[gentoo-commits] repo/gentoo:master commit in: net-dns/bind-tools/files/, net-dns/bind-tools/

[gentoo-commits] repo/gentoo:master commit in: net-dns/bind-tools/files/, net-dns/bind-tools/

[Christian Ruppert]

commit:     7b86453f35d4dcda7dacf9d3d3768bef4c5ad995
Author:     Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 27 19:38:54 2015 +0000
Commit:     Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Sun Dec 27 19:38:54 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b86453f

net-dns/bind-tools: Version bump. Fixes bug 563648 and bug 568982

Package-Manager: portage-2.2.26

 net-dns/bind-tools/Manifest                        |   2 +-
 ...s-9.10.3.ebuild => bind-tools-9.10.3_p2.ebuild} |   3 +-
 .../files/bind-tools-9.10.3_p2-libressl.patch      | 110 +++++++++++++++++++++
 3 files changed, 113 insertions(+), 2 deletions(-)

diff --git a/net-dns/bind-tools/Manifest b/net-dns/bind-tools/Manifest
index eba9343..f7eba42 100644
--- a/net-dns/bind-tools/Manifest
+++ b/net-dns/bind-tools/Manifest
@@ -1,4 +1,4 @@
 DIST bind-9.10.1-P1.tar.gz 8356463 SHA256 974343108d32f253a130383d0ba51290fb7bf372092f1451f264a9e3ac09898d SHA512 5fedff46d9cb0ff2544624c6d998f4f4bcd82152730e8e936c2611847fe443018b5c5c1dfb1dc49888dde5e3e30c3814f08369525612f0770575d54a3133ed48 WHIRLPOOL 6f39ff0e15676ed68f6d48d2ec5894b00de5192edbbbff94444f62dcf83e62a1e72019d575da97b6e6cde91b8918da78721c48510dbaad88095d4f2b3af375eb
 DIST bind-9.10.2-P2.tar.gz 8469608 SHA256 b1e6f0af88634aaf48fb9d06bbf82968264f49b8e2685f061dd3fd4c1ab76c5f SHA512 f59a4e7ef268cd95be9c31b8f908a77b261c76bfad0572608f503175e4e06e69c22ee88f4b6ae9578cd096aa069d9401f76084c7e07b3e98e9dbbb40d535695c WHIRLPOOL 10b035f790a43552b22eed13a98b8dcfdc0cc0614342ae221ce23ba655fb40a46e336cca8575460bf26a792303c6eba61e184ca5deb219372fdd09609b4c9798
 DIST bind-9.10.2-P4.tar.gz 8471531 SHA256 c00b21ec1def212957f28efe9d10aac52d6ec515e84fbf2c42143f5d71429cb8 SHA512 71dd211167c46ada768389f818b114c9e101132544510df0fde7b83ccbe6ef4d7313a3a254f11efe1ccea43a35f74785de4757c9f6044320174f5a69d39cdd5c WHIRLPOOL 0e179fb597c906c05d820969b8a005511aac177c968ffb10d34c1eda132c6caf9aa6fe8348a16e6ce55317784e44645a5295ccdb2aa740ac5960d6bd85dca7db
-DIST bind-9.10.3.tar.gz 8552545 SHA256 9ac33bd8754ab4b6ee449b1b2aa88e09f51cda088486f4ab1585acd920b98ff0 SHA512 4dd6b298496cb451d8ccc0c1360f7bcfcd4f3180097c7fe4af33bffb8f8d38808e56bcc008d009deb5c8f1e612a2c6c00154b822df94a709195a3abf63e98f99 WHIRLPOOL 0562f3fb4fd0ca9b487f84a67321c1ccf4d05ca13272de740db9ccbda7bb50bea9d23f4d6732bf9b9dabbfaeef03e87b47a7eb7f36bf84c92aee2e87a76ea859
+DIST bind-9.10.3-P2.tar.gz 8523719 SHA256 4a6c1911ac0d4b6be635b63de3429b6c168ea244043f12bbc8a4eb3368fd6ecd SHA512 21905cdff464f9ff275b87744433970d4a80faa6d9245c66c092421a45e89e438bd78f3bfe0d795964312f072c936e44eb6867b72decbba86821619180ced210 WHIRLPOOL 7bc4038a746e5b5c4166fb0d7a57985be9defef4c4c494492312671b81853f506c3216fcd94df993f6f1088d4c36c838d40d85fedbe8eee1b4265c5e2caecaa6

diff --git a/net-dns/bind-tools/bind-tools-9.10.3.ebuild b/net-dns/bind-tools/bind-tools-9.10.3_p2.ebuild
similarity index 97%
rename from net-dns/bind-tools/bind-tools-9.10.3.ebuild
rename to net-dns/bind-tools/bind-tools-9.10.3_p2.ebuild
index fb90401..59d4b9b 100644
--- a/net-dns/bind-tools/bind-tools-9.10.3.ebuild
+++ b/net-dns/bind-tools/bind-tools-9.10.3_p2.ebuild
@@ -21,7 +21,7 @@ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~s
 IUSE="doc gost gssapi idn ipv6 libressl readline seccomp ssl urandom xml"
 # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
 
-REQUIRED_USE="gost? ( ssl )"
+REQUIRED_USE="gost? ( !libressl ssl )"
 
 DEPEND="
 	ssl? (
@@ -45,6 +45,7 @@ RESTRICT="test"
 src_prepare() {
 	epatch "${FILESDIR}"/${PN}-9.5.0_p1-lwconfig.patch #231247
 	epatch "${FILESDIR}"/${PN}-9.10.2-openssl.patch #417129
+	epatch "${FILESDIR}"/${P}-libressl.patch #563648
 
 	# Disable tests for now, bug 406399
 	sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die

diff --git a/net-dns/bind-tools/files/bind-tools-9.10.3_p2-libressl.patch b/net-dns/bind-tools/files/bind-tools-9.10.3_p2-libressl.patch
new file mode 100644
index 0000000..a38a70d
--- /dev/null
+++ b/net-dns/bind-tools/files/bind-tools-9.10.3_p2-libressl.patch
@@ -0,0 +1,110 @@
+Fix LibreSSL compatibility, patches from OpenBSD
+
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/isc-bind/patches/
+
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_dst_openssl_h?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssl_link_c?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldh_link_c?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldsa_link_c?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_opensslrsa_link_c?rev=1.1&content-type=text/plain
+
+--- lib/dns/dst_openssl.h.orig	Wed Sep 16 14:00:47 2015
++++ lib/dns/dst_openssl.h	Wed Sep 16 14:02:42 2015
+@@ -36,7 +36,7 @@
+ #define USE_ENGINE 1
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /*
+  * These are new in OpenSSL 1.1.0.  BN_GENCB _cb needs to be declared in
+  * the function like this before the BN_GENCB_new call:
+--- lib/dns/openssl_link.c.orig	Wed Sep 16 14:01:23 2015
++++ lib/dns/openssl_link.c	Wed Sep 16 14:01:46 2015
+@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) {
+ 	return (result == ISC_R_SUCCESS ? 1 : -1);
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ static void
+ entropy_add(const void *buf, int num, double entropy) {
+ 	/*
+@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in
+ 		UNLOCK(&locks[type]);
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ static unsigned long
+ id_callback(void) {
+ 	return ((unsigned long)isc_thread_self());
+@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) {
+ 	if (result != ISC_R_SUCCESS)
+ 		goto cleanup_mutexalloc;
+ 	CRYPTO_set_locking_callback(lock_callback);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	CRYPTO_set_id_callback(id_callback);
+ #endif
+ 
+@@ -287,7 +287,7 @@ dst__openssl_destroy(void) {
+ 	CRYPTO_cleanup_all_ex_data();
+ #endif
+ 	ERR_clear_error();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	ERR_remove_state(0);
+ #endif
+ 	ERR_free_strings();
+--- lib/dns/openssldh_link.c.orig	Wed Sep 16 14:01:23 2015
++++ lib/dns/openssldh_link.c	Wed Sep 16 14:02:06 2015
+@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void
+ 	DH *dh = NULL;
+ #if OPENSSL_VERSION_NUMBER > 0x00908000L
+ 	BN_GENCB *cb;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	BN_GENCB _cb;
+ #endif
+ 	union {
+@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void
+ 		if (dh == NULL)
+ 			return (dst__openssl_toresult(ISC_R_NOMEMORY));
+ 		cb = BN_GENCB_new();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 		if (cb == NULL) {
+ 			DH_free(dh);
+ 			return (dst__openssl_toresult(ISC_R_NOMEMORY));
+--- lib/dns/openssldsa_link.c.orig	Wed Sep 16 14:01:23 2015
++++ lib/dns/openssldsa_link.c	Wed Sep 16 14:02:22 2015
+@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
+ 	isc_result_t result;
+ #if OPENSSL_VERSION_NUMBER > 0x00908000L
+ 	BN_GENCB *cb;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	BN_GENCB _cb;
+ #endif
+ 	union {
+@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
+ 	if (dsa == NULL)
+ 		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ 	cb = BN_GENCB_new();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 	if (cb == NULL) {
+ 		DSA_free(dsa);
+ 		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+--- lib/dns/opensslrsa_link.c.orig	Wed Sep 16 14:01:23 2015
++++ lib/dns/opensslrsa_link.c	Wed Sep 16 14:02:31 2015
+@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca
+ 	} u;
+ 	RSA *rsa = RSA_new();
+ 	BIGNUM *e = BN_new();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	BN_GENCB _cb;
+ #endif
+ 	BN_GENCB *cb = BN_GENCB_new();

[gentoo-commits] repo/gentoo:master commit in: net-dns/bind-tools/files/, net-dns/bind-tools/

[Christian Ruppert]

commit:     4a1ce23b27f5aec393ea6a1fa6e7bcc80222a0c8
Author:     Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 12 15:58:06 2017 +0000
Commit:     Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Thu Jan 12 15:59:05 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a1ce23b

net-dns/bind-tools: Remove old versions

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-dns/bind-tools/Manifest                        |   2 -
 net-dns/bind-tools/bind-tools-9.10.3_p4.ebuild     | 134 -------------------
 net-dns/bind-tools/bind-tools-9.10.4_p3.ebuild     | 132 -------------------
 .../files/bind-tools-9.10.2-openssl.patch          | 145 ---------------------
 .../files/bind-tools-9.10.3_p2-libressl.patch      | 110 ----------------
 5 files changed, 523 deletions(-)

diff --git a/net-dns/bind-tools/Manifest b/net-dns/bind-tools/Manifest
index bf015ed..faff0c0 100644
--- a/net-dns/bind-tools/Manifest
+++ b/net-dns/bind-tools/Manifest
@@ -1,4 +1,2 @@
-DIST bind-9.10.3-P4.tar.gz 8529535 SHA256 2ac044b5fbdf45fb45107af0df961b3b7cb5262a3bf1948ed3fe7a170dd13e3e SHA512 9c7b710054cd1230e7e470541a13850def56b2247c404a1800e0d0dad6aba20b3c3c09b1a17cd6017435525e84fa2f7cde40ae13feeeb7747efb26c66961aadd WHIRLPOOL 9e0384ac8c8b97720c29ed0014613acdde4d7f5a24353dc3f1712d73c37ac8ff00660f80c45c66fab8045afbbf41c7e26b9692b93040fa1db59a2724031ad129
-DIST bind-9.10.4-P3.tar.gz 9299078 SHA256 a075e5ce89fddccb0e64d1777d59161387dd5151cf4e7d1a93875a487812baef SHA512 6ffe0b488a5e5c4547723b1570b5b71287fbcb93b54a89d79c43ddd661bbf5c575edc8b4dae275a34916d3951907c2c6a4e58aee1ee9c87a4c3075de4671c124 WHIRLPOOL 3ec3ff7be4bd9fc8be5c57319b8e510ae8298007256ac149f6eb92901e9fb074eccd7616284c7aa846741fa807971f156f92c254213d0dfbf4f723faf584fd79
 DIST bind-9.10.4-P4.tar.gz 9299638 SHA256 a41ce7518e1d0faa40312cc89f4ca42246906b2718099d992e87a5d3ce9a9d86 SHA512 a662053f2052eb2d7ea61b4ecbd4e92980c808080598f7c4590c746e8e5d6545a9f965a8aeece57ce92b17545844cf8565719f697eaef6e2ade8106d810d2799 WHIRLPOOL 31b8e7b7a7c35d9894d91d2caf7428935f28c319c0af5176aaa8bfabac38882c658fa45f5548387295502013b2cba2de624279531d9b79f4c120b4da62c46b1b
 DIST bind-9.11.0-P1.tar.gz 9673074 SHA256 094cd3134ba1b44f0910de1334f05a7dca68d583da038de40a8ad7a0cb1592c6 SHA512 1071b7cf2fb66b9e072df9ba8058fc2e4941eb63a8ca3142da4cd256fbdbddcf54b1717e9cd4c933292d6afa5fd37968840cc0cc441b345f4143eecbcebc455f WHIRLPOOL acf25890ae5872c750c48eaf307b7ae1c17da307e0fe3a56769fe002c3d40b7e1b4e739f0191199e7d7b66e5e4c50d30c2bd9f80d602584da9eda1f7e326c31b

diff --git a/net-dns/bind-tools/bind-tools-9.10.3_p4.ebuild b/net-dns/bind-tools/bind-tools-9.10.3_p4.ebuild
deleted file mode 100644
index 05890b0..00000000
--- a/net-dns/bind-tools/bind-tools-9.10.3_p4.ebuild
+++ /dev/null
@@ -1,134 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils autotools flag-o-matic toolchain-funcs
-
-MY_PN=${PN//-tools}
-MY_PV=${PV/_p/-P}
-MY_PV=${MY_PV/_rc/rc}
-MY_P="${MY_PN}-${MY_PV}"
-
-DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
-HOMEPAGE="http://www.isc.org/software/bind"
-SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz"
-
-LICENSE="ISC BSD BSD-2 HPND JNIC RSA openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="doc gost gssapi idn ipv6 libressl readline seccomp ssl urandom xml"
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="gost? ( !libressl ssl )"
-
-CDEPEND="
-	ssl? (
-		!libressl? ( dev-libs/openssl:0 )
-		libressl? ( dev-libs/libressl )
-	)
-	gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
-	xml? ( dev-libs/libxml2 )
-	idn? ( net-dns/idnkit )
-	gssapi? ( virtual/krb5 )
-	readline? ( sys-libs/readline:0= )
-	seccomp? ( sys-libs/libseccomp )"
-DEPEND="${CDEPEND}
-	virtual/pkgconfig"
-RDEPEND="${CDEPEND}
-	!<net-dns/bind-9.10.2"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-RESTRICT="test"
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-9.5.0_p1-lwconfig.patch #231247
-	epatch "${FILESDIR}"/${PN}-9.10.2-openssl.patch #417129
-	epatch "${FILESDIR}"/${PN}-9.10.3_p2-libressl.patch #563648
-
-	# Disable tests for now, bug 406399
-	sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
-	# bug #220361
-	rm aclocal.m4
-	rm -rf libtool.m4/
-
-	mv configure.in configure.ac || die # configure.in is deprecated
-	eautoreconf
-}
-
-src_configure() {
-	local myconf=
-
-	if use urandom; then
-		myconf="${myconf} --with-randomdev=/dev/urandom"
-	else
-		myconf="${myconf} --with-randomdev=/dev/random"
-	fi
-
-	# bug 344029
-	append-cflags "-DDIG_SIGCHASE"
-
-	# localstatedir for nsupdate -l, bug 395785
-	tc-export BUILD_CC
-	econf \
-		--localstatedir=/var \
-		--without-python \
-		--without-libjson \
-		--disable-openssl-version-check \
-		$(use_enable ipv6) \
-		$(use_with idn) \
-		$(usex idn --with-idnlib=-lidnkit '') \
-		$(use_enable seccomp) \
-		$(use_with ssl openssl) \
-		$(use_with xml libxml2) \
-		$(use_with gssapi) \
-		$(use_with readline) \
-		$(use_with gost) \
-		${myconf}
-
-	# bug #151839
-	echo '#undef SO_BSDCOMPAT' >> config.h
-}
-
-src_compile() {
-	local AR=$(tc-getAR)
-
-	emake AR="${AR}" -C lib/
-	emake AR="${AR}" -C bin/delv/
-	emake AR="${AR}" -C bin/dig/
-	emake AR="${AR}" -C bin/nsupdate/
-	emake AR="${AR}" -C bin/dnssec/
-}
-
-src_install() {
-	dodoc README CHANGES FAQ
-
-	cd "${S}"/bin/delv
-	dobin delv
-	doman delv.1
-
-	cd "${S}"/bin/dig
-	dobin dig host nslookup
-	doman {dig,host,nslookup}.1
-
-	cd "${S}"/bin/nsupdate
-	dobin nsupdate
-	doman nsupdate.1
-	if use doc; then
-		dohtml nsupdate.html
-	fi
-
-	cd "${S}"/bin/dnssec
-	for tool in dsfromkey importkey keyfromlabel keygen \
-	  revoke settime signzone verify; do
-		dobin dnssec-"${tool}"
-		doman dnssec-"${tool}".8
-		if use doc; then
-			dohtml dnssec-"${tool}".html
-		fi
-	done
-}

diff --git a/net-dns/bind-tools/bind-tools-9.10.4_p3.ebuild b/net-dns/bind-tools/bind-tools-9.10.4_p3.ebuild
deleted file mode 100644
index fdcb764..00000000
--- a/net-dns/bind-tools/bind-tools-9.10.4_p3.ebuild
+++ /dev/null
@@ -1,132 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils autotools flag-o-matic toolchain-funcs
-
-MY_PN=${PN//-tools}
-MY_PV=${PV/_p/-P}
-MY_PV=${MY_PV/_rc/rc}
-MY_P="${MY_PN}-${MY_PV}"
-
-DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
-HOMEPAGE="http://www.isc.org/software/bind"
-SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz"
-
-LICENSE="ISC BSD BSD-2 HPND JNIC RSA openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~m68k ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="doc gost gssapi idn ipv6 libressl readline seccomp ssl urandom xml"
-# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
-
-REQUIRED_USE="gost? ( !libressl ssl )"
-
-CDEPEND="
-	ssl? (
-		!libressl? ( dev-libs/openssl:0 )
-		libressl? ( dev-libs/libressl )
-	)
-	gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
-	xml? ( dev-libs/libxml2 )
-	idn? ( net-dns/idnkit )
-	gssapi? ( virtual/krb5 )
-	readline? ( sys-libs/readline:0= )
-	seccomp? ( sys-libs/libseccomp )"
-DEPEND="${CDEPEND}
-	virtual/pkgconfig"
-RDEPEND="${CDEPEND}
-	!<net-dns/bind-9.10.2"
-
-S="${WORKDIR}/${MY_P}"
-
-# bug 479092, requires networking
-RESTRICT="test"
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-9.5.0_p1-lwconfig.patch #231247
-
-	# Disable tests for now, bug 406399
-	sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
-
-	# bug #220361
-	rm aclocal.m4
-	rm -rf libtool.m4/
-
-	mv configure.in configure.ac || die # configure.in is deprecated
-	eautoreconf
-}
-
-src_configure() {
-	local myconf=
-
-	if use urandom; then
-		myconf="${myconf} --with-randomdev=/dev/urandom"
-	else
-		myconf="${myconf} --with-randomdev=/dev/random"
-	fi
-
-	# bug 344029
-	append-cflags "-DDIG_SIGCHASE"
-
-	# localstatedir for nsupdate -l, bug 395785
-	tc-export BUILD_CC
-	econf \
-		--localstatedir=/var \
-		--without-python \
-		--without-libjson \
-		--disable-openssl-version-check \
-		$(use_enable ipv6) \
-		$(use_with idn) \
-		$(usex idn --with-idnlib=-lidnkit '') \
-		$(use_enable seccomp) \
-		$(use_with ssl openssl) \
-		$(use_with xml libxml2) \
-		$(use_with gssapi) \
-		$(use_with readline) \
-		$(use_with gost) \
-		${myconf}
-
-	# bug #151839
-	echo '#undef SO_BSDCOMPAT' >> config.h
-}
-
-src_compile() {
-	local AR=$(tc-getAR)
-
-	emake AR="${AR}" -C lib/
-	emake AR="${AR}" -C bin/delv/
-	emake AR="${AR}" -C bin/dig/
-	emake AR="${AR}" -C bin/nsupdate/
-	emake AR="${AR}" -C bin/dnssec/
-}
-
-src_install() {
-	dodoc README CHANGES FAQ
-
-	cd "${S}"/bin/delv
-	dobin delv
-	doman delv.1
-
-	cd "${S}"/bin/dig
-	dobin dig host nslookup
-	doman {dig,host,nslookup}.1
-
-	cd "${S}"/bin/nsupdate
-	dobin nsupdate
-	doman nsupdate.1
-	if use doc; then
-		dohtml nsupdate.html
-	fi
-
-	cd "${S}"/bin/dnssec
-	for tool in dsfromkey importkey keyfromlabel keygen \
-	  revoke settime signzone verify; do
-		dobin dnssec-"${tool}"
-		doman dnssec-"${tool}".8
-		if use doc; then
-			dohtml dnssec-"${tool}".html
-		fi
-	done
-}

diff --git a/net-dns/bind-tools/files/bind-tools-9.10.2-openssl.patch b/net-dns/bind-tools/files/bind-tools-9.10.2-openssl.patch
deleted file mode 100644
index deeb109..00000000
--- a/net-dns/bind-tools/files/bind-tools-9.10.2-openssl.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-https://bugs.gentoo.org/417129
-
-fix openssl build logic:
-* do not probe direct filesystem paths (including hardcoding things like /usr)
-* use pkg-config to locate proper openssl libraries
-* turn dsa check into a header one
-* turn ecdsa check into a link one
-* have gost/aes actually default to --with-xxx value when cross-compiling
-
-Patch by Mike Frysinger <vapier@chromium.org>
-
---- a/configure.in
-+++ b/configure.in
-@@ -1442,16 +1442,21 @@ case "$use_openssl" in
- 		OPENSSLLINKOBJS=""
- 		OPENSSLLINKSRCS=""
- 		;;
--	auto)
--		DST_OPENSSL_INC=""
--		CRYPTO=""
-+	yes|auto)
-+		CRYPTO=""
-+		PKG_CHECK_MODULES([OPENSSL], [libcrypto], [CRYPTO='-DOPENSSL'], [
-+			if test "$use_openssl" = "yes"; then
-+				AC_MSG_ERROR(openssl not found)
-+			fi
-+			use_openssl="no"
-+		])
-+
-+		DST_OPENSSL_INC=$OPENSSL_CFLAGS
-+		DST_OPENSSL_LIBS=$OPENSSL_LIBS
- 		OPENSSLGOSTLINKOBJS=""
- 		OPENSSLGOSTLINKSRS=""
- 		OPENSSLLINKOBJS=""
- 		OPENSSLLINKSRCS=""
--		AC_MSG_ERROR(
--[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
--If you don't want OpenSSL, use --without-openssl])
- 		;;
- 	*)
- 		if test "$want_native_pkcs11" = "yes"
-@@ -1588,27 +1593,39 @@ no)
- ;;
- esac
- 
-+		CC="$saved_cc"
-+		CFLAGS="$saved_cflags"
-+		LIBS="$saved_libs"
-+		OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
-+		OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
-+		;;
-+esac
-+
-+if test "$use_openssl" = "yes"; then
-+	saved_cc="$CC"
-+	saved_cflags="$CFLAGS"
-+	saved_libs="$LIBS"
-+	CFLAGS="$CFLAGS $DST_OPENSSL_INC"
-+	LIBS="$LIBS $DST_OPENSSL_LIBS"
-+
--	AC_MSG_CHECKING(for OpenSSL DSA support)
--	if test -f $use_openssl/include/openssl/dsa.h
--	then
-+	AC_CHECK_HEADERS([openssl/dsa.h])
-+	if test "$ac_cv_header_openssl_dsa_h" = yes; then
- 		AC_DEFINE(HAVE_OPENSSL_DSA)
--		AC_MSG_RESULT(yes)
--	else
--		AC_MSG_RESULT(no)
- 	fi
- 
- 	AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
- 
- 	AC_MSG_CHECKING(for OpenSSL ECDSA support)
- 	have_ecdsa=""
--	AC_TRY_RUN([
-+	AC_TRY_LINK([
- #include <openssl/ecdsa.h>
- #include <openssl/objects.h>
-+],[
- int main() {
- 	EC_KEY *ec256, *ec384;
- 
- #if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384)
--	return (1);
-+#error choke
- #endif
- 	ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- 	ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
-@@ -1637,24 +1654,7 @@ int main() {
- 	[AC_MSG_RESULT(yes)
- 	have_ecdsa="yes"],
- 	[AC_MSG_RESULT(no)
--	have_ecdsa="no"],
-+	have_ecdsa="no"])
--	[AC_MSG_RESULT(using --with-ecdsa)])
--	case "$with_ecdsa" in
--	yes)
--	    case "$have_ecdsa" in
--	    no)  AC_MSG_ERROR([ecdsa not supported]) ;;
--	    *)  have_ecdsa=yes ;;
--	    esac
--	    ;;
--	no)
--	    have_ecdsa=no ;;
--	*)
--	    case "$have_ecdsa" in
--	    yes|no) ;;
--	    *) AC_MSG_ERROR([need --with-ecdsa=[[yes or no]]]) ;;
--	    esac
--	    ;;
--	esac
- 	case $have_ecdsa in
- 	yes)
- 		OPENSSL_ECDSA="yes"
-@@ -1702,7 +1702,8 @@ int main() {
- 	have_gost="yes"],
- 	[AC_MSG_RESULT(no)
- 	have_gost="no"],
--	[AC_MSG_RESULT(using --with-gost)])
-+	[AC_MSG_RESULT(using --with-gost)
-+	have_gost=$with_gost])
- 	case "$with_gost" in
- 	yes)
- 	    case "$have_gost" in
-@@ -1752,7 +1753,8 @@ int main() {
- 	[AC_MSG_RESULT(yes)
- 	 have_aes="yes"],
- 	[AC_MSG_RESULT(no)])],
--	[AC_MSG_RESULT(using --with-aes)])
-+	[AC_MSG_RESULT(using --with-aes)
-+	 have_aes=$with_aes])
- 
- 	ISC_OPENSSL_INC=""
- 	ISC_OPENSSL_LIBS=""
-@@ -1765,8 +1767,7 @@ int main() {
- 	OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
- 	OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
- 
--	;;
--esac
-+fi
- 
- #
- # This would include the system openssl path (and linker options to use

diff --git a/net-dns/bind-tools/files/bind-tools-9.10.3_p2-libressl.patch b/net-dns/bind-tools/files/bind-tools-9.10.3_p2-libressl.patch
deleted file mode 100644
index a38a70d..00000000
--- a/net-dns/bind-tools/files/bind-tools-9.10.3_p2-libressl.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-Fix LibreSSL compatibility, patches from OpenBSD
-
-http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/isc-bind/patches/
-
-http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_dst_openssl_h?rev=1.1&content-type=text/plain
-http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssl_link_c?rev=1.1&content-type=text/plain
-http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldh_link_c?rev=1.1&content-type=text/plain
-http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldsa_link_c?rev=1.1&content-type=text/plain
-http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_opensslrsa_link_c?rev=1.1&content-type=text/plain
-
---- lib/dns/dst_openssl.h.orig	Wed Sep 16 14:00:47 2015
-+++ lib/dns/dst_openssl.h	Wed Sep 16 14:02:42 2015
-@@ -36,7 +36,7 @@
- #define USE_ENGINE 1
- #endif
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- /*
-  * These are new in OpenSSL 1.1.0.  BN_GENCB _cb needs to be declared in
-  * the function like this before the BN_GENCB_new call:
---- lib/dns/openssl_link.c.orig	Wed Sep 16 14:01:23 2015
-+++ lib/dns/openssl_link.c	Wed Sep 16 14:01:46 2015
-@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) {
- 	return (result == ISC_R_SUCCESS ? 1 : -1);
- }
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- static void
- entropy_add(const void *buf, int num, double entropy) {
- 	/*
-@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in
- 		UNLOCK(&locks[type]);
- }
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- static unsigned long
- id_callback(void) {
- 	return ((unsigned long)isc_thread_self());
-@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) {
- 	if (result != ISC_R_SUCCESS)
- 		goto cleanup_mutexalloc;
- 	CRYPTO_set_locking_callback(lock_callback);
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	CRYPTO_set_id_callback(id_callback);
- #endif
- 
-@@ -287,7 +287,7 @@ dst__openssl_destroy(void) {
- 	CRYPTO_cleanup_all_ex_data();
- #endif
- 	ERR_clear_error();
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	ERR_remove_state(0);
- #endif
- 	ERR_free_strings();
---- lib/dns/openssldh_link.c.orig	Wed Sep 16 14:01:23 2015
-+++ lib/dns/openssldh_link.c	Wed Sep 16 14:02:06 2015
-@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void
- 	DH *dh = NULL;
- #if OPENSSL_VERSION_NUMBER > 0x00908000L
- 	BN_GENCB *cb;
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	BN_GENCB _cb;
- #endif
- 	union {
-@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void
- 		if (dh == NULL)
- 			return (dst__openssl_toresult(ISC_R_NOMEMORY));
- 		cb = BN_GENCB_new();
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 		if (cb == NULL) {
- 			DH_free(dh);
- 			return (dst__openssl_toresult(ISC_R_NOMEMORY));
---- lib/dns/openssldsa_link.c.orig	Wed Sep 16 14:01:23 2015
-+++ lib/dns/openssldsa_link.c	Wed Sep 16 14:02:22 2015
-@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
- 	isc_result_t result;
- #if OPENSSL_VERSION_NUMBER > 0x00908000L
- 	BN_GENCB *cb;
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	BN_GENCB _cb;
- #endif
- 	union {
-@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
- 	if (dsa == NULL)
- 		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
- 	cb = BN_GENCB_new();
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	if (cb == NULL) {
- 		DSA_free(dsa);
- 		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
---- lib/dns/opensslrsa_link.c.orig	Wed Sep 16 14:01:23 2015
-+++ lib/dns/opensslrsa_link.c	Wed Sep 16 14:02:31 2015
-@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca
- 	} u;
- 	RSA *rsa = RSA_new();
- 	BIGNUM *e = BN_new();
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	BN_GENCB _cb;
- #endif
- 	BN_GENCB *cb = BN_GENCB_new();

[gentoo-commits] repo/gentoo:master commit in: net-dns/bind-tools/files/, net-dns/bind-tools/

[Christian Ruppert]

commit:     906bfa62019f6ceed3c6a08d5c19237f378b2a0e
Author:     Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Fri Jun  9 17:39:03 2017 +0000
Commit:     Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Fri Jun  9 17:39:03 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=906bfa62

net-dns/bind-tools: Fix compilation with dyndb and dlopen, bug 600212, thanks to all involved'

Package-Manager: Portage-2.3.6, Repoman-2.3.2

 net-dns/bind-tools/bind-tools-9.11.0_p5.ebuild     |  3 +
 .../files/bind-tools-9.11.0_p5-dyndb-dlopen.patch  | 97 ++++++++++++++++++++++
 2 files changed, 100 insertions(+)

diff --git a/net-dns/bind-tools/bind-tools-9.11.0_p5.ebuild b/net-dns/bind-tools/bind-tools-9.11.0_p5.ebuild
index f1ed0754dd9..8fec3d1b3e8 100644
--- a/net-dns/bind-tools/bind-tools-9.11.0_p5.ebuild
+++ b/net-dns/bind-tools/bind-tools-9.11.0_p5.ebuild
@@ -44,6 +44,9 @@ S="${WORKDIR}/${MY_P}"
 RESTRICT="test"
 
 src_prepare() {
+	# bug 600212
+	epatch "${FILESDIR}"/${P}-dyndb-dlopen.patch
+
 	epatch "${FILESDIR}"/${PN}-9.5.0_p1-lwconfig.patch #231247
 
 	# Disable tests for now, bug 406399

diff --git a/net-dns/bind-tools/files/bind-tools-9.11.0_p5-dyndb-dlopen.patch b/net-dns/bind-tools/files/bind-tools-9.11.0_p5-dyndb-dlopen.patch
new file mode 100644
index 00000000000..5fc8f3c1889
--- /dev/null
+++ b/net-dns/bind-tools/files/bind-tools-9.11.0_p5-dyndb-dlopen.patch
@@ -0,0 +1,97 @@
+From ae903759c205f8a5039458d780c0e0c4442b7291 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 30 May 2017 11:31:34 +1000
+Subject: [PATCH] 4530.   [bug]           "dyndb" is dependent on dlopen
+ existing / being                         enabled. [RT #45291]
+
+From aa3a8979bc7eb1596d044eff572b3c35310584fa Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 30 May 2017 11:34:37 +1000
+Subject: [PATCH] 4530.   [bug]           "dyndb" is dependent on dlopen
+ existing / being                         enabled. [RT #45291]
+
+diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c
+index a477508..dec68a7 100644
+--- a/lib/dns/dyndb.c
++++ b/lib/dns/dyndb.c
+@@ -80,7 +80,7 @@ impfind(const char *name) {
+ 	return (NULL);
+ }
+ 
+-#if HAVE_DLFCN_H
++#if HAVE_DLFCN_H && HAVE_DLOPEN
+ static isc_result_t
+ load_symbol(void *handle, const char *filename,
+ 	    const char *symbol_name, void **symbolp)
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -1496,6 +1496,7 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
+ 	return (result);
+ }
+ 
++#ifdef HAVE_DLOPEN
+ static isc_result_t
+ configure_dyndb(const cfg_obj_t *dyndb, isc_mem_t *mctx,
+ 		const dns_dyndbctx_t *dctx)
+@@ -1521,6 +1522,7 @@ configure_dyndb(const cfg_obj_t *dyndb, isc_mem_t *mctx,
+ 			      name, isc_result_totext(result));
+ 	return (result);
+ }
++#endif
+ 
+ 
+ static isc_result_t
+@@ -4669,6 +4671,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ 	else
+ 		(void)cfg_map_get(config, "dyndb", &dyndb_list);
+ 
++#ifdef HAVE_DLOPEN
+ 	for (element = cfg_list_first(dyndb_list);
+ 	     element != NULL;
+ 	     element = cfg_list_next(element))
+@@ -4686,6 +4689,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
+ 
+ 		CHECK(configure_dyndb(dyndb, mctx, dctx));
+ 	}
++#endif
+ 
+ 	/*
+ 	 * Setup automatic empty zones.  If recursion is off then
+diff --git a/lib/bind9/check.c b/lib/bind9/check.c
+index 097dd96..99b995c 100644
+--- a/lib/bind9/check.c
++++ b/lib/bind9/check.c
+@@ -2988,6 +2988,9 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
+ {
+ 	const cfg_obj_t *zones = NULL;
+ 	const cfg_obj_t *keys = NULL;
++#ifndef HAVE_DLOPEN
++	const cfg_obj_t *dyndb = NULL;
++#endif
+ 	const cfg_listelt_t *element, *element2;
+ 	isc_symtab_t *symtab = NULL;
+ 	isc_result_t result = ISC_R_SUCCESS;
+@@ -3041,6 +3044,20 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
+ 			result = ISC_R_FAILURE;
+ 	}
+ 
++#ifndef HAVE_DLOPEN
++	if (voptions != NULL)
++		(void)cfg_map_get(voptions, "dyndb", &dyndb);
++	else
++		(void)cfg_map_get(config, "dyndb", &dyndb);
++
++	if (dyndb != NULL) {
++		cfg_obj_log(dyndb, logctx, ISC_LOG_ERROR,
++			    "dynamic loading of databases is not supported");
++		if (tresult != ISC_R_SUCCESS)
++			result = ISC_R_NOTIMPLEMENTED;
++	}
++#endif
++
+ 	/*
+ 	 * Check that the response-policy and catalog-zones options
+ 	 * refer to zones that exist.
+-- 
+2.9.0
+

[gentoo-commits] repo/gentoo:master commit in: net-dns/bind-tools/files/, net-dns/bind-tools/

[Lars Wendler]

commit:     465561b4e37470c6e4ff297aabdaa074b5661fdc
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 25 14:24:35 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Sep 25 14:25:05 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=465561b4

net-dns/bind-tools: Bump to versions 9.11.4_p2 and 9.12.2_p2

as requested by idl0r.

Package-Manager: Portage-2.3.50, Repoman-2.3.11

 net-dns/bind-tools/Manifest                        |   2 +
 net-dns/bind-tools/bind-tools-9.11.4_p2.ebuild     | 139 +++++++++++++++++++
 net-dns/bind-tools/bind-tools-9.12.2_p2.ebuild     | 150 +++++++++++++++++++++
 .../files/bind-tools-9.5.0_p1-lwconfig.patch       |   4 +-
 4 files changed, 293 insertions(+), 2 deletions(-)

diff --git a/net-dns/bind-tools/Manifest b/net-dns/bind-tools/Manifest
index 19378dcdefd..a8de3d4e0f4 100644
--- a/net-dns/bind-tools/Manifest
+++ b/net-dns/bind-tools/Manifest
@@ -1,3 +1,5 @@
 DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597
+DIST bind-9.11.4_p2.tar.gz 9617963 BLAKE2B 409cad7e0976f2e46406d45e87241d61d4d4f00bf08442c4dddbad490ea3d6e42eaad5851fddb83c61a897689a8fdba0cd920aaa0d36329868d26100ba48f946 SHA512 6c01810526fc40485a6c0403d1ddc3b76d2e59b3426b5789436bd671f158d2fa0ea7c0aef2de81998ec715dabd06683fed7b17224d5c794c61e7100a69d4cb60
 DIST bind-9.12.1.tar.gz 9302783 BLAKE2B 731ce67acb22f72e54de1122c5d5c3c1f0663c400bdff9545578a45e5fe3094c6d754351e57dd5c52cdfe1528305dfde25eba7382a723a60b8bfdfeebb9536cd SHA512 701e34a0a3313568c8e5cf76668fefc2a1fceb2ade0de201b8f678401569f1c622c3d1657a71772fa3298efc8b3cdefe974d98432c0087e8b45af3d50a4262fb
 DIST bind-9.12.2_p1.tar.gz 9429002 BLAKE2B 1460b4583a28df21490f71993c8cd595dd8f8ee76727cc8798ee34a6deb1f5a4d39706ec2833a42a7e63ce0dcad917ca975c7d725fc179e2dd0450d8d683ceb4 SHA512 22ce084179439518f7d82f0b80544db929bb4ec71d0e7bd7edad9ae915c903300837d6ead698c9fc23741796f0ba9ed3aa384b752ff65c3b9b20c8969d351cba
+DIST bind-9.12.2_p2.tar.gz 9422128 BLAKE2B c7d56f025f381a0136aa67ccd49a3254fcfe566d5e3601410e5cada26ccab32a901fe6e14bc14e6e287fa2b3904a4eee8e3ef63329f9bc4cb11f204590ff3623 SHA512 458adf6b3d0df286e7d345a21c40b639efcb275e76f9e0bf4e40a5d76dcac875016324393e129f29397be326d1017367c506ec9cbb35871c98fad4281bc4e05a

diff --git a/net-dns/bind-tools/bind-tools-9.11.4_p2.ebuild b/net-dns/bind-tools/bind-tools-9.11.4_p2.ebuild
new file mode 100644
index 00000000000..667408e82ee
--- /dev/null
+++ b/net-dns/bind-tools/bind-tools-9.11.4_p2.ebuild
@@ -0,0 +1,139 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils autotools flag-o-matic toolchain-funcs
+
+MY_PN=${PN//-tools}
+MY_PV=${PV/_p/-P}
+MY_PV=${MY_PV/_rc/rc}
+MY_P="${MY_PN}-${MY_PV}"
+
+DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
+HOMEPAGE="http://www.isc.org/software/bind"
+SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${MY_PN}-${PV}.tar.gz"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="doc gost gssapi idn ipv6 libressl readline seccomp ssl urandom xml"
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+REQUIRED_USE="gost? ( !libressl ssl )"
+
+CDEPEND="
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl )
+	)
+	gost? ( >=dev-libs/openssl-1.0.0:0=[-bindist] )
+	xml? ( dev-libs/libxml2 )
+	idn? ( <net-dns/idnkit-2:= )
+	gssapi? ( virtual/krb5 )
+	readline? ( sys-libs/readline:0= )
+	seccomp? ( sys-libs/libseccomp )"
+DEPEND="${CDEPEND}
+	virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+	!<net-dns/bind-9.10.2"
+
+S="${WORKDIR}/${MY_P}"
+
+# bug 479092, requires networking
+RESTRICT="test"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-9.5.0_p1-lwconfig.patch #231247
+)
+
+src_prepare() {
+	default
+
+	# Disable tests for now, bug 406399
+	sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+	# bug #220361
+	rm aclocal.m4
+	rm -rf libtool.m4/
+
+	mv configure.in configure.ac || die # configure.in is deprecated
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--localstatedir=/var
+		--without-python
+		--without-libjson
+		--without-zlib
+		--without-lmdb
+		--disable-openssl-version-check
+		$(use_enable ipv6)
+		$(use_with idn)
+		$(usex idn --with-idnlib=-lidnkit '')
+		$(use_enable seccomp)
+		$(use_with ssl openssl)
+		$(use_with xml libxml2)
+		$(use_with gssapi)
+		$(use_with readline)
+		$(use_with gost)
+	)
+
+	if use urandom; then
+		myeconfargs+=( --with-randomdev=/dev/urandom )
+	else
+		myeconfargs+=( --with-randomdev=/dev/random )
+	fi
+
+	# bug 344029
+	append-cflags "-DDIG_SIGCHASE"
+
+	# localstatedir for nsupdate -l, bug 395785
+	tc-export BUILD_CC
+	econf "${myeconfargs[@]}"
+
+	# bug #151839
+	echo '#undef SO_BSDCOMPAT' >> config.h
+}
+
+src_compile() {
+	local AR=$(tc-getAR)
+
+	emake AR="${AR}" -C lib/
+	emake AR="${AR}" -C bin/delv/
+	emake AR="${AR}" -C bin/dig/
+	emake AR="${AR}" -C bin/nsupdate/
+	emake AR="${AR}" -C bin/dnssec/
+}
+
+src_install() {
+	dodoc README CHANGES
+
+	cd "${S}"/bin/delv || die
+	dobin delv
+	doman delv.1
+
+	cd "${S}"/bin/dig || die
+	dobin dig host nslookup
+	doman {dig,host,nslookup}.1
+
+	cd "${S}"/bin/nsupdate || die
+	dobin nsupdate
+	doman nsupdate.1
+	if use doc; then
+		docinto html
+		dodoc nsupdate.html
+	fi
+
+	cd "${S}"/bin/dnssec || die
+	for tool in dsfromkey importkey keyfromlabel keygen \
+	  revoke settime signzone verify; do
+		dobin dnssec-"${tool}"
+		doman dnssec-"${tool}".8
+		if use doc; then
+			docinto html
+			dodoc dnssec-"${tool}".html
+		fi
+	done
+}

diff --git a/net-dns/bind-tools/bind-tools-9.12.2_p2.ebuild b/net-dns/bind-tools/bind-tools-9.12.2_p2.ebuild
new file mode 100644
index 00000000000..19907a9f7c3
--- /dev/null
+++ b/net-dns/bind-tools/bind-tools-9.12.2_p2.ebuild
@@ -0,0 +1,150 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils autotools flag-o-matic toolchain-funcs
+
+MY_PN=${PN//-tools}
+MY_PV=${PV/_p/-P}
+MY_PV=${MY_PV/_rc/rc}
+MY_P="${MY_PN}-${MY_PV}"
+
+DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
+HOMEPAGE="http://www.isc.org/software/bind"
+SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${MY_PN}-${PV}.tar.gz"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="doc gost gssapi idn ipv6 libedit libidn2 libressl readline seccomp ssl urandom xml"
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+REQUIRED_USE="gost? ( !libressl ssl )
+	idn? ( !libidn2 )
+	libidn2? ( !idn )"
+
+CDEPEND="
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gost? ( >=dev-libs/openssl-1.0.0:0=[-bindist] )
+	xml? ( dev-libs/libxml2 )
+	idn? ( <net-dns/idnkit-2:= )
+	libidn2? ( net-dns/libidn2 )
+	gssapi? ( virtual/krb5 )
+	libedit? ( dev-libs/libedit )
+	!libedit? (
+		readline? ( sys-libs/readline:0= )
+	)
+	seccomp? ( sys-libs/libseccomp )"
+DEPEND="${CDEPEND}
+	virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+	!<net-dns/bind-9.10.2"
+
+S="${WORKDIR}/${MY_P}"
+
+# bug 479092, requires networking
+RESTRICT="test"
+
+src_prepare() {
+	default
+
+	# Disable tests for now, bug 406399
+	sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+	# bug #220361
+	rm aclocal.m4
+	rm -rf libtool.m4/
+
+	mv configure.in configure.ac || die # configure.in is deprecated
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--localstatedir="${EPREFIX}"/var
+		--without-python
+		--without-libjson
+		--without-zlib
+		--without-lmdb
+		$(use_enable ipv6)
+		$(use_with idn idnkit)
+		$(usex idn --with-idnlib=-lidnkit '')
+		$(use_with libidn2)
+		$(use_enable seccomp)
+		$(use_with ssl openssl "${EPREFIX}"/usr)
+		$(use_with xml libxml2)
+		$(use_with gssapi)
+		$(use_with readline)
+		$(use_with gost)
+	)
+
+	if use urandom; then
+		myeconfargs+=( --with-randomdev=/dev/urandom )
+	else
+		myeconfargs+=( --with-randomdev=/dev/random )
+	fi
+
+	# bug 607400
+	if use libedit ; then
+		myeconfargs+=( --with-readline=-ledit )
+	elif use readline ; then
+		myeconfargs+=( --with-readline=-lreadline )
+	else
+		myeconfargs+=( --without-readline )
+	fi
+
+	# bug 344029
+	append-cflags "-DDIG_SIGCHASE"
+
+	# localstatedir for nsupdate -l, bug 395785
+	tc-export BUILD_CC
+	econf "${myeconfargs[@]}"
+
+	# bug #151839
+	echo '#undef SO_BSDCOMPAT' >> config.h
+}
+
+src_compile() {
+	local AR=$(tc-getAR)
+
+	emake AR="${AR}" -C lib/
+	emake AR="${AR}" -C bin/delv/
+	emake AR="${AR}" -C bin/dig/
+	emake AR="${AR}" -C bin/nsupdate/
+	emake AR="${AR}" -C bin/dnssec/
+}
+
+src_install() {
+	dodoc README CHANGES
+
+	cd "${S}"/bin/delv || die
+	dobin delv
+	doman delv.1
+
+	cd "${S}"/bin/dig || die
+	dobin dig host nslookup
+	doman {dig,host,nslookup}.1
+
+	cd "${S}"/bin/nsupdate || die
+	dobin nsupdate
+	doman nsupdate.1
+	if use doc; then
+		docinto html
+		dodoc nsupdate.html
+	fi
+
+	cd "${S}"/bin/dnssec || die
+	for tool in dsfromkey importkey keyfromlabel keygen \
+	  revoke settime signzone verify; do
+		dobin dnssec-"${tool}"
+		doman dnssec-"${tool}".8
+		if use doc; then
+			docinto html
+			dodoc dnssec-"${tool}".html
+		fi
+	done
+}

diff --git a/net-dns/bind-tools/files/bind-tools-9.5.0_p1-lwconfig.patch b/net-dns/bind-tools/files/bind-tools-9.5.0_p1-lwconfig.patch
index 7aa1d16e92c..ba615d5ac6e 100644
--- a/net-dns/bind-tools/files/bind-tools-9.5.0_p1-lwconfig.patch
+++ b/net-dns/bind-tools/files/bind-tools-9.5.0_p1-lwconfig.patch
@@ -1,5 +1,5 @@
---- lib/lwres/lwconfig.c.old	2007-06-20 01:47:22.000000000 +0200
-+++ lib/lwres/lwconfig.c	2008-06-15 02:57:02.000000000 +0200
+--- a/lib/lwres/lwconfig.c
++++ b/lib/lwres/lwconfig.c
 @@ -175,13 +175,8 @@
  	REQUIRE(buffer != NULL);
  	REQUIRE(size > 0U);

[gentoo-commits] repo/gentoo:master commit in: net-dns/bind-tools/files/, net-dns/bind-tools/

[Sam James]

commit:     5a92bef099e1ceccd8750bde2c16d985bdf3fafa
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jun  3 07:32:50 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jun  3 07:33:00 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a92bef0

net-dns/bind-tools: backport FORTIFY_SOURCE=3 named-checkconf crash fix

Closes: https://bugs.gentoo.org/847295
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-dns/bind-tools/bind-tools-9.16.29-r1.ebuild    | 156 +++++++++++++++++++++
 .../bind-tools-9.16.29-fortify-source-3.patch      |  35 +++++
 2 files changed, 191 insertions(+)

diff --git a/net-dns/bind-tools/bind-tools-9.16.29-r1.ebuild b/net-dns/bind-tools/bind-tools-9.16.29-r1.ebuild
new file mode 100644
index 000000000000..6ab46c310694
--- /dev/null
+++ b/net-dns/bind-tools/bind-tools-9.16.29-r1.ebuild
@@ -0,0 +1,156 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic toolchain-funcs
+
+MY_PN=${PN//-tools}
+MY_PV=${PV/_p/-P}
+MY_PV=${MY_PV/_rc/rc}
+MY_P="${MY_PN}-${MY_PV}"
+
+DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
+HOMEPAGE="https://www.isc.org/software/bind"
+SRC_URI="https://downloads.isc.org/isc/bind9/${PV}/${MY_P}.tar.xz"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+caps doc gssapi idn ipv6 libedit readline xml"
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+COMMON_DEPEND="
+	dev-libs/libuv:=
+	caps? ( sys-libs/libcap )
+	dev-libs/openssl:=
+	xml? ( dev-libs/libxml2 )
+	idn? ( net-dns/libidn2:= )
+	gssapi? ( virtual/krb5 )
+	libedit? ( dev-libs/libedit )
+	!libedit? (
+		readline? ( sys-libs/readline:= )
+	)
+"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+
+# sphinx required for man-page and html creation
+BDEPEND="
+	doc? ( dev-python/sphinx )
+	virtual/pkgconfig
+"
+
+S="${WORKDIR}/${MY_P}"
+
+# bug 479092, requires networking
+RESTRICT="test"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-fortify-source-3.patch
+)
+
+src_prepare() {
+	default
+
+	export LDFLAGS="${LDFLAGS} -L${EPREFIX}/usr/$(get_libdir)"
+
+	# Disable tests for now, bug 406399
+	sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+	# Do not disable thread local storage on Solaris, it works with our
+	# toolchain, and it breaks further configure checks
+	sed -i -e '/LDFLAGS=/s/-zrelax=transtls//' configure.ac configure || die
+
+	# bug #220361
+	rm aclocal.m4 || die
+	rm -rf libtool.m4/ || die
+
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--localstatedir="${EPREFIX}"/var
+		--without-python
+		--without-libjson
+		--without-zlib
+		--without-lmdb
+		--without-maxminddb
+		--disable-geoip
+		--with-openssl="${ESYSROOT}"/usr
+		$(use_with idn libidn2 "${ESYSROOT}"/usr)
+		$(use_with xml libxml2)
+		$(use_with gssapi)
+		$(use_with readline)
+		$(use_enable caps linux-caps)
+		AR="$(type -P $(tc-getAR))"
+	)
+
+	# bug 607400
+	if use libedit ; then
+		myeconfargs+=( --with-readline=-ledit )
+	elif use readline ; then
+		myeconfargs+=( --with-readline=-lreadline )
+	else
+		myeconfargs+=( --without-readline )
+	fi
+
+	# bug 344029
+	append-cflags "-DDIG_SIGCHASE"
+
+	# to expose CMSG_* macros from sys/sockets.h
+	[[ ${CHOST} == *-solaris* ]] && append-cflags "-D_XOPEN_SOURCE=600"
+
+	# localstatedir for nsupdate -l, bug 395785
+	tc-export BUILD_CC
+	econf "${myeconfargs[@]}"
+
+	# bug #151839
+	echo '#undef SO_BSDCOMPAT' >> config.h
+}
+
+src_compile() {
+	local AR=$(tc-getAR)
+
+	emake AR="${AR}" -C lib/
+	emake AR="${AR}" -C bin/delv/
+	emake AR="${AR}" -C bin/dig/
+	emake AR="${AR}" -C bin/nsupdate/
+	emake AR="${AR}" -C bin/dnssec/
+	emake -C doc/man/ man $(usev doc)
+}
+
+src_install() {
+	local man_dir="${S}/doc/man"
+	local html_dir="${man_dir}/_build/html"
+
+	dodoc README CHANGES
+
+	cd "${S}"/bin/delv || die
+	dobin delv
+	doman ${man_dir}/delv.1
+
+	cd "${S}"/bin/dig || die
+	dobin dig host nslookup
+	doman ${man_dir}/{dig,host,nslookup}.1
+
+	cd "${S}"/bin/nsupdate || die
+	dobin nsupdate
+	doman ${man_dir}/nsupdate.1
+	if use doc; then
+		docinto html
+		dodoc ${html_dir}/nsupdate.html
+	fi
+
+	cd "${S}"/bin/dnssec || die
+	for tool in dsfromkey importkey keyfromlabel keygen \
+		revoke settime signzone verify; do
+		dobin dnssec-"${tool}"
+		doman ${man_dir}/dnssec-"${tool}".8
+		if use doc; then
+			docinto html
+			dodoc ${html_dir}/dnssec-"${tool}".html
+		fi
+	done
+}

diff --git a/net-dns/bind-tools/files/bind-tools-9.16.29-fortify-source-3.patch b/net-dns/bind-tools/files/bind-tools-9.16.29-fortify-source-3.patch
new file mode 100644
index 000000000000..d084d6e62ce8
--- /dev/null
+++ b/net-dns/bind-tools/files/bind-tools-9.16.29-fortify-source-3.patch
@@ -0,0 +1,35 @@
+https://gitlab.isc.org/isc-projects/bind9/-/commit/b6670787d25743ddf39dfe8e615828efc928f50d
+https://gitlab.isc.org/isc-projects/bind9/-/issues/3351
+https://bugs.gentoo.org/847295
+
+From: Evan Hunt <each@isc.org>
+Date: Fri, 13 May 2022 19:59:58 -0700
+Subject: [PATCH] prevent a possible buffer overflow in configuration check
+
+corrected code that could have allowed a buffer overfow while
+parsing named.conf.
+
+(cherry picked from commit 921043b54161c7a3e6dc4036b038ca4dbc5fe472)
+--- a/lib/bind9/check.c
++++ b/lib/bind9/check.c
+@@ -2500,8 +2500,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
+ 		} else if (dns_name_isula(zname)) {
+ 			ula = true;
+ 		}
+-		tmp += strlen(tmp);
+ 		len -= strlen(tmp);
++		tmp += strlen(tmp);
+ 		(void)snprintf(tmp, len, "%u/%s", zclass,
+ 			       (ztype == CFG_ZONE_INVIEW) ? target
+ 			       : (viewname != NULL)	  ? viewname
+@@ -3247,8 +3247,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
+ 		char *tmp = keydirbuf;
+ 		size_t len = sizeof(keydirbuf);
+ 		dns_name_format(zname, keydirbuf, sizeof(keydirbuf));
+-		tmp += strlen(tmp);
+ 		len -= strlen(tmp);
++		tmp += strlen(tmp);
+ 		(void)snprintf(tmp, len, "/%s", (dir == NULL) ? "(null)" : dir);
+ 		tresult = keydirexist(zconfig, (const char *)keydirbuf,
+ 				      kaspname, keydirs, logctx, mctx);
+GitLab