Revbump to fix bugs #523754 and #523756.

(Portage version: 2.2.8-r2/cvs/Linux x86_64, signed Manifest commit with key 0x6F48D3DA05C2DADB!)

3 files changed, 340 insertions, 1 deletions

diff --git a/net-dns/djbdns/ChangeLog b/net-dns/djbdns/ChangeLog
index ce090dfdc2e6..b16fc79987a6 100644
--- a/net-dns/djbdns/ChangeLog
+++ b/net-dns/djbdns/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-dns/djbdns
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/ChangeLog,v 1.155 2014/10/02 13:01:13 mjo Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/ChangeLog,v 1.156 2014/10/02 22:22:16 mjo Exp $
+
+*djbdns-1.05-r30 (02 Oct 2014)
+
+  02 Oct 2014; Michael Orlitzky <mjo@gentoo.org> +djbdns-1.05-r30.ebuild,
+  +files/srv_record_support.patch:
+  Revbump to fix bugs #523754 and #523756.
 
   02 Oct 2014; Michael Orlitzky <mjo@gentoo.org>
   -files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch,
diff --git a/net-dns/djbdns/djbdns-1.05-r30.ebuild b/net-dns/djbdns/djbdns-1.05-r30.ebuild
new file mode 100644
index 000000000000..c7b5fadf114c
--- /dev/null
+++ b/net-dns/djbdns/djbdns-1.05-r30.ebuild
@@ -0,0 +1,153 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/djbdns-1.05-r30.ebuild,v 1.1 2014/10/02 22:22:16 mjo Exp $
+
+EAPI=5
+inherit eutils flag-o-matic readme.gentoo toolchain-funcs user
+
+DESCRIPTION="Collection of DNS client/server software"
+HOMEPAGE="http://cr.yp.to/djbdns.html"
+IPV6_PATCH="test27"
+
+SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz
+	http://smarden.org/pape/djb/manpages/${P}-man.tar.gz
+	ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )"
+
+SLOT="0"
+LICENSE="public-domain"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ipv6 selinux"
+
+DEPEND=""
+RDEPEND="sys-apps/ucspi-tcp
+	virtual/daemontools
+	selinux? ( sec-policy/selinux-djbdns )"
+
+src_unpack(){
+	# Unpack both djbdns and its man pages to separate directories.
+	default
+
+	# Now move the man pages under ${S} so that user patches can be
+	# applied to them as well in src_prepare().
+	mv "${PN}-man" "${P}/man" || die "failed to transplant man pages"
+}
+
+src_prepare() {
+	epatch \
+		"${FILESDIR}/headtail.patch" \
+		"${FILESDIR}/dnsroots.patch" \
+		"${FILESDIR}/dnstracesort.patch" \
+		"${FILESDIR}/string_length_255.patch" \
+		"${FILESDIR}/srv_record_support.patch"
+
+	# Fix CVE2009-0858
+	epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
+
+	if use ipv6; then
+		elog 'At present dnstrace does NOT support IPv6. It will'\
+			 'be compiled without IPv6 support.'
+
+		# Create a separate copy of the source tree for dnstrace.
+		cp -pR "${S}" "${S}-noipv6" || die
+
+		# The big ipv6 patch.
+		epatch "${WORKDIR}/${P}-${IPV6_PATCH}.diff"
+
+		# Fix CVE2008-4392 (ipv6)
+		epatch \
+			"${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch" \
+			"${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \
+			"${FILESDIR}/makefile-parallel-test25.patch"
+
+		cd "${S}-noipv6" || die
+	fi
+
+	# Fix CVE2008-4392 (no ipv6)
+	epatch \
+		"${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \
+		"${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+
+	# Later versions of the ipv6 patch include this, but even if
+	# USE=ipv6, we're in the ${S}-noipv6 directory at this point.
+	epatch "${FILESDIR}/${PV}-errno.patch"
+
+	epatch_user
+}
+
+src_compile() {
+	echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die
+	echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die
+	echo "/usr" > conf-home || die
+	emake
+
+	# If djbdns is compiled with IPv6 support, it breaks dnstrace.
+	# Therefore we must compile dnstrace separately without IPv6
+	# support.
+	if use ipv6; then
+		elog 'Compiling dnstrace without ipv6 support'
+		cp conf-cc conf-ld conf-home "${S}-noipv6/" || die
+		cd "${S}-noipv6" || die
+		emake dnstrace
+	fi
+}
+
+src_install() {
+	insinto /etc
+	doins dnsroots.global
+
+	into /usr
+	dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+		*-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+		dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
+
+	if use ipv6; then
+		dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace"
+	fi
+
+	dodoc CHANGES README
+
+	doman man/*.[158]
+
+	readme.gentoo_create_doc
+}
+
+pkg_preinst() {
+	# The nofiles group is no longer provided by baselayout.
+	# Share it with qmail if possible.
+	enewgroup nofiles 200
+
+	enewuser dnscache -1 -1 -1 nofiles
+	enewuser dnslog -1 -1 -1 nofiles
+	enewuser tinydns -1 -1 -1 nofiles
+}
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS='
+The dnscache-setup, tinydns-setup, and djbdns-setup programs have
+been removed to follow upstream more closely. To configure djbdns,
+please follow the instructions at,
+
+	http://cr.yp.to/djbdns.html
+
+Of particular interest are,
+
+	axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html
+	dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html
+	tinydns : http://cr.yp.to/djbdns/run-server.html
+
+Portage has created users for axfrdns, dnscache, and tinydns; the
+commands to configure these programs are,
+
+	1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip
+	2. dnscache-conf dnscache dnslog /var/dnscache $ip
+	3. tinydns-conf tinydns dnslog /var/tinydns $ip
+
+(replace $ip with the ip address on which the server will run).
+
+If you wish to configure rbldns or walldns, you will need to create
+those users yourself (although you should still use the "dnslog"
+user for the logs):
+
+	4. rbldns-conf $username dnslog /var/rbldns $ip $base
+	5. walldns-conf $username dnslog /var/walldns $ip
+'
diff --git a/net-dns/djbdns/files/srv_record_support.patch b/net-dns/djbdns/files/srv_record_support.patch
new file mode 100644
index 000000000000..736884208363
--- /dev/null
+++ b/net-dns/djbdns/files/srv_record_support.patch
@@ -0,0 +1,180 @@
+From: Michael Handler <handler@sub-rosa.com>
+To: dns@list.cr.yp.to
+Subject: tinydns-data SRV & axfr-get SRV/PTR patches
+Date: Thu, 14 Sep 2000 20:37:50 -0400
+
+Here's a combined patch that:
+
+a) adds a native SRV type to tinydns-data
+
+Sfqdn:ip:x:port:weight:priority:ttl:timestamp
+
+Standard rules for ip, x, ttl, and timestamp apply. Port, weight, and
+priority all range from 0-65535. Weight and priority are optional; they
+default to zero if not provided.
+
+Sconsole.zoinks.example.com:1.2.3.4:rack102-con1:2001:69:7:300:
+
+b) makes axfr-get decompose SRV and PTR records and write them out in
+native format, rather than opaque. Again, this is necessary because if the
+DNAME fields in the records reference the same zone as fqdn, they can have
+compression pointers that are bogus outside the context of that specific
+packet, and which can't be correctly loaded into data.cdb by tinydns-data.
+
+--michael
+
+Laurent G. Bercot <ska-djbdns@skarnet.org> updated it for
+djbdns-1.05. Documentation patch by Alex Efros.
+
+diff -rNU3 djbdns-1.05/axfr-get.c djbdns-1.05-srv/axfr-get.c
+--- djbdns-1.05/axfr-get.c	Sun Feb 11 22:11:45 2001
++++ djbdns-1.05/axfr-get.c	Thu Oct 18 14:46:56 2001
+@@ -209,6 +209,26 @@
+     if (!stralloc_cats(&line,".:")) return 0;
+     if (!stralloc_catulong0(&line,dist,0)) return 0;
+   }
++  else if (byte_equal(data,2,DNS_T_SRV)) {
++    uint16 dist, weight, port;
++    if (!stralloc_copys(&line,"S")) return 0;
++    if (!dns_domain_todot_cat(&line,d1)) return 0;
++    if (!stralloc_cats(&line,"::")) return 0;
++    pos = x_copy(buf,len,pos,data,2);
++    uint16_unpack_big(data,&dist);
++    pos = x_copy(buf,len,pos,data,2);
++    uint16_unpack_big(data,&weight);
++    pos = x_copy(buf,len,pos,data,2);
++    uint16_unpack_big(data,&port);
++    x_getname(buf,len,pos,&d1);
++    if (!dns_domain_todot_cat(&line,d1)) return 0;
++    if (!stralloc_cats(&line,".:")) return 0;
++    if (!stralloc_catulong0(&line,dist,0)) return 0;
++    if (!stralloc_cats(&line,":")) return 0;
++    if (!stralloc_catulong0(&line,weight,0)) return 0;
++    if (!stralloc_cats(&line,":")) return 0;
++    if (!stralloc_catulong0(&line,port,0)) return 0;
++  }
+   else if (byte_equal(data,2,DNS_T_A) && (dlen == 4)) {
+     char ipstr[IP4_FMT];
+     if (!stralloc_copys(&line,"+")) return 0;
+@@ -216,6 +236,14 @@
+     if (!stralloc_cats(&line,":")) return 0;
+     x_copy(buf,len,pos,data,4);
+     if (!stralloc_catb(&line,ipstr,ip4_fmt(ipstr,data))) return 0;
++  }
++  else if (byte_equal(data,2,DNS_T_PTR)) {
++    if (!stralloc_copys(&line,"^")) return 0;
++    if (!dns_domain_todot_cat(&line,d1)) return 0;
++    if (!stralloc_cats(&line,":")) return 0;
++    x_getname(buf,len,pos,&d1);
++    if (!dns_domain_todot_cat(&line,d1)) return 0;
++    if (!stralloc_cats(&line,".")) return 0;
+   }
+   else {
+     unsigned char ch;
+diff -rNU3 djbdns-1.05/dns.h djbdns-1.05-srv/dns.h
+--- djbdns-1.05/dns.h	Sun Feb 11 22:11:45 2001
++++ djbdns-1.05/dns.h	Thu Oct 18 14:46:56 2001
+@@ -20,6 +20,7 @@
+ #define DNS_T_SIG "\0\30"
+ #define DNS_T_KEY "\0\31"
+ #define DNS_T_AAAA "\0\34"
++#define DNS_T_SRV "\0\41"
+ #define DNS_T_AXFR "\0\374"
+ #define DNS_T_ANY "\0\377"
+ 
+diff -rNU3 djbdns-1.05/tinydns-data.c djbdns-1.05-srv/tinydns-data.c
+--- djbdns-1.05/tinydns-data.c	Sun Feb 11 22:11:45 2001
++++ djbdns-1.05/tinydns-data.c	Thu Oct 18 14:50:53 2001
+@@ -196,6 +196,7 @@
+   char type[2];
+   char soa[20];
+   char buf[4];
++  char srv[6];
+ 
+   umask(022);
+ 
+@@ -360,6 +361,43 @@
+ 	rr_start(DNS_T_MX,ttl,ttd,loc);
+ 	uint16_pack_big(buf,u);
+ 	rr_add(buf,2);
++	rr_addname(d2);
++	rr_finish(d1);
++
++	if (ip4_scan(f[1].s,ip)) {
++	  rr_start(DNS_T_A,ttl,ttd,loc);
++	  rr_add(ip,4);
++	  rr_finish(d2);
++	}
++	break;
++	
++      case 'S':
++	if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem();
++	if (!stralloc_0(&f[6])) nomem();
++	if (!scan_ulong(f[6].s,&ttl)) ttl = TTL_POSITIVE;
++	ttdparse(&f[7],ttd);
++	locparse(&f[8],loc);
++
++	if (!stralloc_0(&f[1])) nomem();
++
++	if (byte_chr(f[2].s,f[2].len,'.') >= f[2].len) {
++	  if (!stralloc_cats(&f[2],".srv.")) nomem();
++	  if (!stralloc_catb(&f[2],f[0].s,f[0].len)) nomem();
++	}
++	if (!dns_domain_fromdot(&d2,f[2].s,f[2].len)) nomem();
++
++	if (!stralloc_0(&f[4])) nomem();
++	if (!scan_ulong(f[4].s,&u)) u = 0;
++	uint16_pack_big(srv,u);
++	if (!stralloc_0(&f[5])) nomem();
++	if (!scan_ulong(f[5].s,&u)) u = 0;
++	uint16_pack_big(srv + 2,u);
++	if (!stralloc_0(&f[3])) nomem();
++	if (!scan_ulong(f[3].s,&u)) nomem();
++	uint16_pack_big(srv + 4,u);
++
++	rr_start(DNS_T_SRV,ttl,ttd,loc);
++	rr_add(srv,6);
+ 	rr_addname(d2);
+ 	rr_finish(d1);
+ 
+--- djbdns-1.05/man/tinydns-data.8	2003-10-23 10:47:32.000000000 +0300
++++ djbdns-1.05/man/tinydns-data.8	2014-09-26 02:51:59.861716505 +0300
+@@ -487,6 +487,38 @@
+ .RI \ 072
+ is a colon.
+ 
++.RI S fqdn\fR:\fIip\fR:\fIx\fR:\fIport\fR:\fIweight\fR:\fIpriority\fR:\fIttl\fR:\fItimestamp\fR:\fIlo\fR
++
++SRV record for
++.IR fqdn .
++
++.B tinydns-data
++creates
++.IP
++an SRV record
++showing 
++.IR x\fR.srv.\fIfqdn\fR:\fIport\fR
++as a service for 
++.IR fqdn
++with given \fIweight\fR and \fIpriority\fR
++(\fIport\fR, \fIweight\fR and \fIpriority\fR must be in range 0-65535;
++\fIweight\fR and \fIpriority\fR are optional;
++they default to zero if not provided)
++and
++.P
++.IP
++an A record showing
++.I ip
++as the IP address
++of
++.IR x\fR.srv.\fIfqdn .
++.P
++
++If
++.I x
++contains a dot
++then it is treated specially; see above.
++
+ .RI ^ fqdn\fR:\fIp\fR:\fIttl\fR:\fItimestamp\fR:\fIlo\fR
+ 
+ PTR record for