]> gitweb.michael.orlitzky.com - mjo-overlay.git/commitdiff
Add net-dns containing djbdns.
authorMichael Orlitzky <michael@orlitzky.com>
Sat, 2 Apr 2011 14:42:46 +0000 (10:42 -0400)
committerMichael Orlitzky <michael@orlitzky.com>
Sat, 2 Apr 2011 14:42:46 +0000 (10:42 -0400)
17 files changed:
net-dns/djbdns/ChangeLog [new file with mode: 0644]
net-dns/djbdns/Manifest [new file with mode: 0644]
net-dns/djbdns/djbdns-1.05-r23.ebuild [new file with mode: 0644]
net-dns/djbdns/files/1.05-errno.patch [new file with mode: 0644]
net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch [new file with mode: 0644]
net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch [new file with mode: 0644]
net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch [new file with mode: 0644]
net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch [new file with mode: 0644]
net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch [new file with mode: 0644]
net-dns/djbdns/files/djbdns-setup [new file with mode: 0644]
net-dns/djbdns/files/djbdns-setup-r17 [new file with mode: 0644]
net-dns/djbdns/files/dnscache-setup [new file with mode: 0644]
net-dns/djbdns/files/dnsroots.patch [new file with mode: 0644]
net-dns/djbdns/files/dnstracesort.patch [new file with mode: 0644]
net-dns/djbdns/files/headtail.patch [new file with mode: 0644]
net-dns/djbdns/files/tinydns-setup [new file with mode: 0644]
net-dns/djbdns/metadata.xml [new file with mode: 0644]

diff --git a/net-dns/djbdns/ChangeLog b/net-dns/djbdns/ChangeLog
new file mode 100644 (file)
index 0000000..115cc05
--- /dev/null
@@ -0,0 +1,509 @@
+# ChangeLog for net-dns/djbdns
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/ChangeLog,v 1.120 2011/03/01 20:24:57 idl0r Exp $
+
+  01 Mar 2011; Christian Ruppert <idl0r@gentoo.org> -files/fwdzone-fix.patch:
+  Remove unused patch
+
+  29 Jan 2011; Thilo Bangert <bangert@gentoo.org> djbdns-1.05-r23.ebuild:
+  dep on virtual/daemontools
+
+  20 Jul 2010; Michael Sterrett <mr_bones_@gentoo.org>
+  -djbdns-1.05-r17.ebuild, -djbdns-1.05-r19.ebuild, -djbdns-1.05-r21.ebuild,
+  -djbdns-1.05-r22.ebuild:
+  clean old cruft
+
+  23 Mar 2009; Jeroen Roovers <jer@gentoo.org> djbdns-1.05-r23.ebuild:
+  Stable for HPPA (bug #260975).
+
+  22 Mar 2009; Friedrich Oslage <bluebird@gentoo.org>
+  djbdns-1.05-r23.ebuild:
+  Stable on sparc, bug #260975
+
+  22 Mar 2009; Tobias Klausmann <klausman@gentoo.org>
+  djbdns-1.05-r23.ebuild:
+  Stable on alpha, bug #260975
+
+  20 Mar 2009; Markus Meier <maekke@gentoo.org> djbdns-1.05-r23.ebuild:
+  amd64/x86 stable, bug #260975
+
+  20 Mar 2009; Brent Baude <ranger@gentoo.org> djbdns-1.05-r23.ebuild:
+  Marking djbdns-1.05-r23 ppc64 and ppc for bug 260975
+
+  20 Mar 2009; Gordon Malm <gengor@gentoo.org> djbdns-1.05-r23.ebuild:
+  Avoid applying CVE2009-0858 patch twice.
+
+*djbdns-1.05-r23 (19 Mar 2009)
+
+  19 Mar 2009; Gordon Malm <gengor@gentoo.org>
+  +files/CVE2009-0858_0001-check-response-domain-name-length.patch,
+  +files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patc
+  h, +files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch,
+  +djbdns-1.05-r23.ebuild:
+  Fix bug #260975. Fix bug #260014 when USE="ipv6".
+
+  18 Mar 2009; Brent Baude <ranger@gentoo.org> djbdns-1.05-r22.ebuild:
+  Marking djbdns-1.05-r22 ppc for bug 260014
+
+  15 Mar 2009; Markus Meier <maekke@gentoo.org> djbdns-1.05-r22.ebuild:
+  amd64/x86 stable, bug #260014
+
+  12 Mar 2009; Jeroen Roovers <jer@gentoo.org> djbdns-1.05-r22.ebuild:
+  Stable for HPPA (bug #260014). Fixed newbin djbdns-setup (bug #260014
+  comment #8).
+
+  11 Mar 2009; Tobias Klausmann <klausman@gentoo.org>
+  djbdns-1.05-r22.ebuild:
+  Stable on alpha, bug #260014
+
+  11 Mar 2009; Brent Baude <ranger@gentoo.org> djbdns-1.05-r22.ebuild:
+  Marking djbdns-1.05-r22 ppc64 for bug 260014
+
+  08 Mar 2009; René Nussbaumer <killerfox@gentoo.org>
+  djbdns-1.05-r22.ebuild:
+  Fix patch order
+
+  08 Mar 2009; Tobias Klausmann <klausman@gentoo.org>
+  djbdns-1.05-r22.ebuild:
+  Broken patch, going back to ~alpha.
+
+  08 Mar 2009; Tobias Klausmann <klausman@gentoo.org>
+  djbdns-1.05-r22.ebuild:
+  Stable on alpha, bug #260014
+
+*djbdns-1.05-r22 (01 Mar 2009)
+
+  01 Mar 2009; René Nussbaumer <killerfox@gentoo.org>
+  +files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch,
+  +files/CVE2008-4392_0002-dnscache-cache-soa-records.patch,
+  +djbdns-1.05-r22.ebuild:
+  Fix CVE2008-4392
+
+  17 Nov 2008; Diego E. Pettenò <flameeyes@gentoo.org>
+  files/headtail.patch:
+  Fix patch with absolute paths.
+
+  17 Aug 2008; Doug Goldstein <cardoe@gentoo.org> metadata.xml:
+  add GLEP 56 USE flag desc from use.local.desc
+
+  13 May 2008; Jeroen Roovers <jer@gentoo.org> djbdns-1.05-r21.ebuild:
+  Stable for HPPA (LuckyLuke).
+
+  29 Feb 2008; Raúl Porcel <armin76@gentoo.org> djbdns-1.05-r21.ebuild:
+  sparc stable
+
+  31 Jan 2008; René Nussbaumer <killerfox@gentoo.org> metadata.xml:
+  Taking over maintainership
+
+  31 Jan 2008; Michael Hanselmann <hansmi@gentoo.org> metadata.xml:
+  Remove myself as maintainer.
+
+  04 Jan 2008; Hanno Boeck <hanno@gentoo.org> djbdns-1.05-r17.ebuild,
+  djbdns-1.05-r19.ebuild, djbdns-1.05-r21.ebuild:
+  Change license to public domain (http://cr.yp.to/distributors.html) and fix
+  some unquoted vars.
+
+  15 Oct 2007; Markus Rothe <corsair@gentoo.org> djbdns-1.05-r21.ebuild:
+  Stable on ppc64
+
+  13 Aug 2007; Tobias Scherbaum <dertobi123@gentoo.org>
+  djbdns-1.05-r21.ebuild:
+  ppc. stable
+
+  26 Jul 2007; Raúl Porcel <armin76@gentoo.org> djbdns-1.05-r21.ebuild:
+  alpha/x86 stable
+
+  06 May 2007; Marius Mauch <genone@gentoo.org> djbdns-1.05-r17.ebuild,
+  djbdns-1.05-r19.ebuild, djbdns-1.05-r21.ebuild:
+  Replacing einfo with elog
+
+  28 Jan 2007; Michael Hanselmann <hansmi@gentoo.org>
+  djbdns-1.05-r21.ebuild:
+  Don't patch non-IPv6 version of unpacked source.
+
+*djbdns-1.05-r21 (23 Jan 2007)
+
+  23 Jan 2007; Michael Hanselmann <hansmi@gentoo.org>
+  -djbdns-1.05-r20.ebuild, +djbdns-1.05-r21.ebuild:
+  Fix bug #163398.
+
+*djbdns-1.05-r20 (16 Jan 2007)
+
+  16 Jan 2007; Michael Hanselmann <hansmi@gentoo.org>
+  +djbdns-1.05-r20.ebuild:
+  Drop several patches patches, DJBDNS_PATCH_DIR can be used instead. General
+  cleanup.
+
+  03 Dec 2006; Markus Rothe <corsair@gentoo.org> djbdns-1.05-r19.ebuild:
+  Stable on ppc64
+
+  19 Nov 2006; Michael Hanselmann <hansmi@gentoo.org>
+  djbdns-1.05-r19.ebuild:
+  Stable on hppa, ppc, sparc, x86.
+
+  13 Oct 2006; Michael Hanselmann <hansmi@gentoo.org>
+  -djbdns-1.05-r18.ebuild:
+  Remove old ebuild
+
+*djbdns-1.05-r19 (30 Sep 2006)
+
+  29 Sep 2006; Michael Hanselmann <hansmi@gentoo.org>
+  +djbdns-1.05-r19.ebuild:
+  Add fwdonly patch (bug 148326) and fix user creation (bug 148225).
+
+*djbdns-1.05-r18 (30 Aug 2006)
+
+  30 Aug 2006; Michael Hanselmann <hansmi@gentoo.org>
+  +djbdns-1.05-r18.ebuild:
+  Add quoting to variables, add support for DJBDNS_PATCH_DIR.
+
+  30 Jun 2006; Robin H. Johnson <robbat2@gentoo.org> djbdns-1.05-r17.ebuild:
+  Clean up unpack/patch process.
+
+  30 Apr 2006; Michael Hanselmann <hansmi@gentoo.org>
+  -djbdns-1.05-r14.ebuild, -djbdns-1.05-r16.ebuild:
+  Removed old ebuilds.
+
+  29 Apr 2006; <tcort@gentoo.org> djbdns-1.05-r17.ebuild:
+  Stable on alpha and amd64 wrt Bug #131487.
+
+  29 Apr 2006; Michael Hanselmann <hansmi@gentoo.org>
+  djbdns-1.05-r17.ebuild:
+  Stable on mips.
+
+  27 Apr 2006; Alec Warner <antarus@gentoo.org> Manifest:
+  Fixing SHA256 digest, pass four
+
+  27 Apr 2006; Brent Baude <ranger@gentoo.org> djbdns-1.05-r17.ebuild:
+  Marking djbdns-1.05-r17 ppc64 stable per hansmi and bug 131487
+
+  27 Apr 2006; Michael Hanselmann <hansmi@gentoo.org>
+  djbdns-1.05-r17.ebuild:
+  Stable on hppa, ppc, sparc, x86.
+
+  26 Apr 2006; Michael Hanselmann <hansmi@gentoo.org>
+  +files/dnstracesort.patch, djbdns-1.05-r17.ebuild:
+  Minor patch to fix the call syntax of "sort", bug 131355.
+
+  30 Mar 2006; Michael Hanselmann <hansmi@gentoo.org>
+  -djbdns-1.05-r15.ebuild:
+  Removed old ebuild.
+
+  25 Mar 2006; Sven Wegener <swegener@gentoo.org> djbdns-1.05-r17.ebuild:
+  Don't modify MAKEOPTS, pass -j1 directly.
+
+  12 Mar 2006; Michael Hanselmann <hansmi@gentoo.org>
+  djbdns-1.05-r17.ebuild:
+  Fixed LDFLAGS, gcc settings and more. See bug 125925.
+
+  20 Feb 2006; Markus Rothe <corsair@gentoo.org> djbdns-1.05-r16.ebuild:
+  Stable on ppc64
+
+  06 Feb 2006; Aron Griffis <agriffis@gentoo.org> djbdns-1.05-r16.ebuild:
+  Mark 1.05-r16 stable on alpha
+
+*djbdns-1.05-r17 (21 Jan 2006)
+
+  21 Jan 2006; Michael Hanselmann <hansmi@gentoo.org>
+  +files/djbdns-setup-r17, metadata.xml, djbdns-1.05-r16.ebuild,
+  +djbdns-1.05-r17.ebuild:
+  Added patches for multiple data files (multidata, datadir), replaced useq
+  with use, updated djbdns-setup (bug 118371). Stable on hppa, mips, ppc,
+  sparc. Put myself as maintainer.
+
+  31 Dec 2005; Diego Pettenò <flameeyes@gentoo.org> djbdns-1.05-r14.ebuild:
+  Change /bin/false to -1 in enewuser call.
+
+  05 Nov 2005; Diego Pettenò <flameeyes@gentoo.org> metadata.xml:
+  Give up maintainership of this, I don't use it anymore.
+
+*djbdns-1.05-r16 (09 Sep 2005)
+
+  09 Sep 2005; Diego Pettenò <flameeyes@gentoo.org>
+  +djbdns-1.05-r16.ebuild:
+  Updated ipv6 patch to test23.
+
+  07 Aug 2005; Michael Hanselmann <hansmi@gentoo.org>
+  djbdns-1.05-r14.ebuild:
+  Stable on ppc.
+
+  28 Jul 2005; Seemant Kulleen <seemant@gentoo.org> -djbdns-1.05-r3.ebuild,
+  -djbdns-1.05-r7.ebuild, -djbdns-1.05-r8.ebuild, -djbdns-1.05-r9.ebuild,
+  -djbdns-1.05-r10.ebuild, -djbdns-1.05-r11.ebuild, -djbdns-1.05-r12.ebuild,
+  -djbdns-1.05-r13.ebuild:
+  remove cruft ebuilds
+
+*djbdns-1.05-r15 (21 Jun 2005)
+
+  21 Jun 2005; Diego Pettenò <flameeyes@gentoo.org> metadata.xml,
+  +djbdns-1.05-r15.ebuild:
+  Updated to patch test22 from fefe for IPv6 support, thanks to Kalin
+  Kozhuharov in bug #96660.
+
+  18 Jun 2005; Jason Wever <weeve@gentoo.org> djbdns-1.05-r14.ebuild:
+  Stable on SPARC.
+
+  17 May 2005; Jan Brinkmann <luckyduck@gentoo.org> djbdns-1.05-r14.ebuild:
+  stable on amd64
+
+  13 May 2005; Bryan Østergaard <kloeri@gentoo.org> djbdns-1.05-r14.ebuild:
+  Stable on alpha.
+
+  11 May 2005; Aaron Walker <ka0ttic@gentoo.org> djbdns-1.05-r14.ebuild:
+  Stable on x86 for bug 90782.
+
+  06 May 2005; Michael Hanselmann <hansmi@gentoo.org>
+  djbdns-1.05-r14.ebuild:
+  Added to ~ppc.
+
+  13 Apr 2005; Aaron Walker <ka0ttic@gentoo.org> djbdns-1.05-r14.ebuild:
+  Use enewuser instead of useradd. Thanks to Diego in bug 84689.
+
+  20 Mar 2005; Michael Hanselmann <hansmi@gentoo.org>
+  djbdns-1.05-r14.ebuild:
+  Added to ~hppa.
+
+  03 Mar 2005; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r14.ebuild:
+  Dependency update: sys-apps/daemontools -> sys-process/daemontools.
+
+  03 Mar 2005; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r9.ebuild:
+  Dependency update: sys-apps/daemontools -> sys-process/daemontools.
+
+  03 Mar 2005; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r11.ebuild:
+  Dependency update: sys-apps/daemontools -> sys-process/daemontools.
+
+  03 Mar 2005; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r12.ebuild:
+  Dependency update: sys-apps/daemontools -> sys-process/daemontools.
+
+  03 Mar 2005; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r13.ebuild:
+  Dependency update: sys-apps/daemontools -> sys-process/daemontools.
+
+  03 Mar 2005; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r10.ebuild:
+  Dependency update: sys-apps/daemontools -> sys-process/daemontools.
+
+  03 Mar 2005; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r8.ebuild:
+  Dependency update: sys-apps/daemontools -> sys-process/daemontools.
+
+  03 Mar 2005; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r7.ebuild:
+  Dependency update: sys-apps/daemontools -> sys-process/daemontools.
+
+  03 Mar 2005; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r3.ebuild:
+  Dependency update: sys-apps/daemontools -> sys-process/daemontools.
+
+  06 Feb 2005; Joshua Kinard <kumba@gentoo.org> djbdns-1.05-r14.ebuild:
+  Marked stable on mips.
+
+  26 Jan 2005; petre rodan <kaiowas@gentoo.org> djbdns-1.05-r10.ebuild,
+  djbdns-1.05-r11.ebuild, djbdns-1.05-r12.ebuild, djbdns-1.05-r13.ebuild,
+  djbdns-1.05-r14.ebuild, djbdns-1.05-r3.ebuild, djbdns-1.05-r7.ebuild,
+  djbdns-1.05-r8.ebuild, djbdns-1.05-r9.ebuild:
+  added selinux RDEPEND
+
+  09 Jan 2005; Sven Wegener <swegener@gentoo.org> djbdns-1.05-r3.ebuild:
+  Added missing parentheses in SRC_URI/*DEPEND/LICENSE.
+
+  24 Nov 2004; Sven Wegener <swegener@gentoo.org> :
+  Added a lot of missing digest entries.
+
+*djbdns-1.05-r14 (01 Nov 2004)
+
+  01 Nov 2004; Bryan Østergaard <kloeri@gentoo.org> djbdns-1.05-r14.ebuild:
+  ~alpha keyword.
+
+  07 Oct 2004; Jared Hudson <jhhudso@gentoo.org> : In reponse to bug #66645,
+  I have updated the patch for dnsroots to include the 2nd root server IP
+  change that ICANN has made since djbdns-1.05's original release.
+       
+  05 Oct 2004; Jason Wever <weeve@gentoo.org> djbdns-1.05-r13.ebuild:
+  Added ~sparc keyword.
+
+  18 Sep 2004; Jason Wever <weeve@gentoo.org> djbdns-1.05-r12.ebuild:
+  Stable on sparc.
+
+  04 Sep 2004; Michael Hanselmann <hansmi@gentoo.org> :
+  Fixed digests for 1.05-r12 and 1.05-r13.
+
+  29 Aug 2004; Tom Gall <tgall@gentoo.org> djbdns-1.05-r13.ebuild:
+  stable on ppc64, bug #61744
+
+  23 Aug 2003; Jared Hudson <jhhudso@gentoo.org> : Fixed adduser bug in
+  tinydns-setup (was adding dnscache user when it should have beeb adding
+  tinydns user) Thanks to Ng, Wey-Han <weyhann@yahoo.com> under bug #57214
+  for the tip.
+       
+  22 Aug 2004; Jason Wever <weeve@gentoo.org> djbdns-1.05-r12.ebuild:
+  Added ~sparc keyword.
+
+  12 Aug 2004; Tom Martin <slarti@gentoo.org> djbdns-1.05-r13.ebuild:
+  Marked ~amd64, resolves bug 58273. Thanks to Rupert Eve
+  <rupert.a.eve@accenture.com> for reporting.
+
+  01 Jul 2004; Jeremy Huddleston <eradicator@gentoo.org>
+  djbdns-1.05-r3.ebuild:
+  virtual/glibc -> virtual/libc
+
+*djbdns-1.05-r13 (23 Jun 2004)
+
+  23 Jun 2004; Jared Hudson <jhhudso@gentoo.org> djbdns-1.05-r12.ebuild,
+  +djbdns-1.05-r13.ebuild:
+  Bumped ipv6 patch which now included ipv6arpa support. I also marked -r12 as
+  stable now. Thanks goes to Georgi Georgiev <chutz@gg3.net> under bug #53948
+  for the bump.
+
+  09 Jun 2004; Aron Griffis <agriffis@gentoo.org> djbdns-1.05-r10.ebuild,
+  djbdns-1.05-r11.ebuild, djbdns-1.05-r3.ebuild, djbdns-1.05-r7.ebuild,
+  djbdns-1.05-r8.ebuild, djbdns-1.05-r9.ebuild:
+  Fix use invocation
+
+*djbdns-1.05-r12 (06 Jun 2004)
+
+  06 Jun 2004; Danny van Dyk <kugelfang@gentoo.org> djbdns-1.05-r12.ebuild:
+  Marked ~amd64.
+
+*djbdns-1.05-12 (23 May 2004)
+
+  23 May 2004; Jared Hudson <jhhudso@gentoo.org> : Added 4 new use flags: doc
+  (adds dependency for djbdns-man), aliaschain (enables a patch to change the
+  CNAME handling behavior of tinydns and axfrdns), semanticfix (enables a
+  patch to increase the semantic handling of tinydns-data), and cnamefix
+  (enables a patch to change the way dnscache handles CNAME records). For more
+  information on the latter 3 patches please visit:
+  http://homepages.tesco.net./~J.deBoynePollard/FGA/djbdns-problems.html
+  In addition, if you include ipv6 support via the ipv6 use flag dnstrace
+  will be compiled without ipv6 support now, since it was broken with it
+  before. Also, a new setup script has been added, called djbdns-setup. This
+  script can be used instead of dnscache-setup and tinydns-setup. This script
+  was added by Kalin KOZHUHAROV <kalin@ThinRope.net> under bug #50795.
+  Also, tinydns-setup is patched if the fwdzone useflag/patch is added
+  because this patch changes the behavior of tinydns and the old tinydns-setup
+  did not work properly with it. Other fixes and patch suggestions come from
+  bug #19375, 20880, 34446, and 49578. Thanks goes to Nick Palmer
+  <nicholas@slackers.net>, Thilo Bangert <fizzelpark-lists@gmx.net>,
+  Hannes Just <Hannes.Just@fh-stralsund.de>, and Georgi Georgiev
+  <chutz@gg3.net>
+       
+*djbdns-1.05-r11 (02 May 2004)
+
+  02 May 2004; Jared Hudson <jhhudso@gentoo.org> :
+  Added a patch and useflag to allow djbdns bind to multiple IPs per bug #48750
+  thanks to der Ritter <gentoo@candlefire.org>
+
+*djbdns-1.05-r10 (02 May 2004)
+
+  02 May 2004; Jared Hudson <jhhudso@gentoo.org> :
+  Added ipv6arpa use flag and patch to enable ipv6 arpa support per bug
+  #49581 thanks to Georgi Georgiev <chutz@gg3.net>.
+
+*djbdns-1.05-r9 (09 Apr 2004)
+
+  09 Apr 2004; Joshua Kinard <kumba@gentoo.org> djbdns-1.05-r9.ebuild:
+  Marked stable on mips.
+
+  27 Mar 2004; Jared Hudson <jhhudso@gentoo.org> :
+  fwdzone and roundrobin local use flags added to enable their respective
+  patches. ipv6 will not work with roundrobin and fwdzone currently because the
+  only patch we have for that combines all three. The problem with this is that
+  fwdzone and roundrobin do not work together according to bug #31238. Due to this
+  we are now using the original ipv6 patch when applicable.
+
+  16 Nov 2003; Markus Nigbur <pyrania@gentoo.org> djbdns-1.05-r8.ebuild,
+  files/headtail.patch:
+  Coreutils Fix. Thanks to Marc in #33625.
+
+  07 Nov 2003; Ciaran McCreesh <ciaranm@gentoo.org> djbdns-1.05-r8.ebuild:
+  Moved to stable on sparc as -r3 has compile issues on sparc (thanks to
+  aCrackOtter in #gentoo-sparc)
+
+  16 Aug 2003; Tavis Ormandy <taviso@gentoo.org> djbdns-1.05-r8.ebuild:
+  Stable on alpha
+
+  24 May 2003; Jared Hudson <jhhudso@gentoo.org> : Added MAKEOPTS="-j1" to
+  all djbdns ebuilds due to SMP compile problems when -j set higher than 1
+  Bug ID: #18291
+       
+*djbdns-1.05-r8 (9 May 2003)
+
+  09 May 2003; Guy Martin <gmsoft@gentoo.org> :
+  Added installation of dnsip6 and dnsip6q. Fix #20690.
+
+*djbdns-1.05-r7 (26 Feb 2003)
+
+  26 Feb 2003; Mike Frysinger <vapier@gentoo.org> :
+  errno fix for #16396 (#16267).
+
+*djbdns-1.05-r6 (12 Feb 2003)
+
+  18 Feb 2003;  <seemant@gentoo.org> djbdns-1.05-r6.ebuild files/digest-djbdns-1.05-r6 :
+  regenerated the ipv6 patch, thanks to Azarah in bug #15613
+
+  13 Feb 2003; Seemant Kulleen <seemant@gentoo.org> djbdns-1.05-r6.ebuild files/digest-djbdns-1.05-r6 :
+  changed ipv6 patch to actually apply and also using eutils to perform the patch action
+
+  12 Feb 2003; Arcady Genkin <agenkin@gentoo.org> :
+  Added the round-robin patch for dnscache.
+       
+*djbdns-1.05-r5 (17 Nov 2002)
+
+  04 Feb 2003; Joachim Blaabjerg <styx@gentoo.org> djbdns-1.05-r5.ebuild :
+
+  Bumped to stable x86, as it fixes ipv6. Fixes bug #8236 for stable users.
+
+  02 Jan 2002; Martin Holzer <mholzer@gentoo.org> files/dnscache-setup :
+  Changed Line 130 FOWARDONLY into FORWARDONLY. Closes #13108.
+
+  17 Nov 2002; Jared Hudson <jhhudso@gentoo.org> files/ipv6-fix.diff,
+  files/djbdns-1.05-fwd-ipv6.diff : Fixed Bug #8236 & 8236. Added static
+  keyword to ebuild and changed ipv6 patch to work with the forwarding patch
+  added in -r4.
+       
+  20 Oct 2002; Maik Schreiber <blizzy@gentoo.org> djbdns-1.05-r3.ebuild,
+  djbdns-1.05-r4.ebuild: Cleaned up ebuilds. Also removed removal of
+  djbdns users, since this can break your djbdns setup when updating.
+
+  19 Oct 2002; Jared Hudson <jhhudso@gentoo.org> djbdns-1.05-r4.ebuild:
+  changed KEYWORDS to use ~arch for all supported architectures. This is to
+  last until after the freeze.
+       
+*djbdns-1.05-r4 (18 Oct 2002)
+
+  18 Oct 2002; Jared Hudson <jhhudso@gentoo.org>: Added a patch to enable
+  using dnscache to perform resolution or forwarding according to the query
+  zone. This was in response to bug #9154. Credit goes to Stefano Scipioni.
+       
+  10 Sep 2002; Daniel Robbins <drobbins@gentoo.org>: djbdns-1.05-r3: fixed unpack()
+  and made the ipv6 patch dependent upon the setting of the ipv6 USE variable. No
+  rev bump. This closes bug #7236.
+
+*djbdns-1.05-r3 (12 Jul 2002)
+
+  12 Jul 2002; Grant Goodyear <g2boojum@gentoo.org> ChangeLog  : Added ipv6
+  patch if ipv6 in USE; thanks to Sascha Silbe for pointing out this patch
+
+*djbdns-1.05-r2 (13 May 2002)
+
+  12 May 2002; Thilo Bangert <bangert@gentoo.org> .ebuild :
+
+  added LICENSE, added setup scripts (by banger@gentoo.org and gontran@gontran.net)
+  removed old setup scripts
+
+  7 May 2002; Thilo Bangert <bangert@gentoo.org> .ebuild :
+  added automatic creation of users
+
+
+*djbdns-1.05-r1 (1 Mar 2002)
+
+  1 Mar 2002; Grant Goodyear <g2boojum@gentoo.org> ChangeLog :
+
+  Made ebuild a bit more modern and ditched init script since that's
+  what daemontools is for.
+  
+*djbdns-1.05 (1 Feb 2002)
+
+  1 Feb 2002; G.Bevin <gbevin@gentoo.org> ChangeLog :
+  
+  Added initial ChangeLog which should be updated whenever the package is
+  updated in any way. This changelog is targetted to users. This means that the
+  comments should well explained and written in clean English. The details about
+  writing correct changelogs are explained in the skel.ChangeLog file which you
+  can find in the root directory of the portage repository.
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest
new file mode 100644 (file)
index 0000000..802ca01
--- /dev/null
@@ -0,0 +1,18 @@
+AUX 1.05-errno.patch 238 RMD160 b479d8c16dd8fe7206cba19125dd8866c2584301 SHA1 f23206f3ffc1a8aa6768fdb2ef588012c17eaa79 SHA256 40e01efac08e95bf87b46e2d86378b0a60c234c64080b7f42039178ac6de61af
+AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch 10049 RMD160 9154f495cfc5eebcb6617b8fa65ee0bea0cbbf80 SHA1 0461b199c048c6b94b659280d04a4f537cdb9c04 SHA256 56c7db6c5bed3200e1f6e4995018c96158085f2f7169c7b148c7c034ddff8111
+AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch 9914 RMD160 c416dd6575819cfd40ef0d306ccb14d34a5afc90 SHA1 8dd3ce7758d3a97cafbe6a60ea83f48e916f496d SHA256 b5e030e96ed98d96d36c39e3466e04d98d39c5f1c7e94254ea3da5e99381eed6
+AUX CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch 3043 RMD160 71ec5a52edc8ba574214f1b05b38d8b9ee313b98 SHA1 c0190b0696f655822e46162489714e9b09b9e831 SHA256 0e6312ab8408d98bc3e6d1b1cddc36f51a5cd092db14bd3f84a8f47d08070c27
+AUX CVE2008-4392_0002-dnscache-cache-soa-records.patch 2944 RMD160 0b58e57bc11b36113c5fef73a64c869895f83889 SHA1 ac9b6a62c62588205cc4dc71da4e0ad6630f9635 SHA256 1cd7b848305646d3015d8f2817acdced65894b8ab6e9dacb02077acebc50841b
+AUX CVE2009-0858_0001-check-response-domain-name-length.patch 366 RMD160 c9a7ca8ab3e0359cd55caa0fd14ce3878d98c26c SHA1 c64bd006d5ff7ea416d6baeff062b94eebcb8c8d SHA256 8ca8bd81fa6fb17576f11de9e97a582f0c30d7f5c6e797defa41a98d33770e33
+AUX djbdns-setup 11152 RMD160 6de107a57748468996c2d7b5ed00641abf51d67e SHA1 dc9b478709699ce66b64f82f0f1fd1749af2f58a SHA256 f9cac2b3050ce0869afdb1f27af9690fd5fb4817acad1144d8b879233d979713
+AUX djbdns-setup-r17 10881 RMD160 eabdbfd226d6ee4172e55a62beed77bb68aa222c SHA1 f056a51a5f511c54b98536c238eff8c1fecb5755 SHA256 33c64d8341ea868e124e7fe0da6a8f9ba6fc799a79584e002a82c572921ed5e4
+AUX dnscache-setup 6007 RMD160 d5a29943ac29d84a8c83308a497721010ab017bc SHA1 764e3dbecca295c307589c3141fc24c3ff0bc5a5 SHA256 5a69f71468172e9e9636f1cb22e08718a084daa0f31953aae604539d66a2603e
+AUX dnsroots.patch 349 RMD160 c3be22070645e27a8c16e9f1dd268963b749c5f7 SHA1 f09404a752062956319b4ebb6d381588df467eba SHA256 99e8ef90a20f66fedf903aa13e3f5360010cf11c27c59dc53b967f02ffe06114
+AUX dnstracesort.patch 327 RMD160 aaa564aa9cb0dcad4ebb64121c82bf50fda64254 SHA1 cf8b7825d826bfd3f3314c848a8843c2a5a70ae3 SHA256 f1d83e1365f68571fa4e007d5219720f8d65eb3730040a087fceb0ce2d8806bf
+AUX headtail.patch 1780 RMD160 332af6647e08f3b792bd1b7821974f15041a6b58 SHA1 1b996c6cbe5df1c981f998d004d066ae344bfba8 SHA256 28ebe521132fe35559273b6542505ab4f0bb7b7ccb88585522e4cc2fe8376dd4
+AUX tinydns-setup 3206 RMD160 16679596e3902c8eda4c9605b0fef6e778cdee63 SHA1 e222c22f924882a3b2d496f7d8fbdf61eb4eb0e8 SHA256 73c0610f15e9bbec1998d10eafe4222277eb8cbaf0c58e802f998e9f7b25bbea
+DIST djbdns-1.05-test23.diff.bz2 18480 RMD160 33037f2a41abb49c305f3efec4402c6965c8b8b8 SHA1 34251597d211ff00791cb6546e8ef60d75ce5477 SHA256 e702f47b4a4c77fe5cec474a8219a072cfaaee07282650b7e0dd322ed82e8f33
+DIST djbdns-1.05.tar.gz 85648 RMD160 a832cbfd93e4ccec6a565492a4ee0b3c1b4b68ed SHA1 2efdb3a039d0c548f40936aa9cb30829e0ce8c3d SHA256 3ccd826a02f3cde39be088e1fc6aed9fd57756b8f970de5dc99fcd2d92536b48
+EBUILD djbdns-1.05-r23.ebuild 3684 RMD160 74a29155bc31f39a9b16d39c6711b585bef06601 SHA1 f5b2e17144d3c03a2845c9bc69eb6c1e5b8f830d SHA256 fe946870ccc68646c51783d040f5f985660764b53f71ab320df46f12a5c48cae
+MISC ChangeLog 19007 RMD160 b7c920db6183b8ccfc4682e63b8de6dff63a1516 SHA1 707954ec763701361798825514a098015d83e2a1 SHA256 36df2a604799554de616aa70b1e9a9e730f024b2b3681813836d21bc387d03be
+MISC metadata.xml 232 RMD160 854b06094287201d0b98f2b21d36054db25d81cd SHA1 cc4f98e9ee0102aea687d71cf3af924cf156edbb SHA256 21382e863647add08888c924279a4b931b2b90ccd0cf5e526ee74a3d5e1fd0df
diff --git a/net-dns/djbdns/djbdns-1.05-r23.ebuild b/net-dns/djbdns/djbdns-1.05-r23.ebuild
new file mode 100644 (file)
index 0000000..a627728
--- /dev/null
@@ -0,0 +1,131 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/djbdns-1.05-r23.ebuild,v 1.8 2011/01/29 23:36:52 bangert Exp $
+
+IUSE="doc ipv6 selinux static"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="Excellent high-performance DNS services"
+HOMEPAGE="http://cr.yp.to/djbdns.html"
+IPV6_PATCH="test23"
+
+SRC_URI="
+       http://cr.yp.to/djbdns/${P}.tar.gz
+       ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )
+"
+
+SLOT="0"
+LICENSE="public-domain"
+KEYWORDS="alpha amd64 hppa ~mips ppc ppc64 sparc x86"
+
+RDEPEND="
+       virtual/daemontools
+       sys-apps/ucspi-tcp
+       doc? ( app-doc/djbdns-man )
+       selinux? ( sec-policy/selinux-djbdns )
+"
+
+src_unpack() {
+       unpack "${P}.tar.gz"
+       cd "${S}"
+
+       echo
+       elog 'Several patches have been dropped from this djbdns ebuild revision.'
+       elog 'Please use the DJBDNS_PATCH_DIR variable to specify a directory'
+       elog 'of custom patches.'
+       elog
+       elog 'Some of them can be found at http://tinydns.org/ or'
+       elog 'http://homepages.tesco.net/J.deBoynePollard/Softwares/djbdns/'
+       elog
+
+       epatch \
+               "${FILESDIR}/headtail.patch" \
+               "${FILESDIR}/dnsroots.patch" \
+               "${FILESDIR}/dnstracesort.patch"
+
+       # Fix CVE2009-0858
+       epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
+
+       if use ipv6; then
+               elog "At present dnstrace does NOT support IPv6. It will"\
+                    "be compiled without IPv6 support."
+               cp -pR "${S}" "${S}-noipv6"
+               # Careful -- >=test21 of the IPv6 patch includes the errno patch
+               epatch "${DISTDIR}/${P}-${IPV6_PATCH}.diff.bz2"
+
+               # Fix CVE2008-4392
+               epatch \
+                       "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch" \
+                       "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch"
+
+               cd "${S}-noipv6"
+       fi
+
+       # Fix CVE2008-4392
+       epatch \
+               "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \
+               "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+
+       epatch "${FILESDIR}/${PV}-errno.patch"
+
+       if [[ -n "${DJBDNS_PATCH_DIR}" && -d "${DJBDNS_PATCH_DIR}" ]]
+       then
+               echo
+               ewarn "You enabled custom patches from ${DJBDNS_PATCH_DIR}."
+               ewarn "Be warned that you won't get any support when using "
+               ewarn "this feature. You're on your own from now!"
+               echo
+               ebeep
+               cd "${S}" && epatch "${DJBDNS_PATCH_DIR}/"*
+       fi
+}
+
+src_compile() {
+       use static && append-ldflags -static
+       echo "$(tc-getCC) ${CFLAGS}" > conf-cc
+       echo "$(tc-getCC) ${LDFLAGS}" > conf-ld
+       echo "/usr" > conf-home
+       emake -j1 || die "emake failed"
+
+       # If djbdns is compiled with IPv6 support, it breaks dnstrace.
+       # Therefore we must compile dnstrace separately without IPv6
+       # support.
+       if use ipv6; then
+               elog "Compiling dnstrace without ipv6 support"
+               cd "${S}-noipv6"
+               echo "$(tc-getCC) ${CFLAGS}" > conf-cc
+               echo "$(tc-getCC) ${LDFLAGS}" > conf-ld
+               echo "/usr" > conf-home
+               emake -j1 dnstrace || die "emake failed"
+       fi
+}
+
+src_install() {
+       insinto /etc
+       doins dnsroots.global
+
+       into /usr
+       dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+               *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+               dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
+
+       use ipv6 && dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace"
+
+       dodoc CHANGES FILES README SYSDEPS TARGETS TODO VERSION
+
+       dobin "${FILESDIR}/dnscache-setup"
+       dobin "${FILESDIR}/tinydns-setup"
+       newbin "${FILESDIR}/djbdns-setup-r17" djbdns-setup
+}
+
+pkg_setup() {
+       # The nofiles group is provided by baselayout
+       enewuser dnscache -1 -1 -1 nofiles
+       enewuser dnslog -1 -1 -1 nofiles
+       enewuser tinydns -1 -1 -1 nofiles
+}
+
+pkg_postinst() {
+       elog "Use dnscache-setup & tinydns-setup or djbdns-setup to configure djbdns."
+}
diff --git a/net-dns/djbdns/files/1.05-errno.patch b/net-dns/djbdns/files/1.05-errno.patch
new file mode 100644 (file)
index 0000000..b4650b1
--- /dev/null
@@ -0,0 +1,11 @@
+--- error.h    2001-02-11 15:11:45.000000000 -0600
++++ error.h    2003-02-26 02:10:21.000000000 -0600
+@@ -1,7 +1,7 @@
+ #ifndef ERROR_H
+ #define ERROR_H
+-extern int errno;
++#include <errno.h>
+ extern int error_intr;
+ extern int error_nomem;
diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch
new file mode 100644 (file)
index 0000000..86baac8
--- /dev/null
@@ -0,0 +1,337 @@
+diff -urNp a/Makefile b/Makefile
+--- a/Makefile 2009-03-19 11:01:40.782348427 -0700
++++ b/Makefile 2009-03-19 11:05:27.659346849 -0700
+@@ -342,11 +342,11 @@ stralloc.h iopause.h taia.h tai.h uint64
+       ./compile dns_txt.c
+ dnscache: \
+-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
+ response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
+ libtai.a unix.a byte.a socket.lib
+       ./load dnscache droproot.o okclient.o log.o cache.o \
+-      query.o response.o dd.o roots.o iopause.o prot.o dns.a \
++      query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
+       env.a alloc.a buffer.a libtai.a unix.a byte.a  `cat \
+       socket.lib`
+@@ -367,7 +367,7 @@ compile dnscache.c env.h exit.h scan.h s
+ uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
+ iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
+ iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
+-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
+       ./compile dnscache.c
+ dnsfilter: \
+@@ -745,11 +745,16 @@ qlog.o: \
+ compile qlog.c buffer.h qlog.h uint16.h
+       ./compile qlog.c
++qmerge.o: \
++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
++taia.h tai.h uint64.h log.h maxclient.h
++      ./compile qmerge.c
++
+ query.o: \
+ compile query.c error.h roots.h log.h uint64.h case.h cache.h \
+ uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
+ taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
+-response.h uint32.h query.h dns.h uint32.h
++response.h uint32.h query.h dns.h uint32.h qmerge.h
+       ./compile query.c
+ random-ip: \
+diff -urNp a/dnscache.c b/dnscache.c
+--- a/dnscache.c       2009-03-19 11:01:40.786597556 -0700
++++ b/dnscache.c       2009-03-19 11:05:27.675225701 -0700
+@@ -23,6 +23,7 @@
+ #include "log.h"
+ #include "okclient.h"
+ #include "droproot.h"
++#include "maxclient.h"
+ long interface;
+@@ -59,7 +60,6 @@ uint64 numqueries = 0;
+ static int udp53;
+-#define MAXUDP 200
+ static struct udpclient {
+   struct query q;
+   struct taia start;
+@@ -136,7 +136,6 @@ void u_new(void)
+ static int tcp53;
+-#define MAXTCP 20
+ struct tcpclient {
+   struct query q;
+   struct taia start;
+diff -urNp a/log.c b/log.c
+--- a/log.c    2009-03-19 11:01:40.791597427 -0700
++++ b/log.c    2009-03-19 11:05:27.676224153 -0700
+@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qty
+   line();
+ }
++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
++{
++  string("txpb ");
++  logtype(qtype); space(); name(q); space(); name(control);
++  line();
++}
++
+ void log_cachedanswer(const char *q,const char type[2])
+ {
+   string("cached "); logtype(type); space();
+diff -urNp a/log.h b/log.h
+--- a/log.h    2001-02-11 13:11:45.000000000 -0800
++++ b/log.h    2009-03-19 11:05:27.676224153 -0700
+@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const cha
+ extern void log_cachedns(const char *,const char *);
+ extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
++extern void log_tx_piggyback(const char *,const char *,const char *);
+ extern void log_nxdomain(const char *,const char *,unsigned int);
+ extern void log_nodata(const char *,const char *,const char *,unsigned int);
+diff -urNp a/maxclient.h b/maxclient.h
+--- a/maxclient.h      1969-12-31 16:00:00.000000000 -0800
++++ b/maxclient.h      2009-03-19 11:05:27.676224153 -0700
+@@ -0,0 +1,7 @@
++#ifndef MAXCLIENT_H
++#define MAXCLIENT_H
++
++#define MAXUDP 200
++#define MAXTCP 20
++
++#endif /* MAXCLIENT_H */
+diff -urNp a/qmerge.c b/qmerge.c
+--- a/qmerge.c 1969-12-31 16:00:00.000000000 -0800
++++ b/qmerge.c 2009-03-19 11:05:27.677221627 -0700
+@@ -0,0 +1,115 @@
++#include "qmerge.h"
++#include "byte.h"
++#include "log.h"
++#include "maxclient.h"
++
++#define QMERGE_MAX (MAXUDP+MAXTCP)
++struct qmerge inprogress[QMERGE_MAX];
++
++static
++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
++    const char *control)
++{
++  if (!dns_domain_copy(&qmk->q, q)) return 0;
++  byte_copy(qmk->qtype, 2, qtype);
++  if (!dns_domain_copy(&qmk->control, control)) return 0;
++  return 1;
++}
++
++static
++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
++{
++  return
++    byte_equal(a->qtype, 2, b->qtype) &&
++    dns_domain_equal(a->q, b->q) &&
++    dns_domain_equal(a->control, b->control);
++}
++
++static
++void qmerge_key_free(struct qmerge_key *qmk)
++{
++  dns_domain_free(&qmk->q);
++  dns_domain_free(&qmk->control);
++}
++
++void qmerge_free(struct qmerge **x)
++{
++  struct qmerge *qm;
++
++  qm = *x;
++  *x = 0;
++  if (!qm || !qm->active) return;
++
++  qm->active--;
++  if (!qm->active) {
++    qmerge_key_free(&qm->key);
++    dns_transmit_free(&qm->dt);
++  }
++}
++
++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
++    const char *q, const char qtype[2], const char localip[4],
++    const char *control)
++{
++  struct qmerge_key k;
++  int i;
++  int r;
++
++  qmerge_free(qm);
++
++  byte_zero(&k, sizeof k);
++  if (!qmerge_key_init(&k, q, qtype, control)) return -1;
++  for (i = 0; i < QMERGE_MAX; i++) {
++    if (!inprogress[i].active) continue;
++    if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
++    log_tx_piggyback(q, qtype, control);
++    inprogress[i].active++;
++    *qm = &inprogress[i];
++    qmerge_key_free(&k);
++    return 0;
++  }
++
++  for (i = 0; i < QMERGE_MAX; i++)
++    if (!inprogress[i].active)
++      break;
++  if (i == QMERGE_MAX) return -1;
++
++  log_tx(q, qtype, control, servers, 0);
++  r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
++  if (r == -1) { qmerge_key_free(&k); return -1; }
++  inprogress[i].active++;
++  inprogress[i].state = 0;
++  qmerge_key_free(&inprogress[i].key);
++  byte_copy(&inprogress[i].key, sizeof k, &k);
++  *qm = &inprogress[i];
++  return 0;
++}
++
++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
++{
++  if (qm->state == 0) {
++    dns_transmit_io(&qm->dt, io, deadline);
++    qm->state = 1;
++  }
++  else {
++    io->fd = -1;
++    io->events = 0;
++  }
++}
++
++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
++{
++  int r;
++  struct qmerge *qm;
++
++  qm = *x;
++  if (qm->state == -1) return -1; /* previous error */
++  if (qm->state == 0) return 0; /* no packet */
++  if (qm->state == 2) return 1; /* already got packet */
++
++  r = dns_transmit_get(&qm->dt, io, when);
++  if (r == -1) { qm->state = -1; return -1; } /* error */
++  if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
++  if (r == 1) { qm->state = 2; return 1; } /* got packet */
++  return -1; /* bug */
++}
+diff -urNp a/qmerge.h b/qmerge.h
+--- a/qmerge.h 1969-12-31 16:00:00.000000000 -0800
++++ b/qmerge.h 2009-03-19 11:05:27.678227481 -0700
+@@ -0,0 +1,24 @@
++#ifndef QMERGE_H
++#define QMERGE_H
++
++#include "dns.h"
++
++struct qmerge_key {
++  char *q;
++  char qtype[2];
++  char *control;
++};
++
++struct qmerge {
++  int active;
++  struct qmerge_key key;
++  struct dns_transmit dt;
++  int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
++};
++
++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
++extern void qmerge_free(struct qmerge **);
++
++#endif /* QMERGE_H */
+diff -urNp a/query.c b/query.c
+--- a/query.c  2009-03-19 11:01:40.792597346 -0700
++++ b/query.c  2009-03-19 11:24:43.152221609 -0700
+@@ -84,7 +84,7 @@ static void cleanup(struct query *z)
+   int j;
+   int k;
+-  dns_transmit_free(&z->dt);
++  qmerge_free(&z->qm);
+   for (j = 0;j < QUERY_MAXALIAS;++j)
+     dns_domain_free(&z->alias[j]);
+   for (j = 0;j < QUERY_MAXLEVEL;++j) {
+@@ -619,14 +619,8 @@ static int doit(struct query *z,int stat
+   if (j == 256) goto SERVFAIL;
+   dns_sortip6(z->servers[z->level],256);
+-  if (z->level) {
+-    log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level);
+-    if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE;
+-  }
+-  else {
+-    log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
+-    if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
+-  }
++  dtype = z->level ? DNS_T_A : z->type;
++  if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
+   return 0;
+@@ -640,10 +634,10 @@ static int doit(struct query *z,int stat
+   HAVEPACKET:
+   if (++z->loop == 100) goto DIE;
+-  buf = z->dt.packet;
+-  len = z->dt.packetlen;
++  buf = z->qm->dt.packet;
++  len = z->qm->dt.packetlen;
+-  whichserver = z->dt.servers + 16 * z->dt.curserver;
++  whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver;
+   control = z->control[z->level];
+   d = z->name[z->level];
+   dtype = z->level ? DNS_T_A : z->type;
+@@ -1050,7 +1044,7 @@ int query_start(struct query *z,char *dn
+ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ {
+-  switch(dns_transmit_get(&z->dt,x,stamp)) {
++  switch(qmerge_get(&z->qm,x,stamp)) {
+     case 1:
+       return doit(z,1);
+     case -1:
+@@ -1061,5 +1055,5 @@ int query_get(struct query *z,iopause_fd
+ void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
+ {
+-  dns_transmit_io(&z->dt,x,deadline);
++  qmerge_io(z->qm,x,deadline);
+ }
+diff -urNp a/query.h b/query.h
+--- a/query.h  2009-03-19 11:01:40.793597403 -0700
++++ b/query.h  2009-03-19 11:05:27.681222487 -0700
+@@ -1,7 +1,7 @@
+ #ifndef QUERY_H
+ #define QUERY_H
+-#include "dns.h"
++#include "qmerge.h"
+ #include "uint32.h"
+ #define QUERY_MAXLEVEL 5
+@@ -21,7 +21,7 @@ struct query {
+   uint32 scope_id;
+   char type[2];
+   char class[2];
+-  struct dns_transmit dt;
++  struct qmerge *qm;
+ } ;
+ extern int query_start(struct query *,char *,char *,char *,char *,unsigned int);
diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch
new file mode 100644 (file)
index 0000000..a0391ff
--- /dev/null
@@ -0,0 +1,349 @@
+diff --git a/Makefile b/Makefile
+index 1429643..bc047c0 100644
+--- a/Makefile
++++ b/Makefile
+@@ -318,11 +318,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h
+       ./compile dns_txt.c
+ dnscache: \
+-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
+ response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
+ libtai.a unix.a byte.a socket.lib
+       ./load dnscache droproot.o okclient.o log.o cache.o \
+-      query.o response.o dd.o roots.o iopause.o prot.o dns.a \
++      query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
+       env.a alloc.a buffer.a libtai.a unix.a byte.a  `cat \
+       socket.lib`
+@@ -343,7 +343,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \
+ uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
+ iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
+ iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
+-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
+       ./compile dnscache.c
+ dnsfilter: \
+@@ -687,11 +687,16 @@ qlog.o: \
+ compile qlog.c buffer.h qlog.h uint16.h
+       ./compile qlog.c
++qmerge.o: \
++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
++taia.h tai.h uint64.h log.h maxclient.h
++      ./compile qmerge.c
++
+ query.o: \
+ compile query.c error.h roots.h log.h uint64.h case.h cache.h \
+ uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
+ taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
+-response.h uint32.h query.h dns.h uint32.h
++response.h uint32.h query.h dns.h uint32.h qmerge.h
+       ./compile query.c
+ random-ip: \
+diff --git a/dnscache.c b/dnscache.c
+index 8c899a3..5ccb16a 100644
+--- a/dnscache.c
++++ b/dnscache.c
+@@ -22,6 +22,7 @@
+ #include "log.h"
+ #include "okclient.h"
+ #include "droproot.h"
++#include "maxclient.h"
+ static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2])
+ {
+@@ -54,7 +55,6 @@ uint64 numqueries = 0;
+ static int udp53;
+-#define MAXUDP 200
+ static struct udpclient {
+   struct query q;
+   struct taia start;
+@@ -131,7 +131,6 @@ void u_new(void)
+ static int tcp53;
+-#define MAXTCP 20
+ struct tcpclient {
+   struct query q;
+   struct taia start;
+diff --git a/log.c b/log.c
+index c43e8b0..b8cd7ce 100644
+--- a/log.c
++++ b/log.c
+@@ -150,6 +150,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser
+   line();
+ }
++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
++{
++  string("txpb ");
++  logtype(qtype); space(); name(q); space(); name(control);
++  line();
++}
++
+ void log_cachedanswer(const char *q,const char type[2])
+ {
+   string("cached "); logtype(type); space();
+diff --git a/log.h b/log.h
+index fe62fa3..d9a829b 100644
+--- a/log.h
++++ b/log.h
+@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *);
+ extern void log_cachedns(const char *,const char *);
+ extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
++extern void log_tx_piggyback(const char *,const char *,const char *);
+ extern void log_nxdomain(const char *,const char *,unsigned int);
+ extern void log_nodata(const char *,const char *,const char *,unsigned int);
+diff --git a/maxclient.h b/maxclient.h
+new file mode 100644
+index 0000000..e52fcd1
+--- /dev/null
++++ b/maxclient.h
+@@ -0,0 +1,7 @@
++#ifndef MAXCLIENT_H
++#define MAXCLIENT_H
++
++#define MAXUDP 200
++#define MAXTCP 20
++
++#endif /* MAXCLIENT_H */
+diff --git a/qmerge.c b/qmerge.c
+new file mode 100644
+index 0000000..7c92299
+--- /dev/null
++++ b/qmerge.c
+@@ -0,0 +1,115 @@
++#include "qmerge.h"
++#include "byte.h"
++#include "log.h"
++#include "maxclient.h"
++
++#define QMERGE_MAX (MAXUDP+MAXTCP)
++struct qmerge inprogress[QMERGE_MAX];
++
++static
++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
++    const char *control)
++{
++  if (!dns_domain_copy(&qmk->q, q)) return 0;
++  byte_copy(qmk->qtype, 2, qtype);
++  if (!dns_domain_copy(&qmk->control, control)) return 0;
++  return 1;
++}
++
++static
++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
++{
++  return
++    byte_equal(a->qtype, 2, b->qtype) &&
++    dns_domain_equal(a->q, b->q) &&
++    dns_domain_equal(a->control, b->control);
++}
++
++static
++void qmerge_key_free(struct qmerge_key *qmk)
++{
++  dns_domain_free(&qmk->q);
++  dns_domain_free(&qmk->control);
++}
++
++void qmerge_free(struct qmerge **x)
++{
++  struct qmerge *qm;
++
++  qm = *x;
++  *x = 0;
++  if (!qm || !qm->active) return;
++
++  qm->active--;
++  if (!qm->active) {
++    qmerge_key_free(&qm->key);
++    dns_transmit_free(&qm->dt);
++  }
++}
++
++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
++    const char *q, const char qtype[2], const char localip[4],
++    const char *control)
++{
++  struct qmerge_key k;
++  int i;
++  int r;
++
++  qmerge_free(qm);
++
++  byte_zero(&k, sizeof k);
++  if (!qmerge_key_init(&k, q, qtype, control)) return -1;
++  for (i = 0; i < QMERGE_MAX; i++) {
++    if (!inprogress[i].active) continue;
++    if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
++    log_tx_piggyback(q, qtype, control);
++    inprogress[i].active++;
++    *qm = &inprogress[i];
++    qmerge_key_free(&k);
++    return 0;
++  }
++
++  for (i = 0; i < QMERGE_MAX; i++)
++    if (!inprogress[i].active)
++      break;
++  if (i == QMERGE_MAX) return -1;
++
++  log_tx(q, qtype, control, servers, 0);
++  r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
++  if (r == -1) { qmerge_key_free(&k); return -1; }
++  inprogress[i].active++;
++  inprogress[i].state = 0;
++  qmerge_key_free(&inprogress[i].key);
++  byte_copy(&inprogress[i].key, sizeof k, &k);
++  *qm = &inprogress[i];
++  return 0;
++}
++
++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
++{
++  if (qm->state == 0) {
++    dns_transmit_io(&qm->dt, io, deadline);
++    qm->state = 1;
++  }
++  else {
++    io->fd = -1;
++    io->events = 0;
++  }
++}
++
++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
++{
++  int r;
++  struct qmerge *qm;
++
++  qm = *x;
++  if (qm->state == -1) return -1; /* previous error */
++  if (qm->state == 0) return 0; /* no packet */
++  if (qm->state == 2) return 1; /* already got packet */
++
++  r = dns_transmit_get(&qm->dt, io, when);
++  if (r == -1) { qm->state = -1; return -1; } /* error */
++  if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
++  if (r == 1) { qm->state = 2; return 1; } /* got packet */
++  return -1; /* bug */
++}
+diff --git a/qmerge.h b/qmerge.h
+new file mode 100644
+index 0000000..9a58157
+--- /dev/null
++++ b/qmerge.h
+@@ -0,0 +1,24 @@
++#ifndef QMERGE_H
++#define QMERGE_H
++
++#include "dns.h"
++
++struct qmerge_key {
++  char *q;
++  char qtype[2];
++  char *control;
++};
++
++struct qmerge {
++  int active;
++  struct qmerge_key key;
++  struct dns_transmit dt;
++  int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
++};
++
++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
++extern void qmerge_free(struct qmerge **);
++
++#endif /* QMERGE_H */
+diff --git a/query.c b/query.c
+index 46cdc00..f091fdd 100644
+--- a/query.c
++++ b/query.c
+@@ -81,7 +81,7 @@ static void cleanup(struct query *z)
+   int j;
+   int k;
+-  dns_transmit_free(&z->dt);
++  qmerge_free(&z->qm);
+   for (j = 0;j < QUERY_MAXALIAS;++j)
+     dns_domain_free(&z->alias[j]);
+   for (j = 0;j < QUERY_MAXLEVEL;++j) {
+@@ -429,14 +429,8 @@ static int doit(struct query *z,int state)
+   if (j == 64) goto SERVFAIL;
+   dns_sortip(z->servers[z->level],64);
+-  if (z->level) {
+-    log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level);
+-    if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE;
+-  }
+-  else {
+-    log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
+-    if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
+-  }
++  dtype = z->level ? DNS_T_A : z->type;
++  if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
+   return 0;
+@@ -450,10 +444,10 @@ static int doit(struct query *z,int state)
+   HAVEPACKET:
+   if (++z->loop == 100) goto DIE;
+-  buf = z->dt.packet;
+-  len = z->dt.packetlen;
++  buf = z->qm->dt.packet;
++  len = z->qm->dt.packetlen;
+-  whichserver = z->dt.servers + 4 * z->dt.curserver;
++  whichserver = z->qm->dt.servers + 4 * z->qm->dt.curserver;
+   control = z->control[z->level];
+   d = z->name[z->level];
+   dtype = z->level ? DNS_T_A : z->type;
+@@ -836,7 +830,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip
+ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ {
+-  switch(dns_transmit_get(&z->dt,x,stamp)) {
++  switch(qmerge_get(&z->qm,x,stamp)) {
+     case 1:
+       return doit(z,1);
+     case -1:
+@@ -847,5 +841,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
+ {
+-  dns_transmit_io(&z->dt,x,deadline);
++  qmerge_io(z->qm,x,deadline);
+ }
+diff --git a/query.h b/query.h
+index eff68b2..06feab4 100644
+--- a/query.h
++++ b/query.h
+@@ -1,7 +1,7 @@
+ #ifndef QUERY_H
+ #define QUERY_H
+-#include "dns.h"
++#include "qmerge.h"
+ #include "uint32.h"
+ #define QUERY_MAXLEVEL 5
+@@ -20,7 +20,7 @@ struct query {
+   char localip[4];
+   char type[2];
+   char class[2];
+-  struct dns_transmit dt;
++  struct qmerge *qm;
+ } ;
+ extern int query_start(struct query *,char *,char *,char *,char *);
diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch
new file mode 100644 (file)
index 0000000..d5b9c10
--- /dev/null
@@ -0,0 +1,68 @@
+diff -urNp a/query.c b/query.c
+--- a/query.c  2009-03-19 11:35:28.452472164 -0700
++++ b/query.c  2009-03-19 11:59:19.798221593 -0700
+@@ -476,6 +476,29 @@ static int doit(struct query *z,int stat
+       }
+     }
++    if (typematch(DNS_T_SOA,dtype)) {
++      byte_copy(key,2,DNS_T_SOA);
++      cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
++      if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
++        log_cachedanswer(d,DNS_T_SOA);
++        if (!rqa(z)) goto DIE;
++        pos = 0;
++        while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
++          pos = dns_packet_getname(cached,cachedlen,pos,&t2);
++          if (!pos) break;
++          pos = dns_packet_getname(cached,cachedlen,pos,&t3);
++          if (!pos) break;
++          if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
++          if (!response_addname(t2)) goto DIE;
++          if (!response_addname(t3)) goto DIE;
++          if (!response_addbytes(misc,20)) goto DIE;
++          response_rfinish(RESPONSE_ANSWER);
++        }
++        cleanup(z);
++        return 1;
++      }
++    }
++
+     if (typematch(DNS_T_A,dtype)) {
+       byte_copy(key,2,DNS_T_A);
+       cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+@@ -541,7 +564,7 @@ static int doit(struct query *z,int stat
+       }
+     }
+-    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_AAAA,dtype)) {
++    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype) && !typematch(DNS_T_AAAA,dtype)) {
+       byte_copy(key,2,dtype);
+       cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+       if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
+@@ -769,15 +792,24 @@ static int doit(struct query *z,int stat
+     else if (byte_equal(type,2,DNS_T_AXFR))
+       ;
+     else if (byte_equal(type,2,DNS_T_SOA)) {
++      int non_authority = 0;
++      save_start();
+       while (i < j) {
+         pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
+         pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
+         pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
+         pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
+-        if (records[i] < posauthority)
++        if (records[i] < posauthority) {
+           log_rrsoa(whichserver,t1,t2,t3,misc,ttl);
++          save_data(misc,20);
++          save_data(t2,dns_domain_length(t2));
++          save_data(t3,dns_domain_length(t3));
++          non_authority++;
++        }
+         ++i;
+       }
++      if (non_authority)
++        save_finish(DNS_T_SOA,t1,ttl);
+     }
+     else if (byte_equal(type,2,DNS_T_CNAME)) {
+       pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;
diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch
new file mode 100644 (file)
index 0000000..9230e75
--- /dev/null
@@ -0,0 +1,70 @@
+diff --git a/query.c b/query.c
+index 46cdc00..4574e97 100644
+--- a/query.c
++++ b/query.c
+@@ -319,6 +319,29 @@ static int doit(struct query *z,int state)
+       }
+     }
++    if (typematch(DNS_T_SOA,dtype)) {
++      byte_copy(key,2,DNS_T_SOA);
++      cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
++      if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
++        log_cachedanswer(d,DNS_T_SOA);
++        if (!rqa(z)) goto DIE;
++        pos = 0;
++        while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
++          pos = dns_packet_getname(cached,cachedlen,pos,&t2);
++          if (!pos) break;
++          pos = dns_packet_getname(cached,cachedlen,pos,&t3);
++          if (!pos) break;
++          if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
++          if (!response_addname(t2)) goto DIE;
++          if (!response_addname(t3)) goto DIE;
++          if (!response_addbytes(misc,20)) goto DIE;
++          response_rfinish(RESPONSE_ANSWER);
++        }
++        cleanup(z);
++        return 1;
++      }
++    }
++
+     if (typematch(DNS_T_A,dtype)) {
+       byte_copy(key,2,DNS_T_A);
+       cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+@@ -351,7 +374,7 @@ static int doit(struct query *z,int state)
+       }
+     }
+-    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) {
++    if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) {
+       byte_copy(key,2,dtype);
+       cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+       if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
+@@ -585,15 +608,24 @@ static int doit(struct query *z,int state)
+     else if (byte_equal(type,2,DNS_T_AXFR))
+       ;
+     else if (byte_equal(type,2,DNS_T_SOA)) {
++      int non_authority = 0;
++      save_start();
+       while (i < j) {
+         pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
+         pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
+         pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
+         pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
+-        if (records[i] < posauthority)
++        if (records[i] < posauthority) {
+           log_rrsoa(whichserver,t1,t2,t3,misc,ttl);
++          save_data(misc,20);
++          save_data(t2,dns_domain_length(t2));
++          save_data(t3,dns_domain_length(t3));
++          non_authority++;
++        }
+         ++i;
+       }
++      if (non_authority)
++        save_finish(DNS_T_SOA,t1,ttl);
+     }
+     else if (byte_equal(type,2,DNS_T_CNAME)) {
+       pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;
+
diff --git a/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch b/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch
new file mode 100644 (file)
index 0000000..23d8e9f
--- /dev/null
@@ -0,0 +1,11 @@
+--- a/response.c
++++ b/response.c
+@@ -34,7 +34,7 @@ int response_addname(const char *d)
+         uint16_pack_big(buf,49152 + name_ptr[i]);
+         return response_addbytes(buf,2);
+       }
+-    if (dlen <= 128)
++    if ((dlen <= 128) && (response_len < 16384))
+       if (name_num < NAMES) {
+       byte_copy(name[name_num],dlen,d);
+       name_ptr[name_num] = response_len;
diff --git a/net-dns/djbdns/files/djbdns-setup b/net-dns/djbdns/files/djbdns-setup
new file mode 100644 (file)
index 0000000..3f128b2
--- /dev/null
@@ -0,0 +1,418 @@
+#!/bin/bash
+#
+# djbdns-setup
+#
+# Copyright (C) 2004 Kalin Kozhuharov <kalin@ThinRope.net>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# http://www.gnu.org/copyleft/gpl.html
+#
+
+. /sbin/functions.sh
+# void ewarn(char* message)
+#
+#    show a warning message and do NOT log it
+ewarn() {
+       if [ "${RC_QUIET_STDOUT}" = "yes" ]
+       then
+               echo " ${*}"
+       else
+               echo -e " ${WARN}*${NORMAL} ${*}"
+       fi
+
+       return 0
+}
+
+S_SEPARATOR="--------------------------------------------------------------------------------"
+D_SEPARATOR="================================================================================"
+
+REQ_GROUP="nofiles"
+REQ_USERS="tinydns dnscache dnslog"
+
+IPs[0]=""
+IPs[1]=""
+IPs[2]=""
+dnscache=0
+tinydns=1
+axfrdns=2
+
+check_group_users()
+{
+    echo ": Checking for required group (${REQ_GROUP}) :"
+    grep ${REQ_GROUP} /etc/group &> /dev/null
+    if [ $? -ne 0 ]
+    then
+       ebegin "Adding group ${REQ_GROUP}"
+       /usr/sbin/groupadd ${REQ_GROUP} &>/dev/null && eend 0 || eend 1
+    fi
+
+    echo ": Checking for required users (${REQ_USERS}) :"
+    for user in ${REQ_USERS};
+    do
+       grep ${user} /etc/passwd &> /dev/null
+       if [ $? -ne 0 ]
+       then
+           ebegin "Adding user ${user}"
+           /usr/sbin/useradd -d /dev/null -s /bin/false -g ${REQ_GROUP} ${user} &>/dev/null && eend 0 || eend 1
+       fi
+    done
+    return 0
+}
+
+start_services()
+{
+    local services="$1"
+
+    echo "${SEPARATOR}"
+    echo ": Start services :"
+    echo
+    echo "   Your services (${services// /, }) are ready for startup!"
+    echo
+    ewarn "   The following requires daemontools to be running!"
+    local answer=""
+    read -p "   Would you like ${services// /, } to be started and supervised by daemontools now? [Y|n]> " answer
+    if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
+    then
+
+       ebegin "Checking if daemontools are running"
+       ps -A |grep svscanboot &>/dev/null && eend 0 || eend 1
+
+       ebegin "Linking services in /service"
+       # Don't make symbolic links to / !
+       # use ../ instead as it gives trouble in chrooted environments
+       local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'`
+       for service in ${services};
+       do
+           for ip in ${IPs[${service}]};
+           do
+               ln -sf ${fixedroot_path}/${service}/${ip} /service/${service}_${ip}
+           done
+       done
+
+       eend 0
+
+       echo
+       ls -l --color=auto /service/
+       echo
+       ebegin "Waiting 5 seconds for services to start"
+       sleep 5 && eend 0
+
+       echo "${SEPARATOR}"
+       echo ": Check services status :"
+       echo
+       for service in ${services};
+       do
+           for ip in ${IPs[${service}]};
+           do
+               svstat /service/${service}_${ip} /service/${service}_${ip}/log
+           done
+       done
+    fi
+    return 0
+}
+
+tinydns_setup()
+{
+    return 0
+}
+
+axfrdns_setup()
+{
+       echo "${S_SEPARATOR}"
+       echo ": Grant access to axfrdns :"
+       echo
+       TCPRULES_DIR="${mypath}/axfrdns/${myip}/control"
+       echo "   axfrdns is accessed by your secondary servers and when response cannot fit UDP packet"
+       echo "   You have to specify their which IP addresses are allowed to access it"
+       echo "   in ${TCPRULES_DIR}/tcp.axfrdns"
+       echo
+       echo "   Example:"
+       echo "     1.2.3.4 would allow the host 1.2.3.4"
+       echo "     1.2.3.  would allow ALL hosts 1.2.3.x (like 1.2.3.4, 1.2.3.100, etc.)"
+       ewarn "Do NOT forget the trailing dot!"
+       echo
+       echo "   Press Enter if you do not want to allow any access now."
+       echo
+
+       sed -i -e "s#-x tcp.cdb#-x control/tcp.axfrdns.cdb#g" ${mypath}/axfrdns/${myip}/run
+       if [ -e ${TCPRULES_DIR}/tcp.axfrdns ]
+       then
+           ewarn "${TCPRULES_DIR}/tcp.axfrdns exists."
+           read -p "   Do you want it cleared? [Y|n]: " answer
+           if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
+           then
+               echo '# sample line:  1.2.3.4:allow,AXFR="heaven.af.mil/3.2.1.in-addr.arpa"' > ${TCPRULES_DIR}/tcp.axfrdns
+           fi
+       fi
+
+       read -p "   IP to allow (press Enter to end)> " ipallow
+
+       while [ "$ipallow" != "" ]
+       do
+           echo "${ipallow}:allow" >> ${TCPRULES_DIR}/tcp.axfrdns
+           read -p "   IP to allow (press Enter to end)> " ipallow
+       done
+       echo ":deny" >> ${TCPRULES_DIR}/tcp.axfrdns
+
+       echo "   Here is the tcprules file created so far:"
+       echo
+       cat ${TCPRULES_DIR}/tcp.axfrdns
+       echo
+       local answer=""
+       read -p "   Would you like ${TCPRULES_DIR}/tcp.axfrdns.cdb updated? [Y|n]: " answer
+       if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
+       then
+           ebegin "Updating ${TCPRULES_DIR}/tcp.axfrdns.cdb"
+           bash -c "cd ${TCPRULES_DIR} && make" && eend 0 || eend 1
+       fi
+       return 0
+}
+
+dnscache_setup()
+{
+       echo ": Configure forwarding :"
+       echo
+       echo "   dnscache can be configured to forward queries to another DNS cache"
+       echo "   (such as the one your ISP provides) rather than perform the lookups itself."
+       echo
+       echo "   To enable this forwarding-only mode (a good idea most of the time),"
+       echo "   provide the IPs of the caches to forward to."
+       echo "   To have dnscache perform the lookups itself, just press Enter."
+       echo
+       read -p "   forward-to IP> " myforward
+       echo
+       if [ "$myforward" != "" ]
+       then
+           echo $myforward > ${mypath}/dnscache/${myip}/root/servers/\@
+           echo -n "1" > ${mypath}/dnscache/${myip}/env/FORWARDONLY
+
+           read -p "   forward-to IP (press Enter to end)> " myforward
+           while [ "$myforward" != "" ]
+           do
+               echo $myforward >> ${mypath}/dnscache/${myip}/root/servers/\@
+               read -p "   forward-to IP (press Enter to end)> " myforward
+           done
+
+           echo
+           echo "   Currently all queries will be forwarded to:"
+           echo
+           cat ${mypath}/dnscache/${myip}/root/servers/\@
+           echo
+       fi
+
+       echo "${SEPARATOR}"
+       echo ": Configuring clients :"
+       echo
+       echo "   By default dnscache allows only localhost (127.0.0.1) to access it."
+       echo "   You have to specify the IP addresses of the clients that shall be allowed to use it."
+       echo
+       echo "   Example:"
+       echo "      1.2.3.4 would allow only the host 1.2.3.4"
+       echo "      1.2.3   would allow all hosts 1.2.3.x (like 1.2.3.4, 1.2.3.100, etc.)"
+       echo
+       echo "   Press Enter if you do not want to allow external clients!"
+       echo
+
+       read -p "   Allowed IP> " myclientip
+
+       while [ "$myclientip" != "" ]
+       do
+           touch ${mypath}/dnscache/${myip}/root/ip/${myclientip}
+           read -p "   Allowed IP (press Enter to end)> " myclientip
+       done
+
+       echo
+       echo "   All queries from the hosts below will be answered:"
+       echo
+       ls -1 ${mypath}/dnscache/${myip}/root/ip
+       echo
+       
+       #TODO
+       #configure cachsize - $mypath/env/CACHESIZE
+
+       #TODO
+       #configure datalimit - $mypath/env/DATALIMIT
+       return 0
+}
+
+common_setup()
+{
+    local service_human="$1"
+    local service_machine="$2"
+    local services="$3"
+
+    echo ": ${service_human} setup :"
+    echo
+
+    for service in ${services};
+    do
+       if [ ! -e ${mypath}/${service} ]
+       then
+           ebegin "Creating ${mypath}/${service}"
+           mkdir -p $mypath/${service} && eend 0 || eend 1
+       fi
+    done
+
+    echo "${SEPARATOR}"
+    echo ": IP address to bind to :"
+    echo
+    echo "   Specify an address to which the ${service_human} should bind."
+    echo "   Currently accessible IPs:"
+    local addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "`
+    echo "     "$addrs
+    echo
+
+    while [ "${myip}" == "" ]
+    do
+       read -p "   IP to bind to> " myip
+    done
+    echo
+
+    for service in ${services};
+    do
+       IPs[${service}]="${IPs[${service}]} ${myip}"
+    done
+
+    local dnscache_INSTALL="/usr/bin/dnscache-conf dnscache dnslog ${mypath}/dnscache/${myip} $myip"
+    local tinydns_INSTALL="/usr/bin/tinydns-conf tinydns dnslog ${mypath}/tinydns/${myip} $myip"
+    local axfrdns_INSTALL="\
+       /usr/bin/axfrdns-conf tinydns dnslog ${mypath}/axfrdns/${myip} ${mypath}/tinydns/${myip} $myip &&\
+       mkdir -p ${mypath}/axfrdns/${myip}/control &&\
+       echo -e \"tcp.axfrdns.cdb:\ttcp.axfrdns\n\ttcprules tcp.axfrdns.cdb .tcp.axfrdns.cdb.tmp < tcp.axfrdns\" > ${mypath}/axfrdns/${myip}/control/Makefile &&\
+       rm -f ${mypath}/axfrdns/${myip}/tcp ${mypath}/axfrdns/${myip}/Makefile"
+
+    for service in ${services};
+    do
+       if [ ! -e ${mypath}/${service}/${myip} ]
+       then
+           ebegin "Setting up ${service} in ${mypath}/${service}/${myip}"
+           eval command=\$${service}_INSTALL
+           /bin/bash -c "${command}" && eend 0 || eend 1
+       else
+           ewarn "${service} directory ${mypath}/${service}/${myip} exists, nothing done."
+       fi
+    done
+
+}
+
+
+
+
+
+
+if [ `id -u` -ne 0 ]
+then
+        eerror "${0}: You must be root."
+       exit 1
+else
+
+    echo "${D_SEPARATOR}"
+    echo ": DJB DNS setup :"
+    echo
+    echo "   This script will help you setup the following:"
+    echo
+    echo "     DNS server(s): to publish addresses of Internet hosts"
+    echo
+    echo "     DNS cache(s) : to  find   addresses of Internet hosts"
+    echo
+    echo "   For further information see:"
+    echo "     http://cr.yp.to/djbdns/blurb/overview.html"
+    echo
+    ewarn "If you have already setup your services,"
+    ewarn "either exit now, or setup in different directories."
+    echo
+
+    answer=""
+    read -p "   Would you like to continue with setup? [Y|n]> " answer
+    if [ "${answer}" == "n" ] || [ "${answer}" == "N" ]
+    then
+       ewarn "Aborting setup"
+       exit 1
+    fi
+
+    echo "${D_SEPARATOR}"
+    echo ": Choose install location :"
+    echo
+    default_path="/var"
+    echo "   The default (${default_path}) will install them"
+    echo "     in ${default_path}/\${service}/\${IP_ADDRESS}"
+    echo
+    echo " For example:"
+    echo "     /var/tinydns /1.2.3.4"
+    echo "                  /192.168.33.1"
+    echo "         /axfrdns /1.2.3.4"
+    echo "                  /192.168.33.1"
+    echo "         /dnscache/127.0.0.1"
+    echo
+    ewarn "Do NOT enter trailing slash"
+    echo "   Where do you want services installed?"
+    read -p "[${default_path}] > " mypath
+    echo
+
+    if [ "${mypath}" == "" ]
+    then
+       mypath=${default_path}
+    fi
+
+    echo "${D_SEPARATOR}"
+    check_group_users
+
+    answer=""
+    another=""
+    until [ "$answer" == "n" ]
+    do
+       echo "${D_SEPARATOR}"
+       answer=""
+       read -p "   Would you like to setup ${another}dnscache? [Y|n]> " answer
+       if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
+       then
+           myip=""
+           echo "${S_SEPARATOR}"
+           common_setup "DNS cache" "dnscache" "dnscache"
+           if [ $? == 0 ]
+           then
+               dnscache_setup
+           else
+               ewarn "Skipping dnscache specific setup."
+           fi
+       fi
+       another="another "
+    done
+
+    answer=""
+    another=""
+    until [ "$answer" == "n" ]
+    do
+       echo "${D_SEPARATOR}"
+       answer=""
+       read -p "   Would you like to setup ${another}DNS server? [Y|n]> " answer
+       if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
+       then
+           myip=""
+           echo "${S_SEPARATOR}"
+           common_setup "DNS server" "{tinydns,afxrdns}" "tinydns axfrdns"
+           if [ $? == 0 ]
+           then
+               tinydns_setup
+               axfrdns_setup
+           else
+               ewarn "Skipping tinydns and axfrdns specific setup."
+           fi
+       fi
+       another="another "
+    done
+
+    echo "${D_SEPARATOR}"
+  
+    start_services "tinydns axfrdns dnscache"
+    
+    echo "${D_SEPARATOR}"
+fi
diff --git a/net-dns/djbdns/files/djbdns-setup-r17 b/net-dns/djbdns/files/djbdns-setup-r17
new file mode 100644 (file)
index 0000000..ce82197
--- /dev/null
@@ -0,0 +1,421 @@
+#!/bin/bash
+#
+# djbdns-setup
+#
+# Copyright (C) 2004-2006 Kalin KOZHUHAROV <kalin@thinrope.net>
+# The latest version of this script can be accessed at:
+# rsync://rsync.tar.bz/gentoo-portage-pkalin/net-dns/djbdns/files/djbdns-setup
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# http://www.gnu.org/copyleft/gpl.html
+#
+
+# {{{ Rip off the ewarn code from /sbin/functions.sh
+WARN=$'\e[33;01m'
+NORMAL=$'\e[0m'
+ewarn() {
+       echo -e " ${WARN}*${NORMAL} $*"
+       return 0
+}
+# }}}
+
+# {{{ global vars
+S_SEPARATOR="--------------------------------------------------------------------------------"
+D_SEPARATOR="================================================================================"
+
+REQ_GROUP="nofiles"
+REQ_USERS="tinydns dnscache dnslog"
+
+IPs[0]=""
+IPs[1]=""
+IPs[2]=""
+dnscache=0
+tinydns=1
+axfrdns=2
+
+# global vars }}}
+
+# {{{ functions
+check_group_users()
+{
+       echo ": Checking for required group (${REQ_GROUP}) :"
+       grep ${REQ_GROUP} /etc/group &> /dev/null
+       if [ $? -ne 0 ]
+       then
+       ebegin "Adding group ${REQ_GROUP}"
+       /usr/sbin/groupadd ${REQ_GROUP} &>/dev/null && eend 0 || eend 1
+       fi
+
+       echo ": Checking for required users (${REQ_USERS}) :"
+       for user in ${REQ_USERS};
+       do
+       grep ${user} /etc/passwd &> /dev/null
+       if [ $? -ne 0 ]
+       then
+               ebegin "Adding user ${user}"
+               /usr/sbin/useradd -d /dev/null -s /bin/false -g ${REQ_GROUP} ${user} &>/dev/null && eend 0 || eend 1
+       fi
+       done
+       return 0
+}
+
+start_services()
+{
+       local services="$1"
+
+       echo "${SEPARATOR}"
+       echo ": Start services :"
+       echo
+       echo "   Your services (${services// /, }) are ready for startup!"
+       echo
+       ewarn "   The following requires daemontools to be running!"
+       local answer=""
+       read -p "   Would you like ${services// /, } to be started and supervised by daemontools now? [Y|n]> " answer
+       if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
+       then
+
+       ebegin "Checking if daemontools are running"
+       ps -A |grep svscanboot &>/dev/null && eend 0 || eend 1
+
+       ebegin "Linking services in /service"
+       # Don't make symbolic links to / !
+       # use ../ instead as it gives trouble in chrooted environments
+       local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'`
+       for service in ${services};
+       do
+               for ip in ${IPs[${service}]};
+               do
+               ln -sf ${fixedroot_path}/${service}/${ip} /service/${service}_${ip}
+               done
+       done
+
+       eend 0
+
+       echo
+       ls -l --color=auto /service/
+       echo
+       ebegin "Waiting 5 seconds for services to start"
+       sleep 5 && eend 0
+
+       echo "${SEPARATOR}"
+       echo ": Check services status :"
+       echo
+       for service in ${services};
+       do
+               for ip in ${IPs[${service}]};
+               do
+               svstat /service/${service}_${ip} /service/${service}_${ip}/log
+               done
+       done
+       fi
+       return 0
+}
+
+tinydns_setup()
+{
+       return 0
+}
+
+axfrdns_setup()
+{
+       echo "${S_SEPARATOR}"
+       echo ": Grant access to axfrdns :"
+       echo
+       TCPRULES_DIR="${mypath}/axfrdns/${myip}/control"
+       echo "   axfrdns is accessed by your secondary servers and when response cannot fit UDP packet"
+       echo "   You have to specify which IP addresses are allowed to access it"
+       echo "   in ${TCPRULES_DIR}/tcp.axfrdns"
+       echo
+       echo "   Example:"
+       echo "     1.2.3.4 would allow the host 1.2.3.4"
+       echo "     1.2.3.  would allow ALL hosts 1.2.3.x (like 1.2.3.4, 1.2.3.100, etc.)"
+       ewarn "Do NOT forget the trailing dot!"
+       echo
+       echo "   Press Enter if you do not want to allow any access now."
+       echo
+
+       sed -i -e "s#-x tcp.cdb#-x control/tcp.axfrdns.cdb#g" ${mypath}/axfrdns/${myip}/run
+       if [ -e ${TCPRULES_DIR}/tcp.axfrdns ]
+       then
+               ewarn "${TCPRULES_DIR}/tcp.axfrdns exists."
+               read -p "   Do you want it cleared? [y|N]: " answer
+               if [ "${answer}" == "y" ]
+               then
+               echo '# sample line:  1.2.3.4:allow,AXFR="heaven.af.mil/3.2.1.in-addr.arpa"' > ${TCPRULES_DIR}/tcp.axfrdns
+               fi
+       fi
+
+       read -p "   IP to allow (press Enter to end)> " ipallow
+
+       while [ "$ipallow" != "" ]
+       do
+               echo "${ipallow}:allow" >> ${TCPRULES_DIR}/tcp.axfrdns
+               read -p "   IP to allow (press Enter to end)> " ipallow
+       done
+       echo ":deny" >> ${TCPRULES_DIR}/tcp.axfrdns
+
+       echo "   Here are the tcprules created so far:"
+       echo
+       cat ${TCPRULES_DIR}/tcp.axfrdns
+       echo
+       local answer=""
+       read -p "   Would you like ${TCPRULES_DIR}/tcp.axfrdns.cdb updated? [Y|n]: " answer
+       if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
+       then
+               ebegin "Updating ${TCPRULES_DIR}/tcp.axfrdns.cdb"
+               bash -c "cd ${TCPRULES_DIR} && make" && eend 0 || eend 1
+       fi
+       return 0
+}
+
+dnscache_setup()
+{
+       echo ": Configure forwarding :"
+       echo
+       echo "   dnscache can be configured to forward queries to another"
+       echo "   DNS cache (such as the one your ISP provides) rather than"
+       echo "   performing the lookups itself."
+       echo
+       echo "   To enable this forwarding-only mode (usually a good idea),"
+       echo "   provide the IPs of the caches to forward to."
+       echo "   To have dnscache perform the lookups itself, just press Enter."
+       echo
+       read -p "   forward-to IP> " myforward
+       echo
+       if [ "$myforward" != "" ]
+       then
+               echo $myforward > ${mypath}/dnscache/${myip}/root/servers/\@
+               echo -n "1" > ${mypath}/dnscache/${myip}/env/FORWARDONLY
+
+               read -p "   forward-to IP (press Enter to end)> " myforward
+               while [ "$myforward" != "" ]
+               do
+               echo $myforward >> ${mypath}/dnscache/${myip}/root/servers/\@
+               read -p "   forward-to IP (press Enter to end)> " myforward
+               done
+
+               echo
+               echo "   Currently all queries will be forwarded to:"
+               echo
+               cat ${mypath}/dnscache/${myip}/root/servers/\@
+               echo
+       fi
+
+       echo "${SEPARATOR}"
+       echo ": Configuring clients :"
+       echo
+       echo "   By default dnscache allows only localhost (127.0.0.1) to"
+       echo "   access it. You have to specify the IP addresses of the"
+       echo "   clients that shall be allowed to use it."
+       echo
+       echo "   Example:"
+       echo "      1.2.3.4 would allow only one host: 1.2.3.4"
+       echo "      1.2.3   would allow all hosts 1.2.3.0/24 (e.g. 1.2.3.4, 1.2.3.100, etc.)"
+       echo
+       echo "   Press Enter if you do NOT want to allow external clients!"
+       echo
+
+       read -p "   Allowed IP> " myclientip
+
+       while [ "$myclientip" != "" ]
+       do
+               touch ${mypath}/dnscache/${myip}/root/ip/${myclientip}
+               read -p "   Allowed IP (press Enter to end)> " myclientip
+       done
+
+       echo
+       echo "   All queries from the hosts below will be answered:"
+       echo
+       ls -1 ${mypath}/dnscache/${myip}/root/ip
+       echo
+       
+       #TODO
+       #configure cachsize - $mypath/env/CACHESIZE
+
+       #TODO
+       #configure datalimit - $mypath/env/DATALIMIT
+       return 0
+}
+
+common_setup()
+{
+       local service_human="$1"
+       local service_machine="$2"
+       local services="$3"
+
+       echo ": ${service_human} setup :"
+       echo
+
+       for service in ${services};
+       do
+       if [ ! -e ${mypath}/${service} ]
+       then
+               ebegin "Creating ${mypath}/${service}"
+               mkdir -p $mypath/${service} && eend 0 || eend 1
+       fi
+       done
+
+       echo "${SEPARATOR}"
+       echo ": IP address to bind to :"
+       echo
+       echo "   Specify an address to which the ${service_human} should bind."
+       echo "   Currently accessible IPs:"
+       local addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "`
+       echo "     "$addrs
+       echo
+
+       while [ "${myip}" == "" ]
+       do
+       read -p "   IP to bind to> " myip
+       done
+       echo
+
+       for service in ${services};
+       do
+       IPs[${service}]="${IPs[${service}]} ${myip}"
+       done
+
+       local dnscache_INSTALL="/usr/bin/dnscache-conf dnscache dnslog ${mypath}/dnscache/${myip} $myip"
+       local tinydns_INSTALL="/usr/bin/tinydns-conf tinydns dnslog ${mypath}/tinydns/${myip} $myip"
+       local axfrdns_INSTALL="\
+       /usr/bin/axfrdns-conf tinydns dnslog ${mypath}/axfrdns/${myip} ${mypath}/tinydns/${myip} $myip &&\
+       mkdir -p ${mypath}/axfrdns/${myip}/control &&\
+       echo -e \"tcp.axfrdns.cdb:\ttcp.axfrdns\n\ttcprules tcp.axfrdns.cdb .tcp.axfrdns.cdb.tmp < tcp.axfrdns\" > ${mypath}/axfrdns/${myip}/control/Makefile &&\
+       rm -f ${mypath}/axfrdns/${myip}/tcp ${mypath}/axfrdns/${myip}/Makefile"
+
+       for service in ${services};
+       do
+       if [ ! -e ${mypath}/${service}/${myip} ]
+       then
+               ebegin "Setting up ${service} in ${mypath}/${service}/${myip}"
+               eval command=\$${service}_INSTALL
+               /bin/bash -c "${command}" && eend 0 || eend 1
+       else
+               ewarn "${service} directory ${mypath}/${service}/${myip} exists, nothing done."
+       fi
+       done
+
+}
+
+# functions }}}
+
+# {{{ main script
+
+if [ `id -u` -ne 0 ]
+then
+       ewarn "You must be root to run this script, sorry."
+       exit 1
+else
+
+       echo "${D_SEPARATOR}"
+       echo ": DJB DNS setup :"
+       echo
+       echo "   This script will help you setup the following:"
+       echo
+       echo "     DNS server(s): to publish addresses of Internet hosts"
+       echo
+       echo "     DNS cache(s) : to  find   addresses of Internet hosts"
+       echo
+       echo "   For further information see:"
+       echo "     http://cr.yp.to/djbdns/blurb/overview.html"
+       echo
+       ewarn "If you have already setup your services,"
+       ewarn "either exit now, or setup in different directories."
+       echo
+
+       answer=""
+       read -p "   Would you like to continue with setup? [Y|n]> " answer
+       if [ "${answer}" == "n" ] || [ "${answer}" == "N" ]
+       then
+       ewarn "Aborting setup"
+       exit 1
+       fi
+
+       echo "${D_SEPARATOR}"
+       echo ": Choose install location :"
+       echo
+       default_path="/var"
+       echo "   The default (${default_path}) will install them"
+       echo "     in ${default_path}/\${service}/\${IP_ADDRESS}"
+       echo
+       echo " For example:"
+       echo "     /var/tinydns /1.2.3.4"
+       echo "                  /192.168.33.1"
+       echo "         /axfrdns /1.2.3.4"
+       echo "                  /192.168.33.1"
+       echo "         /dnscache/127.0.0.1"
+       echo
+       ewarn "Do NOT enter trailing slash"
+       echo "   Where do you want services installed?"
+       read -p "[${default_path}] > " mypath
+       echo
+
+       if [ "${mypath}" == "" ]
+       then
+       mypath=${default_path}
+       fi
+
+       echo "${D_SEPARATOR}"
+       check_group_users
+
+       answer=""
+       another=""
+       until [ "$answer" == "n" ]
+       do
+       echo "${D_SEPARATOR}"
+       answer=""
+       read -p "   Would you like to setup ${another}dnscache? [Y|n]> " answer
+       if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
+       then
+               myip=""
+               echo "${S_SEPARATOR}"
+               common_setup "DNS cache" "dnscache" "dnscache"
+               if [ $? == 0 ]
+               then
+               dnscache_setup
+               else
+               ewarn "Skipping dnscache specific setup."
+               fi
+       fi
+       another="another "
+       done
+
+       answer=""
+       another=""
+       until [ "$answer" == "n" ]
+       do
+       echo "${D_SEPARATOR}"
+       answer=""
+       read -p "   Would you like to setup ${another}DNS server? [Y|n]> " answer
+       if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
+       then
+               myip=""
+               echo "${S_SEPARATOR}"
+               common_setup "DNS server" "{tinydns,afxrdns}" "tinydns axfrdns"
+               if [ $? == 0 ]
+               then
+               tinydns_setup
+               axfrdns_setup
+               else
+               ewarn "Skipping tinydns and axfrdns specific setup."
+               fi
+       fi
+       another="another "
+       done
+
+       echo "${D_SEPARATOR}"
+  
+       start_services "tinydns axfrdns dnscache"
+       
+       echo "${D_SEPARATOR}"
+fi
+# main script }}}
+# vim: set ts=4 fenc=utf-8 foldmethod=marker:
diff --git a/net-dns/djbdns/files/dnscache-setup b/net-dns/djbdns/files/dnscache-setup
new file mode 100644 (file)
index 0000000..eaf409a
--- /dev/null
@@ -0,0 +1,243 @@
+#!/bin/bash
+
+#for einfo, ewarn etc..
+. /sbin/functions.sh
+
+setup() {
+       echo
+       echo
+       einfo "Dnscache Setup"
+       echo
+       echo
+       echo ">>> More information on this package can be found at"
+       echo ">>> http://cr.yp.to/djbdns.html and http://djbdns.org"
+       echo
+       echo "After this script completes, dnscache will be configured."
+       echo "Your /etc/resolv.conf will be updated so that all DNS"
+       echo "lookups will be directed to dnscache."
+       echo
+       echo "Your original /etc/resolv.conf will be backed up to "
+       echo "/etc/resolv.conf.orig."
+       echo
+       echo "If you have previously setup dnscache, those directories will"
+       echo "not be overwritten.  To redo setup, delete your dnscache"
+       echo "dirs first or choose a different install location."
+       echo
+       echo '(press enter to begin setup, or press control-C to abort)'
+       echo
+       read
+
+       echo
+       einfo "Install location"
+       echo
+       echo "Where do you want dnscache installed?"
+       echo "Ex. Default (/var) will install dnscache in /var/dnscache," 
+       echo "or an external cache in /var/dnscachex."
+       echo "!!No trailing slash!!"
+       echo
+       read -p "[/var]> " mypath
+       echo
+
+       if [ "$mypath" == "" ]
+       then
+               mypath="/var"
+       fi
+
+       if [ ! -e ${mypath} ]
+       then
+               echo ">>> Creating ${mypath}..."
+               mkdir $mypath
+       fi
+
+       echo
+       echo
+       einfo "Internal or external cache?"
+       echo
+       echo "Specify an address to which dnscache should bind."
+       echo "If this is the only machine accessing dnscache,"
+       echo "127.0.0.1 is a good start."
+       echo "Currently running IP addresses:"
+       echo
+
+       # grab interfaces
+       addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "`
+
+       echo $addrs
+       echo
+       read -p "IP to bind cache to [127.0.0.1]> " myip
+       echo
+
+       if [ "$myip" == "" ]
+       then
+               myip="127.0.0.1"
+               mycachedir="dnscache"
+       else 
+               mycachedir="dnscachex"
+       fi
+
+       # check for existance of users dnscache and dnslog:
+       echo
+       echo
+       einfo "Checking for dnscache and dnslog user accts ..."
+       echo
+       /usr/bin/grep nofiles /etc/group &> /dev/null
+       if [ $? -ne 0 ]
+       then
+               echo ">>> Adding group nofiles ..."
+               /usr/sbin/groupadd nofiles &> /dev/null
+       fi
+
+       /usr/bin/grep dnscache /etc/passwd &> /dev/null
+       if [ $? -ne 0 ]
+       then
+               echo ">>> Adding user dnscache ..."
+               /usr/sbin/useradd -d /dev/null -s /bin/false -g nofiles \
+                       dnscache &> /dev/null
+       fi
+
+       /usr/bin/grep dnslog /etc/passwd &> /dev/null
+       if [ $? -ne 0 ]
+       then
+               echo ">>> Adding user dnslog ..."
+               /usr/sbin/useradd -d /dev/null -s /bin/false -g nofiles \
+                       dnslog &> /dev/null
+       fi
+
+       if [ ! -e ${mypath}/${mycachedir} ]
+       then
+               /usr/bin/dnscache-conf dnscache dnslog \
+                       ${mypath}/${mycachedir} ${myip}
+       else
+               ewarn "*** dnscache directory currently exists, nothing done."
+       fi
+
+       echo
+       echo
+       einfo "Configure a forward for dnscache?"
+       echo
+       echo "dnscache can be configured to forward queries to another"
+       echo "nameserver (such as the nameserver of your ISP) rather than "
+       echo "perform the lookups itself.  If you would like to enable this "
+       echo "forwarding mode (a good idea most of the time), then enter the "
+       echo "IP's of your forwarding nameservers now,"
+       echo "otherwise just hit Enter."
+       echo
+       read -p "enter forward-to IP> " myforward
+       echo
+       if [ "$myforward" != "" ]
+       then
+               echo $myforward > ${mypath}/${mycachedir}/root/servers/\@
+               echo -n "1" > ${mypath}/${mycachedir}/env/FORWARDONLY
+
+               read -p "enter forward-to IP [hit Enter to stop]> " myforward
+               while [ "$myforward" != "" ]
+               do
+                       echo $myforward >> ${mypath}/${mycachedir}/root/servers/\@
+                       read -p "enter forward-to IP [hit Enter to stop]> " myforward
+               done
+               echo ">>> Setting up forwarding..."
+       fi
+
+       if [ "$myip" != "127.0.0.1" ]
+       then
+               echo
+               echo
+               einfo "Configuring clients"
+               echo
+               echo "dnscache by default only allows 127.0.0.1 to access it."
+               echo "You have to specify the IP addresses of the clients"
+               echo "that shall be allowed to use dnscache."
+               echo
+               echo "1.2.3.4 would allow host 1.2.3.4"
+               echo "1.2.3 would allow all hosts underneath 1.2.3.x"
+               echo
+               echo "Just hit Enter if you do not want to specify clients!"
+               echo
+
+               read -p "Enter IP> " myclientip
+
+               while [ "$myclientip" != "" ]
+               do
+                       touch ${mypath}/${mycachedir}/root/ip/${myclientip}
+                       read -p "Enter IP (hit Enter to stop)>" myclientip
+               done
+       fi
+
+       echo
+       echo
+       einfo "Misc"
+       echo
+       if [ ! -e /var/log/dnscache ]
+       then
+               echo ">>> linking /var/log/${mycachedir} to the $mycachedir log..."
+               ln -s ${mypath}/${mycachedir}/log/main /var/log/${mycachedir}
+       fi
+
+       if [ -e /etc/resolv.conf ]
+       then
+               /usr/bin/grep $myip /etc/resolv.conf &> /dev/null
+               if [ $? -ne 0 ]
+               then
+                       echo ">>> Backing up /etc/resolv.conf to resolv.conf.orig..."
+                       cp /etc/resolv.conf /etc/resolv.conf.orig
+                       cat /etc/resolv.conf.orig | grep -v nameserver > /etc/resolv.conf
+                       echo ">>> Removed nameserver entries from resolv.conf..."
+                       echo nameserver $myip >> /etc/resolv.conf
+                       echo
+                       echo ">>> Added \"nameserver ${myip}\" to /etc/resolv.conf!"
+               else
+                       echo ">>> ${myip} is already in /etc/resolv.conf - nothing done!"
+               fi
+       else
+               echo nameserver $myip >> /etc/resolv.conf
+               echo
+               echo ">>> Added \"nameserver ${myip}\" to /etc/resolv.conf!"
+       fi
+
+       #TODO
+       #configure cachsize - $mypath/env/CACHESIZE
+
+       #TODO
+       #configure datalimit - $mypath/env/DATALIMIT
+
+       echo
+       echo
+       einfo "Start service"
+       echo
+       echo "dnscache is ready for startup."
+       echo "Do you want dnscache to be started and"
+       echo "supervised by daemontools now?"
+
+       echo
+       echo "This requires svscan (daemontools) to be running currently and"
+       echo "monitoring /service !!"
+       echo
+       echo '(press control-C to abort)'
+       read
+
+       # check in /mnt/.init.d to find svscan link in running...
+       # if not running execute /etc/init.d/svscan start
+       # Don't make symbolic links to / !
+       # use ../ instead as it gives trouble in chrooted environments
+       # By Kalin KOZHUHAROV <kalin@ThinRope.net>
+       local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'`
+       cd /service
+       ln -sf ${fixedroot_path}/${mycachedir} .
+
+       echo
+       echo
+       einfo "Installation successfull"
+       echo
+}
+
+# check for root user
+
+if [ `id -u` -ne 0 ]
+then
+        eerror "${0}: must be root."
+       exit 1
+fi
+               
+
+# run setup
+setup
diff --git a/net-dns/djbdns/files/dnsroots.patch b/net-dns/djbdns/files/dnsroots.patch
new file mode 100644 (file)
index 0000000..5db44ec
--- /dev/null
@@ -0,0 +1,18 @@
+--- djbdns-1.05.old/dnsroots.global.old        Fri May 31 19:42:37 2002
++++ djbdns-1.05/dnsroots.global        Thu Jan 29 21:41:56 2004
+@@ -1,5 +1,5 @@
+ 198.41.0.4
+-128.9.0.107
++192.228.79.201
+ 192.33.4.12
+ 128.8.10.90
+ 192.203.230.10
+@@ -7,7 +7,7 @@
+ 192.112.36.4
+ 128.63.2.53
+ 192.36.148.17
+-198.41.0.10
++192.58.128.30
+ 193.0.14.129
+ 198.32.64.12
+ 202.12.27.33
diff --git a/net-dns/djbdns/files/dnstracesort.patch b/net-dns/djbdns/files/dnstracesort.patch
new file mode 100644 (file)
index 0000000..3bf56f5
--- /dev/null
@@ -0,0 +1,11 @@
+--- djbdns-1.05/dnstracesort.sh.orig   2006-04-26 21:52:54.000000000 +0200
++++ djbdns-1.05/dnstracesort.sh        2006-04-26 21:53:02.000000000 +0200
+@@ -12,7 +12,7 @@
+     }
+     print
+   }
+-' | sort -t: +0 -2 +4 +3 -4 +2 -3 | uniq | awk -F: '
++' | sort -t: -k 1,3 -k 5 -k 4,5 -k 3,4 | uniq | awk -F: '
+   {
+     type = $1
+     q = $2
diff --git a/net-dns/djbdns/files/headtail.patch b/net-dns/djbdns/files/headtail.patch
new file mode 100644 (file)
index 0000000..6321cc1
--- /dev/null
@@ -0,0 +1,67 @@
+diff -Naur /tmp/djbdns-1.05/Makefile djbdns-1.05/Makefile
+--- a/djbdns-1.05/Makefile     2003-11-16 20:33:41.000000000 +0100
++++ b/djbdns-1.05/Makefile     2003-11-16 20:35:15.000000000 +0100
+@@ -31,7 +31,7 @@
+ auto_home.c: \
+ auto-str conf-home
+-      ./auto-str auto_home `head -1 conf-home` > auto_home.c
++      ./auto-str auto_home `head -n 1 conf-home` > auto_home.c
+ auto_home.o: \
+ compile auto_home.c
+@@ -205,14 +205,14 @@
+ choose: \
+ warn-auto.sh choose.sh conf-home
+       cat warn-auto.sh choose.sh \
+-      | sed s}HOME}"`head -1 conf-home`"}g \
++      | sed s}HOME}"`head -n 1 conf-home`"}g \
+       > choose
+       chmod 755 choose
+ compile: \
+ warn-auto.sh conf-cc
+       ( cat warn-auto.sh; \
+-      echo exec "`head -1 conf-cc`" '-c $${1+"$$@"}' \
++      echo exec "`head -n 1 conf-cc`" '-c $${1+"$$@"}' \
+       ) > compile
+       chmod 755 compile
+@@ -449,7 +449,7 @@
+ dnstracesort: \
+ warn-auto.sh dnstracesort.sh conf-home
+       cat warn-auto.sh dnstracesort.sh \
+-      | sed s}HOME}"`head -1 conf-home`"}g \
++      | sed s}HOME}"`head -n 1 conf-home`"}g \
+       > dnstracesort
+       chmod 755 dnstracesort
+@@ -570,7 +570,7 @@
+ warn-auto.sh conf-ld
+       ( cat warn-auto.sh; \
+       echo 'main="$$1"; shift'; \
+-      echo exec "`head -1 conf-ld`" \
++      echo exec "`head -n 1 conf-ld`" \
+       '-o "$$main" "$$main".o $${1+"$$@"}' \
+       ) > load
+       chmod 755 load
+@@ -758,7 +758,7 @@
+ rts: \
+ warn-auto.sh rts.sh conf-home
+       cat warn-auto.sh rts.sh \
+-      | sed s}HOME}"`head -1 conf-home`"}g \
++      | sed s}HOME}"`head -n 1 conf-home`"}g \
+       > rts
+       chmod 755 rts
+@@ -901,8 +901,8 @@
+ systype: \
+ find-systype.sh conf-cc conf-ld trycpp.c x86cpuid.c
+       ( cat warn-auto.sh; \
+-      echo CC=\'`head -1 conf-cc`\'; \
+-      echo LD=\'`head -1 conf-ld`\'; \
++      echo CC=\'`head -n 1 conf-cc`\'; \
++      echo LD=\'`head -n 1 conf-ld`\'; \
+       cat find-systype.sh; \
+       ) | sh > systype
diff --git a/net-dns/djbdns/files/tinydns-setup b/net-dns/djbdns/files/tinydns-setup
new file mode 100644 (file)
index 0000000..376d28f
--- /dev/null
@@ -0,0 +1,151 @@
+#!/bin/bash
+
+#
+# source functions.sh for einfo, eerror and ewarn
+. /sbin/functions.sh
+
+setup() {
+       echo
+       echo
+       einfo "tinydns Setup"
+       echo
+       echo ">>> More information on this package can be found at"
+       echo ">>> http://cr.yp.to/djbdns/tinydns.html"
+       echo
+       echo "If you have previously setup tinydns, those directories will"
+       echo "not be overwritten.  To redo setup, delete your"
+       echo "tinydns dir tree first."
+       echo
+       echo '(press enter to begin setup, or press control-C to abort)'
+       echo
+       read
+
+       echo
+       einfo "Install location"
+       echo
+       echo "Where do you want tinydns installed?"
+       echo "Ex. /var would install dnscache in /var/tinydns."
+       echo "!!No trailing slash!!"
+       echo
+       read -p "[/var]> " mypath
+       echo
+
+       if [ "$mypath" == "" ]
+       then
+               mypath="/var"
+       fi
+
+       if [ ! -e ${mypath} ]
+       then
+               echo ">>> Creating ${mypath}..."
+               mkdir $mypath
+       fi
+
+       # check for existance of users tinydns and dnslog:
+       echo
+       echo
+       einfo "Checking for tinydns and dnslog user accts ..."
+       echo
+       /usr/bin/grep nofiles /etc/group &> /dev/null
+       if [ $? -ne 0 ]
+       then
+               echo ">>> Adding group nofiles ..."
+               /usr/sbin/groupadd nofiles &> /dev/null
+       fi
+
+       /usr/bin/grep tinydns /etc/passwd &> /dev/null
+       if [ $? -ne 0 ]
+       then
+               echo ">>> Adding user tinydns ..."
+               /usr/sbin/useradd -d /dev/null -s /bin/false -g nofiles \
+                       tinydns &> /dev/null
+       fi
+
+       /usr/bin/grep dnslog /etc/passwd &> /dev/null
+       if [ $? -ne 0 ]
+       then
+               echo ">>> Adding user dnslog ..."
+               /usr/sbin/useradd -d /dev/null -s /bin/false -g nofiles \
+                       dnslog &> /dev/null
+       fi
+
+
+       # grab interfaces
+       addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "`
+
+       echo "Specify an address to which tinydns should bind."
+       echo "NOTICE: tinydns must be able to bind to port 53 on "
+       echo "choosen ip address! udp by tinydns - tcp by axfrdns"
+       echo "Usually this is NOT 127.0.0.1"
+       echo "Currently running IP addresses:"
+       echo
+       echo $addrs
+       echo
+
+       while [ "$myip" = "" ]
+       do
+               read -p "IP to bind nameserver to>" myip
+       done
+       echo
+
+       if [ ! -e ${mypath}/tinydns ]
+       then
+               einfo "Setting up tinydns..."
+               /usr/bin/tinydns-conf tinydns dnslog \
+                       ${mypath}/tinydns $myip
+       else
+               ewarn "*** tinydns directory currently exists, nothing done."
+       fi
+
+       #add afxrdns
+       if [ ! -e ${mypath}/axfrdns ]
+       then
+               einfo "Setting up axfrdns..."
+               /usr/bin/axfrdns-conf tinydns dnslog \
+                       ${mypath}/axfrdns ${mypath}/tinydns $myip
+       else
+               ewarn "*** axfrdns directory currently exists, nothing done."
+       fi
+
+       #grant access to axfrdns
+
+       echo
+       echo
+       einfo "Start service"
+       echo
+       echo "tinydns is ready for startup."
+       echo "Do you want dnscache to be started and"
+       echo "supervised by daemontools now?"
+
+       echo
+       echo "This requires daemontools to supervise"
+       echo "/service !!"
+       echo
+       echo '(press control-C to abort)'
+       read
+
+       # Don't make symbolic links to / !
+       # use ../ instead as it gives trouble in chrooted environments
+       # By Kalin KOZHUHAROV <kalin@ThinRope.net>
+       local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'`
+       cd /service
+       ln -sf ${fixedroot_path}/tinydns .
+       ln -sf ${fixedroot_path}/axfrdns .
+
+       echo
+       echo
+       einfo "Installation successfull"
+       echo
+
+}
+
+# check for root user!
+if [ `id -u` -ne 0 ]
+then
+        eerror "${0}: must be root."
+       exit 1
+fi
+               
+
+# run setup
+setup
diff --git a/net-dns/djbdns/metadata.xml b/net-dns/djbdns/metadata.xml
new file mode 100644 (file)
index 0000000..616f048
--- /dev/null
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>no-herd</herd>
+<maintainer>
+       <email>maintainer-needed@gentoo.org</email>
+</maintainer>
+</pkgmetadata>