net-dns/pdns: Version bump (bug #559440, CVE-2015-5230)

2 files changed, 178 insertions, 0 deletions

diff --git a/net-dns/pdns/Manifest b/net-dns/pdns/Manifest
index dc729f420554..5b7de2d21d0d 100644
--- a/net-dns/pdns/Manifest
+++ b/net-dns/pdns/Manifest
@@ -6,3 +6,4 @@ DIST pdns-3.4.1.tar.bz2 1237002 SHA256 13e32a31759e7fd341b98c89fe551723a5c6a7683
 DIST pdns-3.4.2.tar.bz2 1331062 SHA256 a6ab05459a0118cb921092deee06362722c45fa69ed0166ebc3696d526014b5b SHA512 e04e0d0a9d6a10f6104a1b4e399e1b84b66aaa5561696281f85898f900bcbcbd41e49a110cddffc12e1f5043d60663ce679af91e4b76f8e1823528a5f38098ed WHIRLPOOL 84d8cd1ec0604e2dd7cb80ef8c7b0379569576e0a48541fcfa0eaaf31fc1d976129bf4d4cb0fb055940236bdcc8a791d56f78d68a94dd9a2e563f5faaeb7eb73
 DIST pdns-3.4.4.tar.bz2 1336624 SHA256 ec49f5a0b55b69ba057bf9ce28ab81e5258fc60c8d4954d9100fe3bb3efd09c8 SHA512 c4567c5e09c3396af99263cbe370ffd8409a90e2583d968d7fa4760d0867ecb1696904e9ba8f6551d815b11b20b5862d789edfb599b9c5571110d3b785f2e08a WHIRLPOOL 4e744dd75a712a9928fda2d09339e7cc922ba63e8ebb11fee88d08d8e5046730d4ea23417bcc4251dc91edb3ec7aefaa480f832fc8167cc50c685435faee4256
 DIST pdns-3.4.5.tar.bz2 1337222 SHA256 f3e1441532b0af05a6b5efe5346f02d0c55f252fbed62d5b4f2e4a80997c507d SHA512 cdf6496a832cff05519a02714aaab4b689541b01a83fe2415d360f8653db4e51a00b90ea86103dd535b22881420337b32ab8a33bb0d405df590cbed322b0827c WHIRLPOOL ee3287e2ac0c3d82e60daed2021b081fbb1e78a63847e98bfddef5fab5ce5ef43d6fea8ba5583a5f70ecc104b77814a7911b77b754492169c72bdbbec5ccb377
+DIST pdns-3.4.6.tar.bz2 1336760 SHA256 80a6a43cabd14db844bce84482ba56d03d46ebfbf96c88689fb3e2185ac286d8 SHA512 6ab4bef0482041d511ce0ea15e92cd12b0b331d3199c01463fa9150d04aca428c7b90fe25e53251f76a8809331cf32830240961dbf887e6b7c4e0a7fe07c8089 WHIRLPOOL a9541dce672e36b6f05f3a6c2b740f308af3c4b4ee3f96a5940f7ee5f2d9e017a9832604d29069e24f07925dd346f9f99a770779bccf35d14e7803fe34df8d46
diff --git a/net-dns/pdns/pdns-3.4.6.ebuild b/net-dns/pdns/pdns-3.4.6.ebuild
new file mode 100644
index 000000000000..77d6d55f103d
--- /dev/null
+++ b/net-dns/pdns/pdns-3.4.6.ebuild
@@ -0,0 +1,177 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils multilib systemd user toolchain-funcs versionator
+
+DESCRIPTION="The PowerDNS Daemon"
+HOMEPAGE="http://www.powerdns.com/"
+SRC_URI="http://downloads.powerdns.com/releases/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+# other possible flags:
+# db2: we lack the dep
+# oracle: dito (need Oracle Client Libraries)
+# xdb: (almost) dead, surely not supported
+
+IUSE="botan cryptopp debug doc geoip ldap lua mydns mysql opendbx postgres remote sqlite static tools tinydns test"
+
+REQUIRED_USE="mydns? ( mysql )"
+
+RDEPEND="!static? (
+		net-libs/polarssl
+		>=dev-libs/boost-1.34:=
+		botan? ( =dev-libs/botan-1.10* )
+		cryptopp? ( dev-libs/crypto++ )
+		lua? ( dev-lang/lua:= )
+		mysql? ( virtual/mysql )
+		postgres? ( dev-db/postgresql:= )
+		ldap? ( >=net-nds/openldap-2.0.27-r4 )
+		sqlite? ( dev-db/sqlite:3 )
+		opendbx? ( dev-db/opendbx )
+		geoip? ( >=dev-cpp/yaml-cpp-0.5.1 dev-libs/geoip )
+		tinydns? ( >=dev-db/tinycdb-0.77 )
+	)"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	static? (
+		>=net-libs/polarssl-1.3.0[static-libs(+)]
+		>=dev-libs/boost-1.34[static-libs(+)]
+		botan? ( =dev-libs/botan-1.10*[static-libs(+)] )
+		cryptopp? ( dev-libs/crypto++[static-libs(+)] )
+		lua? ( dev-lang/lua:=[static-libs(+)] )
+		mysql? ( virtual/mysql[static-libs(+)] )
+		postgres? ( dev-db/postgresql[static-libs(+)] )
+		ldap? ( >=net-nds/openldap-2.0.27-r4[static-libs(+)] )
+		sqlite? ( dev-db/sqlite:3[static-libs(+)] )
+		opendbx? ( dev-db/opendbx[static-libs(+)] )
+		geoip? ( >=dev-cpp/yaml-cpp-0.5.1 dev-libs/geoip[static-libs(+)] )
+		tinydns? ( >=dev-db/tinycdb-0.77 )
+	)
+	doc? ( app-doc/doxygen )"
+
+src_configure() {
+	local dynmodules="pipe geo bind" # the default backends, always enabled
+	local modules=""
+
+	#use db2 && dynmodules+=" db2"
+	use ldap && dynmodules+=" ldap"
+	use lua && dynmodules+=" lua"
+	use mydns && dynmodules+=" mydns"
+	use mysql && dynmodules+=" gmysql"
+	use opendbx && dynmodules+=" opendbx"
+	#use oracle && dynmodules+=" goracle oracle"
+	use postgres && dynmodules+=" gpgsql"
+	use remote && dynmodules+=" remote"
+	use sqlite && dynmodules+=" gsqlite3"
+	use tinydns && dynmodules+=" tinydns"
+	use geoip && dynmodules+=" geoip"
+	#use xdb && dynmodules+=" xdb"
+
+	if use static ; then
+		modules="${dynmodules}"
+		dynmodules=""
+	fi
+
+	use botan && myconf+=" --enable-botan1.10"
+	use cryptopp && myconf+=" --enable-cryptopp"
+	use debug && myconf+=" --enable-verbose-logging"
+
+	CRYPTOPP_CFLAGS=" " \
+	CRYPTOPP_LIBS="-lcrypto++" \
+	econf \
+		--with-system-polarssl \
+		--disable-static \
+		--sysconfdir=/etc/powerdns \
+		--libdir=/usr/$(get_libdir)/powerdns \
+		--with-modules="${modules}" \
+		--with-dynmodules="${dynmodules}" \
+		--with-pgsql-includes=/usr/include \
+		--with-pgsql-lib=/usr/$(get_libdir) \
+		--with-mysql-lib=/usr/$(get_libdir) \
+		$(use_enable test unit-tests) \
+		$(use_with lua) \
+		$(use_enable static static-binaries) \
+		$(use_enable tools) \
+		${myconf}
+}
+
+src_compile() {
+	default
+	use doc && emake -C codedocs codedocs
+}
+
+src_install () {
+	default
+
+	mv "${D}"/etc/powerdns/pdns.conf{-dist,}
+
+	fperms 0700 /etc/powerdns
+	fperms 0600 /etc/powerdns/pdns.conf
+
+	# set defaults: setuid=pdns, setgid=pdns
+	sed -i \
+		-e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \
+		"${D}"/etc/powerdns/pdns.conf
+
+	doinitd "${FILESDIR}"/pdns
+	systemd_newunit contrib/systemd-pdns.service pdns.service
+
+	keepdir /var/empty
+
+	use doc && dohtml -r codedocs/html/.
+
+	# Install development headers
+	insinto /usr/include/pdns
+	doins pdns/*.hh
+	insinto /usr/include/pdns/backends/gsql
+	doins pdns/backends/gsql/*.hh
+
+	if use ldap ; then
+		insinto /etc/openldap/schema
+		doins "${FILESDIR}"/dnsdomain2.schema
+	fi
+
+	prune_libtool_files --all
+}
+
+pkg_preinst() {
+	enewgroup pdns
+	enewuser pdns -1 -1 /var/empty pdns
+}
+
+pkg_postinst() {
+	elog "PowerDNS provides multiple instances support. You can create more instances"
+	elog "by symlinking the pdns init script to another name."
+	elog
+	elog "The name must be in the format pdns.<suffix> and PowerDNS will use the"
+	elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default."
+
+	if use ldap ; then
+		ewarn "The official LDAP backend module is only compile-tested by upstream."
+		ewarn "Try net-dns/pdns-ldap-backend if you have problems with it."
+	fi
+
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 3.2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (bug #458018) had the following"
+		ewarn "files/directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/etc/pdns"
+		ewarn "  ${EPREFIX}/etc/pdns/pdns.conf"
+		ewarn "Check if this is correct for your setup"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		chmod o-rwx "${EPREFIX}"/etc/pdns/{,pdns.conf}
+	fi
+
+}