net-dns/bind-tools: Security bump, bug #559462 - CVE-2015-5722, CVE-2015-5986

Package-Manager: portage-2.2.20.1

diff --git a/net-dns/bind-tools/Manifest b/net-dns/bind-tools/Manifest
index 15de6564f82e35805262629cb7c8194861c94648..9f622242da7e92515d4fc4f1e03d4c2b445987b0 100644 (file)
--- a/net-dns/bind-tools/Manifest
+++ b/net-dns/bind-tools/Manifest
@@ -1,2 +1,3 @@
 DIST bind-9.10.1-P1.tar.gz 8356463 SHA256 974343108d32f253a130383d0ba51290fb7bf372092f1451f264a9e3ac09898d SHA512 5fedff46d9cb0ff2544624c6d998f4f4bcd82152730e8e936c2611847fe443018b5c5c1dfb1dc49888dde5e3e30c3814f08369525612f0770575d54a3133ed48 WHIRLPOOL 6f39ff0e15676ed68f6d48d2ec5894b00de5192edbbbff94444f62dcf83e62a1e72019d575da97b6e6cde91b8918da78721c48510dbaad88095d4f2b3af375eb
 DIST bind-9.10.2-P2.tar.gz 8469608 SHA256 b1e6f0af88634aaf48fb9d06bbf82968264f49b8e2685f061dd3fd4c1ab76c5f SHA512 f59a4e7ef268cd95be9c31b8f908a77b261c76bfad0572608f503175e4e06e69c22ee88f4b6ae9578cd096aa069d9401f76084c7e07b3e98e9dbbb40d535695c WHIRLPOOL 10b035f790a43552b22eed13a98b8dcfdc0cc0614342ae221ce23ba655fb40a46e336cca8575460bf26a792303c6eba61e184ca5deb219372fdd09609b4c9798
+DIST bind-9.10.2-P4.tar.gz 8471531 SHA256 c00b21ec1def212957f28efe9d10aac52d6ec515e84fbf2c42143f5d71429cb8 SHA512 71dd211167c46ada768389f818b114c9e101132544510df0fde7b83ccbe6ef4d7313a3a254f11efe1ccea43a35f74785de4757c9f6044320174f5a69d39cdd5c WHIRLPOOL 0e179fb597c906c05d820969b8a005511aac177c968ffb10d34c1eda132c6caf9aa6fe8348a16e6ce55317784e44645a5295ccdb2aa740ac5960d6bd85dca7db

diff --git a/net-dns/bind-tools/bind-tools-9.10.2_p4.ebuild b/net-dns/bind-tools/bind-tools-9.10.2_p4.ebuild
new file mode 100644 (file)
index 0000000..965482f
--- /dev/null
+++ b/net-dns/bind-tools/bind-tools-9.10.2_p4.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils autotools flag-o-matic toolchain-funcs
+
+MY_PN=${PN//-tools}
+MY_PV=${PV/_p/-P}
+MY_PV=${MY_PV/_rc/rc}
+MY_P="${MY_PN}-${MY_PV}"
+
+DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
+HOMEPAGE="http://www.isc.org/software/bind"
+SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz"
+
+LICENSE="ISC BSD BSD-2 HPND JNIC RSA openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="doc gost gssapi idn ipv6 readline seccomp ssl urandom xml"
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+REQUIRED_USE="gost? ( ssl )"
+
+DEPEND="ssl? ( dev-libs/openssl:0 )
+       gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] )
+       xml? ( dev-libs/libxml2 )
+       idn? ( net-dns/idnkit )
+       gssapi? ( virtual/krb5 )
+       readline? ( sys-libs/readline:0= )
+       seccomp? ( sys-libs/libseccomp )"
+RDEPEND="${DEPEND}
+       !<net-dns/bind-9.10.2"
+
+S="${WORKDIR}/${MY_P}"
+
+# bug 479092, requires networking
+RESTRICT="test"
+
+src_prepare() {
+       epatch "${FILESDIR}"/${PN}-9.5.0_p1-lwconfig.patch #231247
+       epatch "${FILESDIR}"/${PN}-9.10.2-openssl.patch #417129
+
+       # Disable tests for now, bug 406399
+       sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+       # bug #220361
+       rm aclocal.m4
+       rm -rf libtool.m4/
+       eautoreconf
+}
+
+src_configure() {
+       local myconf=
+
+       if use urandom; then
+               myconf="${myconf} --with-randomdev=/dev/urandom"
+       else
+               myconf="${myconf} --with-randomdev=/dev/random"
+       fi
+
+       # bug 344029
+       append-cflags "-DDIG_SIGCHASE"
+
+       # localstatedir for nsupdate -l, bug 395785
+       tc-export BUILD_CC
+       econf \
+               --localstatedir=/var \
+               --without-python \
+               --without-libjson \
+               --disable-openssl-version-check \
+               $(use_enable ipv6) \
+               $(use_with idn) \
+               $(usex idn --with-idnlib=-lidnkit '') \
+               $(use_enable seccomp) \
+               $(use_with ssl openssl) \
+               $(use_with xml libxml2) \
+               $(use_with gssapi) \
+               $(use_with readline) \
+               $(use_with gost) \
+               ${myconf}
+
+       # bug #151839
+       echo '#undef SO_BSDCOMPAT' >> config.h
+}
+
+src_compile() {
+       local AR=$(tc-getAR)
+
+       emake AR="${AR}" -C lib/
+       emake AR="${AR}" -C bin/delv/
+       emake AR="${AR}" -C bin/dig/
+       emake AR="${AR}" -C bin/nsupdate/
+       emake AR="${AR}" -C bin/dnssec/
+}
+
+src_install() {
+       dodoc README CHANGES FAQ
+
+       cd "${S}"/bin/delv
+       dobin delv
+       doman delv.1
+
+       cd "${S}"/bin/dig
+       dobin dig host nslookup
+       doman {dig,host,nslookup}.1
+
+       cd "${S}"/bin/nsupdate
+       dobin nsupdate
+       doman nsupdate.1
+       if use doc; then
+               dohtml nsupdate.html
+       fi
+
+       cd "${S}"/bin/dnssec
+       for tool in dsfromkey importkey keyfromlabel keygen \
+         revoke settime signzone verify; do
+               dobin dnssec-"${tool}"
+               doman dnssec-"${tool}".8
+               if use doc; then
+                       dohtml dnssec-"${tool}".html
+               fi
+       done
+}