net-dns/pdns: Version bump, security bug #605588

Package-Manager: Portage-2.3.0, Repoman-2.3.1
johu · Jan 14, 2017 · 59b1c94 · 59b1c94
1 parent 661ac77
commit 59b1c94
Show file tree

Hide file tree

Showing 2 changed files with 154 additions and 0 deletions.
diff --git a/net-dns/pdns/Manifest b/net-dns/pdns/Manifest
@@ -1 +1,2 @@
 DIST pdns-4.0.1.tar.bz2 1304788 SHA256 d191eed4a6664430e85969f49835c59e810ecbb7b3eb506e64c6b2734091edd7 SHA512 77fce9963a05198afeb569f92fbb0f6a1cb3426c28dd77b0921128189c80d9a72ebdbfc249dfc0b5b89cc7a65a83887a0388d6cc3461453b1e3096e563afdd1e WHIRLPOOL 6be1fac5cbb322fa4e4a21dc0d72f1e37ef1338a6035526ec893d2fdaa1d8c38bf0bfb124d2d00405d279cc05847d5dcf52c10938121e7d9167f9f1db2df76e2
+DIST pdns-4.0.2.tar.bz2 1314886 SHA256 d051e53b63f586c924f00ce8a81662f7bd285b461d125d4991538f92cf7e629d SHA512 6720289332ee5186f4c58a00a720f3bb58480c0ae7f09915148ca8b40e2dfdc77e2f14123df903692afa464539eeef6b21e8ea3d284278897751ba807e2cdffe WHIRLPOOL 6b58de4f2fc6fe830255203c281ca518a543b373171f73021cd8efd597c146b438a7ffd6ed018b637816fe07153a51f947818a0fa76dc237ba0f50903d3afbe9
diff --git a/net-dns/pdns/pdns-4.0.2.ebuild b/net-dns/pdns/pdns-4.0.2.ebuild
@@ -0,0 +1,153 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="6"
+
+inherit eutils multilib user toolchain-funcs versionator
+
+DESCRIPTION="The PowerDNS Daemon"
+HOMEPAGE="https://www.powerdns.com/"
+SRC_URI="https://downloads.powerdns.com/releases/${P/_/-}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+# other possible flags:
+# db2: we lack the dep
+# oracle: dito (need Oracle Client Libraries)
+# xdb: (almost) dead, surely not supported
+
+IUSE="botan debug doc geoip ldap lua luajit mydns mysql opendbx postgres protobuf remote sqlite systemd tools tinydns test"
+
+REQUIRED_USE="mydns? ( mysql ) ?? ( lua luajit )"
+
+RDEPEND="
+ dev-libs/openssl:=
+ >=dev-libs/boost-1.35:=
+ botan? ( =dev-libs/botan-1.10* )
+ lua? ( dev-lang/lua:= )
+ luajit? ( dev-lang/luajit:= )
+ mysql? ( virtual/mysql )
+ postgres? ( dev-db/postgresql:= )
+ ldap? ( >=net-nds/openldap-2.0.27-r4 )
+ sqlite? ( dev-db/sqlite:3 )
+ opendbx? ( dev-db/opendbx )
+ geoip? ( >=dev-cpp/yaml-cpp-0.5.1 dev-libs/geoip )
+ tinydns? ( >=dev-db/tinycdb-0.77 )
+ protobuf? ( dev-libs/protobuf )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ doc? ( app-doc/doxygen )"
+
+S="${WORKDIR}"/${P/_/-}
+
+src_configure() {
+ local dynmodules="pipe bind" # the default backends, always enabled
+
+ #use db2 && dynmodules+=" db2"
+ use ldap && dynmodules+=" ldap"
+ use lua && dynmodules+=" lua"
+ use mydns && dynmodules+=" mydns"
+ use mysql && dynmodules+=" gmysql"
+ use opendbx && dynmodules+=" opendbx"
+ #use oracle && dynmodules+=" goracle oracle"
+ use postgres && dynmodules+=" gpgsql"
+ use remote && dynmodules+=" remote"
+ use sqlite && dynmodules+=" gsqlite3"
+ use tinydns && dynmodules+=" tinydns"
+ use geoip && dynmodules+=" geoip"
+ #use xdb && dynmodules+=" xdb"
+
+ econf \
+ --disable-static \
+ --sysconfdir=/etc/powerdns \
+ --libdir=/usr/$(get_libdir)/powerdns \
+ --with-modules= \
+ --with-dynmodules="${dynmodules}" \
+ --with-pgsql-includes=/usr/include \
+ --with-pgsql-lib=/usr/$(get_libdir) \
+ --with-mysql-lib=/usr/$(get_libdir) \
+ $(use_enable botan botan1.10) \
+ $(use_enable debug verbose-logging) \
+ $(use_enable test unit-tests) \
+ $(use_enable tools) \
+ $(use_enable systemd) \
+ $(use_with lua) \
+ $(use_with luajit) \
+ $(use_with protobuf) \
+ ${myconf}
+}
+
+src_compile() {
+ default
+ use doc && emake -C codedocs codedocs
+}
+
+src_install() {
+ default
+
+ mv "${D}"/etc/powerdns/pdns.conf{-dist,}
+
+ fperms 0700 /etc/powerdns
+ fperms 0600 /etc/powerdns/pdns.conf
+
+ # set defaults: setuid=pdns, setgid=pdns
+ sed -i \
+ -e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \
+ "${D}"/etc/powerdns/pdns.conf
+
+ doinitd "${FILESDIR}"/pdns
+
+ keepdir /var/empty
+
+ use doc && dohtml -r codedocs/html/.
+
+ # Install development headers
+ insinto /usr/include/pdns
+ doins pdns/*.hh
+ insinto /usr/include/pdns/backends/gsql
+ doins pdns/backends/gsql/*.hh
+
+ if use ldap ; then
+ insinto /etc/openldap/schema
+ doins "${FILESDIR}"/dnsdomain2.schema
+ fi
+
+ prune_libtool_files --all
+}
+
+pkg_preinst() {
+ enewgroup pdns
+ enewuser pdns -1 -1 /var/empty pdns
+}
+
+pkg_postinst() {
+ elog "PowerDNS provides multiple instances support. You can create more instances"
+ elog "by symlinking the pdns init script to another name."
+ elog
+ elog "The name must be in the format pdns.<suffix> and PowerDNS will use the"
+ elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default."
+
+ if use ldap ; then
+ ewarn "The official LDAP backend module is only compile-tested by upstream."
+ ewarn "Try net-dns/pdns-ldap-backend if you have problems with it."
+ fi
+
+ local old
+ for old in ${REPLACING_VERSIONS}; do
+ version_compare ${old} 3.2
+ [[ $? -eq 1 ]] || continue
+
+ ewarn "To fix a security bug (bug #458018) had the following"
+ ewarn "files/directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/etc/powerdns"
+ ewarn " ${EPREFIX}/etc/powerdns/pdns.conf"
+ ewarn "Check if this is correct for your setup"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chmod o-rwx "${EPREFIX}"/etc/powerdns/{,pdns.conf}
+
+ break
+ done
+}