4 files changed, 211 insertions, 5 deletions
diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index 92f5978f01e2..8ce5420311b4 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,3 +1,3 @@
 DIST bind-9.10.2-P4.tar.gz 8471531 SHA256 c00b21ec1def212957f28efe9d10aac52d6ec515e84fbf2c42143f5d71429cb8 SHA512 71dd211167c46ada768389f818b114c9e101132544510df0fde7b83ccbe6ef4d7313a3a254f11efe1ccea43a35f74785de4757c9f6044320174f5a69d39cdd5c WHIRLPOOL 0e179fb597c906c05d820969b8a005511aac177c968ffb10d34c1eda132c6caf9aa6fe8348a16e6ce55317784e44645a5295ccdb2aa740ac5960d6bd85dca7db
-DIST bind-9.10.3.tar.gz 8552545 SHA256 9ac33bd8754ab4b6ee449b1b2aa88e09f51cda088486f4ab1585acd920b98ff0 SHA512 4dd6b298496cb451d8ccc0c1360f7bcfcd4f3180097c7fe4af33bffb8f8d38808e56bcc008d009deb5c8f1e612a2c6c00154b822df94a709195a3abf63e98f99 WHIRLPOOL 0562f3fb4fd0ca9b487f84a67321c1ccf4d05ca13272de740db9ccbda7bb50bea9d23f4d6732bf9b9dabbfaeef03e87b47a7eb7f36bf84c92aee2e87a76ea859
+DIST bind-9.10.3-P2.tar.gz 8523719 SHA256 4a6c1911ac0d4b6be635b63de3429b6c168ea244043f12bbc8a4eb3368fd6ecd SHA512 21905cdff464f9ff275b87744433970d4a80faa6d9245c66c092421a45e89e438bd78f3bfe0d795964312f072c936e44eb6867b72decbba86821619180ced210 WHIRLPOOL 7bc4038a746e5b5c4166fb0d7a57985be9defef4c4c494492312671b81853f506c3216fcd94df993f6f1088d4c36c838d40d85fedbe8eee1b4265c5e2caecaa6
 DIST dyndns-samples.tbz2 22866 SHA256 92fb06a92ca99cbbe96b90bcca229ef9c12397db57ae17e199dad9f1218fdbe8 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac WHIRLPOOL 08d4e6a817f1d02597631e18152dbd55ea1bc4c82174be150cc77efc9e1f0f03b6471d1cefbe4229cd3161de752ef232a43ca274a07b78e9c974ceb04cfe99a2
diff --git a/net-dns/bind/bind-9.10.3.ebuild b/net-dns/bind/bind-9.10.3_p2.ebuild
index f1956d5e6cbf..3b45baa1dc9f 100644
--- a/net-dns/bind/bind-9.10.3.ebuild
+++ b/net-dns/bind/bind-9.10.3_p2.ebuild
@@ -41,7 +41,7 @@ LICENSE="GPL-2 ISC BSD BSD-2 HPND JNIC openssl"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="berkdb +caps dlz doc fetchlimit filter-aaaa fixed-rrset geoip gost gssapi idn ipv6
-json ldap mysql nslint odbc postgres python rpz seccomp selinux sit ssl static-libs
+json ldap libressl mysql nslint odbc postgres python rpz seccomp selinux sit ssl static-libs
 +threads urandom xml"
 # sdb-ldap - patch broken
 # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
@@ -51,11 +51,15 @@ REQUIRED_USE="postgres? ( dlz )
 	mysql? ( dlz !threads )
 	odbc? ( dlz )
 	ldap? ( dlz )
-	gost? ( ssl )
+	gost? ( !libressl ssl )
 	threads? ( caps )"
 # sdb-ldap? ( dlz )
 
-DEPEND="ssl? ( dev-libs/openssl:0[-bindist] )
+DEPEND="
+	ssl? (
+		!libressl? ( dev-libs/openssl:0[-bindist] )
+		libressl? ( dev-libs/libressl )
+	)
 	mysql? ( >=virtual/mysql-4.0 )
 	odbc? ( >=dev-db/unixODBC-2.2.6 )
 	ldap? ( net-nds/openldap )
@@ -87,6 +91,8 @@ pkg_setup() {
 }
 
 src_prepare() {
+	epatch "${FILESDIR}"/${P}-libressl.patch
+
 	# Adjusting PATHs in manpages
 	for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do
 		sed -i \
@@ -235,7 +241,7 @@ src_install() {
 
 	# ftp://ftp.rs.internic.net/domain/named.cache:
 	insinto /var/bind
-	newins "${FILESDIR}"/named.cache-r1 named.cache
+	newins "${FILESDIR}"/named.cache-r2 named.cache
 
 	insinto /var/bind/pri
 	newins "${FILESDIR}"/localhost.zone-r3 localhost.zone
diff --git a/net-dns/bind/files/bind-9.10.3_p2-libressl.patch b/net-dns/bind/files/bind-9.10.3_p2-libressl.patch
new file mode 100644
index 000000000000..a38a70d05e4b
--- /dev/null
+++ b/net-dns/bind/files/bind-9.10.3_p2-libressl.patch
@@ -0,0 +1,110 @@
+Fix LibreSSL compatibility, patches from OpenBSD
+
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/isc-bind/patches/
+
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_dst_openssl_h?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssl_link_c?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldh_link_c?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldsa_link_c?rev=1.1&content-type=text/plain
+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_opensslrsa_link_c?rev=1.1&content-type=text/plain
+
+--- lib/dns/dst_openssl.h.orig	Wed Sep 16 14:00:47 2015
++++ lib/dns/dst_openssl.h	Wed Sep 16 14:02:42 2015
+@@ -36,7 +36,7 @@
+ #define USE_ENGINE 1
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /*
+  * These are new in OpenSSL 1.1.0.  BN_GENCB _cb needs to be declared in
+  * the function like this before the BN_GENCB_new call:
+--- lib/dns/openssl_link.c.orig	Wed Sep 16 14:01:23 2015
++++ lib/dns/openssl_link.c	Wed Sep 16 14:01:46 2015
+@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) {
+ 	return (result == ISC_R_SUCCESS ? 1 : -1);
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ static void
+ entropy_add(const void *buf, int num, double entropy) {
+ 	/*
+@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in
+ 		UNLOCK(&locks[type]);
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ static unsigned long
+ id_callback(void) {
+ 	return ((unsigned long)isc_thread_self());
+@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) {
+ 	if (result != ISC_R_SUCCESS)
+ 		goto cleanup_mutexalloc;
+ 	CRYPTO_set_locking_callback(lock_callback);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	CRYPTO_set_id_callback(id_callback);
+ #endif
+ 
+@@ -287,7 +287,7 @@ dst__openssl_destroy(void) {
+ 	CRYPTO_cleanup_all_ex_data();
+ #endif
+ 	ERR_clear_error();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	ERR_remove_state(0);
+ #endif
+ 	ERR_free_strings();
+--- lib/dns/openssldh_link.c.orig	Wed Sep 16 14:01:23 2015
++++ lib/dns/openssldh_link.c	Wed Sep 16 14:02:06 2015
+@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void
+ 	DH *dh = NULL;
+ #if OPENSSL_VERSION_NUMBER > 0x00908000L
+ 	BN_GENCB *cb;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	BN_GENCB _cb;
+ #endif
+ 	union {
+@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void
+ 		if (dh == NULL)
+ 			return (dst__openssl_toresult(ISC_R_NOMEMORY));
+ 		cb = BN_GENCB_new();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 		if (cb == NULL) {
+ 			DH_free(dh);
+ 			return (dst__openssl_toresult(ISC_R_NOMEMORY));
+--- lib/dns/openssldsa_link.c.orig	Wed Sep 16 14:01:23 2015
++++ lib/dns/openssldsa_link.c	Wed Sep 16 14:02:22 2015
+@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
+ 	isc_result_t result;
+ #if OPENSSL_VERSION_NUMBER > 0x00908000L
+ 	BN_GENCB *cb;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	BN_GENCB _cb;
+ #endif
+ 	union {
+@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (
+ 	if (dsa == NULL)
+ 		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+ 	cb = BN_GENCB_new();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 	if (cb == NULL) {
+ 		DSA_free(dsa);
+ 		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+--- lib/dns/opensslrsa_link.c.orig	Wed Sep 16 14:01:23 2015
++++ lib/dns/opensslrsa_link.c	Wed Sep 16 14:02:31 2015
+@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca
+ 	} u;
+ 	RSA *rsa = RSA_new();
+ 	BIGNUM *e = BN_new();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	BN_GENCB _cb;
+ #endif
+ 	BN_GENCB *cb = BN_GENCB_new();
diff --git a/net-dns/bind/files/named.cache-r2 b/net-dns/bind/files/named.cache-r2
new file mode 100644
index 000000000000..71713d8c280f
--- /dev/null
+++ b/net-dns/bind/files/named.cache-r2
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    December 01, 2015
+;       related version of root zone:   2015120100
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file