |
96 |
|
97 |
ebegin "Creating named group and user" |
98 |
enewgroup named 40 |
99 |
enewuser named 40 -1 /etc/bind named |
100 |
eend ${?} |
101 |
} |
102 |
|
103 |
src_prepare() { |
104 |
# bug 278364 (workaround) |
105 |
epatch "${FILESDIR}/${P}-parallel.patch" |
106 |
|
107 |
# Adjusting PATHs in manpages |
108 |
for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do |
109 |
sed -i \ |
110 |
-e 's:/etc/named.conf:/etc/bind/named.conf:g' \ |
111 |
-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ |
112 |
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ |
113 |
"${i}" || die "sed failed, ${i} doesn't exist" |
114 |
done |
115 |
|
116 |
use dlz && epatch "${FILESDIR}"/${PN}-9.4.0-dlzbdb-close_cursor.patch |
117 |
|
118 |
# bind fails to reconnect to MySQL5 databases, bug #180720, patch by Nicolas Brousse |
119 |
# (http://www.shell-tips.com/2007/09/04/bind-950-patch-dlz-mysql-5-for-auto-reconnect/) |
120 |
use dlz && use mysql && has_version ">=dev-db/mysql-5" && epatch "${FILESDIR}"/bind-dlzmysql5-reconnect.patch |
121 |
|
122 |
# should be installed by bind-tools |
123 |
sed -i -e "s:nsupdate ::g" bin/Makefile.in || die |
124 |
|
125 |
# sdb-ldap patch as per bug #160567 |
126 |
# Upstream URL: http://bind9-ldap.bayour.com/ |
127 |
use sdb-ldap && epatch "${WORKDIR}"/sdb-ldap/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch |
128 |
|
129 |
# bug #220361 |
130 |
rm {aclocal,libtool}.m4 |
131 |
WANT_AUTOCONF=2.5 AT_NO_RECURSIVE=1 eautoreconf |
132 |
|
133 |
# bug #151839 |
134 |
sed -i -e \ |
135 |
's:struct isc_socket {:#undef SO_BSDCOMPAT\n\nstruct isc_socket {:' \ |
136 |
lib/isc/unix/socket.c || die |
137 |
|
138 |
# remove useless c++ checks |
139 |
epunt_cxx |
140 |
} |
141 |
|
142 |
src_configure() { |
143 |
local myconf="" |
144 |
|
145 |
use dlz && { |
146 |
myconf="${myconf} --with-dlz-filesystem --with-dlz-stub" |
147 |
use postgres && myconf="${myconf} --with-dlz-postgres" |
148 |
use mysql && myconf="${myconf} --with-dlz-mysql" |
149 |
use berkdb && myconf="${myconf} --with-dlz-bdb" |
150 |
use ldap && myconf="${myconf} --with-dlz-ldap" |
151 |
use odbc && myconf="${myconf} --with-dlz-odbc" |
152 |
} |
153 |
|
154 |
if use threads; then |
155 |
if use dlz && use mysql; then |
156 |
ewarn |
157 |
ewarn "MySQL uses thread local storage in its C api. Thus MySQL" |
158 |
ewarn "requires that each thread of an application execute a MySQL" |
159 |
ewarn "\"thread initialization\" to setup the thread local storage." |
160 |
ewarn "This is impossible to do safely while staying within the DLZ" |
161 |
ewarn "driver API. This is a limitation caused by MySQL, and not" |
162 |
ewarn "the DLZ API." |
163 |
ewarn "Because of this BIND MUST only run with a single thread when" |
164 |
ewarn "using the MySQL driver." |
165 |
ewarn |
166 |
myconf="${myconf} --disable-linux-caps --disable-threads" |
167 |
ewarn "Threading support disabled" |
168 |
epause 10 |
169 |
else |
170 |
myconf="${myconf} --enable-linux-caps --enable-threads" |
171 |
einfo "Threading support enabled" |
172 |
fi |
173 |
else |
174 |
myconf="${myconf} --disable-linux-caps --disable-threads" |
175 |
fi |
176 |
|
177 |
if use urandom; then |
178 |
myconf="${myconf} --with-randomdev=/dev/urandom" |
179 |
else |
180 |
myconf="${myconf} --with-randomdev=/dev/random" |
181 |
fi |
182 |
|
183 |
# bug #158664 |
184 |
gcc-specs-ssp && replace-flags -O[23s] -O |
185 |
export BUILD_CC="${CBUILD}-gcc" |
186 |
econf \ |
187 |
--sysconfdir=/etc/bind \ |
188 |
--localstatedir=/var \ |
189 |
--with-libtool \ |
190 |
$(use_with ssl openssl) \ |
191 |
$(use_with idn) \ |
192 |
$(use_enable ipv6) \ |
193 |
$(use_with xml libxml2) \ |
194 |
${myconf} |
195 |
} |
196 |
|
197 |
src_install() { |
198 |
emake DESTDIR="${D}" install || die |
199 |
|
200 |
dodoc CHANGES FAQ KNOWN-DEFECTS README || die |
201 |
|
202 |
if use idn; then |
203 |
dodoc README.idnkit || die |
204 |
fi |
205 |
|
206 |
if use doc; then |
207 |
dodoc doc/arm/Bv9ARM.pdf || die |
208 |
|
209 |
docinto misc |
210 |
dodoc doc/misc/* || die |
211 |
|
212 |
# might a 'html' useflag make sense? |
213 |
docinto html |
214 |
dohtml -r doc/arm/* || die |
215 |
|
216 |
docinto draft |
217 |
dodoc doc/draft/* || die |
218 |
|
219 |
docinto rfc |
220 |
dodoc doc/rfc/* || die |
221 |
|
222 |
docinto contrib |
223 |
dodoc contrib/named-bootconf/named-bootconf.sh \ |
224 |
contrib/nanny/nanny.pl || die |
225 |
|
226 |
# some handy-dandy dynamic dns examples |
227 |
cd "${D}"/usr/share/doc/${PF} |
228 |
tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die |
229 |
fi |
230 |
|
231 |
newenvd "${FILESDIR}"/10bind.env 10bind || die |
232 |
|
233 |
keepdir /var/bind/sec |
234 |
|
235 |
insinto /etc/bind |
236 |
newins "${FILESDIR}"/named.conf-r3 named.conf || die |
237 |
|
238 |
# ftp://ftp.rs.internic.net/domain/named.ca: |
239 |
insinto /var/bind |
240 |
doins "${FILESDIR}"/named.ca || die |
241 |
|
242 |
insinto /var/bind/pri |
243 |
newins "${FILESDIR}"/127.zone-r1 127.zone || die |
244 |
newins "${FILESDIR}"/localhost.zone-r3 localhost.zone || die |
245 |
|
246 |
newinitd "${FILESDIR}"/named.init-r6 named || die |
247 |
newconfd "${FILESDIR}"/named.confd-r2 named || die |
248 |
|
249 |
dosym /var/bind/named.ca /var/bind/root.cache |
250 |
dosym /var/bind/pri /etc/bind/pri |
251 |
dosym /var/bind/sec /etc/bind/sec |
252 |
|
253 |
# Let's get rid of those tools and their manpages since they're provided by bind-tools |
254 |
rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1 |
255 |
rm -f "${D}"/usr/share/man/man8/{dnssec-keygen,nsupdate}.8 |
256 |
rm -f "${D}"/usr/bin/{dig,host,nslookup,dnssec-keygen,nsupdate} |
257 |
} |
258 |
|
259 |
pkg_postinst() { |
260 |
if [ ! -f '/etc/bind/rndc.key' ]; then |
261 |
if [ -c /dev/urandom ]; then |
262 |
einfo "Using /dev/urandom for generating rndc.key" |
263 |
/usr/sbin/rndc-confgen -r /dev/urandom -a -u named |
264 |
echo |
265 |
else |
266 |
einfo "Using /dev/random for generating rndc.key" |
267 |
/usr/sbin/rndc-confgen -a -u named |
268 |
echo |
269 |
fi |
270 |
fi |
271 |
|
272 |
install -d -o named -g named "${ROOT}"/var/run/named \ |
273 |
"${ROOT}"/var/bind/{pri,sec} "${ROOT}"/var/log/named |
274 |
chown -R named:named "${ROOT}"/var/bind |
275 |
|
276 |
elog "The default zone files are now installed as *.zone," |
277 |
elog "be careful merging config files if you have modified" |
278 |
elog "/var/bind/pri/127 or /var/bind/pri/localhost" |
279 |
elog |
280 |
elog "You can edit /etc/conf.d/named to customize named settings" |
281 |
elog |
282 |
elog "The BIND ebuild now includes chroot support." |
283 |
elog "If you like to run bind in chroot AND this is a new install OR" |
284 |
elog "your bind doesn't already run in chroot, simply run:" |
285 |
elog "\`emerge --config '=${CATEGORY}/${PF}'\`" |
286 |
elog "Before running the above command you might want to change the chroot" |
287 |
elog "dir in /etc/conf.d/named. Otherwise /chroot/dns will be used." |
288 |
elog |
289 |
elog "Recently verisign added a wildcard A record to the .COM and .NET TLD" |
290 |
elog "zones making all .com and .net domains appear to be registered" |
291 |
elog "This causes many problems such as breaking important anti-spam checks" |
292 |
elog "which verify source domains exist. ISC released a patch for BIND which" |
293 |
elog "adds 'delegation-only' zones to allow admins to return the .com and .net" |
294 |
elog "domain resolution to their normal function." |
295 |
elog |
296 |
elog "There is no need to create a com or net data file. Just the" |
297 |
elog "entries to the named.conf file is enough." |
298 |
elog |
299 |
elog " zone "com" IN { type delegation-only; };" |
300 |
elog " zone "net" IN { type delegation-only; };" |
301 |
|
302 |
ewarn |
303 |
ewarn "BIND >=9.2.5 makes the priority argument to MX records mandatory" |
304 |
ewarn "when it was previously optional. If the priority is missing, BIND" |
305 |
ewarn "won't load the zone file at all." |
306 |
ewarn |
307 |
|
308 |
ewarn "NOTE: as of 'bind-9.6.1' the chroot part of the init-script got some major changes." |
309 |
} |
310 |
|
311 |
pkg_config() { |
312 |
CHROOT=`sed -n 's/^[[:blank:]]\?CHROOT="\([^"]\+\)"/\1/p' /etc/conf.d/named 2>/dev/null` |
313 |
EXISTS="no" |
314 |
|
315 |
if [ -z "${CHROOT}" -a ! -d "/chroot/dns" ]; then |
316 |
CHROOT="/chroot/dns" |
317 |
elif [ -d ${CHROOT} ]; then |
318 |
eerror; eerror "${CHROOT:-/chroot/dns} already exists. Quitting."; eerror; EXISTS="yes" |
319 |
fi |
320 |
|
321 |
if [ ! "$EXISTS" = yes ]; then |
322 |
einfo ; einfon "Setting up the chroot directory..." |
323 |
|
324 |
mkdir -m 750 -p ${CHROOT} |
325 |
mkdir -p ${CHROOT}/{dev,proc,etc/bind,var/{run,log}/named,var/bind} |
326 |
chown -R named:named ${CHROOT} |
327 |
chown root:named ${CHROOT} |
328 |
|
329 |
cp /etc/localtime ${CHROOT}/etc/localtime |
330 |
|
331 |
mknod ${CHROOT}/dev/zero c 1 5 |
332 |
chmod 666 ${CHROOT}/dev/zero |
333 |
|
334 |
if use urandom; then |
335 |
mknod ${CHROOT}/dev/urandom c 1 9 |
336 |
chmod 666 ${CHROOT}/dev/urandom |
337 |
else |
338 |
mknod ${CHROOT}/dev/random c 1 8 |
339 |
chmod 666 ${CHROOT}/dev/random |
340 |
fi |
341 |
|
342 |
if [ -f '/etc/syslog-ng/syslog-ng.conf' ]; then |
343 |
echo "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" >>/etc/syslog-ng/syslog-ng.conf |
344 |
fi |
345 |
|
346 |
grep -q "^#[[:blank:]]\?CHROOT" /etc/conf.d/named ; RETVAL=$? |
347 |
if [ $RETVAL = 0 ]; then |
348 |
sed -i 's/^# \?\(CHROOT.*\)$/\1/' /etc/conf.d/named 2>/dev/null |
349 |
fi |
350 |
else |
351 |
ewarn "NOTE: as of 'bind-9.6.1' the chroot part of the init-script got some major changes." |
352 |
fi |
353 |
} |