[gentoo-commits] repo/gentoo:master commit in: net-dns/opendnssec/files/ - gentoo-commits

From:	Aaron Bauman <bman@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-dns/opendnssec/files/
Date:	Tue, 29 Sep 2020 13:53:14
Message-Id:	`1601387440.81a7a6283ad967bb6610b45ea347a3ff8b43d178.bman@gentoo`

1

commit:     81a7a6283ad967bb6610b45ea347a3ff8b43d178

2

Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>

3

AuthorDate: Tue Sep 29 13:50:29 2020 +0000

4

Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>

5

CommitDate: Tue Sep 29 13:50:40 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81a7a628

7

8

Revert "net-dns/opendnssec: remove unused patches"

9

10

This reverts commit ac80ac59b84559e6217bb4047e65918313887d00.

11

12

* I dropped LTS releases. Let's restore them

13

14

Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>

15

16

 .../files/opendnssec-1.3.14-drop-privileges.patch  |  43 +++++++

17

 .../files/opendnssec-1.3.14-use-system-trang.patch |  21 ++++

18

 ...nssec-1.3.18-eppclient-curl-CVE-2012-5582.patch |  12 ++

19

 .../files/opendnssec-drop-privileges.patch         |  28 +++++

20

 .../files/opendnssec-fix-localstatedir.patch       |  32 ++++++

21

 .../opendnssec/files/opendnssec-fix-run-dir.patch  |  26 +++++

22

 net-dns/opendnssec/files/opendnssec.confd-1.3.x    |  13 +++

23

 net-dns/opendnssec/files/opendnssec.initd-1.3.x    | 123 +++++++++++++++++++++

24

 8 files changed, 298 insertions(+)

25

26

diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch

27

new file mode 100644

28

index 00000000000..7c9f72355d2

29

--- /dev/null

30

+++ b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch

31

@@ -0,0 +1,43 @@

32

+Index: conf/conf.xml.in

33

+===================================================================

34

+--- conf/conf.xml.in	(revision 3022)

35

++++ conf/conf.xml.in	(working copy)

36

+@@ -38,12 +38,10 @@

37

+ 	</Common>

38

+

39

+ 	<Enforcer>

40

+-<!--

41

+ 		<Privileges>

42

+ 			<User>opendnssec</User>

43

+ 			<Group>opendnssec</Group>

44

+ 		</Privileges>

45

+--->

46

+

47

+ 		<Datastore><SQLite>@OPENDNSSEC_STATE_DIR@/kasp.db</SQLite></Datastore>

48

+ 		<Interval>PT3600S</Interval>

49

+@@ -56,12 +54,10 @@

50

+ 	</Enforcer>

51

+

52

+ 	<Signer>

53

+-<!--

54

+ 		<Privileges>

55

+ 			<User>opendnssec</User>

56

+ 			<Group>opendnssec</Group>

57

+ 		</Privileges>

58

+--->

59

+

60

+ 		<WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory>

61

+ 		<WorkerThreads>8</WorkerThreads>

62

+@@ -80,12 +76,10 @@

63

+ 	</Signer>

64

+

65

+ 	<Auditor>

66

+-<!--

67

+ 		<Privileges>

68

+ 			<User>opendnssec</User>

69

+ 			<Group>opendnssec</Group>

70

+ 		</Privileges>

71

+--->

72

+

73

+ 		<WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory>

74

+ 	</Auditor>

75

76

diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch

77

new file mode 100644

78

index 00000000000..39678408264

79

--- /dev/null

80

+++ b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch

81

@@ -0,0 +1,21 @@

82

+diff -urN opendnssec-1.3.0rc3.old/conf/Makefile.am opendnssec-1.3.0rc3/conf/Makefile.am

83

+--- opendnssec-1.3.0rc3.old/conf/Makefile.am	2011-07-01 21:15:25.000000000 +0200

84

++++ opendnssec-1.3.0rc3/conf/Makefile.am	2011-07-01 21:17:00.000000000 +0200

85

+@@ -7,7 +7,7 @@

86

+ XML =	conf.xml kasp.xml zonelist.xml signconf.xml zonefetch.xml

87

+ XSL=	kasp2html.xsl

88

+

89

+-TRANG=	$(srcdir)/trang/trang.jar

90

++TRANG=	/usr/bin/trang

91

+

92

+ sysconfdir = @sysconfdir@/opendnssec

93

+ datadir = @datadir@/opendnssec

94

+@@ -25,7 +25,7 @@

95

+ .rnc.rng:

96

+ 	@test -x "${JAVA}" || \

97

+ 		(echo "java is required for converting RelaxNG Compact to RelaxNG"; false)

98

+-	${JAVA} -jar ${TRANG} $< $@

99

++	${TRANG} $< $@

100

+

101

+ regress: $(RNG)

102

+ 	@test -x "${XMLLINT}" || \

103

104

diff --git a/net-dns/opendnssec/files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch b/net-dns/opendnssec/files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch

105

new file mode 100644

106

index 00000000000..a0676dd091b

107

--- /dev/null

108

+++ b/net-dns/opendnssec/files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch

109

@@ -0,0 +1,12 @@

110

+diff -urN opendnssec-1.3.18.orig/plugins/eppclient/src/epp.c opendnssec-1.3.18/plugins/eppclient/src/epp.c

111

+--- opendnssec-1.3.18.orig/plugins/eppclient/src/epp.c	2014-07-21 11:16:10.000000000 +0200

112

++++ opendnssec-1.3.18/plugins/eppclient/src/epp.c	2016-03-23 22:25:18.679354984 +0100

113

+@@ -390,7 +390,7 @@

114

+     curl_easy_setopt(curl, CURLOPT_URL, url);

115

+     curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);

116

+     curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);

117

+-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L);

118

++    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);

119

+     curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);

120

+     curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curlerr);

121

+     curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);

122

123

diff --git a/net-dns/opendnssec/files/opendnssec-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch

124

new file mode 100644

125

index 00000000000..c1972bbc3d1

126

--- /dev/null

127

+++ b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch

128

@@ -0,0 +1,28 @@

129

+--- conf/conf.xml.in.orig	2013-05-12 22:36:47.530988182 +0200

130

++++ conf/conf.xml.in	2013-05-12 22:37:56.459817918 +0200

131

+@@ -38,12 +38,10 @@

132

+ 	</Common>

133

+

134

+ 	<Enforcer>

135

+-<!--

136

+ 		<Privileges>

137

+ 			<User>opendnssec</User>

138

+ 			<Group>opendnssec</Group>

139

+ 		</Privileges>

140

+--->

141

+ <!-- NOTE: Enforcer worker threads are not used; this option is ignored -->

142

+ <!--

143

+ 		<WorkerThreads>4</WorkerThreads>

144

+@@ -60,12 +58,10 @@

145

+ 	</Enforcer>

146

+

147

+ 	<Signer>

148

+-<!--

149

+ 		<Privileges>

150

+ 			<User>opendnssec</User>

151

+ 			<Group>opendnssec</Group>

152

+ 		</Privileges>

153

+--->

154

+

155

+ 		<WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory>

156

+ 		<WorkerThreads>4</WorkerThreads>

157

158

diff --git a/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch

159

new file mode 100644

160

index 00000000000..3958c6c70cc

161

--- /dev/null

162

+++ b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch

163

@@ -0,0 +1,32 @@

164

+diff -urN opendnssec-1.3.0rc2.old/Makefile.am opendnssec-1.3.0rc2/Makefile.am

165

+--- opendnssec-1.3.0rc2.old/Makefile.am	2011-06-02 13:48:56.000000000 +0200

166

++++ opendnssec-1.3.0rc2/Makefile.am	2011-06-02 13:49:19.000000000 +0200

167

+@@ -31,11 +31,11 @@

168

+

169

+ install-data-hook:

170

+ 	$(INSTALL) -d $(DESTDIR)$(localstatedir)

171

+-	$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec

172

+-	$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/tmp

173

+-	$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signconf

174

+-	$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/unsigned

175

+-	$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signed

176

++	$(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec

177

++	$(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/tmp

178

++	$(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf

179

++	$(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned

180

++	$(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed

181

+ 	$(INSTALL) -d $(DESTDIR)$(localstatedir)/run

182

+ 	$(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec

183

+

184

+diff -urN opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4 opendnssec-1.3.0rc2/m4/opendnssec_common.m4

185

+--- opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4	2011-06-02 13:48:56.000000000 +0200

186

++++ opendnssec-1.3.0rc2/m4/opendnssec_common.m4	2011-06-02 13:49:36.000000000 +0200

187

+@@ -18,7 +18,7 @@

188

+ OPENDNSSEC_LIBEXEC_DIR=$full_libexecdir/opendnssec

189

+ OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec

190

+ OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec

191

+-OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/opendnssec"

192

++OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec"

193

+ OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec"

194

+

195

+ AC_SUBST([OPENDNSSEC_BIN_DIR])

196

197

diff --git a/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch

198

new file mode 100644

199

index 00000000000..fe5b504344c

200

--- /dev/null

201

+++ b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch

202

@@ -0,0 +1,26 @@

203

+diff -ur opendnssec-1.3.12.orig/m4/opendnssec_common.m4 opendnssec-1.3.12/m4/opendnssec_common.m4

204

+--- opendnssec-1.3.12.orig/m4/opendnssec_common.m4	2013-01-31 13:46:01.122201232 +0100

205

++++ opendnssec-1.3.12/m4/opendnssec_common.m4	2013-01-31 13:54:47.648861211 +0100

206

+@@ -19,7 +19,7 @@

207

+ OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec

208

+ OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec

209

+ OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec"

210

+-OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec"

211

++OPENDNSSEC_PID_DIR="${destdir}/run/opendnssec"

212

+

213

+ AC_SUBST([OPENDNSSEC_BIN_DIR])

214

+ AC_SUBST([OPENDNSSEC_SBIN_DIR])

215

+diff -ur opendnssec-1.3.12.orig/Makefile.am opendnssec-1.3.12/Makefile.am

216

+--- opendnssec-1.3.12.orig/Makefile.am	2013-01-31 13:46:01.122201232 +0100

217

++++ opendnssec-1.3.12/Makefile.am	2013-01-31 13:47:08.569951675 +0100

218

+@@ -37,8 +37,8 @@

219

+ 	$(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf

220

+ 	$(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned

221

+ 	$(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed

222

+-	$(INSTALL) -d $(DESTDIR)$(localstatedir)/run

223

+-	$(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec

224

++

225

++

226

+

227

+ docs:

228

+ 	(cd libhsm; $(MAKE) doxygen)

229

230

diff --git a/net-dns/opendnssec/files/opendnssec.confd-1.3.x b/net-dns/opendnssec/files/opendnssec.confd-1.3.x

231

new file mode 100644

232

index 00000000000..63121af7f0c

233

--- /dev/null

234

+++ b/net-dns/opendnssec/files/opendnssec.confd-1.3.x

235

@@ -0,0 +1,13 @@

236

+# Copyright 1999-2013 Gentoo Foundation

237

+# Distributed under the terms of the GNU General Public License v2

238

+

239

+# Variables containing default binaries used in the opendnssec

240

+# initscript. You can alter them to another applications/paths

241

+# if required.

242

+

243

+CHECKCONFIG_BIN=/usr/bin/ods-kaspcheck

244

+CONTROL_BIN=/usr/sbin/ods-control

245

+ENFORCER_BIN=/usr/sbin/ods-enforcerd

246

+SIGNER_BIN=/usr/sbin/ods-signerd

247

+EPPCLIENT_BIN=/usr/sbin/eppclientd

248

+EPPCLIENT_PIDFILE=/run/opendnssec/eppclientd.pid

249

250

diff --git a/net-dns/opendnssec/files/opendnssec.initd-1.3.x b/net-dns/opendnssec/files/opendnssec.initd-1.3.x

251

new file mode 100644

252

index 00000000000..9f4adbd184a

253

--- /dev/null

254

+++ b/net-dns/opendnssec/files/opendnssec.initd-1.3.x

255

@@ -0,0 +1,123 @@

256

+#!/sbin/openrc-run

257

+# Copyright 1999-2014 Gentoo Foundation

258

+# Distributed under the terms of the GNU General Public License v2

259

+

260

+description="An open-source turn-key solution for DNSSEC"

261

+

262

+depend() {

263

+	use logger

264

+}

265

+

266

+checkconfig() {

267

+	if [ -z "${CHECKCONFIG_BIN}" ]; then

268

+		# no config checker configured, skip config check

269

+		return 0

270

+	fi

271

+	if [ -x "${CHECKCONFIG_BIN}" ]; then

272

+		output=$(${CHECKCONFIG_BIN} 2>&1| grep -v -E "^/etc/opendnssec/(conf|kasp).xml validates")

273

+		if [ -n "$output" ]; then

274

+			echo $output

275

+		fi

276

+

277

+		errors=$(echo $output | grep ERROR | wc -l)

278

+		if [ $errors -gt 0 ]; then

279

+			ewarn "$errors error(s) found in OpenDNSSEC configuration."

280

+		fi

281

+		return $errors

282

+	fi

283

+	eerror "Unable to execute ${CHECKCONFIG_BIN:-config binary}"

284

+	# can't validate config, just die

285

+	return 1

286

+}

287

+

288

+start_enforcer() {

289

+	if [ -n "${ENFORCER_BIN}" ] && [ -x "${ENFORCER_BIN}" ]; then

290

+		ebegin "Starting OpenDNSSEC Enforcer"

291

+		${CONTROL_BIN} enforcer start > /dev/null

292

+		eend $?

293

+	else

294

+		if [ -n "${ENFORCER_BIN}" ]; then

295

+			eerror "OpenDNSSEC Enforcer binary not executable"

296

+			return 1

297

+		fi

298

+		einfo "OpenDNSSEC Enforcer not used."

299

+	fi

300

+}

301

+

302

+stop_enforcer() {

303

+	if [ -x "${ENFORCER_BIN}" ]; then

304

+		ebegin "Stopping OpenDNSSEC Enforcer"

305

+		${CONTROL_BIN} enforcer stop > /dev/null

306

+		eend $?

307

+	fi

308

+}

309

+

310

+start_signer() {

311

+	if [ -n "${SIGNER_BIN}" ] && [ -x "${SIGNER_BIN}" ]; then

312

+		ebegin "Starting OpenDNSSEC Signer"

313

+		${CONTROL_BIN} signer start > /dev/null 2>&1

314

+		eend $?

315

+	else

316

+		if [ -n "${SIGNER_BIN}" ]; then

317

+			eerror "OpenDNSSEC Signer binary not executable"

318

+			return 1

319

+		fi

320

+		einfo "OpenDNSSEC Signer not used."

321

+	fi

322

+}

323

+

324

+stop_signer() {

325

+	if [ -x "${SIGNER_BIN}" ]; then

326

+		ebegin "Stopping OpenDNSSEC Signer"

327

+		${CONTROL_BIN} signer stop > /dev/null 2>&1

328

+		eend $?

329

+	fi

330

+}

331

+

332

+start_eppclient() {

333

+	if [ -n "${EPPCLIENT_BIN}" ] && [ -x "${EPPCLIENT_BIN}" ]; then

334

+		ebegin "Starting OpenDNSSEC Eppclient"

335

+		start-stop-daemon \

336

+			--start \

337

+			--user opendnssec --group opendnssec \

338

+			--exec "${EPPCLIENT_BIN}" \

339

+			--pidfile "${EPPCLIENT_PIDFILE}" > /dev/null

340

+		eend $?

341

+	else

342

+		# eppclient is ofptional so if we use the default binary and it

343

+		# is not used we won't die

344

+		if [ -n "${EPPCLIENT_BIN}" ] && \

345

+				[ "${EPPCLIENT_BIN}" != "/usr/sbin/eppclientd" ]; then

346

+			eerror "OpenDNSSEC Eppclient binary not executable"

347

+			return 1

348

+		fi

349

+		einfo "OpenDNSSEC Eppclient not used."

350

+	fi

351

+}

352

+

353

+stop_eppclient() {

354

+	if [ -x "${EPPCLIENT_BIN}" ]; then

355

+		ebegin "Stopping OpenDNSSEC Eppclient"

356

+		start-stop-daemon \

357

+			--stop \

358

+			--exec "${EPPCLIENT_BIN}" \

359

+			--pidfile "${EPPCLIENT_PIDFILE}" > /dev/null

360

+		eend $?

361

+	fi

362

+}

363

+

364

+start() {

365

+	checkconfig || return $?

366

+	test -d /run/opendnssec || mkdir -p /run/opendnssec

367

+	chown opendnssec:opendnssec /run/opendnssec

368

+	start_enforcer || return $?

369

+	start_signer || return $?

370

+	start_eppclient || return $?

371

+}

372

+

373

+stop() {

374

+	stop_eppclient

375

+	stop_signer

376

+	stop_enforcer

377

+	sleep 5

378

+}

1	commit: 81a7a6283ad967bb6610b45ea347a3ff8b43d178
2	Author: Aaron Bauman <bman <AT> gentoo <DOT> org>
3	AuthorDate: Tue Sep 29 13:50:29 2020 +0000
4	Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
5	CommitDate: Tue Sep 29 13:50:40 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81a7a628
7
8	Revert "net-dns/opendnssec: remove unused patches"
9
10	This reverts commit ac80ac59b84559e6217bb4047e65918313887d00.
11
12	* I dropped LTS releases. Let's restore them
13
14	Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>
15
16	.../files/opendnssec-1.3.14-drop-privileges.patch \| 43 +++++++
17	.../files/opendnssec-1.3.14-use-system-trang.patch \| 21 ++++
18	...nssec-1.3.18-eppclient-curl-CVE-2012-5582.patch \| 12 ++
19	.../files/opendnssec-drop-privileges.patch \| 28 +++++
20	.../files/opendnssec-fix-localstatedir.patch \| 32 ++++++
21	.../opendnssec/files/opendnssec-fix-run-dir.patch \| 26 +++++
22	net-dns/opendnssec/files/opendnssec.confd-1.3.x \| 13 +++
23	net-dns/opendnssec/files/opendnssec.initd-1.3.x \| 123 +++++++++++++++++++++
24	8 files changed, 298 insertions(+)
25
26	diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch
27	new file mode 100644
28	index 00000000000..7c9f72355d2
29	--- /dev/null
30	+++ b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch
31	@@ -0,0 +1,43 @@
32	+Index: conf/conf.xml.in
33	+===================================================================
34	+--- conf/conf.xml.in (revision 3022)
35	++++ conf/conf.xml.in (working copy)
36	+@@ -38,12 +38,10 @@
37	+ </Common>
38	+
39	+ <Enforcer>
40	+-<!--
41	+ <Privileges>
42	+ <User>opendnssec</User>
43	+ <Group>opendnssec</Group>
44	+ </Privileges>
45	+--->
46	+
47	+ <Datastore><SQLite>@OPENDNSSEC_STATE_DIR@/kasp.db</SQLite></Datastore>
48	+ <Interval>PT3600S</Interval>
49	+@@ -56,12 +54,10 @@
50	+ </Enforcer>
51	+
52	+ <Signer>
53	+-<!--
54	+ <Privileges>
55	+ <User>opendnssec</User>
56	+ <Group>opendnssec</Group>
57	+ </Privileges>
58	+--->
59	+
60	+ <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory>
61	+ <WorkerThreads>8</WorkerThreads>
62	+@@ -80,12 +76,10 @@
63	+ </Signer>
64	+
65	+ <Auditor>
66	+-<!--
67	+ <Privileges>
68	+ <User>opendnssec</User>
69	+ <Group>opendnssec</Group>
70	+ </Privileges>
71	+--->
72	+
73	+ <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory>
74	+ </Auditor>
75
76	diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch
77	new file mode 100644
78	index 00000000000..39678408264
79	--- /dev/null
80	+++ b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch
81	@@ -0,0 +1,21 @@
82	+diff -urN opendnssec-1.3.0rc3.old/conf/Makefile.am opendnssec-1.3.0rc3/conf/Makefile.am
83	+--- opendnssec-1.3.0rc3.old/conf/Makefile.am 2011-07-01 21:15:25.000000000 +0200
84	++++ opendnssec-1.3.0rc3/conf/Makefile.am 2011-07-01 21:17:00.000000000 +0200
85	+@@ -7,7 +7,7 @@
86	+ XML = conf.xml kasp.xml zonelist.xml signconf.xml zonefetch.xml
87	+ XSL= kasp2html.xsl
88	+
89	+-TRANG= $(srcdir)/trang/trang.jar
90	++TRANG= /usr/bin/trang
91	+
92	+ sysconfdir = @sysconfdir@/opendnssec
93	+ datadir = @datadir@/opendnssec
94	+@@ -25,7 +25,7 @@
95	+ .rnc.rng:
96	+ @test -x "${JAVA}" \|\| \
97	+ (echo "java is required for converting RelaxNG Compact to RelaxNG"; false)
98	+- ${JAVA} -jar ${TRANG} $< $@
99	++ ${TRANG} $< $@
100	+
101	+ regress: $(RNG)
102	+ @test -x "${XMLLINT}" \|\| \
103
104	diff --git a/net-dns/opendnssec/files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch b/net-dns/opendnssec/files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch
105	new file mode 100644
106	index 00000000000..a0676dd091b
107	--- /dev/null
108	+++ b/net-dns/opendnssec/files/opendnssec-1.3.18-eppclient-curl-CVE-2012-5582.patch
109	@@ -0,0 +1,12 @@
110	+diff -urN opendnssec-1.3.18.orig/plugins/eppclient/src/epp.c opendnssec-1.3.18/plugins/eppclient/src/epp.c
111	+--- opendnssec-1.3.18.orig/plugins/eppclient/src/epp.c 2014-07-21 11:16:10.000000000 +0200
112	++++ opendnssec-1.3.18/plugins/eppclient/src/epp.c 2016-03-23 22:25:18.679354984 +0100
113	+@@ -390,7 +390,7 @@
114	+ curl_easy_setopt(curl, CURLOPT_URL, url);
115	+ curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);
116	+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
117	+- curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L);
118	++ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
119	+ curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
120	+ curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curlerr);
121	+ curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
122
123	diff --git a/net-dns/opendnssec/files/opendnssec-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch
124	new file mode 100644
125	index 00000000000..c1972bbc3d1
126	--- /dev/null
127	+++ b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch
128	@@ -0,0 +1,28 @@
129	+--- conf/conf.xml.in.orig 2013-05-12 22:36:47.530988182 +0200
130	++++ conf/conf.xml.in 2013-05-12 22:37:56.459817918 +0200
131	+@@ -38,12 +38,10 @@
132	+ </Common>
133	+
134	+ <Enforcer>
135	+-<!--
136	+ <Privileges>
137	+ <User>opendnssec</User>
138	+ <Group>opendnssec</Group>
139	+ </Privileges>
140	+--->
141	+ <!-- NOTE: Enforcer worker threads are not used; this option is ignored -->
142	+ <!--
143	+ <WorkerThreads>4</WorkerThreads>
144	+@@ -60,12 +58,10 @@
145	+ </Enforcer>
146	+
147	+ <Signer>
148	+-<!--
149	+ <Privileges>
150	+ <User>opendnssec</User>
151	+ <Group>opendnssec</Group>
152	+ </Privileges>
153	+--->
154	+
155	+ <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory>
156	+ <WorkerThreads>4</WorkerThreads>
157
158	diff --git a/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch
159	new file mode 100644
160	index 00000000000..3958c6c70cc
161	--- /dev/null
162	+++ b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch
163	@@ -0,0 +1,32 @@
164	+diff -urN opendnssec-1.3.0rc2.old/Makefile.am opendnssec-1.3.0rc2/Makefile.am
165	+--- opendnssec-1.3.0rc2.old/Makefile.am 2011-06-02 13:48:56.000000000 +0200
166	++++ opendnssec-1.3.0rc2/Makefile.am 2011-06-02 13:49:19.000000000 +0200
167	+@@ -31,11 +31,11 @@
168	+
169	+ install-data-hook:
170	+ $(INSTALL) -d $(DESTDIR)$(localstatedir)
171	+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec
172	+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/tmp
173	+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signconf
174	+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/unsigned
175	+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signed
176	++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec
177	++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/tmp
178	++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf
179	++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned
180	++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed
181	+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/run
182	+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec
183	+
184	+diff -urN opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4 opendnssec-1.3.0rc2/m4/opendnssec_common.m4
185	+--- opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4 2011-06-02 13:48:56.000000000 +0200
186	++++ opendnssec-1.3.0rc2/m4/opendnssec_common.m4 2011-06-02 13:49:36.000000000 +0200
187	+@@ -18,7 +18,7 @@
188	+ OPENDNSSEC_LIBEXEC_DIR=$full_libexecdir/opendnssec
189	+ OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec
190	+ OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec
191	+-OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/opendnssec"
192	++OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec"
193	+ OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec"
194	+
195	+ AC_SUBST([OPENDNSSEC_BIN_DIR])
196
197	diff --git a/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch
198	new file mode 100644
199	index 00000000000..fe5b504344c
200	--- /dev/null
201	+++ b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch
202	@@ -0,0 +1,26 @@
203	+diff -ur opendnssec-1.3.12.orig/m4/opendnssec_common.m4 opendnssec-1.3.12/m4/opendnssec_common.m4
204	+--- opendnssec-1.3.12.orig/m4/opendnssec_common.m4 2013-01-31 13:46:01.122201232 +0100
205	++++ opendnssec-1.3.12/m4/opendnssec_common.m4 2013-01-31 13:54:47.648861211 +0100
206	+@@ -19,7 +19,7 @@
207	+ OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec
208	+ OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec
209	+ OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec"
210	+-OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec"
211	++OPENDNSSEC_PID_DIR="${destdir}/run/opendnssec"
212	+
213	+ AC_SUBST([OPENDNSSEC_BIN_DIR])
214	+ AC_SUBST([OPENDNSSEC_SBIN_DIR])
215	+diff -ur opendnssec-1.3.12.orig/Makefile.am opendnssec-1.3.12/Makefile.am
216	+--- opendnssec-1.3.12.orig/Makefile.am 2013-01-31 13:46:01.122201232 +0100
217	++++ opendnssec-1.3.12/Makefile.am 2013-01-31 13:47:08.569951675 +0100
218	+@@ -37,8 +37,8 @@
219	+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf
220	+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned
221	+ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed
222	+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/run
223	+- $(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec
224	++
225	++
226	+
227	+ docs:
228	+ (cd libhsm; $(MAKE) doxygen)
229
230	diff --git a/net-dns/opendnssec/files/opendnssec.confd-1.3.x b/net-dns/opendnssec/files/opendnssec.confd-1.3.x
231	new file mode 100644
232	index 00000000000..63121af7f0c
233	--- /dev/null
234	+++ b/net-dns/opendnssec/files/opendnssec.confd-1.3.x
235	@@ -0,0 +1,13 @@
236	+# Copyright 1999-2013 Gentoo Foundation
237	+# Distributed under the terms of the GNU General Public License v2
238	+
239	+# Variables containing default binaries used in the opendnssec
240	+# initscript. You can alter them to another applications/paths
241	+# if required.
242	+
243	+CHECKCONFIG_BIN=/usr/bin/ods-kaspcheck
244	+CONTROL_BIN=/usr/sbin/ods-control
245	+ENFORCER_BIN=/usr/sbin/ods-enforcerd
246	+SIGNER_BIN=/usr/sbin/ods-signerd
247	+EPPCLIENT_BIN=/usr/sbin/eppclientd
248	+EPPCLIENT_PIDFILE=/run/opendnssec/eppclientd.pid
249
250	diff --git a/net-dns/opendnssec/files/opendnssec.initd-1.3.x b/net-dns/opendnssec/files/opendnssec.initd-1.3.x
251	new file mode 100644
252	index 00000000000..9f4adbd184a
253	--- /dev/null
254	+++ b/net-dns/opendnssec/files/opendnssec.initd-1.3.x
255	@@ -0,0 +1,123 @@
256	+#!/sbin/openrc-run
257	+# Copyright 1999-2014 Gentoo Foundation
258	+# Distributed under the terms of the GNU General Public License v2
259	+
260	+description="An open-source turn-key solution for DNSSEC"
261	+
262	+depend() {
263	+ use logger
264	+}
265	+
266	+checkconfig() {
267	+ if [ -z "${CHECKCONFIG_BIN}" ]; then
268	+ # no config checker configured, skip config check
269	+ return 0
270	+ fi
271	+ if [ -x "${CHECKCONFIG_BIN}" ]; then
272	+ output=$(${CHECKCONFIG_BIN} 2>&1\| grep -v -E "^/etc/opendnssec/(conf\|kasp).xml validates")
273	+ if [ -n "$output" ]; then
274	+ echo $output
275	+ fi
276	+
277	+ errors=$(echo $output \| grep ERROR \| wc -l)
278	+ if [ $errors -gt 0 ]; then
279	+ ewarn "$errors error(s) found in OpenDNSSEC configuration."
280	+ fi
281	+ return $errors
282	+ fi
283	+ eerror "Unable to execute ${CHECKCONFIG_BIN:-config binary}"
284	+ # can't validate config, just die
285	+ return 1
286	+}
287	+
288	+start_enforcer() {
289	+ if [ -n "${ENFORCER_BIN}" ] && [ -x "${ENFORCER_BIN}" ]; then
290	+ ebegin "Starting OpenDNSSEC Enforcer"
291	+ ${CONTROL_BIN} enforcer start > /dev/null
292	+ eend $?
293	+ else
294	+ if [ -n "${ENFORCER_BIN}" ]; then
295	+ eerror "OpenDNSSEC Enforcer binary not executable"
296	+ return 1
297	+ fi
298	+ einfo "OpenDNSSEC Enforcer not used."
299	+ fi
300	+}
301	+
302	+stop_enforcer() {
303	+ if [ -x "${ENFORCER_BIN}" ]; then
304	+ ebegin "Stopping OpenDNSSEC Enforcer"
305	+ ${CONTROL_BIN} enforcer stop > /dev/null
306	+ eend $?
307	+ fi
308	+}
309	+
310	+start_signer() {
311	+ if [ -n "${SIGNER_BIN}" ] && [ -x "${SIGNER_BIN}" ]; then
312	+ ebegin "Starting OpenDNSSEC Signer"
313	+ ${CONTROL_BIN} signer start > /dev/null 2>&1
314	+ eend $?
315	+ else
316	+ if [ -n "${SIGNER_BIN}" ]; then
317	+ eerror "OpenDNSSEC Signer binary not executable"
318	+ return 1
319	+ fi
320	+ einfo "OpenDNSSEC Signer not used."
321	+ fi
322	+}
323	+
324	+stop_signer() {
325	+ if [ -x "${SIGNER_BIN}" ]; then
326	+ ebegin "Stopping OpenDNSSEC Signer"
327	+ ${CONTROL_BIN} signer stop > /dev/null 2>&1
328	+ eend $?
329	+ fi
330	+}
331	+
332	+start_eppclient() {
333	+ if [ -n "${EPPCLIENT_BIN}" ] && [ -x "${EPPCLIENT_BIN}" ]; then
334	+ ebegin "Starting OpenDNSSEC Eppclient"
335	+ start-stop-daemon \
336	+ --start \
337	+ --user opendnssec --group opendnssec \
338	+ --exec "${EPPCLIENT_BIN}" \
339	+ --pidfile "${EPPCLIENT_PIDFILE}" > /dev/null
340	+ eend $?
341	+ else
342	+ # eppclient is ofptional so if we use the default binary and it
343	+ # is not used we won't die
344	+ if [ -n "${EPPCLIENT_BIN}" ] && \
345	+ [ "${EPPCLIENT_BIN}" != "/usr/sbin/eppclientd" ]; then
346	+ eerror "OpenDNSSEC Eppclient binary not executable"
347	+ return 1
348	+ fi
349	+ einfo "OpenDNSSEC Eppclient not used."
350	+ fi
351	+}
352	+
353	+stop_eppclient() {
354	+ if [ -x "${EPPCLIENT_BIN}" ]; then
355	+ ebegin "Stopping OpenDNSSEC Eppclient"
356	+ start-stop-daemon \
357	+ --stop \
358	+ --exec "${EPPCLIENT_BIN}" \
359	+ --pidfile "${EPPCLIENT_PIDFILE}" > /dev/null
360	+ eend $?
361	+ fi
362	+}
363	+
364	+start() {
365	+ checkconfig \|\| return $?
366	+ test -d /run/opendnssec \|\| mkdir -p /run/opendnssec
367	+ chown opendnssec:opendnssec /run/opendnssec
368	+ start_enforcer \|\| return $?
369	+ start_signer \|\| return $?
370	+ start_eppclient \|\| return $?
371	+}
372	+
373	+stop() {
374	+ stop_eppclient
375	+ stop_signer
376	+ stop_enforcer
377	+ sleep 5
378	+}

Gentoo Archives: gentoo-commits