Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Aaron Bauman <bman@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-dns/bind/
Date: Sat, 24 Mar 2018 00:27:15
Message-Id: 1521851221.7425826012927d02717a2571cf5f5d56f94e3bdf.bman@gentoo
1 commit: 7425826012927d02717a2571cf5f5d56f94e3bdf
2 Author: Aaron Bauman <bman <AT> gentoo <DOT> org>
3 AuthorDate: Sat Mar 24 00:25:33 2018 +0000
4 Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
5 CommitDate: Sat Mar 24 00:27:01 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74258260
7
8 net-dns/bind: drop vulnerable wrt bug #644706
9
10 net-dns/bind/Manifest | 1 -
11 net-dns/bind/bind-9.11.1_p3.ebuild | 426 -------------------------------------
12 2 files changed, 427 deletions(-)
13
14 diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
15 index 45b3153675b..2b9d08ea464 100644
16 --- a/net-dns/bind/Manifest
17 +++ b/net-dns/bind/Manifest
18 @@ -1,3 +1,2 @@
19 -DIST bind-9.11.1-P3.tar.gz 9749095 BLAKE2B 1b68b57b9aed1a5210464e9c47a4e0569f1932076c042a7096dc04f69b45da9df8b2d56ec0f1f0d0fb136e7f61a39b3cb20d1912075f3a4138cbdf47f859cf0a SHA512 bf92ce1e07e5c84cc42b413bdbd3ad97f37712a6dc330dc10182992d948b7a393d5446efa188379b39020c34d810cebe2a7acccc9b8aa6bb564e1f3e6be42e96
20 DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597
21 DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac
22
23 diff --git a/net-dns/bind/bind-9.11.1_p3.ebuild b/net-dns/bind/bind-9.11.1_p3.ebuild
24 deleted file mode 100644
25 index eaa05818163..00000000000
26 --- a/net-dns/bind/bind-9.11.1_p3.ebuild
27 +++ /dev/null
28 @@ -1,426 +0,0 @@
29 -# Copyright 1999-2017 Gentoo Foundation
30 -# Distributed under the terms of the GNU General Public License v2
31 -
32 -# Re dlz/mysql and threads, needs to be verified..
33 -# MySQL uses thread local storage in its C api. Thus MySQL
34 -# requires that each thread of an application execute a MySQL
35 -# thread initialization to setup the thread local storage.
36 -# This is impossible to do safely while staying within the DLZ
37 -# driver API. This is a limitation caused by MySQL, and not the DLZ API.
38 -# Because of this BIND MUST only run with a single thread when
39 -# using the MySQL driver.
40 -
41 -EAPI="5"
42 -
43 -PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
44 -
45 -inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd
46 -
47 -MY_PV="${PV/_p/-P}"
48 -MY_PV="${MY_PV/_rc/rc}"
49 -MY_P="${PN}-${MY_PV}"
50 -
51 -SDB_LDAP_VER="1.1.0-fc14"
52 -
53 -RRL_PV="${MY_PV}"
54 -
55 -NSLINT_DIR="contrib/nslint-3.0a2/"
56 -
57 -# SDB-LDAP: http://bind9-ldap.bayour.com/
58 -
59 -DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server"
60 -HOMEPAGE="http://www.isc.org/software/bind"
61 -SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz
62 - doc? ( mirror://gentoo/dyndns-samples.tbz2 )"
63 -# sdb-ldap? (
64 -# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2
65 -# )"
66 -
67 -LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
68 -SLOT="0"
69 -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
70 -# -berkdb by default re bug 602682
71 -IUSE="-berkdb +caps dlz dnstap doc filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
72 -json ldap libressl lmdb mysql nslint odbc postgres python rpz seccomp selinux ssl static-libs
73 -+threads urandom xml +zlib"
74 -# sdb-ldap - patch broken
75 -# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
76 -
77 -REQUIRED_USE="postgres? ( dlz )
78 - berkdb? ( dlz )
79 - mysql? ( dlz !threads )
80 - odbc? ( dlz )
81 - ldap? ( dlz )
82 - gost? ( !libressl ssl )
83 - threads? ( caps )
84 - dnstap? ( threads )
85 - python? ( ${PYTHON_REQUIRED_USE} )"
86 -# sdb-ldap? ( dlz )
87 -
88 -DEPEND="
89 - ssl? (
90 - !libressl? ( dev-libs/openssl:0[-bindist] )
91 - libressl? ( dev-libs/libressl )
92 - )
93 - mysql? ( >=virtual/mysql-4.0 )
94 - odbc? ( >=dev-db/unixODBC-2.2.6 )
95 - ldap? ( net-nds/openldap )
96 - idn? ( net-dns/idnkit )
97 - postgres? ( dev-db/postgresql:= )
98 - caps? ( >=sys-libs/libcap-2.1.0 )
99 - xml? ( dev-libs/libxml2 )
100 - geoip? ( >=dev-libs/geoip-1.4.6 )
101 - gssapi? ( virtual/krb5 )
102 - gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
103 - seccomp? ( sys-libs/libseccomp )
104 - json? ( dev-libs/json-c:= )
105 - lmdb? ( dev-db/lmdb )
106 - zlib? ( sys-libs/zlib )
107 - dnstap? ( dev-libs/fstrm dev-libs/protobuf-c )
108 - python? (
109 - ${PYTHON_DEPS}
110 - dev-python/ply[${PYTHON_USEDEP}]
111 - )"
112 -# sdb-ldap? ( net-nds/openldap )
113 -
114 -RDEPEND="${DEPEND}
115 - selinux? ( sec-policy/selinux-bind )
116 - || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )"
117 -
118 -S="${WORKDIR}/${MY_P}"
119 -
120 -# bug 479092, requires networking
121 -RESTRICT="test"
122 -
123 -pkg_setup() {
124 - ebegin "Creating named group and user"
125 - enewgroup named 40
126 - enewuser named 40 -1 /etc/bind named
127 - eend ${?}
128 -}
129 -
130 -src_prepare() {
131 - # bug 600212
132 - epatch "${FILESDIR}"/${PN}-9.11.0_p5-dyndb-dlopen.patch
133 -
134 - # Adjusting PATHs in manpages
135 - for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
136 - sed -i \
137 - -e 's:/etc/named.conf:/etc/bind/named.conf:g' \
138 - -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
139 - -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
140 - "${i}" || die "sed failed, ${i} doesn't exist"
141 - done
142 -
143 -# if use dlz; then
144 -# # sdb-ldap patch as per bug #160567
145 -# # Upstream URL: http://bind9-ldap.bayour.com/
146 -# # New patch take from bug 302735
147 -# if use sdb-ldap; then
148 -# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch
149 -# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/
150 -# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/
151 -# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/
152 -# fi
153 -# fi
154 -
155 - # should be installed by bind-tools
156 - sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die
157 -
158 - # Disable tests for now, bug 406399
159 - sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
160 -
161 - if use nslint; then
162 - sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die
163 - fi
164 -
165 - # bug #220361
166 - rm aclocal.m4
167 - rm -rf libtool.m4/
168 - eautoreconf
169 -}
170 -
171 -src_configure() {
172 - local myconf=""
173 -
174 - if use urandom; then
175 - myconf="${myconf} --with-randomdev=/dev/urandom"
176 - else
177 - myconf="${myconf} --with-randomdev=/dev/random"
178 - fi
179 -
180 - use geoip && myconf="${myconf} --with-geoip"
181 -
182 - # bug #158664
183 -# gcc-specs-ssp && replace-flags -O[23s] -O
184 -
185 - # To include db.h from proper path
186 - use berkdb && append-flags "-I$(db_includedir)"
187 -
188 - export BUILD_CC=$(tc-getBUILD_CC)
189 - econf \
190 - --sysconfdir=/etc/bind \
191 - --localstatedir=/var \
192 - --with-libtool \
193 - --enable-full-report \
194 - --without-readline \
195 - $(use_enable caps linux-caps) \
196 - $(use_enable filter-aaaa) \
197 - $(use_enable fixed-rrset) \
198 - $(use_enable ipv6) \
199 - $(use_enable rpz rpz-nsdname) \
200 - $(use_enable rpz rpz-nsip) \
201 - $(use_enable seccomp) \
202 - $(use_enable threads) \
203 - $(use_with berkdb dlz-bdb) \
204 - $(use_with dlz dlopen) \
205 - $(use_with dlz dlz-filesystem) \
206 - $(use_with dlz dlz-stub) \
207 - $(use_with gost) \
208 - $(use_with gssapi) \
209 - $(use_with idn) \
210 - $(use_with json libjson) \
211 - $(use_with ldap dlz-ldap) \
212 - $(use_with mysql dlz-mysql) \
213 - $(use_with odbc dlz-odbc) \
214 - $(use_with postgres dlz-postgres) \
215 - $(use_with lmdb) \
216 - $(use_with python) \
217 - $(use_with ssl ecdsa) \
218 - $(use_with ssl openssl "${EPREFIX}"/usr) \
219 - $(use_with xml libxml2) \
220 - $(use_with zlib) \
221 - ${myconf}
222 -
223 - # $(use_enable static-libs static) \
224 -
225 - # bug #151839
226 - echo '#undef SO_BSDCOMPAT' >> config.h
227 -
228 - if use nslint; then
229 - cd $NSLINT_DIR
230 - econf
231 - fi
232 -}
233 -
234 -src_compile() {
235 - emake
236 -
237 - if use nslint; then
238 - emake -C $NSLINT_DIR CCOPT="${CFLAGS}"
239 - fi
240 -}
241 -
242 -src_install() {
243 - emake DESTDIR="${D}" install
244 -
245 - if use nslint; then
246 - cd $NSLINT_DIR
247 - dobin nslint
248 - doman nslint.8
249 - cd "${S}"
250 - fi
251 -
252 - dodoc CHANGES FAQ README
253 -
254 - if use idn; then
255 - dodoc contrib/idn/README.idnkit
256 - fi
257 -
258 - if use doc; then
259 - dodoc doc/arm/Bv9ARM.pdf
260 -
261 - docinto misc
262 - dodoc doc/misc/*
263 -
264 - # might a 'html' useflag make sense?
265 - docinto html
266 - dohtml -r doc/arm/*
267 -
268 - docinto contrib
269 - dodoc contrib/scripts/{nanny.pl,named-bootconf.sh}
270 -
271 - # some handy-dandy dynamic dns examples
272 - pushd "${D}"/usr/share/doc/${PF} 1>/dev/null
273 - tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die
274 - popd 1>/dev/null
275 - fi
276 -
277 - insinto /etc/bind
278 - newins "${FILESDIR}"/named.conf-r8 named.conf
279 -
280 - # ftp://ftp.rs.internic.net/domain/named.cache:
281 - insinto /var/bind
282 - newins "${FILESDIR}"/named.cache-r3 named.cache
283 -
284 - insinto /var/bind/pri
285 - newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
286 -
287 - newinitd "${FILESDIR}"/named.init-r13 named
288 - newconfd "${FILESDIR}"/named.confd-r7 named
289 -
290 - if use gost; then
291 - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die
292 - else
293 - sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die
294 - fi
295 -
296 - newenvd "${FILESDIR}"/10bind.env 10bind
297 -
298 - # Let's get rid of those tools and their manpages since they're provided by bind-tools
299 - rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1*
300 - rm -f "${D}"/usr/share/man/man8/nsupdate.8*
301 - rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate}
302 - rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate}
303 - for tool in dsfromkey importkey keyfromlabel keygen \
304 - revoke settime signzone verify; do
305 - rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}"
306 - rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8*
307 - done
308 -
309 - # bug 405251, library archives aren't properly handled by --enable/disable-static
310 - if ! use static-libs; then
311 - find "${D}" -type f -name '*.a' -delete || die
312 - fi
313 -
314 - # bug 405251
315 - find "${D}" -type f -name '*.la' -delete || die
316 -
317 - if use python; then
318 - install_python_tools() {
319 - dosbin bin/python/dnssec-{checkds,coverage}
320 - }
321 - python_foreach_impl install_python_tools
322 -
323 - python_replicate_script "${D}usr/sbin/dnssec-checkds"
324 - python_replicate_script "${D}usr/sbin/dnssec-coverage"
325 - fi
326 -
327 - # bug 450406
328 - dosym named.cache /var/bind/root.cache
329 -
330 - dosym /var/bind/pri /etc/bind/pri
331 - dosym /var/bind/sec /etc/bind/sec
332 - dosym /var/bind/dyn /etc/bind/dyn
333 - keepdir /var/bind/{pri,sec,dyn}
334 -
335 - dodir /var/log/named
336 -
337 - fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn}
338 - fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
339 - fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf}
340 - fperms 0750 /etc/bind /var/bind/pri
341 - fperms 0770 /var/log/named /var/bind/{,sec,dyn}
342 -
343 - systemd_newunit "${FILESDIR}/named.service-r1" named.service
344 - systemd_dotmpfilesd "${FILESDIR}"/named.conf
345 - exeinto /usr/libexec
346 - doexe "${FILESDIR}/generate-rndc-key.sh"
347 -}
348 -
349 -pkg_postinst() {
350 - if [ ! -f '/etc/bind/rndc.key' ]; then
351 - if use urandom; then
352 - einfo "Using /dev/urandom for generating rndc.key"
353 - /usr/sbin/rndc-confgen -r /dev/urandom -a
354 - echo
355 - else
356 - einfo "Using /dev/random for generating rndc.key"
357 - /usr/sbin/rndc-confgen -a
358 - echo
359 - fi
360 - chown root:named /etc/bind/rndc.key
361 - chmod 0640 /etc/bind/rndc.key
362 - fi
363 -
364 - einfo
365 - einfo "You can edit /etc/conf.d/named to customize named settings"
366 - einfo
367 - use mysql || use postgres || use ldap && {
368 - elog "If your named depends on MySQL/PostgreSQL or LDAP,"
369 - elog "uncomment the specified rc_named_* lines in your"
370 - elog "/etc/conf.d/named config to ensure they'll start before bind"
371 - einfo
372 - }
373 - einfo "If you'd like to run bind in a chroot AND this is a new"
374 - einfo "install OR your bind doesn't already run in a chroot:"
375 - einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named."
376 - einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`"
377 - einfo
378 -
379 - CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT})
380 - if [[ -n ${CHROOT} ]]; then
381 - elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
382 - elog "To enable the old behaviour (without using mount) uncomment the"
383 - elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
384 - elog "If you decide to use the new/default method, ensure to make backup"
385 - elog "first and merge your existing configs/zones to /etc/bind and"
386 - elog "/var/bind because bind will now mount the needed directories into"
387 - elog "the chroot dir."
388 - fi
389 -}
390 -
391 -pkg_config() {
392 - CHROOT=$(source /etc/conf.d/named; echo ${CHROOT})
393 - CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT})
394 - CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP})
395 -
396 - if [[ -z "${CHROOT}" ]]; then
397 - eerror "This config script is designed to automate setting up"
398 - eerror "a chrooted bind/named. To do so, please first uncomment"
399 - eerror "and set the CHROOT variable in '/etc/conf.d/named'."
400 - die "Unset CHROOT"
401 - fi
402 - if [[ -d "${CHROOT}" ]]; then
403 - ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!"
404 - ewarn "To enable the old behaviour (without using mount) uncomment the"
405 - ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config."
406 - ewarn
407 - ewarn "${CHROOT} already exists... some things might become overridden"
408 - ewarn "press CTRL+C if you don't want to continue"
409 - sleep 10
410 - fi
411 -
412 - echo; einfo "Setting up the chroot directory..."
413 -
414 - mkdir -m 0750 -p ${CHROOT}
415 - mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run}
416 - mkdir -m 0750 -p ${CHROOT}/etc/bind
417 - mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/
418 - # As of bind 9.8.0
419 - if has_version net-dns/bind[gost]; then
420 - if [ "$(get_libdir)" = "lib64" ]; then
421 - mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines
422 - ln -s lib64 ${CHROOT}/usr/lib
423 - else
424 - mkdir -m 0755 -p ${CHROOT}/usr/lib/engines
425 - fi
426 - fi
427 - chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind
428 -
429 - mknod ${CHROOT}/dev/null c 1 3
430 - chmod 0666 ${CHROOT}/dev/null
431 -
432 - mknod ${CHROOT}/dev/zero c 1 5
433 - chmod 0666 ${CHROOT}/dev/zero
434 -
435 - if use urandom; then
436 - mknod ${CHROOT}/dev/urandom c 1 9
437 - chmod 0666 ${CHROOT}/dev/urandom
438 - else
439 - mknod ${CHROOT}/dev/random c 1 8
440 - chmod 0666 ${CHROOT}/dev/random
441 - fi
442 -
443 - if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then
444 - cp -a /etc/bind ${CHROOT}/etc/
445 - cp -a /var/bind ${CHROOT}/var/
446 - fi
447 -
448 - if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then
449 - mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP
450 - fi
451 -
452 - elog "You may need to add the following line to your syslog-ng.conf:"
453 - elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };"
454 -}
Report Message
Find on MARC Find on Google Groups