diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2018-09-14 20:19:56 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2018-09-15 00:03:45 +0200 |
commit | d2dac37b7f5220aa1ca458c50977c404efc69d32 (patch) | |
tree | fe098195449e3d2e61578fe29e625292793333d9 /net-dns | |
parent | net-dns/unbound: add USE=redis to enable cache db backend (diff) | |
download | gentoo-d2dac37b7f5220aa1ca458c50977c404efc69d32.tar.gz gentoo-d2dac37b7f5220aa1ca458c50977c404efc69d32.tar.bz2 gentoo-d2dac37b7f5220aa1ca458c50977c404efc69d32.zip |
net-dns/unbound: move EDNS client subnet support behind USE flag due to privacy concerns
With EDNS client subnet support enabled, unbound will add client IP address
to requests. This could lead to an unexpected IP address leak. Therefore
we hide that feature behind a USE flag (ecs) and let user decide.
Package-Manager: Portage-2.3.49, Repoman-2.3.10
Diffstat (limited to 'net-dns')
-rw-r--r-- | net-dns/unbound/metadata.xml | 1 | ||||
-rw-r--r-- | net-dns/unbound/unbound-1.8.0-r1.ebuild | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml index 01e8dfa9bcc6..322609af4ff1 100644 --- a/net-dns/unbound/metadata.xml +++ b/net-dns/unbound/metadata.xml @@ -23,6 +23,7 @@ <flag name="dnscrypt">Enable DNSCrypt support</flag> <flag name="dnstap">Enable dnstap support</flag> <flag name="ecdsa">Enable ECDSA support</flag> + <flag name="ecs">Enable EDNS client subnet support</flag> <flag name="gost">Enable GOST support</flag> <flag name="redis">Enable cache db backend which uses <pkg>dev-libs/hiredis</pkg></flag> </use> diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild index f544060754e5..6d9dee1cdfcb 100644 --- a/net-dns/unbound/unbound-1.8.0-r1.ebuild +++ b/net-dns/unbound/unbound-1.8.0-r1.ebuild @@ -14,7 +14,7 @@ SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz" LICENSE="BSD GPL-2" SLOT="0/8" # ABI version of libunbound.so KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" -IUSE="debug dnscrypt dnstap +ecdsa gost libressl python redis selinux static-libs systemd test threads" +IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads" REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" # Note: expat is needed by executable only but the Makefile is custom @@ -96,6 +96,7 @@ multilib_src_configure() { $(use_enable dnscrypt) \ $(use_enable dnstap) \ $(use_enable ecdsa) \ + $(use_enable ecs subnet) \ $(multilib_native_use_enable redis cachedb) \ $(use_enable static-libs static) \ $(use_enable systemd) \ @@ -105,7 +106,6 @@ multilib_src_configure() { --disable-flto \ --disable-rpath \ --enable-ipsecmod \ - --enable-subnet \ --enable-tfo-client \ --enable-tfo-server \ --with-libevent="${EPREFIX%/}"/usr \ |