From: Michael Orlitzky Date: Sun, 23 Jun 2013 17:48:25 +0000 (-0400) Subject: Add djbdns from portage. X-Git-Url: http://gitweb.michael.orlitzky.com/?p=mjo-overlay.git;a=commitdiff_plain;h=5a773ab0528f750fc82e46a322679481725f99c5 Add djbdns from portage. --- diff --git a/net-dns/djbdns/ChangeLog b/net-dns/djbdns/ChangeLog new file mode 100644 index 0000000..08967ee --- /dev/null +++ b/net-dns/djbdns/ChangeLog @@ -0,0 +1,584 @@ +# ChangeLog for net-dns/djbdns +# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/ChangeLog,v 1.138 2013/06/02 10:59:23 pacho Exp $ + + 02 Jun 2013; Pacho Ramos metadata.xml: + Cleanup due bug #328951 + + 06 Jan 2013; Sergey Popov metadata.xml: + Correct maintainer's order, add description, wrt bug #413787 + + 05 Jan 2013; Sergey Popov djbdns-1.05-r23.ebuild, + djbdns-1.05-r24.ebuild, djbdns-1.05-r25.ebuild, djbdns-1.05-r26.ebuild: + Correct URL in elog message, wrt bug #413787. Thanks to Olivier Rickmers for + discovering this issue + + 26 Aug 2012; Raúl Porcel djbdns-1.05-r26.ebuild: + alpha/sparc stable wrt #419193 + + 04 Aug 2012; Michael Weber metadata.xml: + Fix metadata.xml + + 03 Aug 2012; Agostino Sarubbo djbdns-1.05-r26.ebuild: + Stable for amd64, wrt bug #419193 + + 25 Jul 2012; Jeroen Roovers djbdns-1.05-r26.ebuild: + Stable for HPPA (bug #419193). + + 16 Jul 2012; Anthony G. Basile djbdns-1.05-r26.ebuild: + Stable ppc ppc64, bug #419193 + + 16 Jul 2012; Jeff Horelick djbdns-1.05-r26.ebuild: + marked x86 per bug 419193 + + 14 Jun 2012; Zac Medico djbdns-1.05-r23.ebuild, + djbdns-1.05-r24.ebuild, djbdns-1.05-r25.ebuild, djbdns-1.05-r26.ebuild: + inherit user for enewgroup and enewuser + +*djbdns-1.05-r26 (02 Jun 2012) + + 02 Jun 2012; Michael Weber +djbdns-1.05-r26.ebuild, + files/dnsroots.patch: + Revbump to install new root servers list (bug 248247) + + 01 Apr 2012; Markos Chandras files/dnscache-setup, + files/tinydns-setup: + functions.sh moved elsewhere. Bug #389667. Thanks to Michael Orlitzky + + + 24 Mar 2012; Markos Chandras djbdns-1.05-r23.ebuild, + djbdns-1.05-r24.ebuild, djbdns-1.05-r25.ebuild, files/djbdns-setup: + Remove unused djbdns-setup. Thanks to Michael Orlitzky . + Bug #408351 + +*djbdns-1.05-r25 (02 Mar 2012) + + 02 Mar 2012; Markos Chandras +djbdns-1.05-r25.ebuild, + metadata.xml: + Add missing nofiles group. Bug #388537. Add proxy-maintainers herd + + 11 Apr 2011; Dane Smith djbdns-1.05-r24.ebuild, + +files/makefile-parallel.patch: + Add patch to fix parallel make issues when USE="ipv6" wrt bug 362771. + Thanks + Michael for spotting and fixing this. + + 04 Apr 2011; Dane Smith djbdns-1.05-r24.ebuild: + Remove parallel compilation workaround. Seems to be fixed upstream. + + 04 Apr 2011; Dane Smith djbdns-1.05-r24.ebuild: + Moved enewuser calls to pkg_preinstall wrt bug 361923. Thanks Michael. + +*djbdns-1.05-r24 (04 Apr 2011) + + 04 Apr 2011; Dane Smith + +files/string_length_255.patch, +djbdns-1.05-r24.ebuild, metadata.xml: + Add Michael Orlitzky as proxy maintainer with me as proxy. + Revbump to -24 wrt bug 241158. + Ebuild cleanup. + + 01 Mar 2011; Christian Ruppert -files/fwdzone-fix.patch: + Remove unused patch + + 29 Jan 2011; Thilo Bangert djbdns-1.05-r23.ebuild: + dep on virtual/daemontools + + 20 Jul 2010; Michael Sterrett + -djbdns-1.05-r17.ebuild, -djbdns-1.05-r19.ebuild, -djbdns-1.05-r21.ebuild, + -djbdns-1.05-r22.ebuild: + clean old cruft + + 23 Mar 2009; Jeroen Roovers djbdns-1.05-r23.ebuild: + Stable for HPPA (bug #260975). + + 22 Mar 2009; Friedrich Oslage + djbdns-1.05-r23.ebuild: + Stable on sparc, bug #260975 + + 22 Mar 2009; Tobias Klausmann + djbdns-1.05-r23.ebuild: + Stable on alpha, bug #260975 + + 20 Mar 2009; Markus Meier djbdns-1.05-r23.ebuild: + amd64/x86 stable, bug #260975 + + 20 Mar 2009; Brent Baude djbdns-1.05-r23.ebuild: + Marking djbdns-1.05-r23 ppc64 and ppc for bug 260975 + + 20 Mar 2009; Gordon Malm djbdns-1.05-r23.ebuild: + Avoid applying CVE2009-0858 patch twice. + +*djbdns-1.05-r23 (19 Mar 2009) + + 19 Mar 2009; Gordon Malm + +files/CVE2009-0858_0001-check-response-domain-name-length.patch, + +files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patc + h, +files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch, + +djbdns-1.05-r23.ebuild: + Fix bug #260975. Fix bug #260014 when USE="ipv6". + + 18 Mar 2009; Brent Baude djbdns-1.05-r22.ebuild: + Marking djbdns-1.05-r22 ppc for bug 260014 + + 15 Mar 2009; Markus Meier djbdns-1.05-r22.ebuild: + amd64/x86 stable, bug #260014 + + 12 Mar 2009; Jeroen Roovers djbdns-1.05-r22.ebuild: + Stable for HPPA (bug #260014). Fixed newbin djbdns-setup (bug #260014 + comment #8). + + 11 Mar 2009; Tobias Klausmann + djbdns-1.05-r22.ebuild: + Stable on alpha, bug #260014 + + 11 Mar 2009; Brent Baude djbdns-1.05-r22.ebuild: + Marking djbdns-1.05-r22 ppc64 for bug 260014 + + 08 Mar 2009; René Nussbaumer + djbdns-1.05-r22.ebuild: + Fix patch order + + 08 Mar 2009; Tobias Klausmann + djbdns-1.05-r22.ebuild: + Broken patch, going back to ~alpha. + + 08 Mar 2009; Tobias Klausmann + djbdns-1.05-r22.ebuild: + Stable on alpha, bug #260014 + +*djbdns-1.05-r22 (01 Mar 2009) + + 01 Mar 2009; René Nussbaumer + +files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch, + +files/CVE2008-4392_0002-dnscache-cache-soa-records.patch, + +djbdns-1.05-r22.ebuild: + Fix CVE2008-4392 + + 17 Nov 2008; Diego E. Pettenò + files/headtail.patch: + Fix patch with absolute paths. + + 17 Aug 2008; Doug Goldstein metadata.xml: + add GLEP 56 USE flag desc from use.local.desc + + 13 May 2008; Jeroen Roovers djbdns-1.05-r21.ebuild: + Stable for HPPA (LuckyLuke). + + 29 Feb 2008; Raúl Porcel djbdns-1.05-r21.ebuild: + sparc stable + + 31 Jan 2008; René Nussbaumer metadata.xml: + Taking over maintainership + + 31 Jan 2008; Michael Hanselmann metadata.xml: + Remove myself as maintainer. + + 04 Jan 2008; Hanno Boeck djbdns-1.05-r17.ebuild, + djbdns-1.05-r19.ebuild, djbdns-1.05-r21.ebuild: + Change license to public domain (http://cr.yp.to/distributors.html) and fix + some unquoted vars. + + 15 Oct 2007; Markus Rothe djbdns-1.05-r21.ebuild: + Stable on ppc64 + + 13 Aug 2007; Tobias Scherbaum + djbdns-1.05-r21.ebuild: + ppc. stable + + 26 Jul 2007; Raúl Porcel djbdns-1.05-r21.ebuild: + alpha/x86 stable + + 06 May 2007; Marius Mauch djbdns-1.05-r17.ebuild, + djbdns-1.05-r19.ebuild, djbdns-1.05-r21.ebuild: + Replacing einfo with elog + + 28 Jan 2007; Michael Hanselmann + djbdns-1.05-r21.ebuild: + Don't patch non-IPv6 version of unpacked source. + +*djbdns-1.05-r21 (23 Jan 2007) + + 23 Jan 2007; Michael Hanselmann + -djbdns-1.05-r20.ebuild, +djbdns-1.05-r21.ebuild: + Fix bug #163398. + +*djbdns-1.05-r20 (16 Jan 2007) + + 16 Jan 2007; Michael Hanselmann + +djbdns-1.05-r20.ebuild: + Drop several patches patches, DJBDNS_PATCH_DIR can be used instead. General + cleanup. + + 03 Dec 2006; Markus Rothe djbdns-1.05-r19.ebuild: + Stable on ppc64 + + 19 Nov 2006; Michael Hanselmann + djbdns-1.05-r19.ebuild: + Stable on hppa, ppc, sparc, x86. + + 13 Oct 2006; Michael Hanselmann + -djbdns-1.05-r18.ebuild: + Remove old ebuild + +*djbdns-1.05-r19 (30 Sep 2006) + + 29 Sep 2006; Michael Hanselmann + +djbdns-1.05-r19.ebuild: + Add fwdonly patch (bug 148326) and fix user creation (bug 148225). + +*djbdns-1.05-r18 (30 Aug 2006) + + 30 Aug 2006; Michael Hanselmann + +djbdns-1.05-r18.ebuild: + Add quoting to variables, add support for DJBDNS_PATCH_DIR. + + 30 Jun 2006; Robin H. Johnson djbdns-1.05-r17.ebuild: + Clean up unpack/patch process. + + 30 Apr 2006; Michael Hanselmann + -djbdns-1.05-r14.ebuild, -djbdns-1.05-r16.ebuild: + Removed old ebuilds. + + 29 Apr 2006; djbdns-1.05-r17.ebuild: + Stable on alpha and amd64 wrt Bug #131487. + + 29 Apr 2006; Michael Hanselmann + djbdns-1.05-r17.ebuild: + Stable on mips. + + 27 Apr 2006; Alec Warner Manifest: + Fixing SHA256 digest, pass four + + 27 Apr 2006; Brent Baude djbdns-1.05-r17.ebuild: + Marking djbdns-1.05-r17 ppc64 stable per hansmi and bug 131487 + + 27 Apr 2006; Michael Hanselmann + djbdns-1.05-r17.ebuild: + Stable on hppa, ppc, sparc, x86. + + 26 Apr 2006; Michael Hanselmann + +files/dnstracesort.patch, djbdns-1.05-r17.ebuild: + Minor patch to fix the call syntax of "sort", bug 131355. + + 30 Mar 2006; Michael Hanselmann + -djbdns-1.05-r15.ebuild: + Removed old ebuild. + + 25 Mar 2006; Sven Wegener djbdns-1.05-r17.ebuild: + Don't modify MAKEOPTS, pass -j1 directly. + + 12 Mar 2006; Michael Hanselmann + djbdns-1.05-r17.ebuild: + Fixed LDFLAGS, gcc settings and more. See bug 125925. + + 20 Feb 2006; Markus Rothe djbdns-1.05-r16.ebuild: + Stable on ppc64 + + 06 Feb 2006; Aron Griffis djbdns-1.05-r16.ebuild: + Mark 1.05-r16 stable on alpha + +*djbdns-1.05-r17 (21 Jan 2006) + + 21 Jan 2006; Michael Hanselmann + +files/djbdns-setup-r17, metadata.xml, djbdns-1.05-r16.ebuild, + +djbdns-1.05-r17.ebuild: + Added patches for multiple data files (multidata, datadir), replaced useq + with use, updated djbdns-setup (bug 118371). Stable on hppa, mips, ppc, + sparc. Put myself as maintainer. + + 31 Dec 2005; Diego Pettenò djbdns-1.05-r14.ebuild: + Change /bin/false to -1 in enewuser call. + + 05 Nov 2005; Diego Pettenò metadata.xml: + Give up maintainership of this, I don't use it anymore. + +*djbdns-1.05-r16 (09 Sep 2005) + + 09 Sep 2005; Diego Pettenò + +djbdns-1.05-r16.ebuild: + Updated ipv6 patch to test23. + + 07 Aug 2005; Michael Hanselmann + djbdns-1.05-r14.ebuild: + Stable on ppc. + + 28 Jul 2005; Seemant Kulleen -djbdns-1.05-r3.ebuild, + -djbdns-1.05-r7.ebuild, -djbdns-1.05-r8.ebuild, -djbdns-1.05-r9.ebuild, + -djbdns-1.05-r10.ebuild, -djbdns-1.05-r11.ebuild, -djbdns-1.05-r12.ebuild, + -djbdns-1.05-r13.ebuild: + remove cruft ebuilds + +*djbdns-1.05-r15 (21 Jun 2005) + + 21 Jun 2005; Diego Pettenò metadata.xml, + +djbdns-1.05-r15.ebuild: + Updated to patch test22 from fefe for IPv6 support, thanks to Kalin + Kozhuharov in bug #96660. + + 18 Jun 2005; Jason Wever djbdns-1.05-r14.ebuild: + Stable on SPARC. + + 17 May 2005; Jan Brinkmann djbdns-1.05-r14.ebuild: + stable on amd64 + + 13 May 2005; Bryan Østergaard djbdns-1.05-r14.ebuild: + Stable on alpha. + + 11 May 2005; Aaron Walker djbdns-1.05-r14.ebuild: + Stable on x86 for bug 90782. + + 06 May 2005; Michael Hanselmann + djbdns-1.05-r14.ebuild: + Added to ~ppc. + + 13 Apr 2005; Aaron Walker djbdns-1.05-r14.ebuild: + Use enewuser instead of useradd. Thanks to Diego in bug 84689. + + 20 Mar 2005; Michael Hanselmann + djbdns-1.05-r14.ebuild: + Added to ~hppa. + + 03 Mar 2005; Ciaran McCreesh djbdns-1.05-r14.ebuild: + Dependency update: sys-apps/daemontools -> sys-process/daemontools. + + 03 Mar 2005; Ciaran McCreesh djbdns-1.05-r9.ebuild: + Dependency update: sys-apps/daemontools -> sys-process/daemontools. + + 03 Mar 2005; Ciaran McCreesh djbdns-1.05-r11.ebuild: + Dependency update: sys-apps/daemontools -> sys-process/daemontools. + + 03 Mar 2005; Ciaran McCreesh djbdns-1.05-r12.ebuild: + Dependency update: sys-apps/daemontools -> sys-process/daemontools. + + 03 Mar 2005; Ciaran McCreesh djbdns-1.05-r13.ebuild: + Dependency update: sys-apps/daemontools -> sys-process/daemontools. + + 03 Mar 2005; Ciaran McCreesh djbdns-1.05-r10.ebuild: + Dependency update: sys-apps/daemontools -> sys-process/daemontools. + + 03 Mar 2005; Ciaran McCreesh djbdns-1.05-r8.ebuild: + Dependency update: sys-apps/daemontools -> sys-process/daemontools. + + 03 Mar 2005; Ciaran McCreesh djbdns-1.05-r7.ebuild: + Dependency update: sys-apps/daemontools -> sys-process/daemontools. + + 03 Mar 2005; Ciaran McCreesh djbdns-1.05-r3.ebuild: + Dependency update: sys-apps/daemontools -> sys-process/daemontools. + + 06 Feb 2005; Joshua Kinard djbdns-1.05-r14.ebuild: + Marked stable on mips. + + 26 Jan 2005; petre rodan djbdns-1.05-r10.ebuild, + djbdns-1.05-r11.ebuild, djbdns-1.05-r12.ebuild, djbdns-1.05-r13.ebuild, + djbdns-1.05-r14.ebuild, djbdns-1.05-r3.ebuild, djbdns-1.05-r7.ebuild, + djbdns-1.05-r8.ebuild, djbdns-1.05-r9.ebuild: + added selinux RDEPEND + + 09 Jan 2005; Sven Wegener djbdns-1.05-r3.ebuild: + Added missing parentheses in SRC_URI/*DEPEND/LICENSE. + + 24 Nov 2004; Sven Wegener : + Added a lot of missing digest entries. + +*djbdns-1.05-r14 (01 Nov 2004) + + 01 Nov 2004; Bryan Østergaard djbdns-1.05-r14.ebuild: + ~alpha keyword. + + 07 Oct 2004; Jared Hudson : In reponse to bug #66645, + I have updated the patch for dnsroots to include the 2nd root server IP + change that ICANN has made since djbdns-1.05's original release. + + 05 Oct 2004; Jason Wever djbdns-1.05-r13.ebuild: + Added ~sparc keyword. + + 18 Sep 2004; Jason Wever djbdns-1.05-r12.ebuild: + Stable on sparc. + + 04 Sep 2004; Michael Hanselmann : + Fixed digests for 1.05-r12 and 1.05-r13. + + 29 Aug 2004; Tom Gall djbdns-1.05-r13.ebuild: + stable on ppc64, bug #61744 + + 23 Aug 2003; Jared Hudson : Fixed adduser bug in + tinydns-setup (was adding dnscache user when it should have beeb adding + tinydns user) Thanks to Ng, Wey-Han under bug #57214 + for the tip. + + 22 Aug 2004; Jason Wever djbdns-1.05-r12.ebuild: + Added ~sparc keyword. + + 12 Aug 2004; Tom Martin djbdns-1.05-r13.ebuild: + Marked ~amd64, resolves bug 58273. Thanks to Rupert Eve + for reporting. + + 01 Jul 2004; Jeremy Huddleston + djbdns-1.05-r3.ebuild: + virtual/glibc -> virtual/libc + +*djbdns-1.05-r13 (23 Jun 2004) + + 23 Jun 2004; Jared Hudson djbdns-1.05-r12.ebuild, + +djbdns-1.05-r13.ebuild: + Bumped ipv6 patch which now included ipv6arpa support. I also marked -r12 as + stable now. Thanks goes to Georgi Georgiev under bug #53948 + for the bump. + + 09 Jun 2004; Aron Griffis djbdns-1.05-r10.ebuild, + djbdns-1.05-r11.ebuild, djbdns-1.05-r3.ebuild, djbdns-1.05-r7.ebuild, + djbdns-1.05-r8.ebuild, djbdns-1.05-r9.ebuild: + Fix use invocation + +*djbdns-1.05-r12 (06 Jun 2004) + + 06 Jun 2004; Danny van Dyk djbdns-1.05-r12.ebuild: + Marked ~amd64. + +*djbdns-1.05-12 (23 May 2004) + + 23 May 2004; Jared Hudson : Added 4 new use flags: doc + (adds dependency for djbdns-man), aliaschain (enables a patch to change the + CNAME handling behavior of tinydns and axfrdns), semanticfix (enables a + patch to increase the semantic handling of tinydns-data), and cnamefix + (enables a patch to change the way dnscache handles CNAME records). For more + information on the latter 3 patches please visit: + http://homepages.tesco.net./~J.deBoynePollard/FGA/djbdns-problems.html + In addition, if you include ipv6 support via the ipv6 use flag dnstrace + will be compiled without ipv6 support now, since it was broken with it + before. Also, a new setup script has been added, called djbdns-setup. This + script can be used instead of dnscache-setup and tinydns-setup. This script + was added by Kalin KOZHUHAROV under bug #50795. + Also, tinydns-setup is patched if the fwdzone useflag/patch is added + because this patch changes the behavior of tinydns and the old tinydns-setup + did not work properly with it. Other fixes and patch suggestions come from + bug #19375, 20880, 34446, and 49578. Thanks goes to Nick Palmer + , Thilo Bangert , + Hannes Just , and Georgi Georgiev + + +*djbdns-1.05-r11 (02 May 2004) + + 02 May 2004; Jared Hudson : + Added a patch and useflag to allow djbdns bind to multiple IPs per bug #48750 + thanks to der Ritter + +*djbdns-1.05-r10 (02 May 2004) + + 02 May 2004; Jared Hudson : + Added ipv6arpa use flag and patch to enable ipv6 arpa support per bug + #49581 thanks to Georgi Georgiev . + +*djbdns-1.05-r9 (09 Apr 2004) + + 09 Apr 2004; Joshua Kinard djbdns-1.05-r9.ebuild: + Marked stable on mips. + + 27 Mar 2004; Jared Hudson : + fwdzone and roundrobin local use flags added to enable their respective + patches. ipv6 will not work with roundrobin and fwdzone currently because the + only patch we have for that combines all three. The problem with this is that + fwdzone and roundrobin do not work together according to bug #31238. Due to this + we are now using the original ipv6 patch when applicable. + + 16 Nov 2003; Markus Nigbur djbdns-1.05-r8.ebuild, + files/headtail.patch: + Coreutils Fix. Thanks to Marc in #33625. + + 07 Nov 2003; Ciaran McCreesh djbdns-1.05-r8.ebuild: + Moved to stable on sparc as -r3 has compile issues on sparc (thanks to + aCrackOtter in #gentoo-sparc) + + 16 Aug 2003; Tavis Ormandy djbdns-1.05-r8.ebuild: + Stable on alpha + + 24 May 2003; Jared Hudson : Added MAKEOPTS="-j1" to + all djbdns ebuilds due to SMP compile problems when -j set higher than 1 + Bug ID: #18291 + +*djbdns-1.05-r8 (9 May 2003) + + 09 May 2003; Guy Martin : + Added installation of dnsip6 and dnsip6q. Fix #20690. + +*djbdns-1.05-r7 (26 Feb 2003) + + 26 Feb 2003; Mike Frysinger : + errno fix for #16396 (#16267). + +*djbdns-1.05-r6 (12 Feb 2003) + + 18 Feb 2003; djbdns-1.05-r6.ebuild files/digest-djbdns-1.05-r6 : + regenerated the ipv6 patch, thanks to Azarah in bug #15613 + + 13 Feb 2003; Seemant Kulleen djbdns-1.05-r6.ebuild files/digest-djbdns-1.05-r6 : + changed ipv6 patch to actually apply and also using eutils to perform the patch action + + 12 Feb 2003; Arcady Genkin : + Added the round-robin patch for dnscache. + +*djbdns-1.05-r5 (17 Nov 2002) + + 04 Feb 2003; Joachim Blaabjerg djbdns-1.05-r5.ebuild : + + Bumped to stable x86, as it fixes ipv6. Fixes bug #8236 for stable users. + + 02 Jan 2002; Martin Holzer files/dnscache-setup : + Changed Line 130 FOWARDONLY into FORWARDONLY. Closes #13108. + + 17 Nov 2002; Jared Hudson files/ipv6-fix.diff, + files/djbdns-1.05-fwd-ipv6.diff : Fixed Bug #8236 & 8236. Added static + keyword to ebuild and changed ipv6 patch to work with the forwarding patch + added in -r4. + + 20 Oct 2002; Maik Schreiber djbdns-1.05-r3.ebuild, + djbdns-1.05-r4.ebuild: Cleaned up ebuilds. Also removed removal of + djbdns users, since this can break your djbdns setup when updating. + + 19 Oct 2002; Jared Hudson djbdns-1.05-r4.ebuild: + changed KEYWORDS to use ~arch for all supported architectures. This is to + last until after the freeze. + +*djbdns-1.05-r4 (18 Oct 2002) + + 18 Oct 2002; Jared Hudson : Added a patch to enable + using dnscache to perform resolution or forwarding according to the query + zone. This was in response to bug #9154. Credit goes to Stefano Scipioni. + + 10 Sep 2002; Daniel Robbins : djbdns-1.05-r3: fixed unpack() + and made the ipv6 patch dependent upon the setting of the ipv6 USE variable. No + rev bump. This closes bug #7236. + +*djbdns-1.05-r3 (12 Jul 2002) + + 12 Jul 2002; Grant Goodyear ChangeLog : Added ipv6 + patch if ipv6 in USE; thanks to Sascha Silbe for pointing out this patch + +*djbdns-1.05-r2 (13 May 2002) + + 12 May 2002; Thilo Bangert .ebuild : + + added LICENSE, added setup scripts (by banger@gentoo.org and gontran@gontran.net) + removed old setup scripts + + 7 May 2002; Thilo Bangert .ebuild : + + added automatic creation of users + + +*djbdns-1.05-r1 (1 Mar 2002) + + 1 Mar 2002; Grant Goodyear ChangeLog : + + Made ebuild a bit more modern and ditched init script since that's + what daemontools is for. + +*djbdns-1.05 (1 Feb 2002) + + 1 Feb 2002; G.Bevin ChangeLog : + + Added initial ChangeLog which should be updated whenever the package is + updated in any way. This changelog is targetted to users. This means that the + comments should well explained and written in clean English. The details about + writing correct changelogs are explained in the skel.ChangeLog file which you + can find in the root directory of the portage repository. diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest new file mode 100644 index 0000000..2444061 --- /dev/null +++ b/net-dns/djbdns/Manifest @@ -0,0 +1,33 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +AUX 1.05-errno.patch 238 SHA256 40e01efac08e95bf87b46e2d86378b0a60c234c64080b7f42039178ac6de61af SHA512 a4d58f88933bf567e6b23ed519c6605ed9f7be7f517062b47efb2a073bbac86e1753f4c359f35505777d8ab1259120ac3ff97d8c1c037ff379b144fd47730903 WHIRLPOOL 0f4ab6f25ec21c0da8b7b2fb5fa1be2f3b57027067b5a83f5bf95508b3a0242a8cd31e115f24ba01efe129755d993f7b9c91cbc4d2a4a71629be8cbc5b7502b1 +AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch 10049 SHA256 56c7db6c5bed3200e1f6e4995018c96158085f2f7169c7b148c7c034ddff8111 SHA512 b6eb87ca334abdcff4f5159fb80cc28150f3cc1e0d20cf6a7aa13dacfdc3ad00d250e035bb3294b691d6b5edd8c76365f5c13e1bf322a070c36c7a0960683761 WHIRLPOOL a67d154f213648602fcc2f85dd69cdae7dae1fab93884347fd5454f292ba59f58901b4b0fb5e5ab04f1111273efcce4bfa4a879945ae26abfadaf3195cc9948d +AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch 9914 SHA256 b5e030e96ed98d96d36c39e3466e04d98d39c5f1c7e94254ea3da5e99381eed6 SHA512 cbec128b021a341c68906289ca02d3a7fe088c8b3835f2ae3dbb581ad6520712eb344d66e11bb82368dbca2e93e46facd4e10d121fc091099b3a7bfd5e6d081e WHIRLPOOL eafd062004f19a21026be48512b13c627b86dd3f101e00fc15837005a1b2d70a9d92547881974cb1cfdb3fb8a819eea73c1fefa6d2dafacf635a9e98acf9ad4e +AUX CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch 3043 SHA256 0e6312ab8408d98bc3e6d1b1cddc36f51a5cd092db14bd3f84a8f47d08070c27 SHA512 f830bfd2fabd4d9b4e2649bcc4061d656d4645b93829415d070b26c6a22e8e17d941666b8e776947bf9a8ef93007f77d8be57fc9911dcc6dc2b7ac607d556ba0 WHIRLPOOL 0cca02943cf7eb95f5d33863144f5c9500bdb5c9928416cf043accf91461bc4baa31dc34b3a320a8a72ca3adcb79806d92e5c81343b719706d2242c825df05f7 +AUX CVE2008-4392_0002-dnscache-cache-soa-records.patch 2944 SHA256 1cd7b848305646d3015d8f2817acdced65894b8ab6e9dacb02077acebc50841b SHA512 f65ca7dfc8e85f469f22d72a1c79126c35243dc077abf4b688eb7d057f19456dc8a3665f558a8a3c1908f96fa1838792aa1bc317d2e89f4953020828c05926e6 WHIRLPOOL 1c7edee4de746283d53517bbcac7936ed69276865e7d78f4d7b2aa6175b534e474005cc3cf2fc85bc956508a6583a527fec5a68221b47c38922b356ae40fb69b +AUX CVE2009-0858_0001-check-response-domain-name-length.patch 366 SHA256 8ca8bd81fa6fb17576f11de9e97a582f0c30d7f5c6e797defa41a98d33770e33 SHA512 aa5fe75be9db07b25e313145a209a06a05693141c1dd850987e80062e22014056e3055efee4d219475c9a51f25c04a7a46b3d7a2fb3976226e66585cef076f83 WHIRLPOOL 53e607ed9023a16bb96c132b2c237bca542c0d78fdd36c109ba808ca8f3c24f872d8fac48d10c7b7992fc5fa40f7495f64fc96430898a19aacf2a1f0795eebe7 +AUX djbdns-setup 10881 SHA256 33c64d8341ea868e124e7fe0da6a8f9ba6fc799a79584e002a82c572921ed5e4 SHA512 119dd08a5cac0cd2d35ebeb0fd165eb68b3176eb670bbd4bccbb9034a128d74cf431bb3be4ddd648fb125d7d6db3e30911b46559fc1645a0ffd2d872288e2e63 WHIRLPOOL d3af75b2ec2c4fa8abaa5c08c06f1027d7d326ee11b09f712293966c44236c02eafb27774fe8d57180428bff5c7013c6cca119aa9e4bd5bb8e9cc6710ba8a2bf +AUX djbdns-setup-r17 10881 SHA256 33c64d8341ea868e124e7fe0da6a8f9ba6fc799a79584e002a82c572921ed5e4 SHA512 119dd08a5cac0cd2d35ebeb0fd165eb68b3176eb670bbd4bccbb9034a128d74cf431bb3be4ddd648fb125d7d6db3e30911b46559fc1645a0ffd2d872288e2e63 WHIRLPOOL d3af75b2ec2c4fa8abaa5c08c06f1027d7d326ee11b09f712293966c44236c02eafb27774fe8d57180428bff5c7013c6cca119aa9e4bd5bb8e9cc6710ba8a2bf +AUX dnscache-setup 6013 SHA256 dcf78d102db9b6407a7886f01b830a5509724ce4540068444ef4f0e5cf9ea6e2 SHA512 613a06da2a97d3d5dc43f9a57808752edd459bf3f9146a93b807f19cb1e84816b226ec1a4c5726334ba5a29c88702aac11f1d5832d833e2fb5f2dde1b10c5de5 WHIRLPOOL ea83edec3636ea5c8a29d3adc7c9e9f41abc820f577d65f54d64db5ac671d5601ffdc9e637fbde446519b4696106bfa8e4b7046cd267ae723bf751e31d84b348 +AUX dnsroots.patch 356 SHA256 94e3e8fe9fee39729ec8c8f314ab2adaf7d8e1f48957da888ab990411ba2a3bb SHA512 4f4784012a0be0e89d58245597d67ddc7621feb59146d8614c5625c5fadf63b5caf87664be39855ed0ecb13b0051b39e9920c8c5f6968cdcfa2fbee6fc6ff8f7 WHIRLPOOL 100a1a571f6f837bdab84c8575284222f3383fec4993472abd8b1c33de52dfa6488d50c468717aab19aeacbc935aeee1f8fe6f17820cea680f16962d23dc829e +AUX dnstracesort.patch 327 SHA256 f1d83e1365f68571fa4e007d5219720f8d65eb3730040a087fceb0ce2d8806bf SHA512 ae9cd51f24041aed135b5ba88d1efd0310b8095bccd6fb60a986756b460a4f98a93e163c3ddae7c146d56a9d41778d17449f772b91fdc58d9e69523cf6c2a6e9 WHIRLPOOL 4006c47b039623c8bba8718716a442a3d2dc1705936f83cd1556e4b49cc3de0dc7c6e828e908130bc7584809f551fac68f12f466e21cefd666076db8e63d4399 +AUX headtail.patch 1780 SHA256 28ebe521132fe35559273b6542505ab4f0bb7b7ccb88585522e4cc2fe8376dd4 SHA512 0f2625d59f432983ea5c94952957bb08da42ad36dc4c50e0d33ccfe8059f5605650dbb8c22a058b9bd1d75e7032ea5f9ca319a0a2ce5496b1b2129bf9d3f4bdc WHIRLPOOL 400af928a07688b9569e0a71098bdbb18d788c26e8225f4f037ac87cde87f0deb0c8f4f5d9326f4777abca395e8434fc57466df46fe6e3911ba3402e0b5b3ce3 +AUX makefile-parallel.patch 2182 SHA256 cec0762d0f3a1469b854bcfc0af6bb42b5bf2d81b623dcfa7c7e9bf516f28fec SHA512 82dbddb67160e4bc38c223cfa6f5377dfa3b79aed24bf7c8a6e429766885b400c31c0ee2e0391ef1561a3d0dc935e999b291d792e10acc96c1f4d32ddc95ac74 WHIRLPOOL 55935e24af2fd5b3adcd43e7ae7fb13a9679984c28f652fa34356cbca10356584a065f299bd2c77f14f238ae50a93b8ff515711b493bf2d425c8a179b9417a5f +AUX string_length_255.patch 299 SHA256 c9b8d0065cfe6d4a9ad460c31c2a75bcce17bfb8001f4448e3464dea07524401 SHA512 b451d23e1a45636dfae7cf69c64e3edde6b655bc0c7407586429e0d8282f17ef6215c6c33a6d238115c39d34fa57fa7699a7a10f146344c677fde10c0e207ac3 WHIRLPOOL 123bdee78c90909936a9af779925cb1da37b83a30e84cad7516f1ca8cf47d9a6445ec39103eb076dc834ec65976004f8bf9aabe63dfffd9604e1b70907c4bcb6 +AUX tinydns-setup 3212 SHA256 2d4e144e5408793f1d5ffa23abc510a04e449a6306965c1a35fb8956a419696f SHA512 87dd97cd84f7d2515fb9c28921c9860ee92d41048ea0b32c904166b8799cfa828cb77161701b1dbb6af8de2c23df9e36de251a90900ce00fe12c439917dffe1c WHIRLPOOL 77c373f001d8ed742663e2d8dd62b5697a61b5debe6c38720ab64b09d63338fdeee08caa89992dbac0ac676b45fb3fbbe193da453114a659282a4f119d8f0c23 +DIST djbdns-1.05-test23.diff.bz2 18480 SHA256 e702f47b4a4c77fe5cec474a8219a072cfaaee07282650b7e0dd322ed82e8f33 SHA512 a19e9af9096b97f7b73eca55bdb9bbd9df66bdef052da8323b1e7d5de5a83565f5e9f78b16552c837ad9e9edca899af9a0e6a1ab7f3f23a4ecb89400b87113c8 WHIRLPOOL d4863044e268f5a59f0c114caec4c3735497d49a13cd298e0447475db321141e868bbcd29b3004df12217f74421a026c720ec8615a233f505263752d5b759d65 +DIST djbdns-1.05.tar.gz 85648 SHA256 3ccd826a02f3cde39be088e1fc6aed9fd57756b8f970de5dc99fcd2d92536b48 SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9 WHIRLPOOL 0fb67d19fcbf1cf21debcedfd3456d9cb9160079631ae1995e94aa9db3969ae02927f215ee8a5f03b34a6523cb9e3abebabf23e08e95eb1efdb626eb8b10312f +EBUILD djbdns-1.05-r23.ebuild 3703 SHA256 4539f67a49585bc5ebaa98a849baabfaff06e9dd650477bac64a796d6a572725 SHA512 e75edc07e901cd2cd1259432c08b21f101a755d671b8b0944fb70841ffc7e3e0c420be0ddfd313804e3ca9e584551d7ae7b68afbabacf3806ca6c25599f803fc WHIRLPOOL 2b5adf979a220edfa369cb846003b1265d59b60bcd4fc3f76ea5ca456f5638993aae9aa4bf017de3625307696add64a693153dba35ef154e3452ec8c2fe9d856 +EBUILD djbdns-1.05-r24.ebuild 3897 SHA256 78aa49099b9dfba18955c51729a5b4147be8e6842ea9757b157c206308aaf7a6 SHA512 cf223a6547e53e527a0061dc7e43b68c56204028f1b2ef42616610a29befb3b1ca123e551f4d755a5c8638da03be9aac9271292c86290ec7c6a58dcee29ba90d WHIRLPOOL 8ac922798be3f8196e397c5c9872c53709ba3943d9d152ddc7aa18ec0a30dfa3f5362bc94baa6e035d0d80f4629acca3c3f82f7feac182d2304347f8d71c8588 +EBUILD djbdns-1.05-r25.ebuild 3968 SHA256 722adde1193eef660795c8fc07d8c619e5006985c4566028a1ceec2d199760f9 SHA512 047fde7dd835d1ef6617bc3d2de807cbb70b03f3c7d167636365ee5c1a633db6fede8b313bfa0beb4dac523c603aeffed5e99c1543cadf3a601e669d1c5db4c7 WHIRLPOOL 9a65d3522e0bdac6c38d63ffb063d0abb0cf4e96c00ed3487fc0640d82f7e8f21691c9ae0843634200f97a16fa9475a41db651baaa7e37132fef557683284307 +EBUILD djbdns-1.05-r26.ebuild 3961 SHA256 80630b561baa77dbf96cc61b3f2eb1c027765e5d47c324434760adfc5f4cd572 SHA512 24e6e144537011324fbeacaafd27e2698d61bd6d68f0644cd56e6909b5297ee92f4f592c8e9cfd81198e7d7285b2de7dd188d2b376a6235b7dd8b45436b826b4 WHIRLPOOL 68afe576c37866e845d9febb38f38c12da6509a1252b9f8d34f4ead91068b0505160163987d7b3244aa5b7c11b25918191478bc9f652c452a8b40d2e774f8331 +MISC ChangeLog 21873 SHA256 c2460ba4583420ef924c8299f2db7ebabfb585691d82780cb70ec559c621d907 SHA512 c245a4c12d1d53ddc081af07f893d3ba1cc23402783e010bf688a8ad42dbd2f2734105ba7859f99cdd752344f1cad83181a471409e7710e10752eab77dba4cad WHIRLPOOL 4e132e355e92c0d16cbd353eef707fd242ce7c3152641bb9c818431ac18bc430a91dabf3ea64231c294f5bd4a4aa7984f67bebe6659576736a3fd33f516012f2 +MISC metadata.xml 324 SHA256 cd10dc67d53c2ee12423ca358e6b04188c4ae85c1ed945fef040da26bc01dcad SHA512 d1ec3bdca7d807a1a762d75d78f004e9c147115cde7def97e25fc62710b246e894cdf9b09605a5cb64012ba3882bc86bb5c49a5304557dbf8ae96f2959fffa5a WHIRLPOOL 9bd29cca54cd3558b6de8c36bc1836ed583ef9a719d13f41b3c43dc2e1f84f0ac8896d0ad815ee22062478c3c57de48ade4d49dfddc1ef5b1b87367e0cf758ed +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.19 (GNU/Linux) + +iEYEAREIAAYFAlGrJY0ACgkQCaWpQKGI+9R3RQCfbIP42Rz/z6y9wuOxHTt/L9Gi +NNEAnieEm8eZTxZEkeYwxpgoTxXRD7Ig +=6LrU +-----END PGP SIGNATURE----- diff --git a/net-dns/djbdns/djbdns-1.05-r23.ebuild b/net-dns/djbdns/djbdns-1.05-r23.ebuild new file mode 100644 index 0000000..9786792 --- /dev/null +++ b/net-dns/djbdns/djbdns-1.05-r23.ebuild @@ -0,0 +1,131 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/djbdns-1.05-r23.ebuild,v 1.11 2013/01/05 23:03:04 pinkbyte Exp $ + +IUSE="doc ipv6 selinux static" + +inherit eutils flag-o-matic toolchain-funcs user + +DESCRIPTION="Excellent high-performance DNS services" +HOMEPAGE="http://cr.yp.to/djbdns.html" +IPV6_PATCH="test23" + +SRC_URI=" + http://cr.yp.to/djbdns/${P}.tar.gz + ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 ) +" + +SLOT="0" +LICENSE="public-domain" +KEYWORDS="alpha amd64 hppa ~mips ppc ppc64 sparc x86" + +RDEPEND=" + virtual/daemontools + sys-apps/ucspi-tcp + doc? ( app-doc/djbdns-man ) + selinux? ( sec-policy/selinux-djbdns ) +" + +src_unpack() { + unpack "${P}.tar.gz" + cd "${S}" + + echo + elog 'Several patches have been dropped from this djbdns ebuild revision.' + elog 'Please use the DJBDNS_PATCH_DIR variable to specify a directory' + elog 'of custom patches.' + elog + elog 'Some of them can be found at http://tinydns.org/ or' + elog 'http://homepage.ntlworld.com/jonathan.deboynepollard/Softwares/djbdns/' + elog + + epatch \ + "${FILESDIR}/headtail.patch" \ + "${FILESDIR}/dnsroots.patch" \ + "${FILESDIR}/dnstracesort.patch" + + # Fix CVE2009-0858 + epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" + + if use ipv6; then + elog "At present dnstrace does NOT support IPv6. It will"\ + "be compiled without IPv6 support." + cp -pR "${S}" "${S}-noipv6" + # Careful -- >=test21 of the IPv6 patch includes the errno patch + epatch "${DISTDIR}/${P}-${IPV6_PATCH}.diff.bz2" + + # Fix CVE2008-4392 + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" + + cd "${S}-noipv6" + fi + + # Fix CVE2008-4392 + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch" + + epatch "${FILESDIR}/${PV}-errno.patch" + + if [[ -n "${DJBDNS_PATCH_DIR}" && -d "${DJBDNS_PATCH_DIR}" ]] + then + echo + ewarn "You enabled custom patches from ${DJBDNS_PATCH_DIR}." + ewarn "Be warned that you won't get any support when using " + ewarn "this feature. You're on your own from now!" + echo + ebeep + cd "${S}" && epatch "${DJBDNS_PATCH_DIR}/"* + fi +} + +src_compile() { + use static && append-ldflags -static + echo "$(tc-getCC) ${CFLAGS}" > conf-cc + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld + echo "/usr" > conf-home + emake -j1 || die "emake failed" + + # If djbdns is compiled with IPv6 support, it breaks dnstrace. + # Therefore we must compile dnstrace separately without IPv6 + # support. + if use ipv6; then + elog "Compiling dnstrace without ipv6 support" + cd "${S}-noipv6" + echo "$(tc-getCC) ${CFLAGS}" > conf-cc + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld + echo "/usr" > conf-home + emake -j1 dnstrace || die "emake failed" + fi +} + +src_install() { + insinto /etc + doins dnsroots.global + + into /usr + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \ + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \ + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort + + use ipv6 && dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace" + + dodoc CHANGES FILES README SYSDEPS TARGETS TODO VERSION + + dobin "${FILESDIR}/dnscache-setup" || die + dobin "${FILESDIR}/tinydns-setup" || die + dobin "${FILESDIR}/djbdns-setup" || die +} + +pkg_setup() { + # The nofiles group is provided by baselayout + enewuser dnscache -1 -1 -1 nofiles + enewuser dnslog -1 -1 -1 nofiles + enewuser tinydns -1 -1 -1 nofiles +} + +pkg_postinst() { + elog "Use dnscache-setup & tinydns-setup or djbdns-setup to configure djbdns." +} diff --git a/net-dns/djbdns/djbdns-1.05-r24.ebuild b/net-dns/djbdns/djbdns-1.05-r24.ebuild new file mode 100644 index 0000000..87eefe0 --- /dev/null +++ b/net-dns/djbdns/djbdns-1.05-r24.ebuild @@ -0,0 +1,133 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/djbdns-1.05-r24.ebuild,v 1.7 2013/01/05 23:03:04 pinkbyte Exp $ + +EAPI="2" +inherit eutils flag-o-matic toolchain-funcs user + +DESCRIPTION="Excellent high-performance DNS services" +HOMEPAGE="http://cr.yp.to/djbdns.html" +IPV6_PATCH="test23" + +SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz + ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )" + +SLOT="0" +LICENSE="public-domain" +KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc ipv6 selinux static" + +DEPEND="" +RDEPEND="${DEPEND} + virtual/daemontools + sys-apps/ucspi-tcp + doc? ( app-doc/djbdns-man ) + selinux? ( sec-policy/selinux-djbdns ) +" + +src_prepare() { + echo + elog 'Several patches have been dropped from this djbdns ebuild revision.' + elog 'Please use the DJBDNS_PATCH_DIR variable to specify a directory' + elog 'of custom patches.' + elog + elog 'Some of them can be found at http://tinydns.org/ or' + elog 'http://homepage.ntlworld.com/jonathan.deboynepollard/Softwares/djbdns/' + elog + + epatch \ + "${FILESDIR}/headtail.patch" \ + "${FILESDIR}/dnsroots.patch" \ + "${FILESDIR}/dnstracesort.patch" \ + "${FILESDIR}/string_length_255.patch" + + # Fix CVE2009-0858 + epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" + + if use ipv6; then + elog "At present dnstrace does NOT support IPv6. It will"\ + "be compiled without IPv6 support." + cp -pR "${S}" "${S}-noipv6" + # Careful -- >=test21 of the IPv6 patch includes the errno patch + epatch "${DISTDIR}/${P}-${IPV6_PATCH}.diff.bz2" + + # Fix CVE2008-4392 + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \ + "${FILESDIR}/makefile-parallel.patch" + + cd "${S}-noipv6" + fi + + # Fix CVE2008-4392 + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch" + + epatch "${FILESDIR}/${PV}-errno.patch" + + if [[ -n "${DJBDNS_PATCH_DIR}" && -d "${DJBDNS_PATCH_DIR}" ]] + then + echo + ewarn "You enabled custom patches from ${DJBDNS_PATCH_DIR}." + ewarn "Be warned that you won't get any support when using " + ewarn "this feature. You're on your own from now!" + echo + ebeep + cd "${S}" && epatch "${DJBDNS_PATCH_DIR}/"* + fi +} + +src_compile() { + use static && append-ldflags -static + echo "$(tc-getCC) ${CFLAGS}" > conf-cc + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld + echo "/usr" > conf-home + #emake -j1 || die "emake failed" + emake || die "emake failed" + + # If djbdns is compiled with IPv6 support, it breaks dnstrace. + # Therefore we must compile dnstrace separately without IPv6 + # support. + if use ipv6; then + elog "Compiling dnstrace without ipv6 support" + cd "${S}-noipv6" + echo "$(tc-getCC) ${CFLAGS}" > conf-cc + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld + echo "/usr" > conf-home + #emake -j1 dnstrace || die "emake failed" + emake dnstrace || die "emake failed" + fi +} + +src_install() { + insinto /etc + doins dnsroots.global || die + + into /usr + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \ + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \ + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort || die + + if use ipv6; then + dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace" || die + fi + + dodoc CHANGES FILES README SYSDEPS TARGETS TODO VERSION || die + + dobin "${FILESDIR}/dnscache-setup" || die + dobin "${FILESDIR}/tinydns-setup" || die + dobin "${FILESDIR}/djbdns-setup" || die +} + +pkg_preinst() { + # The nofiles group is provided by baselayout + enewuser dnscache -1 -1 -1 nofiles + enewuser dnslog -1 -1 -1 nofiles + enewuser tinydns -1 -1 -1 nofiles +} + +pkg_postinst() { + elog "Use dnscache-setup & tinydns-setup or djbdns-setup to configure djbdns." +} diff --git a/net-dns/djbdns/djbdns-1.05-r25.ebuild b/net-dns/djbdns/djbdns-1.05-r25.ebuild new file mode 100644 index 0000000..cb32c96 --- /dev/null +++ b/net-dns/djbdns/djbdns-1.05-r25.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/djbdns-1.05-r25.ebuild,v 1.4 2013/01/05 23:03:04 pinkbyte Exp $ + +EAPI="2" +inherit eutils flag-o-matic toolchain-funcs user + +DESCRIPTION="Excellent high-performance DNS services" +HOMEPAGE="http://cr.yp.to/djbdns.html" +IPV6_PATCH="test23" + +SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz + ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )" + +SLOT="0" +LICENSE="public-domain" +KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc ipv6 selinux static" + +DEPEND="" +RDEPEND="${DEPEND} + virtual/daemontools + sys-apps/ucspi-tcp + doc? ( app-doc/djbdns-man ) + selinux? ( sec-policy/selinux-djbdns ) +" + +src_prepare() { + echo + elog 'Several patches have been dropped from this djbdns ebuild revision.' + elog 'Please use the DJBDNS_PATCH_DIR variable to specify a directory' + elog 'of custom patches.' + elog + elog 'Some of them can be found at http://tinydns.org/ or' + elog 'http://homepage.ntlworld.com/jonathan.deboynepollard/Softwares/djbdns/' + elog + + epatch \ + "${FILESDIR}/headtail.patch" \ + "${FILESDIR}/dnsroots.patch" \ + "${FILESDIR}/dnstracesort.patch" \ + "${FILESDIR}/string_length_255.patch" + + # Fix CVE2009-0858 + epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" + + if use ipv6; then + elog "At present dnstrace does NOT support IPv6. It will"\ + "be compiled without IPv6 support." + cp -pR "${S}" "${S}-noipv6" + # Careful -- >=test21 of the IPv6 patch includes the errno patch + epatch "${DISTDIR}/${P}-${IPV6_PATCH}.diff.bz2" + + # Fix CVE2008-4392 + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \ + "${FILESDIR}/makefile-parallel.patch" + + cd "${S}-noipv6" + fi + + # Fix CVE2008-4392 + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch" + + epatch "${FILESDIR}/${PV}-errno.patch" + + if [[ -n "${DJBDNS_PATCH_DIR}" && -d "${DJBDNS_PATCH_DIR}" ]] + then + echo + ewarn "You enabled custom patches from ${DJBDNS_PATCH_DIR}." + ewarn "Be warned that you won't get any support when using " + ewarn "this feature. You're on your own from now!" + echo + ebeep + cd "${S}" && epatch "${DJBDNS_PATCH_DIR}/"* + fi +} + +src_compile() { + use static && append-ldflags -static + echo "$(tc-getCC) ${CFLAGS}" > conf-cc + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld + echo "/usr" > conf-home + #emake -j1 || die "emake failed" + emake || die "emake failed" + + # If djbdns is compiled with IPv6 support, it breaks dnstrace. + # Therefore we must compile dnstrace separately without IPv6 + # support. + if use ipv6; then + elog "Compiling dnstrace without ipv6 support" + cd "${S}-noipv6" + echo "$(tc-getCC) ${CFLAGS}" > conf-cc + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld + echo "/usr" > conf-home + #emake -j1 dnstrace || die "emake failed" + emake dnstrace || die "emake failed" + fi +} + +src_install() { + insinto /etc + doins dnsroots.global || die + + into /usr + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \ + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \ + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort || die + + if use ipv6; then + dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace" || die + fi + + dodoc CHANGES FILES README SYSDEPS TARGETS TODO VERSION || die + + dobin "${FILESDIR}/dnscache-setup" || die + dobin "${FILESDIR}/tinydns-setup" || die + dobin "${FILESDIR}/djbdns-setup" || die +} + +pkg_preinst() { + # The nofiles group is no longer provided by baselayout. + # Share it with qmail if possible. + enewgroup nofiles 200 + + enewuser dnscache -1 -1 -1 nofiles + enewuser dnslog -1 -1 -1 nofiles + enewuser tinydns -1 -1 -1 nofiles +} + +pkg_postinst() { + elog "Use dnscache-setup & tinydns-setup or djbdns-setup to configure djbdns." +} diff --git a/net-dns/djbdns/djbdns-1.05-r26.ebuild b/net-dns/djbdns/djbdns-1.05-r26.ebuild new file mode 100644 index 0000000..85a4158 --- /dev/null +++ b/net-dns/djbdns/djbdns-1.05-r26.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/djbdns-1.05-r26.ebuild,v 1.8 2013/01/05 23:03:04 pinkbyte Exp $ + +EAPI="2" +inherit eutils flag-o-matic toolchain-funcs user + +DESCRIPTION="Excellent high-performance DNS services" +HOMEPAGE="http://cr.yp.to/djbdns.html" +IPV6_PATCH="test23" + +SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz + ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )" + +SLOT="0" +LICENSE="public-domain" +KEYWORDS="alpha amd64 hppa ~mips ppc ppc64 sparc x86" +IUSE="doc ipv6 selinux static" + +DEPEND="" +RDEPEND="${DEPEND} + virtual/daemontools + sys-apps/ucspi-tcp + doc? ( app-doc/djbdns-man ) + selinux? ( sec-policy/selinux-djbdns ) +" + +src_prepare() { + echo + elog 'Several patches have been dropped from this djbdns ebuild revision.' + elog 'Please use the DJBDNS_PATCH_DIR variable to specify a directory' + elog 'of custom patches.' + elog + elog 'Some of them can be found at http://tinydns.org/ or' + elog 'http://homepage.ntlworld.com/jonathan.deboynepollard/Softwares/djbdns/' + elog + + epatch \ + "${FILESDIR}/headtail.patch" \ + "${FILESDIR}/dnsroots.patch" \ + "${FILESDIR}/dnstracesort.patch" \ + "${FILESDIR}/string_length_255.patch" + + # Fix CVE2009-0858 + epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" + + if use ipv6; then + elog "At present dnstrace does NOT support IPv6. It will"\ + "be compiled without IPv6 support." + cp -pR "${S}" "${S}-noipv6" + # Careful -- >=test21 of the IPv6 patch includes the errno patch + epatch "${DISTDIR}/${P}-${IPV6_PATCH}.diff.bz2" + + # Fix CVE2008-4392 + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \ + "${FILESDIR}/makefile-parallel.patch" + + cd "${S}-noipv6" + fi + + # Fix CVE2008-4392 + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch" + + epatch "${FILESDIR}/${PV}-errno.patch" + + if [[ -n "${DJBDNS_PATCH_DIR}" && -d "${DJBDNS_PATCH_DIR}" ]] + then + echo + ewarn "You enabled custom patches from ${DJBDNS_PATCH_DIR}." + ewarn "Be warned that you won't get any support when using " + ewarn "this feature. You're on your own from now!" + echo + ebeep + cd "${S}" && epatch "${DJBDNS_PATCH_DIR}/"* + fi +} + +src_compile() { + use static && append-ldflags -static + echo "$(tc-getCC) ${CFLAGS}" > conf-cc + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld + echo "/usr" > conf-home + #emake -j1 || die "emake failed" + emake || die "emake failed" + + # If djbdns is compiled with IPv6 support, it breaks dnstrace. + # Therefore we must compile dnstrace separately without IPv6 + # support. + if use ipv6; then + elog "Compiling dnstrace without ipv6 support" + cd "${S}-noipv6" + echo "$(tc-getCC) ${CFLAGS}" > conf-cc + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld + echo "/usr" > conf-home + #emake -j1 dnstrace || die "emake failed" + emake dnstrace || die "emake failed" + fi +} + +src_install() { + insinto /etc + doins dnsroots.global || die + + into /usr + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \ + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \ + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort || die + + if use ipv6; then + dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace" || die + fi + + dodoc CHANGES FILES README SYSDEPS TARGETS TODO VERSION || die + + dobin "${FILESDIR}/dnscache-setup" || die + dobin "${FILESDIR}/tinydns-setup" || die + dobin "${FILESDIR}/djbdns-setup" || die +} + +pkg_preinst() { + # The nofiles group is no longer provided by baselayout. + # Share it with qmail if possible. + enewgroup nofiles 200 + + enewuser dnscache -1 -1 -1 nofiles + enewuser dnslog -1 -1 -1 nofiles + enewuser tinydns -1 -1 -1 nofiles +} + +pkg_postinst() { + elog "Use dnscache-setup & tinydns-setup or djbdns-setup to configure djbdns." +} diff --git a/net-dns/djbdns/files/1.05-errno.patch b/net-dns/djbdns/files/1.05-errno.patch new file mode 100644 index 0000000..b4650b1 --- /dev/null +++ b/net-dns/djbdns/files/1.05-errno.patch @@ -0,0 +1,11 @@ +--- error.h 2001-02-11 15:11:45.000000000 -0600 ++++ error.h 2003-02-26 02:10:21.000000000 -0600 +@@ -1,7 +1,7 @@ + #ifndef ERROR_H + #define ERROR_H + +-extern int errno; ++#include + + extern int error_intr; + extern int error_nomem; diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch new file mode 100644 index 0000000..86baac8 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch @@ -0,0 +1,337 @@ +diff -urNp a/Makefile b/Makefile +--- a/Makefile 2009-03-19 11:01:40.782348427 -0700 ++++ b/Makefile 2009-03-19 11:05:27.659346849 -0700 +@@ -342,11 +342,11 @@ stralloc.h iopause.h taia.h tai.h uint64 + ./compile dns_txt.c + + dnscache: \ +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \ ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \ + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \ + libtai.a unix.a byte.a socket.lib + ./load dnscache droproot.o okclient.o log.o cache.o \ +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \ ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \ + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \ + socket.lib` + +@@ -367,7 +367,7 @@ compile dnscache.c env.h exit.h scan.h s + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \ + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \ + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \ +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h + ./compile dnscache.c + + dnsfilter: \ +@@ -745,11 +745,16 @@ qlog.o: \ + compile qlog.c buffer.h qlog.h uint16.h + ./compile qlog.c + ++qmerge.o: \ ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \ ++taia.h tai.h uint64.h log.h maxclient.h ++ ./compile qmerge.c ++ + query.o: \ + compile query.c error.h roots.h log.h uint64.h case.h cache.h \ + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \ + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \ +-response.h uint32.h query.h dns.h uint32.h ++response.h uint32.h query.h dns.h uint32.h qmerge.h + ./compile query.c + + random-ip: \ +diff -urNp a/dnscache.c b/dnscache.c +--- a/dnscache.c 2009-03-19 11:01:40.786597556 -0700 ++++ b/dnscache.c 2009-03-19 11:05:27.675225701 -0700 +@@ -23,6 +23,7 @@ + #include "log.h" + #include "okclient.h" + #include "droproot.h" ++#include "maxclient.h" + + long interface; + +@@ -59,7 +60,6 @@ uint64 numqueries = 0; + + static int udp53; + +-#define MAXUDP 200 + static struct udpclient { + struct query q; + struct taia start; +@@ -136,7 +136,6 @@ void u_new(void) + + static int tcp53; + +-#define MAXTCP 20 + struct tcpclient { + struct query q; + struct taia start; +diff -urNp a/log.c b/log.c +--- a/log.c 2009-03-19 11:01:40.791597427 -0700 ++++ b/log.c 2009-03-19 11:05:27.676224153 -0700 +@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qty + line(); + } + ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control) ++{ ++ string("txpb "); ++ logtype(qtype); space(); name(q); space(); name(control); ++ line(); ++} ++ + void log_cachedanswer(const char *q,const char type[2]) + { + string("cached "); logtype(type); space(); +diff -urNp a/log.h b/log.h +--- a/log.h 2001-02-11 13:11:45.000000000 -0800 ++++ b/log.h 2009-03-19 11:05:27.676224153 -0700 +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const cha + extern void log_cachedns(const char *,const char *); + + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); ++extern void log_tx_piggyback(const char *,const char *,const char *); + + extern void log_nxdomain(const char *,const char *,unsigned int); + extern void log_nodata(const char *,const char *,const char *,unsigned int); +diff -urNp a/maxclient.h b/maxclient.h +--- a/maxclient.h 1969-12-31 16:00:00.000000000 -0800 ++++ b/maxclient.h 2009-03-19 11:05:27.676224153 -0700 +@@ -0,0 +1,7 @@ ++#ifndef MAXCLIENT_H ++#define MAXCLIENT_H ++ ++#define MAXUDP 200 ++#define MAXTCP 20 ++ ++#endif /* MAXCLIENT_H */ +diff -urNp a/qmerge.c b/qmerge.c +--- a/qmerge.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/qmerge.c 2009-03-19 11:05:27.677221627 -0700 +@@ -0,0 +1,115 @@ ++#include "qmerge.h" ++#include "byte.h" ++#include "log.h" ++#include "maxclient.h" ++ ++#define QMERGE_MAX (MAXUDP+MAXTCP) ++struct qmerge inprogress[QMERGE_MAX]; ++ ++static ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2], ++ const char *control) ++{ ++ if (!dns_domain_copy(&qmk->q, q)) return 0; ++ byte_copy(qmk->qtype, 2, qtype); ++ if (!dns_domain_copy(&qmk->control, control)) return 0; ++ return 1; ++} ++ ++static ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b) ++{ ++ return ++ byte_equal(a->qtype, 2, b->qtype) && ++ dns_domain_equal(a->q, b->q) && ++ dns_domain_equal(a->control, b->control); ++} ++ ++static ++void qmerge_key_free(struct qmerge_key *qmk) ++{ ++ dns_domain_free(&qmk->q); ++ dns_domain_free(&qmk->control); ++} ++ ++void qmerge_free(struct qmerge **x) ++{ ++ struct qmerge *qm; ++ ++ qm = *x; ++ *x = 0; ++ if (!qm || !qm->active) return; ++ ++ qm->active--; ++ if (!qm->active) { ++ qmerge_key_free(&qm->key); ++ dns_transmit_free(&qm->dt); ++ } ++} ++ ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive, ++ const char *q, const char qtype[2], const char localip[4], ++ const char *control) ++{ ++ struct qmerge_key k; ++ int i; ++ int r; ++ ++ qmerge_free(qm); ++ ++ byte_zero(&k, sizeof k); ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1; ++ for (i = 0; i < QMERGE_MAX; i++) { ++ if (!inprogress[i].active) continue; ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue; ++ log_tx_piggyback(q, qtype, control); ++ inprogress[i].active++; ++ *qm = &inprogress[i]; ++ qmerge_key_free(&k); ++ return 0; ++ } ++ ++ for (i = 0; i < QMERGE_MAX; i++) ++ if (!inprogress[i].active) ++ break; ++ if (i == QMERGE_MAX) return -1; ++ ++ log_tx(q, qtype, control, servers, 0); ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip); ++ if (r == -1) { qmerge_key_free(&k); return -1; } ++ inprogress[i].active++; ++ inprogress[i].state = 0; ++ qmerge_key_free(&inprogress[i].key); ++ byte_copy(&inprogress[i].key, sizeof k, &k); ++ *qm = &inprogress[i]; ++ return 0; ++} ++ ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline) ++{ ++ if (qm->state == 0) { ++ dns_transmit_io(&qm->dt, io, deadline); ++ qm->state = 1; ++ } ++ else { ++ io->fd = -1; ++ io->events = 0; ++ } ++} ++ ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when) ++{ ++ int r; ++ struct qmerge *qm; ++ ++ qm = *x; ++ if (qm->state == -1) return -1; /* previous error */ ++ if (qm->state == 0) return 0; /* no packet */ ++ if (qm->state == 2) return 1; /* already got packet */ ++ ++ r = dns_transmit_get(&qm->dt, io, when); ++ if (r == -1) { qm->state = -1; return -1; } /* error */ ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */ ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */ ++ return -1; /* bug */ ++} +diff -urNp a/qmerge.h b/qmerge.h +--- a/qmerge.h 1969-12-31 16:00:00.000000000 -0800 ++++ b/qmerge.h 2009-03-19 11:05:27.678227481 -0700 +@@ -0,0 +1,24 @@ ++#ifndef QMERGE_H ++#define QMERGE_H ++ ++#include "dns.h" ++ ++struct qmerge_key { ++ char *q; ++ char qtype[2]; ++ char *control; ++}; ++ ++struct qmerge { ++ int active; ++ struct qmerge_key key; ++ struct dns_transmit dt; ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */ ++}; ++ ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *); ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *); ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *); ++extern void qmerge_free(struct qmerge **); ++ ++#endif /* QMERGE_H */ +diff -urNp a/query.c b/query.c +--- a/query.c 2009-03-19 11:01:40.792597346 -0700 ++++ b/query.c 2009-03-19 11:24:43.152221609 -0700 +@@ -84,7 +84,7 @@ static void cleanup(struct query *z) + int j; + int k; + +- dns_transmit_free(&z->dt); ++ qmerge_free(&z->qm); + for (j = 0;j < QUERY_MAXALIAS;++j) + dns_domain_free(&z->alias[j]); + for (j = 0;j < QUERY_MAXLEVEL;++j) { +@@ -619,14 +619,8 @@ static int doit(struct query *z,int stat + if (j == 256) goto SERVFAIL; + + dns_sortip6(z->servers[z->level],256); +- if (z->level) { +- log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level); +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE; +- } +- else { +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0); +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE; +- } ++ dtype = z->level ? DNS_T_A : z->type; ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE; + return 0; + + +@@ -640,10 +634,10 @@ static int doit(struct query *z,int stat + + HAVEPACKET: + if (++z->loop == 100) goto DIE; +- buf = z->dt.packet; +- len = z->dt.packetlen; ++ buf = z->qm->dt.packet; ++ len = z->qm->dt.packetlen; + +- whichserver = z->dt.servers + 16 * z->dt.curserver; ++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver; + control = z->control[z->level]; + d = z->name[z->level]; + dtype = z->level ? DNS_T_A : z->type; +@@ -1050,7 +1044,7 @@ int query_start(struct query *z,char *dn + + int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + { +- switch(dns_transmit_get(&z->dt,x,stamp)) { ++ switch(qmerge_get(&z->qm,x,stamp)) { + case 1: + return doit(z,1); + case -1: +@@ -1061,5 +1055,5 @@ int query_get(struct query *z,iopause_fd + + void query_io(struct query *z,iopause_fd *x,struct taia *deadline) + { +- dns_transmit_io(&z->dt,x,deadline); ++ qmerge_io(z->qm,x,deadline); + } +diff -urNp a/query.h b/query.h +--- a/query.h 2009-03-19 11:01:40.793597403 -0700 ++++ b/query.h 2009-03-19 11:05:27.681222487 -0700 +@@ -1,7 +1,7 @@ + #ifndef QUERY_H + #define QUERY_H + +-#include "dns.h" ++#include "qmerge.h" + #include "uint32.h" + + #define QUERY_MAXLEVEL 5 +@@ -21,7 +21,7 @@ struct query { + uint32 scope_id; + char type[2]; + char class[2]; +- struct dns_transmit dt; ++ struct qmerge *qm; + } ; + + extern int query_start(struct query *,char *,char *,char *,char *,unsigned int); diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch new file mode 100644 index 0000000..a0391ff --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch @@ -0,0 +1,349 @@ +diff --git a/Makefile b/Makefile +index 1429643..bc047c0 100644 +--- a/Makefile ++++ b/Makefile +@@ -318,11 +318,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h + ./compile dns_txt.c + + dnscache: \ +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \ ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \ + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \ + libtai.a unix.a byte.a socket.lib + ./load dnscache droproot.o okclient.o log.o cache.o \ +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \ ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \ + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \ + socket.lib` + +@@ -343,7 +343,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \ + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \ + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \ + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \ +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h + ./compile dnscache.c + + dnsfilter: \ +@@ -687,11 +687,16 @@ qlog.o: \ + compile qlog.c buffer.h qlog.h uint16.h + ./compile qlog.c + ++qmerge.o: \ ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \ ++taia.h tai.h uint64.h log.h maxclient.h ++ ./compile qmerge.c ++ + query.o: \ + compile query.c error.h roots.h log.h uint64.h case.h cache.h \ + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \ + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \ +-response.h uint32.h query.h dns.h uint32.h ++response.h uint32.h query.h dns.h uint32.h qmerge.h + ./compile query.c + + random-ip: \ +diff --git a/dnscache.c b/dnscache.c +index 8c899a3..5ccb16a 100644 +--- a/dnscache.c ++++ b/dnscache.c +@@ -22,6 +22,7 @@ + #include "log.h" + #include "okclient.h" + #include "droproot.h" ++#include "maxclient.h" + + static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2]) + { +@@ -54,7 +55,6 @@ uint64 numqueries = 0; + + static int udp53; + +-#define MAXUDP 200 + static struct udpclient { + struct query q; + struct taia start; +@@ -131,7 +131,6 @@ void u_new(void) + + static int tcp53; + +-#define MAXTCP 20 + struct tcpclient { + struct query q; + struct taia start; +diff --git a/log.c b/log.c +index c43e8b0..b8cd7ce 100644 +--- a/log.c ++++ b/log.c +@@ -150,6 +150,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser + line(); + } + ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control) ++{ ++ string("txpb "); ++ logtype(qtype); space(); name(q); space(); name(control); ++ line(); ++} ++ + void log_cachedanswer(const char *q,const char type[2]) + { + string("cached "); logtype(type); space(); +diff --git a/log.h b/log.h +index fe62fa3..d9a829b 100644 +--- a/log.h ++++ b/log.h +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *); + extern void log_cachedns(const char *,const char *); + + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); ++extern void log_tx_piggyback(const char *,const char *,const char *); + + extern void log_nxdomain(const char *,const char *,unsigned int); + extern void log_nodata(const char *,const char *,const char *,unsigned int); +diff --git a/maxclient.h b/maxclient.h +new file mode 100644 +index 0000000..e52fcd1 +--- /dev/null ++++ b/maxclient.h +@@ -0,0 +1,7 @@ ++#ifndef MAXCLIENT_H ++#define MAXCLIENT_H ++ ++#define MAXUDP 200 ++#define MAXTCP 20 ++ ++#endif /* MAXCLIENT_H */ +diff --git a/qmerge.c b/qmerge.c +new file mode 100644 +index 0000000..7c92299 +--- /dev/null ++++ b/qmerge.c +@@ -0,0 +1,115 @@ ++#include "qmerge.h" ++#include "byte.h" ++#include "log.h" ++#include "maxclient.h" ++ ++#define QMERGE_MAX (MAXUDP+MAXTCP) ++struct qmerge inprogress[QMERGE_MAX]; ++ ++static ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2], ++ const char *control) ++{ ++ if (!dns_domain_copy(&qmk->q, q)) return 0; ++ byte_copy(qmk->qtype, 2, qtype); ++ if (!dns_domain_copy(&qmk->control, control)) return 0; ++ return 1; ++} ++ ++static ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b) ++{ ++ return ++ byte_equal(a->qtype, 2, b->qtype) && ++ dns_domain_equal(a->q, b->q) && ++ dns_domain_equal(a->control, b->control); ++} ++ ++static ++void qmerge_key_free(struct qmerge_key *qmk) ++{ ++ dns_domain_free(&qmk->q); ++ dns_domain_free(&qmk->control); ++} ++ ++void qmerge_free(struct qmerge **x) ++{ ++ struct qmerge *qm; ++ ++ qm = *x; ++ *x = 0; ++ if (!qm || !qm->active) return; ++ ++ qm->active--; ++ if (!qm->active) { ++ qmerge_key_free(&qm->key); ++ dns_transmit_free(&qm->dt); ++ } ++} ++ ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive, ++ const char *q, const char qtype[2], const char localip[4], ++ const char *control) ++{ ++ struct qmerge_key k; ++ int i; ++ int r; ++ ++ qmerge_free(qm); ++ ++ byte_zero(&k, sizeof k); ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1; ++ for (i = 0; i < QMERGE_MAX; i++) { ++ if (!inprogress[i].active) continue; ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue; ++ log_tx_piggyback(q, qtype, control); ++ inprogress[i].active++; ++ *qm = &inprogress[i]; ++ qmerge_key_free(&k); ++ return 0; ++ } ++ ++ for (i = 0; i < QMERGE_MAX; i++) ++ if (!inprogress[i].active) ++ break; ++ if (i == QMERGE_MAX) return -1; ++ ++ log_tx(q, qtype, control, servers, 0); ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip); ++ if (r == -1) { qmerge_key_free(&k); return -1; } ++ inprogress[i].active++; ++ inprogress[i].state = 0; ++ qmerge_key_free(&inprogress[i].key); ++ byte_copy(&inprogress[i].key, sizeof k, &k); ++ *qm = &inprogress[i]; ++ return 0; ++} ++ ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline) ++{ ++ if (qm->state == 0) { ++ dns_transmit_io(&qm->dt, io, deadline); ++ qm->state = 1; ++ } ++ else { ++ io->fd = -1; ++ io->events = 0; ++ } ++} ++ ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when) ++{ ++ int r; ++ struct qmerge *qm; ++ ++ qm = *x; ++ if (qm->state == -1) return -1; /* previous error */ ++ if (qm->state == 0) return 0; /* no packet */ ++ if (qm->state == 2) return 1; /* already got packet */ ++ ++ r = dns_transmit_get(&qm->dt, io, when); ++ if (r == -1) { qm->state = -1; return -1; } /* error */ ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */ ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */ ++ return -1; /* bug */ ++} +diff --git a/qmerge.h b/qmerge.h +new file mode 100644 +index 0000000..9a58157 +--- /dev/null ++++ b/qmerge.h +@@ -0,0 +1,24 @@ ++#ifndef QMERGE_H ++#define QMERGE_H ++ ++#include "dns.h" ++ ++struct qmerge_key { ++ char *q; ++ char qtype[2]; ++ char *control; ++}; ++ ++struct qmerge { ++ int active; ++ struct qmerge_key key; ++ struct dns_transmit dt; ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */ ++}; ++ ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *); ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *); ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *); ++extern void qmerge_free(struct qmerge **); ++ ++#endif /* QMERGE_H */ +diff --git a/query.c b/query.c +index 46cdc00..f091fdd 100644 +--- a/query.c ++++ b/query.c +@@ -81,7 +81,7 @@ static void cleanup(struct query *z) + int j; + int k; + +- dns_transmit_free(&z->dt); ++ qmerge_free(&z->qm); + for (j = 0;j < QUERY_MAXALIAS;++j) + dns_domain_free(&z->alias[j]); + for (j = 0;j < QUERY_MAXLEVEL;++j) { +@@ -429,14 +429,8 @@ static int doit(struct query *z,int state) + if (j == 64) goto SERVFAIL; + + dns_sortip(z->servers[z->level],64); +- if (z->level) { +- log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level); +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE; +- } +- else { +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0); +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE; +- } ++ dtype = z->level ? DNS_T_A : z->type; ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE; + return 0; + + +@@ -450,10 +444,10 @@ static int doit(struct query *z,int state) + + HAVEPACKET: + if (++z->loop == 100) goto DIE; +- buf = z->dt.packet; +- len = z->dt.packetlen; ++ buf = z->qm->dt.packet; ++ len = z->qm->dt.packetlen; + +- whichserver = z->dt.servers + 4 * z->dt.curserver; ++ whichserver = z->qm->dt.servers + 4 * z->qm->dt.curserver; + control = z->control[z->level]; + d = z->name[z->level]; + dtype = z->level ? DNS_T_A : z->type; +@@ -836,7 +830,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip + + int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + { +- switch(dns_transmit_get(&z->dt,x,stamp)) { ++ switch(qmerge_get(&z->qm,x,stamp)) { + case 1: + return doit(z,1); + case -1: +@@ -847,5 +841,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + + void query_io(struct query *z,iopause_fd *x,struct taia *deadline) + { +- dns_transmit_io(&z->dt,x,deadline); ++ qmerge_io(z->qm,x,deadline); + } +diff --git a/query.h b/query.h +index eff68b2..06feab4 100644 +--- a/query.h ++++ b/query.h +@@ -1,7 +1,7 @@ + #ifndef QUERY_H + #define QUERY_H + +-#include "dns.h" ++#include "qmerge.h" + #include "uint32.h" + + #define QUERY_MAXLEVEL 5 +@@ -20,7 +20,7 @@ struct query { + char localip[4]; + char type[2]; + char class[2]; +- struct dns_transmit dt; ++ struct qmerge *qm; + } ; + + extern int query_start(struct query *,char *,char *,char *,char *); diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch new file mode 100644 index 0000000..d5b9c10 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch @@ -0,0 +1,68 @@ +diff -urNp a/query.c b/query.c +--- a/query.c 2009-03-19 11:35:28.452472164 -0700 ++++ b/query.c 2009-03-19 11:59:19.798221593 -0700 +@@ -476,6 +476,29 @@ static int doit(struct query *z,int stat + } + } + ++ if (typematch(DNS_T_SOA,dtype)) { ++ byte_copy(key,2,DNS_T_SOA); ++ cached = cache_get(key,dlen + 2,&cachedlen,&ttl); ++ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { ++ log_cachedanswer(d,DNS_T_SOA); ++ if (!rqa(z)) goto DIE; ++ pos = 0; ++ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) { ++ pos = dns_packet_getname(cached,cachedlen,pos,&t2); ++ if (!pos) break; ++ pos = dns_packet_getname(cached,cachedlen,pos,&t3); ++ if (!pos) break; ++ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE; ++ if (!response_addname(t2)) goto DIE; ++ if (!response_addname(t3)) goto DIE; ++ if (!response_addbytes(misc,20)) goto DIE; ++ response_rfinish(RESPONSE_ANSWER); ++ } ++ cleanup(z); ++ return 1; ++ } ++ } ++ + if (typematch(DNS_T_A,dtype)) { + byte_copy(key,2,DNS_T_A); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); +@@ -541,7 +564,7 @@ static int doit(struct query *z,int stat + } + } + +- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_AAAA,dtype)) { ++ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype) && !typematch(DNS_T_AAAA,dtype)) { + byte_copy(key,2,dtype); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); + if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { +@@ -769,15 +792,24 @@ static int doit(struct query *z,int stat + else if (byte_equal(type,2,DNS_T_AXFR)) + ; + else if (byte_equal(type,2,DNS_T_SOA)) { ++ int non_authority = 0; ++ save_start(); + while (i < j) { + pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE; + pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE; +- if (records[i] < posauthority) ++ if (records[i] < posauthority) { + log_rrsoa(whichserver,t1,t2,t3,misc,ttl); ++ save_data(misc,20); ++ save_data(t2,dns_domain_length(t2)); ++ save_data(t3,dns_domain_length(t3)); ++ non_authority++; ++ } + ++i; + } ++ if (non_authority) ++ save_finish(DNS_T_SOA,t1,ttl); + } + else if (byte_equal(type,2,DNS_T_CNAME)) { + pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE; diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch new file mode 100644 index 0000000..9230e75 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch @@ -0,0 +1,70 @@ +diff --git a/query.c b/query.c +index 46cdc00..4574e97 100644 +--- a/query.c ++++ b/query.c +@@ -319,6 +319,29 @@ static int doit(struct query *z,int state) + } + } + ++ if (typematch(DNS_T_SOA,dtype)) { ++ byte_copy(key,2,DNS_T_SOA); ++ cached = cache_get(key,dlen + 2,&cachedlen,&ttl); ++ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { ++ log_cachedanswer(d,DNS_T_SOA); ++ if (!rqa(z)) goto DIE; ++ pos = 0; ++ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) { ++ pos = dns_packet_getname(cached,cachedlen,pos,&t2); ++ if (!pos) break; ++ pos = dns_packet_getname(cached,cachedlen,pos,&t3); ++ if (!pos) break; ++ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE; ++ if (!response_addname(t2)) goto DIE; ++ if (!response_addname(t3)) goto DIE; ++ if (!response_addbytes(misc,20)) goto DIE; ++ response_rfinish(RESPONSE_ANSWER); ++ } ++ cleanup(z); ++ return 1; ++ } ++ } ++ + if (typematch(DNS_T_A,dtype)) { + byte_copy(key,2,DNS_T_A); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); +@@ -351,7 +374,7 @@ static int doit(struct query *z,int state) + } + } + +- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) { ++ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) { + byte_copy(key,2,dtype); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); + if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { +@@ -585,15 +608,24 @@ static int doit(struct query *z,int state) + else if (byte_equal(type,2,DNS_T_AXFR)) + ; + else if (byte_equal(type,2,DNS_T_SOA)) { ++ int non_authority = 0; ++ save_start(); + while (i < j) { + pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE; + pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE; +- if (records[i] < posauthority) ++ if (records[i] < posauthority) { + log_rrsoa(whichserver,t1,t2,t3,misc,ttl); ++ save_data(misc,20); ++ save_data(t2,dns_domain_length(t2)); ++ save_data(t3,dns_domain_length(t3)); ++ non_authority++; ++ } + ++i; + } ++ if (non_authority) ++ save_finish(DNS_T_SOA,t1,ttl); + } + else if (byte_equal(type,2,DNS_T_CNAME)) { + pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE; + diff --git a/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch b/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch new file mode 100644 index 0000000..23d8e9f --- /dev/null +++ b/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch @@ -0,0 +1,11 @@ +--- a/response.c ++++ b/response.c +@@ -34,7 +34,7 @@ int response_addname(const char *d) + uint16_pack_big(buf,49152 + name_ptr[i]); + return response_addbytes(buf,2); + } +- if (dlen <= 128) ++ if ((dlen <= 128) && (response_len < 16384)) + if (name_num < NAMES) { + byte_copy(name[name_num],dlen,d); + name_ptr[name_num] = response_len; diff --git a/net-dns/djbdns/files/djbdns-setup b/net-dns/djbdns/files/djbdns-setup new file mode 100644 index 0000000..ce82197 --- /dev/null +++ b/net-dns/djbdns/files/djbdns-setup @@ -0,0 +1,421 @@ +#!/bin/bash +# +# djbdns-setup +# +# Copyright (C) 2004-2006 Kalin KOZHUHAROV +# The latest version of this script can be accessed at: +# rsync://rsync.tar.bz/gentoo-portage-pkalin/net-dns/djbdns/files/djbdns-setup +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# http://www.gnu.org/copyleft/gpl.html +# + +# {{{ Rip off the ewarn code from /sbin/functions.sh +WARN=$'\e[33;01m' +NORMAL=$'\e[0m' +ewarn() { + echo -e " ${WARN}*${NORMAL} $*" + return 0 +} +# }}} + +# {{{ global vars +S_SEPARATOR="--------------------------------------------------------------------------------" +D_SEPARATOR="================================================================================" + +REQ_GROUP="nofiles" +REQ_USERS="tinydns dnscache dnslog" + +IPs[0]="" +IPs[1]="" +IPs[2]="" +dnscache=0 +tinydns=1 +axfrdns=2 + +# global vars }}} + +# {{{ functions +check_group_users() +{ + echo ": Checking for required group (${REQ_GROUP}) :" + grep ${REQ_GROUP} /etc/group &> /dev/null + if [ $? -ne 0 ] + then + ebegin "Adding group ${REQ_GROUP}" + /usr/sbin/groupadd ${REQ_GROUP} &>/dev/null && eend 0 || eend 1 + fi + + echo ": Checking for required users (${REQ_USERS}) :" + for user in ${REQ_USERS}; + do + grep ${user} /etc/passwd &> /dev/null + if [ $? -ne 0 ] + then + ebegin "Adding user ${user}" + /usr/sbin/useradd -d /dev/null -s /bin/false -g ${REQ_GROUP} ${user} &>/dev/null && eend 0 || eend 1 + fi + done + return 0 +} + +start_services() +{ + local services="$1" + + echo "${SEPARATOR}" + echo ": Start services :" + echo + echo " Your services (${services// /, }) are ready for startup!" + echo + ewarn " The following requires daemontools to be running!" + local answer="" + read -p " Would you like ${services// /, } to be started and supervised by daemontools now? [Y|n]> " answer + if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] + then + + ebegin "Checking if daemontools are running" + ps -A |grep svscanboot &>/dev/null && eend 0 || eend 1 + + ebegin "Linking services in /service" + # Don't make symbolic links to / ! + # use ../ instead as it gives trouble in chrooted environments + local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'` + for service in ${services}; + do + for ip in ${IPs[${service}]}; + do + ln -sf ${fixedroot_path}/${service}/${ip} /service/${service}_${ip} + done + done + + eend 0 + + echo + ls -l --color=auto /service/ + echo + ebegin "Waiting 5 seconds for services to start" + sleep 5 && eend 0 + + echo "${SEPARATOR}" + echo ": Check services status :" + echo + for service in ${services}; + do + for ip in ${IPs[${service}]}; + do + svstat /service/${service}_${ip} /service/${service}_${ip}/log + done + done + fi + return 0 +} + +tinydns_setup() +{ + return 0 +} + +axfrdns_setup() +{ + echo "${S_SEPARATOR}" + echo ": Grant access to axfrdns :" + echo + TCPRULES_DIR="${mypath}/axfrdns/${myip}/control" + echo " axfrdns is accessed by your secondary servers and when response cannot fit UDP packet" + echo " You have to specify which IP addresses are allowed to access it" + echo " in ${TCPRULES_DIR}/tcp.axfrdns" + echo + echo " Example:" + echo " 1.2.3.4 would allow the host 1.2.3.4" + echo " 1.2.3. would allow ALL hosts 1.2.3.x (like 1.2.3.4, 1.2.3.100, etc.)" + ewarn "Do NOT forget the trailing dot!" + echo + echo " Press Enter if you do not want to allow any access now." + echo + + sed -i -e "s#-x tcp.cdb#-x control/tcp.axfrdns.cdb#g" ${mypath}/axfrdns/${myip}/run + if [ -e ${TCPRULES_DIR}/tcp.axfrdns ] + then + ewarn "${TCPRULES_DIR}/tcp.axfrdns exists." + read -p " Do you want it cleared? [y|N]: " answer + if [ "${answer}" == "y" ] + then + echo '# sample line: 1.2.3.4:allow,AXFR="heaven.af.mil/3.2.1.in-addr.arpa"' > ${TCPRULES_DIR}/tcp.axfrdns + fi + fi + + read -p " IP to allow (press Enter to end)> " ipallow + + while [ "$ipallow" != "" ] + do + echo "${ipallow}:allow" >> ${TCPRULES_DIR}/tcp.axfrdns + read -p " IP to allow (press Enter to end)> " ipallow + done + echo ":deny" >> ${TCPRULES_DIR}/tcp.axfrdns + + echo " Here are the tcprules created so far:" + echo + cat ${TCPRULES_DIR}/tcp.axfrdns + echo + local answer="" + read -p " Would you like ${TCPRULES_DIR}/tcp.axfrdns.cdb updated? [Y|n]: " answer + if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] + then + ebegin "Updating ${TCPRULES_DIR}/tcp.axfrdns.cdb" + bash -c "cd ${TCPRULES_DIR} && make" && eend 0 || eend 1 + fi + return 0 +} + +dnscache_setup() +{ + echo ": Configure forwarding :" + echo + echo " dnscache can be configured to forward queries to another" + echo " DNS cache (such as the one your ISP provides) rather than" + echo " performing the lookups itself." + echo + echo " To enable this forwarding-only mode (usually a good idea)," + echo " provide the IPs of the caches to forward to." + echo " To have dnscache perform the lookups itself, just press Enter." + echo + read -p " forward-to IP> " myforward + echo + if [ "$myforward" != "" ] + then + echo $myforward > ${mypath}/dnscache/${myip}/root/servers/\@ + echo -n "1" > ${mypath}/dnscache/${myip}/env/FORWARDONLY + + read -p " forward-to IP (press Enter to end)> " myforward + while [ "$myforward" != "" ] + do + echo $myforward >> ${mypath}/dnscache/${myip}/root/servers/\@ + read -p " forward-to IP (press Enter to end)> " myforward + done + + echo + echo " Currently all queries will be forwarded to:" + echo + cat ${mypath}/dnscache/${myip}/root/servers/\@ + echo + fi + + echo "${SEPARATOR}" + echo ": Configuring clients :" + echo + echo " By default dnscache allows only localhost (127.0.0.1) to" + echo " access it. You have to specify the IP addresses of the" + echo " clients that shall be allowed to use it." + echo + echo " Example:" + echo " 1.2.3.4 would allow only one host: 1.2.3.4" + echo " 1.2.3 would allow all hosts 1.2.3.0/24 (e.g. 1.2.3.4, 1.2.3.100, etc.)" + echo + echo " Press Enter if you do NOT want to allow external clients!" + echo + + read -p " Allowed IP> " myclientip + + while [ "$myclientip" != "" ] + do + touch ${mypath}/dnscache/${myip}/root/ip/${myclientip} + read -p " Allowed IP (press Enter to end)> " myclientip + done + + echo + echo " All queries from the hosts below will be answered:" + echo + ls -1 ${mypath}/dnscache/${myip}/root/ip + echo + + #TODO + #configure cachsize - $mypath/env/CACHESIZE + + #TODO + #configure datalimit - $mypath/env/DATALIMIT + return 0 +} + +common_setup() +{ + local service_human="$1" + local service_machine="$2" + local services="$3" + + echo ": ${service_human} setup :" + echo + + for service in ${services}; + do + if [ ! -e ${mypath}/${service} ] + then + ebegin "Creating ${mypath}/${service}" + mkdir -p $mypath/${service} && eend 0 || eend 1 + fi + done + + echo "${SEPARATOR}" + echo ": IP address to bind to :" + echo + echo " Specify an address to which the ${service_human} should bind." + echo " Currently accessible IPs:" + local addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "` + echo " "$addrs + echo + + while [ "${myip}" == "" ] + do + read -p " IP to bind to> " myip + done + echo + + for service in ${services}; + do + IPs[${service}]="${IPs[${service}]} ${myip}" + done + + local dnscache_INSTALL="/usr/bin/dnscache-conf dnscache dnslog ${mypath}/dnscache/${myip} $myip" + local tinydns_INSTALL="/usr/bin/tinydns-conf tinydns dnslog ${mypath}/tinydns/${myip} $myip" + local axfrdns_INSTALL="\ + /usr/bin/axfrdns-conf tinydns dnslog ${mypath}/axfrdns/${myip} ${mypath}/tinydns/${myip} $myip &&\ + mkdir -p ${mypath}/axfrdns/${myip}/control &&\ + echo -e \"tcp.axfrdns.cdb:\ttcp.axfrdns\n\ttcprules tcp.axfrdns.cdb .tcp.axfrdns.cdb.tmp < tcp.axfrdns\" > ${mypath}/axfrdns/${myip}/control/Makefile &&\ + rm -f ${mypath}/axfrdns/${myip}/tcp ${mypath}/axfrdns/${myip}/Makefile" + + for service in ${services}; + do + if [ ! -e ${mypath}/${service}/${myip} ] + then + ebegin "Setting up ${service} in ${mypath}/${service}/${myip}" + eval command=\$${service}_INSTALL + /bin/bash -c "${command}" && eend 0 || eend 1 + else + ewarn "${service} directory ${mypath}/${service}/${myip} exists, nothing done." + fi + done + +} + +# functions }}} + +# {{{ main script + +if [ `id -u` -ne 0 ] +then + ewarn "You must be root to run this script, sorry." + exit 1 +else + + echo "${D_SEPARATOR}" + echo ": DJB DNS setup :" + echo + echo " This script will help you setup the following:" + echo + echo " DNS server(s): to publish addresses of Internet hosts" + echo + echo " DNS cache(s) : to find addresses of Internet hosts" + echo + echo " For further information see:" + echo " http://cr.yp.to/djbdns/blurb/overview.html" + echo + ewarn "If you have already setup your services," + ewarn "either exit now, or setup in different directories." + echo + + answer="" + read -p " Would you like to continue with setup? [Y|n]> " answer + if [ "${answer}" == "n" ] || [ "${answer}" == "N" ] + then + ewarn "Aborting setup" + exit 1 + fi + + echo "${D_SEPARATOR}" + echo ": Choose install location :" + echo + default_path="/var" + echo " The default (${default_path}) will install them" + echo " in ${default_path}/\${service}/\${IP_ADDRESS}" + echo + echo " For example:" + echo " /var/tinydns /1.2.3.4" + echo " /192.168.33.1" + echo " /axfrdns /1.2.3.4" + echo " /192.168.33.1" + echo " /dnscache/127.0.0.1" + echo + ewarn "Do NOT enter trailing slash" + echo " Where do you want services installed?" + read -p "[${default_path}] > " mypath + echo + + if [ "${mypath}" == "" ] + then + mypath=${default_path} + fi + + echo "${D_SEPARATOR}" + check_group_users + + answer="" + another="" + until [ "$answer" == "n" ] + do + echo "${D_SEPARATOR}" + answer="" + read -p " Would you like to setup ${another}dnscache? [Y|n]> " answer + if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] + then + myip="" + echo "${S_SEPARATOR}" + common_setup "DNS cache" "dnscache" "dnscache" + if [ $? == 0 ] + then + dnscache_setup + else + ewarn "Skipping dnscache specific setup." + fi + fi + another="another " + done + + answer="" + another="" + until [ "$answer" == "n" ] + do + echo "${D_SEPARATOR}" + answer="" + read -p " Would you like to setup ${another}DNS server? [Y|n]> " answer + if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] + then + myip="" + echo "${S_SEPARATOR}" + common_setup "DNS server" "{tinydns,afxrdns}" "tinydns axfrdns" + if [ $? == 0 ] + then + tinydns_setup + axfrdns_setup + else + ewarn "Skipping tinydns and axfrdns specific setup." + fi + fi + another="another " + done + + echo "${D_SEPARATOR}" + + start_services "tinydns axfrdns dnscache" + + echo "${D_SEPARATOR}" +fi +# main script }}} +# vim: set ts=4 fenc=utf-8 foldmethod=marker: diff --git a/net-dns/djbdns/files/djbdns-setup-r17 b/net-dns/djbdns/files/djbdns-setup-r17 new file mode 100644 index 0000000..ce82197 --- /dev/null +++ b/net-dns/djbdns/files/djbdns-setup-r17 @@ -0,0 +1,421 @@ +#!/bin/bash +# +# djbdns-setup +# +# Copyright (C) 2004-2006 Kalin KOZHUHAROV +# The latest version of this script can be accessed at: +# rsync://rsync.tar.bz/gentoo-portage-pkalin/net-dns/djbdns/files/djbdns-setup +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# http://www.gnu.org/copyleft/gpl.html +# + +# {{{ Rip off the ewarn code from /sbin/functions.sh +WARN=$'\e[33;01m' +NORMAL=$'\e[0m' +ewarn() { + echo -e " ${WARN}*${NORMAL} $*" + return 0 +} +# }}} + +# {{{ global vars +S_SEPARATOR="--------------------------------------------------------------------------------" +D_SEPARATOR="================================================================================" + +REQ_GROUP="nofiles" +REQ_USERS="tinydns dnscache dnslog" + +IPs[0]="" +IPs[1]="" +IPs[2]="" +dnscache=0 +tinydns=1 +axfrdns=2 + +# global vars }}} + +# {{{ functions +check_group_users() +{ + echo ": Checking for required group (${REQ_GROUP}) :" + grep ${REQ_GROUP} /etc/group &> /dev/null + if [ $? -ne 0 ] + then + ebegin "Adding group ${REQ_GROUP}" + /usr/sbin/groupadd ${REQ_GROUP} &>/dev/null && eend 0 || eend 1 + fi + + echo ": Checking for required users (${REQ_USERS}) :" + for user in ${REQ_USERS}; + do + grep ${user} /etc/passwd &> /dev/null + if [ $? -ne 0 ] + then + ebegin "Adding user ${user}" + /usr/sbin/useradd -d /dev/null -s /bin/false -g ${REQ_GROUP} ${user} &>/dev/null && eend 0 || eend 1 + fi + done + return 0 +} + +start_services() +{ + local services="$1" + + echo "${SEPARATOR}" + echo ": Start services :" + echo + echo " Your services (${services// /, }) are ready for startup!" + echo + ewarn " The following requires daemontools to be running!" + local answer="" + read -p " Would you like ${services// /, } to be started and supervised by daemontools now? [Y|n]> " answer + if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] + then + + ebegin "Checking if daemontools are running" + ps -A |grep svscanboot &>/dev/null && eend 0 || eend 1 + + ebegin "Linking services in /service" + # Don't make symbolic links to / ! + # use ../ instead as it gives trouble in chrooted environments + local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'` + for service in ${services}; + do + for ip in ${IPs[${service}]}; + do + ln -sf ${fixedroot_path}/${service}/${ip} /service/${service}_${ip} + done + done + + eend 0 + + echo + ls -l --color=auto /service/ + echo + ebegin "Waiting 5 seconds for services to start" + sleep 5 && eend 0 + + echo "${SEPARATOR}" + echo ": Check services status :" + echo + for service in ${services}; + do + for ip in ${IPs[${service}]}; + do + svstat /service/${service}_${ip} /service/${service}_${ip}/log + done + done + fi + return 0 +} + +tinydns_setup() +{ + return 0 +} + +axfrdns_setup() +{ + echo "${S_SEPARATOR}" + echo ": Grant access to axfrdns :" + echo + TCPRULES_DIR="${mypath}/axfrdns/${myip}/control" + echo " axfrdns is accessed by your secondary servers and when response cannot fit UDP packet" + echo " You have to specify which IP addresses are allowed to access it" + echo " in ${TCPRULES_DIR}/tcp.axfrdns" + echo + echo " Example:" + echo " 1.2.3.4 would allow the host 1.2.3.4" + echo " 1.2.3. would allow ALL hosts 1.2.3.x (like 1.2.3.4, 1.2.3.100, etc.)" + ewarn "Do NOT forget the trailing dot!" + echo + echo " Press Enter if you do not want to allow any access now." + echo + + sed -i -e "s#-x tcp.cdb#-x control/tcp.axfrdns.cdb#g" ${mypath}/axfrdns/${myip}/run + if [ -e ${TCPRULES_DIR}/tcp.axfrdns ] + then + ewarn "${TCPRULES_DIR}/tcp.axfrdns exists." + read -p " Do you want it cleared? [y|N]: " answer + if [ "${answer}" == "y" ] + then + echo '# sample line: 1.2.3.4:allow,AXFR="heaven.af.mil/3.2.1.in-addr.arpa"' > ${TCPRULES_DIR}/tcp.axfrdns + fi + fi + + read -p " IP to allow (press Enter to end)> " ipallow + + while [ "$ipallow" != "" ] + do + echo "${ipallow}:allow" >> ${TCPRULES_DIR}/tcp.axfrdns + read -p " IP to allow (press Enter to end)> " ipallow + done + echo ":deny" >> ${TCPRULES_DIR}/tcp.axfrdns + + echo " Here are the tcprules created so far:" + echo + cat ${TCPRULES_DIR}/tcp.axfrdns + echo + local answer="" + read -p " Would you like ${TCPRULES_DIR}/tcp.axfrdns.cdb updated? [Y|n]: " answer + if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] + then + ebegin "Updating ${TCPRULES_DIR}/tcp.axfrdns.cdb" + bash -c "cd ${TCPRULES_DIR} && make" && eend 0 || eend 1 + fi + return 0 +} + +dnscache_setup() +{ + echo ": Configure forwarding :" + echo + echo " dnscache can be configured to forward queries to another" + echo " DNS cache (such as the one your ISP provides) rather than" + echo " performing the lookups itself." + echo + echo " To enable this forwarding-only mode (usually a good idea)," + echo " provide the IPs of the caches to forward to." + echo " To have dnscache perform the lookups itself, just press Enter." + echo + read -p " forward-to IP> " myforward + echo + if [ "$myforward" != "" ] + then + echo $myforward > ${mypath}/dnscache/${myip}/root/servers/\@ + echo -n "1" > ${mypath}/dnscache/${myip}/env/FORWARDONLY + + read -p " forward-to IP (press Enter to end)> " myforward + while [ "$myforward" != "" ] + do + echo $myforward >> ${mypath}/dnscache/${myip}/root/servers/\@ + read -p " forward-to IP (press Enter to end)> " myforward + done + + echo + echo " Currently all queries will be forwarded to:" + echo + cat ${mypath}/dnscache/${myip}/root/servers/\@ + echo + fi + + echo "${SEPARATOR}" + echo ": Configuring clients :" + echo + echo " By default dnscache allows only localhost (127.0.0.1) to" + echo " access it. You have to specify the IP addresses of the" + echo " clients that shall be allowed to use it." + echo + echo " Example:" + echo " 1.2.3.4 would allow only one host: 1.2.3.4" + echo " 1.2.3 would allow all hosts 1.2.3.0/24 (e.g. 1.2.3.4, 1.2.3.100, etc.)" + echo + echo " Press Enter if you do NOT want to allow external clients!" + echo + + read -p " Allowed IP> " myclientip + + while [ "$myclientip" != "" ] + do + touch ${mypath}/dnscache/${myip}/root/ip/${myclientip} + read -p " Allowed IP (press Enter to end)> " myclientip + done + + echo + echo " All queries from the hosts below will be answered:" + echo + ls -1 ${mypath}/dnscache/${myip}/root/ip + echo + + #TODO + #configure cachsize - $mypath/env/CACHESIZE + + #TODO + #configure datalimit - $mypath/env/DATALIMIT + return 0 +} + +common_setup() +{ + local service_human="$1" + local service_machine="$2" + local services="$3" + + echo ": ${service_human} setup :" + echo + + for service in ${services}; + do + if [ ! -e ${mypath}/${service} ] + then + ebegin "Creating ${mypath}/${service}" + mkdir -p $mypath/${service} && eend 0 || eend 1 + fi + done + + echo "${SEPARATOR}" + echo ": IP address to bind to :" + echo + echo " Specify an address to which the ${service_human} should bind." + echo " Currently accessible IPs:" + local addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "` + echo " "$addrs + echo + + while [ "${myip}" == "" ] + do + read -p " IP to bind to> " myip + done + echo + + for service in ${services}; + do + IPs[${service}]="${IPs[${service}]} ${myip}" + done + + local dnscache_INSTALL="/usr/bin/dnscache-conf dnscache dnslog ${mypath}/dnscache/${myip} $myip" + local tinydns_INSTALL="/usr/bin/tinydns-conf tinydns dnslog ${mypath}/tinydns/${myip} $myip" + local axfrdns_INSTALL="\ + /usr/bin/axfrdns-conf tinydns dnslog ${mypath}/axfrdns/${myip} ${mypath}/tinydns/${myip} $myip &&\ + mkdir -p ${mypath}/axfrdns/${myip}/control &&\ + echo -e \"tcp.axfrdns.cdb:\ttcp.axfrdns\n\ttcprules tcp.axfrdns.cdb .tcp.axfrdns.cdb.tmp < tcp.axfrdns\" > ${mypath}/axfrdns/${myip}/control/Makefile &&\ + rm -f ${mypath}/axfrdns/${myip}/tcp ${mypath}/axfrdns/${myip}/Makefile" + + for service in ${services}; + do + if [ ! -e ${mypath}/${service}/${myip} ] + then + ebegin "Setting up ${service} in ${mypath}/${service}/${myip}" + eval command=\$${service}_INSTALL + /bin/bash -c "${command}" && eend 0 || eend 1 + else + ewarn "${service} directory ${mypath}/${service}/${myip} exists, nothing done." + fi + done + +} + +# functions }}} + +# {{{ main script + +if [ `id -u` -ne 0 ] +then + ewarn "You must be root to run this script, sorry." + exit 1 +else + + echo "${D_SEPARATOR}" + echo ": DJB DNS setup :" + echo + echo " This script will help you setup the following:" + echo + echo " DNS server(s): to publish addresses of Internet hosts" + echo + echo " DNS cache(s) : to find addresses of Internet hosts" + echo + echo " For further information see:" + echo " http://cr.yp.to/djbdns/blurb/overview.html" + echo + ewarn "If you have already setup your services," + ewarn "either exit now, or setup in different directories." + echo + + answer="" + read -p " Would you like to continue with setup? [Y|n]> " answer + if [ "${answer}" == "n" ] || [ "${answer}" == "N" ] + then + ewarn "Aborting setup" + exit 1 + fi + + echo "${D_SEPARATOR}" + echo ": Choose install location :" + echo + default_path="/var" + echo " The default (${default_path}) will install them" + echo " in ${default_path}/\${service}/\${IP_ADDRESS}" + echo + echo " For example:" + echo " /var/tinydns /1.2.3.4" + echo " /192.168.33.1" + echo " /axfrdns /1.2.3.4" + echo " /192.168.33.1" + echo " /dnscache/127.0.0.1" + echo + ewarn "Do NOT enter trailing slash" + echo " Where do you want services installed?" + read -p "[${default_path}] > " mypath + echo + + if [ "${mypath}" == "" ] + then + mypath=${default_path} + fi + + echo "${D_SEPARATOR}" + check_group_users + + answer="" + another="" + until [ "$answer" == "n" ] + do + echo "${D_SEPARATOR}" + answer="" + read -p " Would you like to setup ${another}dnscache? [Y|n]> " answer + if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] + then + myip="" + echo "${S_SEPARATOR}" + common_setup "DNS cache" "dnscache" "dnscache" + if [ $? == 0 ] + then + dnscache_setup + else + ewarn "Skipping dnscache specific setup." + fi + fi + another="another " + done + + answer="" + another="" + until [ "$answer" == "n" ] + do + echo "${D_SEPARATOR}" + answer="" + read -p " Would you like to setup ${another}DNS server? [Y|n]> " answer + if [ "${answer}" == "Y" ] || [ "${answer}" == "" ] + then + myip="" + echo "${S_SEPARATOR}" + common_setup "DNS server" "{tinydns,afxrdns}" "tinydns axfrdns" + if [ $? == 0 ] + then + tinydns_setup + axfrdns_setup + else + ewarn "Skipping tinydns and axfrdns specific setup." + fi + fi + another="another " + done + + echo "${D_SEPARATOR}" + + start_services "tinydns axfrdns dnscache" + + echo "${D_SEPARATOR}" +fi +# main script }}} +# vim: set ts=4 fenc=utf-8 foldmethod=marker: diff --git a/net-dns/djbdns/files/dnscache-setup b/net-dns/djbdns/files/dnscache-setup new file mode 100644 index 0000000..afe415a --- /dev/null +++ b/net-dns/djbdns/files/dnscache-setup @@ -0,0 +1,243 @@ +#!/bin/bash + +#for einfo, ewarn etc.. +. /etc/init.d/functions.sh + +setup() { + echo + echo + einfo "Dnscache Setup" + echo + echo + echo ">>> More information on this package can be found at" + echo ">>> http://cr.yp.to/djbdns.html and http://djbdns.org" + echo + echo "After this script completes, dnscache will be configured." + echo "Your /etc/resolv.conf will be updated so that all DNS" + echo "lookups will be directed to dnscache." + echo + echo "Your original /etc/resolv.conf will be backed up to " + echo "/etc/resolv.conf.orig." + echo + echo "If you have previously setup dnscache, those directories will" + echo "not be overwritten. To redo setup, delete your dnscache" + echo "dirs first or choose a different install location." + echo + echo '(press enter to begin setup, or press control-C to abort)' + echo + read + + echo + einfo "Install location" + echo + echo "Where do you want dnscache installed?" + echo "Ex. Default (/var) will install dnscache in /var/dnscache," + echo "or an external cache in /var/dnscachex." + echo "!!No trailing slash!!" + echo + read -p "[/var]> " mypath + echo + + if [ "$mypath" == "" ] + then + mypath="/var" + fi + + if [ ! -e ${mypath} ] + then + echo ">>> Creating ${mypath}..." + mkdir $mypath + fi + + echo + echo + einfo "Internal or external cache?" + echo + echo "Specify an address to which dnscache should bind." + echo "If this is the only machine accessing dnscache," + echo "127.0.0.1 is a good start." + echo "Currently running IP addresses:" + echo + + # grab interfaces + addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "` + + echo $addrs + echo + read -p "IP to bind cache to [127.0.0.1]> " myip + echo + + if [ "$myip" == "" ] + then + myip="127.0.0.1" + mycachedir="dnscache" + else + mycachedir="dnscachex" + fi + + # check for existance of users dnscache and dnslog: + echo + echo + einfo "Checking for dnscache and dnslog user accts ..." + echo + /usr/bin/grep nofiles /etc/group &> /dev/null + if [ $? -ne 0 ] + then + echo ">>> Adding group nofiles ..." + /usr/sbin/groupadd nofiles &> /dev/null + fi + + /usr/bin/grep dnscache /etc/passwd &> /dev/null + if [ $? -ne 0 ] + then + echo ">>> Adding user dnscache ..." + /usr/sbin/useradd -d /dev/null -s /bin/false -g nofiles \ + dnscache &> /dev/null + fi + + /usr/bin/grep dnslog /etc/passwd &> /dev/null + if [ $? -ne 0 ] + then + echo ">>> Adding user dnslog ..." + /usr/sbin/useradd -d /dev/null -s /bin/false -g nofiles \ + dnslog &> /dev/null + fi + + if [ ! -e ${mypath}/${mycachedir} ] + then + /usr/bin/dnscache-conf dnscache dnslog \ + ${mypath}/${mycachedir} ${myip} + else + ewarn "*** dnscache directory currently exists, nothing done." + fi + + echo + echo + einfo "Configure a forward for dnscache?" + echo + echo "dnscache can be configured to forward queries to another" + echo "nameserver (such as the nameserver of your ISP) rather than " + echo "perform the lookups itself. If you would like to enable this " + echo "forwarding mode (a good idea most of the time), then enter the " + echo "IP's of your forwarding nameservers now," + echo "otherwise just hit Enter." + echo + read -p "enter forward-to IP> " myforward + echo + if [ "$myforward" != "" ] + then + echo $myforward > ${mypath}/${mycachedir}/root/servers/\@ + echo -n "1" > ${mypath}/${mycachedir}/env/FORWARDONLY + + read -p "enter forward-to IP [hit Enter to stop]> " myforward + while [ "$myforward" != "" ] + do + echo $myforward >> ${mypath}/${mycachedir}/root/servers/\@ + read -p "enter forward-to IP [hit Enter to stop]> " myforward + done + echo ">>> Setting up forwarding..." + fi + + if [ "$myip" != "127.0.0.1" ] + then + echo + echo + einfo "Configuring clients" + echo + echo "dnscache by default only allows 127.0.0.1 to access it." + echo "You have to specify the IP addresses of the clients" + echo "that shall be allowed to use dnscache." + echo + echo "1.2.3.4 would allow host 1.2.3.4" + echo "1.2.3 would allow all hosts underneath 1.2.3.x" + echo + echo "Just hit Enter if you do not want to specify clients!" + echo + + read -p "Enter IP> " myclientip + + while [ "$myclientip" != "" ] + do + touch ${mypath}/${mycachedir}/root/ip/${myclientip} + read -p "Enter IP (hit Enter to stop)>" myclientip + done + fi + + echo + echo + einfo "Misc" + echo + if [ ! -e /var/log/dnscache ] + then + echo ">>> linking /var/log/${mycachedir} to the $mycachedir log..." + ln -s ${mypath}/${mycachedir}/log/main /var/log/${mycachedir} + fi + + if [ -e /etc/resolv.conf ] + then + /usr/bin/grep $myip /etc/resolv.conf &> /dev/null + if [ $? -ne 0 ] + then + echo ">>> Backing up /etc/resolv.conf to resolv.conf.orig..." + cp /etc/resolv.conf /etc/resolv.conf.orig + cat /etc/resolv.conf.orig | grep -v nameserver > /etc/resolv.conf + echo ">>> Removed nameserver entries from resolv.conf..." + echo nameserver $myip >> /etc/resolv.conf + echo + echo ">>> Added \"nameserver ${myip}\" to /etc/resolv.conf!" + else + echo ">>> ${myip} is already in /etc/resolv.conf - nothing done!" + fi + else + echo nameserver $myip >> /etc/resolv.conf + echo + echo ">>> Added \"nameserver ${myip}\" to /etc/resolv.conf!" + fi + + #TODO + #configure cachsize - $mypath/env/CACHESIZE + + #TODO + #configure datalimit - $mypath/env/DATALIMIT + + echo + echo + einfo "Start service" + echo + echo "dnscache is ready for startup." + echo "Do you want dnscache to be started and" + echo "supervised by daemontools now?" + + echo + echo "This requires svscan (daemontools) to be running currently and" + echo "monitoring /service !!" + echo + echo '(press control-C to abort)' + read + + # check in /mnt/.init.d to find svscan link in running... + # if not running execute /etc/init.d/svscan start + # Don't make symbolic links to / ! + # use ../ instead as it gives trouble in chrooted environments + # By Kalin KOZHUHAROV + local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'` + cd /service + ln -sf ${fixedroot_path}/${mycachedir} . + + echo + echo + einfo "Installation successfull" + echo +} + +# check for root user + +if [ `id -u` -ne 0 ] +then + eerror "${0}: must be root." + exit 1 +fi + + +# run setup +setup diff --git a/net-dns/djbdns/files/dnsroots.patch b/net-dns/djbdns/files/dnsroots.patch new file mode 100644 index 0000000..274c6b7 --- /dev/null +++ b/net-dns/djbdns/files/dnsroots.patch @@ -0,0 +1,19 @@ +--- a/dnsroots.global 2001-02-11 16:11:45.000000000 -0500 ++++ b/dnsroots.global 2011-04-04 11:10:58.005648634 -0400 +@@ -1,5 +1,5 @@ + 198.41.0.4 +-128.9.0.107 ++192.228.79.201 + 192.33.4.12 + 128.8.10.90 + 192.203.230.10 +@@ -7,7 +7,7 @@ + 192.112.36.4 + 128.63.2.53 + 192.36.148.17 +-198.41.0.10 ++192.58.128.30 + 193.0.14.129 +-198.32.64.12 ++199.7.83.42 + 202.12.27.33 diff --git a/net-dns/djbdns/files/dnstracesort.patch b/net-dns/djbdns/files/dnstracesort.patch new file mode 100644 index 0000000..3bf56f5 --- /dev/null +++ b/net-dns/djbdns/files/dnstracesort.patch @@ -0,0 +1,11 @@ +--- djbdns-1.05/dnstracesort.sh.orig 2006-04-26 21:52:54.000000000 +0200 ++++ djbdns-1.05/dnstracesort.sh 2006-04-26 21:53:02.000000000 +0200 +@@ -12,7 +12,7 @@ + } + print + } +-' | sort -t: +0 -2 +4 +3 -4 +2 -3 | uniq | awk -F: ' ++' | sort -t: -k 1,3 -k 5 -k 4,5 -k 3,4 | uniq | awk -F: ' + { + type = $1 + q = $2 diff --git a/net-dns/djbdns/files/headtail.patch b/net-dns/djbdns/files/headtail.patch new file mode 100644 index 0000000..6321cc1 --- /dev/null +++ b/net-dns/djbdns/files/headtail.patch @@ -0,0 +1,67 @@ +diff -Naur /tmp/djbdns-1.05/Makefile djbdns-1.05/Makefile +--- a/djbdns-1.05/Makefile 2003-11-16 20:33:41.000000000 +0100 ++++ b/djbdns-1.05/Makefile 2003-11-16 20:35:15.000000000 +0100 +@@ -31,7 +31,7 @@ + + auto_home.c: \ + auto-str conf-home +- ./auto-str auto_home `head -1 conf-home` > auto_home.c ++ ./auto-str auto_home `head -n 1 conf-home` > auto_home.c + + auto_home.o: \ + compile auto_home.c +@@ -205,14 +205,14 @@ + choose: \ + warn-auto.sh choose.sh conf-home + cat warn-auto.sh choose.sh \ +- | sed s}HOME}"`head -1 conf-home`"}g \ ++ | sed s}HOME}"`head -n 1 conf-home`"}g \ + > choose + chmod 755 choose + + compile: \ + warn-auto.sh conf-cc + ( cat warn-auto.sh; \ +- echo exec "`head -1 conf-cc`" '-c $${1+"$$@"}' \ ++ echo exec "`head -n 1 conf-cc`" '-c $${1+"$$@"}' \ + ) > compile + chmod 755 compile + +@@ -449,7 +449,7 @@ + dnstracesort: \ + warn-auto.sh dnstracesort.sh conf-home + cat warn-auto.sh dnstracesort.sh \ +- | sed s}HOME}"`head -1 conf-home`"}g \ ++ | sed s}HOME}"`head -n 1 conf-home`"}g \ + > dnstracesort + chmod 755 dnstracesort + +@@ -570,7 +570,7 @@ + warn-auto.sh conf-ld + ( cat warn-auto.sh; \ + echo 'main="$$1"; shift'; \ +- echo exec "`head -1 conf-ld`" \ ++ echo exec "`head -n 1 conf-ld`" \ + '-o "$$main" "$$main".o $${1+"$$@"}' \ + ) > load + chmod 755 load +@@ -758,7 +758,7 @@ + rts: \ + warn-auto.sh rts.sh conf-home + cat warn-auto.sh rts.sh \ +- | sed s}HOME}"`head -1 conf-home`"}g \ ++ | sed s}HOME}"`head -n 1 conf-home`"}g \ + > rts + chmod 755 rts + +@@ -901,8 +901,8 @@ + systype: \ + find-systype.sh conf-cc conf-ld trycpp.c x86cpuid.c + ( cat warn-auto.sh; \ +- echo CC=\'`head -1 conf-cc`\'; \ +- echo LD=\'`head -1 conf-ld`\'; \ ++ echo CC=\'`head -n 1 conf-cc`\'; \ ++ echo LD=\'`head -n 1 conf-ld`\'; \ + cat find-systype.sh; \ + ) | sh > systype + diff --git a/net-dns/djbdns/files/makefile-parallel.patch b/net-dns/djbdns/files/makefile-parallel.patch new file mode 100644 index 0000000..51c0317 --- /dev/null +++ b/net-dns/djbdns/files/makefile-parallel.patch @@ -0,0 +1,80 @@ +--- a/Makefile 2011-04-07 21:49:48.140645070 -0400 ++++ b/Makefile 2011-04-07 22:24:06.595746444 -0400 +@@ -332,7 +332,7 @@ + + dns_transmit.o: \ + compile dns_transmit.c socket.h uint16.h alloc.h error.h byte.h \ +-uint16.h dns.h stralloc.h gen_alloc.h iopause.h taia.h tai.h uint64.h \ ++uint32.h dns.h stralloc.h gen_alloc.h iopause.h taia.h tai.h uint64.h \ + taia.h + ./compile dns_transmit.c + +@@ -860,15 +860,15 @@ + rm -f trylsock.o trylsock + + socket_accept.o: \ +-compile socket_accept.c byte.h socket.h uint16.h ++compile socket_accept.c byte.h socket.h uint16.h uint32.h + ./compile socket_accept.c + + socket_accept6.o: \ +-compile socket_accept6.c byte.h socket.h uint16.h ++compile socket_accept6.c byte.h socket.h uint16.h uint32.h + ./compile socket_accept6.c + + socket_bind.o: \ +-compile socket_bind.c byte.h socket.h uint16.h ++compile socket_bind.c byte.h socket.h uint16.h uint32.h + ./compile socket_bind.c + + socket_bind6.o: \ +@@ -876,7 +876,7 @@ + ./compile socket_bind6.c + + socket_conn.o: \ +-compile socket_conn.c byte.h socket.h uint16.h ++compile socket_conn.c byte.h socket.h uint16.h uint32.h + ./compile socket_conn.c + + socket_connect6.o: \ +@@ -884,11 +884,11 @@ + ./compile socket_connect6.c + + socket_listen.o: \ +-compile socket_listen.c socket.h uint16.h ++compile socket_listen.c socket.h uint16.h uint32.h + ./compile socket_listen.c + + socket_recv.o: \ +-compile socket_recv.c byte.h socket.h uint16.h ++compile socket_recv.c byte.h socket.h uint16.h uint32.h + ./compile socket_recv.c + + socket_recv6.o: \ +@@ -896,7 +896,7 @@ + ./compile socket_recv6.c + + socket_send.o: \ +-compile socket_send.c byte.h socket.h uint16.h ++compile socket_send.c byte.h socket.h uint16.h uint32.h + ./compile socket_send.c + + socket_send6.o: \ +@@ -904,7 +904,7 @@ + ./compile socket_send6.c + + socket_tcp.o: \ +-compile socket_tcp.c ndelay.h socket.h uint16.h ++compile socket_tcp.c ndelay.h socket.h uint16.h uint32.h + ./compile socket_tcp.c + + socket_tcp6.o: \ +@@ -912,7 +912,7 @@ + ./compile socket_tcp6.c + + socket_udp.o: \ +-compile socket_udp.c ndelay.h socket.h uint16.h ++compile socket_udp.c ndelay.h socket.h uint16.h uint32.h + ./compile socket_udp.c + + socket_udp6.o: \ diff --git a/net-dns/djbdns/files/string_length_255.patch b/net-dns/djbdns/files/string_length_255.patch new file mode 100644 index 0000000..ad383b7 --- /dev/null +++ b/net-dns/djbdns/files/string_length_255.patch @@ -0,0 +1,11 @@ +--- a/tinydns-data.c 2001-02-11 16:11:45.000000000 -0500 ++++ b/tinydns-data.c 2011-04-02 10:41:34.356302891 -0400 +@@ -399,7 +399,7 @@ + i = 0; + while (i < f[1].len) { + k = f[1].len - i; +- if (k > 127) k = 127; ++ if (k > 255) k = 255; + ch = k; + rr_add(&ch,1); + rr_add(f[1].s + i,k); diff --git a/net-dns/djbdns/files/tinydns-setup b/net-dns/djbdns/files/tinydns-setup new file mode 100644 index 0000000..ed92a13 --- /dev/null +++ b/net-dns/djbdns/files/tinydns-setup @@ -0,0 +1,151 @@ +#!/bin/bash + +# +# source functions.sh for einfo, eerror and ewarn +. /etc/init.d/functions.sh + +setup() { + echo + echo + einfo "tinydns Setup" + echo + echo ">>> More information on this package can be found at" + echo ">>> http://cr.yp.to/djbdns/tinydns.html" + echo + echo "If you have previously setup tinydns, those directories will" + echo "not be overwritten. To redo setup, delete your" + echo "tinydns dir tree first." + echo + echo '(press enter to begin setup, or press control-C to abort)' + echo + read + + echo + einfo "Install location" + echo + echo "Where do you want tinydns installed?" + echo "Ex. /var would install dnscache in /var/tinydns." + echo "!!No trailing slash!!" + echo + read -p "[/var]> " mypath + echo + + if [ "$mypath" == "" ] + then + mypath="/var" + fi + + if [ ! -e ${mypath} ] + then + echo ">>> Creating ${mypath}..." + mkdir $mypath + fi + + # check for existance of users tinydns and dnslog: + echo + echo + einfo "Checking for tinydns and dnslog user accts ..." + echo + /usr/bin/grep nofiles /etc/group &> /dev/null + if [ $? -ne 0 ] + then + echo ">>> Adding group nofiles ..." + /usr/sbin/groupadd nofiles &> /dev/null + fi + + /usr/bin/grep tinydns /etc/passwd &> /dev/null + if [ $? -ne 0 ] + then + echo ">>> Adding user tinydns ..." + /usr/sbin/useradd -d /dev/null -s /bin/false -g nofiles \ + tinydns &> /dev/null + fi + + /usr/bin/grep dnslog /etc/passwd &> /dev/null + if [ $? -ne 0 ] + then + echo ">>> Adding user dnslog ..." + /usr/sbin/useradd -d /dev/null -s /bin/false -g nofiles \ + dnslog &> /dev/null + fi + + + # grab interfaces + addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "` + + echo "Specify an address to which tinydns should bind." + echo "NOTICE: tinydns must be able to bind to port 53 on " + echo "choosen ip address! udp by tinydns - tcp by axfrdns" + echo "Usually this is NOT 127.0.0.1" + echo "Currently running IP addresses:" + echo + echo $addrs + echo + + while [ "$myip" = "" ] + do + read -p "IP to bind nameserver to>" myip + done + echo + + if [ ! -e ${mypath}/tinydns ] + then + einfo "Setting up tinydns..." + /usr/bin/tinydns-conf tinydns dnslog \ + ${mypath}/tinydns $myip + else + ewarn "*** tinydns directory currently exists, nothing done." + fi + + #add afxrdns + if [ ! -e ${mypath}/axfrdns ] + then + einfo "Setting up axfrdns..." + /usr/bin/axfrdns-conf tinydns dnslog \ + ${mypath}/axfrdns ${mypath}/tinydns $myip + else + ewarn "*** axfrdns directory currently exists, nothing done." + fi + + #grant access to axfrdns + + echo + echo + einfo "Start service" + echo + echo "tinydns is ready for startup." + echo "Do you want dnscache to be started and" + echo "supervised by daemontools now?" + + echo + echo "This requires daemontools to supervise" + echo "/service !!" + echo + echo '(press control-C to abort)' + read + + # Don't make symbolic links to / ! + # use ../ instead as it gives trouble in chrooted environments + # By Kalin KOZHUHAROV + local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'` + cd /service + ln -sf ${fixedroot_path}/tinydns . + ln -sf ${fixedroot_path}/axfrdns . + + echo + echo + einfo "Installation successfull" + echo + +} + +# check for root user! +if [ `id -u` -ne 0 ] +then + eerror "${0}: must be root." + exit 1 +fi + + +# run setup +setup diff --git a/net-dns/djbdns/metadata.xml b/net-dns/djbdns/metadata.xml new file mode 100644 index 0000000..320f2cd --- /dev/null +++ b/net-dns/djbdns/metadata.xml @@ -0,0 +1,10 @@ + + + +proxy-maintainers + + michael@orlitzky.com + Michael Orlitzky + Maintainer. Assign bugs to him + +