Fix bind-tools to work with libressl 2.7.3

5 files changed, 267 insertions, 0 deletions

diff --git a/net-dns/bind-tools/Manifest b/net-dns/bind-tools/Manifest
new file mode 100644
index 0000000..e8a5827
--- /dev/null
+++ b/net-dns/bind-tools/Manifest
@@ -0,0 +1 @@
+DIST bind-9.12.1.tar.gz 9302783 BLAKE2B 731ce67acb22f72e54de1122c5d5c3c1f0663c400bdff9545578a45e5fe3094c6d754351e57dd5c52cdfe1528305dfde25eba7382a723a60b8bfdfeebb9536cd SHA512 701e34a0a3313568c8e5cf76668fefc2a1fceb2ade0de201b8f678401569f1c622c3d1657a71772fa3298efc8b3cdefe974d98432c0087e8b45af3d50a4262fb
diff --git a/net-dns/bind-tools/bind-tools-9.12.1-r1.ebuild b/net-dns/bind-tools/bind-tools-9.12.1-r1.ebuild
new file mode 100644
index 0000000..23c5a36
--- /dev/null
+++ b/net-dns/bind-tools/bind-tools-9.12.1-r1.ebuild
@@ -0,0 +1,145 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils autotools flag-o-matic toolchain-funcs
+
+MY_PN=${PN//-tools}
+MY_PV=${PV/_p/-P}
+MY_PV=${MY_PV/_rc/rc}
+MY_P="${MY_PN}-${MY_PV}"
+
+DESCRIPTION="bind tools: dig, nslookup, host, nsupdate, dnssec-keygen"
+HOMEPAGE="http://www.isc.org/software/bind"
+SRC_URI="https://www.isc.org/downloads/file/${MY_P}/?version=tar-gz -> ${MY_PN}-${PV}.tar.gz"
+
+LICENSE="Apache-2.0 BSD BSD-2 GPL-2 HPND ISC MPL-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="doc gost gssapi idn ipv6 libedit libressl readline seccomp ssl urandom xml"
+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
+
+REQUIRED_USE="gost? ( !libressl ssl )"
+
+CDEPEND="
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	gost? ( >=dev-libs/openssl-1.0.0:0=[-bindist] )
+	xml? ( dev-libs/libxml2 )
+	idn? ( <net-dns/idnkit-2:= )
+	gssapi? ( virtual/krb5 )
+	libedit? ( dev-libs/libedit )
+	!libedit? (
+		readline? ( sys-libs/readline:0= )
+	)
+	seccomp? ( sys-libs/libseccomp )"
+DEPEND="${CDEPEND}
+	virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+	!<net-dns/bind-9.10.2"
+
+S="${WORKDIR}/${MY_P}"
+
+# bug 479092, requires networking
+RESTRICT="test"
+
+src_prepare() {
+	# Disable tests for now, bug 406399
+	sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die
+
+	# bug #220361
+	rm aclocal.m4
+	rm -rf libtool.m4/
+
+	mv configure.in configure.ac || die # configure.in is deprecated
+	eautoreconf
+	
+	epatch "${FILESDIR}"/${PN}-9.12.1-libressl.patch
+}
+
+src_configure() {
+	local myconf=
+
+	if use urandom; then
+		myconf="${myconf} --with-randomdev=/dev/urandom"
+	else
+		myconf="${myconf} --with-randomdev=/dev/random"
+	fi
+
+	# bug 607400
+	if use libedit ; then
+		myconf+=' --with-readline=-ledit'
+	elif use readline ; then
+		myconf+=' --with-readline=-lreadline'
+	else
+		myconf+=' --without-readline'
+	fi
+
+	# bug 344029
+	append-cflags "-DDIG_SIGCHASE"
+
+	# localstatedir for nsupdate -l, bug 395785
+	tc-export BUILD_CC
+	econf \
+		--localstatedir="${EPREFIX}"/var \
+		--without-python \
+		--without-libjson \
+		--without-zlib \
+		--without-lmdb \
+		--disable-openssl-version-check \
+		$(use_enable ipv6) \
+		$(use_with idn) \
+		$(usex idn --with-idnlib=-lidnkit '') \
+		$(use_enable seccomp) \
+		$(use_with ssl openssl "${EPREFIX}"/usr) \
+		$(use_with xml libxml2) \
+		$(use_with gssapi) \
+		$(use_with readline) \
+		$(use_with gost) \
+		${myconf}
+
+	# bug #151839
+	echo '#undef SO_BSDCOMPAT' >> config.h
+}
+
+src_compile() {
+	local AR=$(tc-getAR)
+
+	emake AR="${AR}" -C lib/
+	emake AR="${AR}" -C bin/delv/
+	emake AR="${AR}" -C bin/dig/
+	emake AR="${AR}" -C bin/nsupdate/
+	emake AR="${AR}" -C bin/dnssec/
+}
+
+src_install() {
+	dodoc README CHANGES
+
+	cd "${S}"/bin/delv
+	dobin delv
+	doman delv.1
+
+	cd "${S}"/bin/dig
+	dobin dig host nslookup
+	doman {dig,host,nslookup}.1
+
+	cd "${S}"/bin/nsupdate
+	dobin nsupdate
+	doman nsupdate.1
+	if use doc; then
+		dohtml nsupdate.html
+	fi
+
+	cd "${S}"/bin/dnssec
+	for tool in dsfromkey importkey keyfromlabel keygen \
+	  revoke settime signzone verify; do
+		dobin dnssec-"${tool}"
+		doman dnssec-"${tool}".8
+		if use doc; then
+			dohtml dnssec-"${tool}".html
+		fi
+	done
+}
diff --git a/net-dns/bind-tools/files/bind-tools-9.12.1-libressl.patch b/net-dns/bind-tools/files/bind-tools-9.12.1-libressl.patch
new file mode 100644
index 0000000..32c471f
--- /dev/null
+++ b/net-dns/bind-tools/files/bind-tools-9.12.1-libressl.patch
@@ -0,0 +1,44 @@
+--- a/lib/dns/opensslrsa_link.c	2018-05-16 00:46:56.661611139 -0400
++++ b/lib/dns/opensslrsa_link.c	2018-05-16 00:46:37.678750236 -0400
+@@ -121,7 +121,7 @@
+ #endif
+ #define DST_RET(a) {ret = a; goto err;}
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000L)
+ /* From OpenSSL 1.1.0 */
+ static int
+ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
+--- a/lib/dns/openssldsa_link.c	2018-05-16 00:42:49.218582288 -0400
++++ b/lib/dns/openssldsa_link.c	2018-05-16 00:42:54.003543331 -0400
+@@ -49,7 +49,7 @@
+ 
+ static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000L)
+ static void
+ DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
+ 	     const BIGNUM **g)
+--- a/lib/dns/opensslecdsa_link.c	2018-05-16 00:43:17.729350165 -0400
++++ b/lib/dns/opensslecdsa_link.c	2018-05-16 00:43:19.010339735 -0400
+@@ -42,7 +42,7 @@
+ 
+ #define DST_RET(a) {ret = a; goto err;}
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000L)
+ /* From OpenSSL 1.1 */
+ static void
+ ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
+--- a/lib/dns/openssldh_link.c	2018-05-16 00:42:03.295956171 -0400
++++ b/lib/dns/openssldh_link.c	2018-05-16 00:42:04.942942762 -0400
+@@ -69,7 +69,7 @@
+ 
+ static BIGNUM *bn2, *bn768, *bn1024, *bn1536;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000L)
+ /*
+  * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg
+  * are from OpenSSL 1.1.0.
diff --git a/net-dns/bind-tools/files/bind-tools-9.5.0_p1-lwconfig.patch b/net-dns/bind-tools/files/bind-tools-9.5.0_p1-lwconfig.patch
new file mode 100644
index 0000000..7aa1d16
--- /dev/null
+++ b/net-dns/bind-tools/files/bind-tools-9.5.0_p1-lwconfig.patch
@@ -0,0 +1,63 @@
+--- lib/lwres/lwconfig.c.old	2007-06-20 01:47:22.000000000 +0200
++++ lib/lwres/lwconfig.c	2008-06-15 02:57:02.000000000 +0200
+@@ -175,13 +175,8 @@
+ 	REQUIRE(buffer != NULL);
+ 	REQUIRE(size > 0U);
+ 
+-	*p = '\0';
+-
+ 	ch = eatwhite(fp);
+ 
+-	if (ch == EOF)
+-		return (EOF);
+-
+ 	do {
+ 		*p = '\0';
+ 
+@@ -592,23 +587,37 @@
+ 		if (strlen(word) == 0U)
+ 			rval = LWRES_R_SUCCESS;
+ 		else if (strcmp(word, "nameserver") == 0)
+-			rval = lwres_conf_parsenameserver(ctx, fp);
++			rval = (stopchar != '\n')? /* fail instantly if EOL is reached */
++				lwres_conf_parsenameserver(ctx, fp)
++				: LWRES_R_FAILURE;
+ 		else if (strcmp(word, "lwserver") == 0)
+-			rval = lwres_conf_parselwserver(ctx, fp);
++			rval = (stopchar != '\n')?
++				lwres_conf_parselwserver(ctx, fp)
++				: LWRES_R_FAILURE;
+ 		else if (strcmp(word, "domain") == 0)
+-			rval = lwres_conf_parsedomain(ctx, fp);
++			rval = (stopchar != '\n')?
++				lwres_conf_parsedomain(ctx, fp)
++				: LWRES_R_FAILURE;
+ 		else if (strcmp(word, "search") == 0)
+-			rval = lwres_conf_parsesearch(ctx, fp);
++			rval = (stopchar != '\n')?
++				lwres_conf_parsesearch(ctx, fp)
++				: LWRES_R_FAILURE;
+ 		else if (strcmp(word, "sortlist") == 0)
+-			rval = lwres_conf_parsesortlist(ctx, fp);
++			rval = (stopchar != '\n')?
++				lwres_conf_parsesortlist(ctx, fp)
++				: LWRES_R_FAILURE;
+ 		else if (strcmp(word, "options") == 0)
+-			rval = lwres_conf_parseoption(ctx, fp);
++			rval = (stopchar != '\n')?
++				lwres_conf_parseoption(ctx, fp)
++				: LWRES_R_FAILURE;
+ 		else {
+ 			/* unrecognised word. Ignore entire line */
+ 			rval = LWRES_R_SUCCESS;
+-			stopchar = eatline(fp);
+-			if (stopchar == EOF) {
+-				break;
++			if (stopchar != '\n') { /* do not eat the next line */
++				stopchar = eatline(fp);
++				if (stopchar == EOF) {
++					break;
++				}
+ 			}
+ 		}
+ 		if (ret == LWRES_R_SUCCESS && rval != LWRES_R_SUCCESS)
diff --git a/net-dns/bind-tools/metadata.xml b/net-dns/bind-tools/metadata.xml
new file mode 100644
index 0000000..0db3429
--- /dev/null
+++ b/net-dns/bind-tools/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>idl0r@gentoo.org</email>
+		<name>Christian Ruppert</name>
+	</maintainer>
+	<use>
+		<flag name="urandom">Use /dev/urandom instead of /dev/random</flag>
+		<flag name="gssapi">Enable gssapi support</flag>
+		<flag name="gost">Enables gost OpenSSL engine support</flag>
+	</use>
+	<longdescription>ISC's Bind DNS' server tools</longdescription>
+</pkgmetadata>