Include bugfix for security bug #514946.

Package-Manager: portage-2.2.10/cvs/Linux x86_64
Manifest-Sign-Key: 0x64D4CF24

4 files changed, 143 insertions, 5 deletions

diff --git a/net-dns/pdns-recursor/ChangeLog b/net-dns/pdns-recursor/ChangeLog
index afe6fa170f66..63928d3e57a5 100644
--- a/net-dns/pdns-recursor/ChangeLog
+++ b/net-dns/pdns-recursor/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-dns/pdns-recursor
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns-recursor/ChangeLog,v 1.43 2014/06/21 07:41:55 swegener Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns-recursor/ChangeLog,v 1.44 2014/06/29 18:18:56 swegener Exp $
+
+*pdns-recursor-3.3-r1 (29 Jun 2014)
+
+  29 Jun 2014; Sven Wegener <swegener@gentoo.org> +pdns-recursor-3.3-r1.ebuild,
+  +files/pdns-recursor-3.3-fdlimit.patch:
+  Include bugfix for security bug #514946.
 
 *pdns-recursor-3.6.0 (21 Jun 2014)
 
diff --git a/net-dns/pdns-recursor/Manifest b/net-dns/pdns-recursor/Manifest
index d5401303d21b..cdd782f94422 100644
--- a/net-dns/pdns-recursor/Manifest
+++ b/net-dns/pdns-recursor/Manifest
@@ -2,6 +2,7 @@
 Hash: SHA256
 
 AUX pdns-recursor-3.1.7.2-error-message.patch 463 SHA256 b2c55bc015c88fb4a297d1bac8ba417d81b026df990d1f14f9e9667e51771f5d SHA512 7b91c957302aeb161519bd3204656a6345613458015a4e9d438fdbfe432753e363b823ceb279e683d8a6a6f1e644a11b6a37f8310b9bf4fbbf8656c8880005e3 WHIRLPOOL 1261da56f2b2207dd60ec33ccdca6a243329428e963bf90134d580e66817cce2015218075085a3ba44911c16d00e1fe81664b45bb9980da9fb73ba2f5170ae85
+AUX pdns-recursor-3.3-fdlimit.patch 2331 SHA256 380c9903081144b5d49508af8da2f9141a307dfd391ad594695f3690c6174cd8 SHA512 05acf2e046331cfa470ca7bb9ec52d657e40eb753100c307f0f727f3434ddb65f2390f12bef2bde9f2ef95c43dbbcd919be23a1f5527bda56f411e6ef9e336cf WHIRLPOOL 756c6025f8fb7d82ccdda29b8c1b72b682f40fe7086ebf51ea38e87d33dd66c26d3362e447c87764595b7acf9dd7410a483aa4e759dd4bfd4b6c1b98944e4db2
 AUX precursor 598 SHA256 7bb044d496dd94aef5ac6c0b347d8a474f2b7a5473542eb782be42e06a8f9b77 SHA512 4a045eca495eb0e2ef1d6838d4bb8b6223778a572530175a5809c441a7baac9ba69d6afc4c4e46c7d35bb9874609fbd4a57dcc807209484a81ae19d76abea9d4 WHIRLPOOL 1722bcf6414d866762d8560534833ba09d152fffad29b875be3cdf951e9befa066b068458129f4e7530c0adf88ff206fbf66fbf863c07a0e73544476c377b50d
 AUX recursor.conf 452 SHA256 b36b3310a26785d5e8a38c03bce9afcf8a08e321a81ee385e9557dcaa3957255 SHA512 ac4b3cd3080bfc1aad731859c24663c25b741217db4a1122ca734b15806c6a40a166693b9d297fd7c46cafaf67314b48fdf4829cb920fc2b085d6cac2f9f1c61 WHIRLPOOL 5e7c4fab788aca49161f53083b7107b101dbaaaef2dda279c2893f8c950a0fd3db6f316e20c2f78bed9a1d1e9117df619fbae14554a9300f06d087156aa5b690
 DIST pdns-recursor-3.1.7.2.tar.bz2 174082 SHA256 0f2fd93eec8d7c68578fbf1f680f6d1ab44c3249f0a08257a4e6531e48a9d2ea
@@ -12,16 +13,17 @@ DIST pdns-recursor-3.5.3.tar.bz2 176298 SHA256 192c0b47a1cfcdccaa88d70fd33766a4c
 DIST pdns-recursor-3.6.0.tar.bz2 196008 SHA256 345651705f04eb63ef6ea4573587907bc213879834e37f4b7e4c2e70bc952372 SHA512 cabb0caf46c0ce3804f62c051bffbdb914535bd94c524515d616f4f6923d277702741fd2043a17400f9158f71e30be484435f9ba0beaa27f127e6a3fe79769e5 WHIRLPOOL 090eca15d3d3cfda9c8993d24b647b50eb99a5098b8188e71a245b36f054a6df948cfcf24a6bf8a787a105f88d06e21eae3c6c7f2348c51b1f9d35eb97c2a474
 EBUILD pdns-recursor-3.1.7.2.ebuild 1376 SHA256 547a96290f9127d7830476724a2cffef6bf641b70f18342e0b93b3ea639bebed SHA512 29ea0aad2bbdd6a4a04a74ff0016b51e2d34d51c4789c6054c86a0744da972247db24f36ed70257a084b32bc8c7d14cca3004cd6b8a8ced0ad510ab27201cbfe WHIRLPOOL 88a4df60245109b1a0bff3f2026f90f84d5136989ab32b93c44d132d55c351685d7dd8edc36a774c96d59532167c04c426ae30bf24bd25a515c760d8be293a43
 EBUILD pdns-recursor-3.2.ebuild 1398 SHA256 55a41b8f6359d57ee99c9b1495c5098b3526659e18543bd4373f938f2d93c9d3 SHA512 00c78238ecae8afb6d7243fed26f97ab46541c7a0a2c30edc2eddb1413941d57188868a52c73d90e02385c41aa21cc2351998f113ce733126d1fa564d2375cb5 WHIRLPOOL ba871454d91616c83464cc068861b6508cddadd5bf253a615599ea597195205853cb00e675a3866d7f7b12a51f1c2ce60c9871ea78ceafea80ba63a34c948fa5
+EBUILD pdns-recursor-3.3-r1.ebuild 1451 SHA256 e1d168551e2d343318b238bdd29a5be1b6f76df7eaebd32595429613e466f68f SHA512 d21bde049e4d9e237645c14f81cc83b9696831f818809f1eb3ff7dd8334fd13ad39ac90607b28a07f2546f0457a2b4d026ef40a846720048ca5d4756cce3066a WHIRLPOOL 69172c1a731f95961eb343e4dda7cc3016f6826e0cfd1ba3c555b08ab4ae12801b83e4361b17af1f944e18a53a2c6b54d246bdd0b52d39613053c6cc453d73a6
 EBUILD pdns-recursor-3.3.ebuild 1398 SHA256 88c17c9baa8cda3e9d4a9e67cd07d6c1e1d7af882939bb047395b3c094f1fe5b SHA512 713d1f4d97d57d3b9225fdaba6d65987632c0247ad313c697f9277dfeac93313746f21f9f834179b8fa01115d779fd366d19f9d835196dca14dca207dfa6bf0c WHIRLPOOL ca8c1fc52ae393d281353781a1adf6b9f0ebbf87698794c03fa890dec5f05cec782ab181572cd6760c6acef0d6ca8c836dd3177fe246a110a1991394fb489efe
 EBUILD pdns-recursor-3.5.1.ebuild 1283 SHA256 3f1306eed86b5f702f267ed3f1d86105c2ff2c302abaa888477b5b83dcd36079 SHA512 191e1fc206acb3e208dc9d0149143a105e1e196829655c84a8db8da72cb21556e4d9a5e00f3a1990bba02aec5122d49d7ea61db4bd1148992059ba5ae7162d85 WHIRLPOOL a58b66594ed42967b08b70bdaa4d830dffa3ac452e0d31e532790a0ab7f50a8870acb2e9024d069b23cbeb688cb29af52499217ad42dfa13a152114629f93c25
 EBUILD pdns-recursor-3.5.3.ebuild 1283 SHA256 f66c5f46552d0c84020b67f1cacac73f11a64dc168aedca8dadb53b21c5c9659 SHA512 d24410f536eb45df1f53add7063bfabc90666a0bca40bb4c431c52c69424470888860bc6b3b89fc1974f7e399a56532a537c9cb402ce291192027908195a8bcb WHIRLPOOL e4c7a01b7ea4442bcd333027639cfbe22eaaec9876dab90991a739691b5b25ca2b27dea25e9699f31bdcd9e9a2d6c8ca4b9eb057aa7ad4aa9b3430a33ffc542b
 EBUILD pdns-recursor-3.6.0.ebuild 1178 SHA256 2dfbb51ea7b7b99176d3617773d99d5a607abcfbb3f1f304211caf76546ef795 SHA512 fa69e6cba2d2c69c196371592594f25dd1f3084b19f6656cacaa8c452d6b1b33767071815a2eff4062801d332d797f853c3fc85f379659d91fa0bfa68210a96b WHIRLPOOL cae35f364c61ab1d51831e99650ac590f5bb1c8864584c514c017a36c034f4316931bf7b4897d7228400c91846de0f06ec853740bcf59e2e88135798cd861934
-MISC ChangeLog 6884 SHA256 5fe244a8d6903155e6b48c0aebeba03b02954bf9c35a726378f26661c3c0e8bc SHA512 7566315dbc2e47baaf10da9160f3b2a22555fdeea63f4a9089f161a042caf1d4bc7b496ca29d9f5fd60f17bedb4e48be000f8536ce8f3ad3ca43282e60a1a31f WHIRLPOOL 7e2e1d66e00051c0a3519f59f04b474ab362f6ee5fa0374dc93dd5278ec419f8f946f266db1a6937be9efc2b32cef10478a31ce92a5c9ce72005fbdf4a0b4c4e
+MISC ChangeLog 7087 SHA256 c9b19d2c795363b604b943384682a93bdbd271ae6654d72f8f34a6f9373313d4 SHA512 1ed0b756f23a5fb4882d87cda926951a2f8ad91b070facbd369abc5d4a0e905888f3d07ab79c096e660c3ab87e894f86d2ada590687ae32ba2d29e5af73d0d7f WHIRLPOOL 6ac3df5a0cda1d235896c8417eaadb9c5d86a00896c3648393006734d01302d1c74059b37373fceddeacaf195abac5376fe8ce6001771c49fd0b080a5832385c
 MISC metadata.xml 816 SHA256 823df6ce02714ac732203b18964ed5d7a60ea1bf8a7d58ad8271307dc5d4b520 SHA512 24c7ebfd35accfcfa658f17ab2482589cfa0cf49f9928af9fc420414b83e4ef31fc2ddb6a823513fb48de4d075e833169e8a3946f96e3e09e602a6aa177658cb WHIRLPOOL 985daca0021bc9bd73ffa2aa98976ed5eeb479ff179fe417d90d962b005f0a5ff4d2d723361738a0a8815823f2108d1899b23607b0b8d73bc9d35ec25950cf9b
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iEYEAREIAAYFAlOlN0YACgkQI1lqEGTUzyR2kACbBSb3sWmvZL+w2wA4CPS/RteV
-w4UAmQG5uyYSDdPvmPxA3g0J9WZUzpHh
-=O0bu
+iEYEAREIAAYFAlOwWJMACgkQI1lqEGTUzyRl/QCgmHDHQT0PwpaFjGaWfLeBcz31
+0t0An3rJu8DGrnXhn9zMCKPBBJoIuWK2
+=e/GI
 -----END PGP SIGNATURE-----
diff --git a/net-dns/pdns-recursor/files/pdns-recursor-3.3-fdlimit.patch b/net-dns/pdns-recursor/files/pdns-recursor-3.3-fdlimit.patch
new file mode 100644
index 000000000000..fd3d58e59067
--- /dev/null
+++ b/net-dns/pdns-recursor/files/pdns-recursor-3.3-fdlimit.patch
@@ -0,0 +1,68 @@
+--- pdns-recursor-3.3/misc.cc
++++ pdns-recursor-3.3/misc.cc
+@@ -22,6 +22,7 @@
+ #include <netdb.h>
+ #include <sys/time.h>
+ #include <time.h>
++#include <sys/resource.h>
+ #include <netinet/in.h>
+ #include <unistd.h>
+ #endif // WIN32
+@@ -697,3 +698,22 @@
+   } while(!strchr(buffer, '\n'));
+   return true;
+ }
++
++unsigned int getFilenumLimit(bool hardOrSoft)
++{
++  struct rlimit rlim;
++  if(getrlimit(RLIMIT_NOFILE, &rlim) < 0)
++    unixDie("Requesting number of available file descriptors");
++  return hardOrSoft ? rlim.rlim_max : rlim.rlim_cur;
++}
++
++void setFilenumLimit(unsigned int lim)
++{
++  struct rlimit rlim;
++
++  if(getrlimit(RLIMIT_NOFILE, &rlim) < 0)
++    unixDie("Requesting number of available file descriptors");
++  rlim.rlim_cur=lim;
++  if(setrlimit(RLIMIT_NOFILE, &rlim) < 0)
++    unixDie("Setting number of available file descriptors");
++}
+--- pdns-recursor-3.3/misc.hh
++++ pdns-recursor-3.3/misc.hh
+@@ -445,4 +445,7 @@
+ std::string dotConcat(const std::string& a, const std::string &b);
+ int makeIPv6sockaddr(const std::string& addr, struct sockaddr_in6* ret);
+ bool stringfgets(FILE* fp, std::string& line);
++
++unsigned int getFilenumLimit(bool hardOrSoft=0);
++void setFilenumLimit(unsigned int lim);
+ #endif
+--- pdns-recursor-3.3/pdns_recursor.cc
++++ pdns-recursor-3.3/pdns_recursor.cc
+@@ -1740,7 +1740,21 @@
+   
+   g_tcpTimeout=::arg().asNum("client-tcp-timeout");
+   g_maxTCPPerClient=::arg().asNum("max-tcp-per-client");
+-  g_maxMThreads=::arg().asNum("max-mthreads");
++  g_maxMThreads=::arg().asNum("max-mthreads");	
++  unsigned int availFDs=getFilenumLimit();
++  if(g_maxMThreads * g_numThreads > availFDs) {
++    if(getFilenumLimit(true) >= g_maxMThreads * g_numThreads) {
++      setFilenumLimit(g_maxMThreads * g_numThreads);
++      L<<Logger::Warning<<"Raised soft limit on number of filedescriptors to "<<g_maxMThreads * g_numThreads<<" to match max-mthreads and threads settings"<<endl;
++    }
++    else {
++      int newval = getFilenumLimit(true) / g_numThreads;
++      L<<Logger::Warning<<"Insufficient number of filedescriptors available for max-mthreads*threads setting! ("<<availFDs<<" < "<<g_maxMThreads*g_numThreads<<"), reducing max-mthreads to "<<newval<<endl;
++      g_maxMThreads = newval;
++    }
++
++    
++  }
+ 
+   if(g_numThreads == 1) {
+     L<<Logger::Warning<<"Operating unthreaded"<<endl;
diff --git a/net-dns/pdns-recursor/pdns-recursor-3.3-r1.ebuild b/net-dns/pdns-recursor/pdns-recursor-3.3-r1.ebuild
new file mode 100644
index 000000000000..ca6999b77282
--- /dev/null
+++ b/net-dns/pdns-recursor/pdns-recursor-3.3-r1.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns-recursor/pdns-recursor-3.3-r1.ebuild,v 1.1 2014/06/29 18:18:56 swegener Exp $
+
+EAPI="3"
+
+inherit toolchain-funcs flag-o-matic eutils
+
+DESCRIPTION="The PowerDNS Recursor"
+HOMEPAGE="http://www.powerdns.com/"
+SRC_URI="http://downloads.powerdns.com/releases/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="lua"
+
+DEPEND="lua? ( >=dev-lang/lua-5.1 )"
+RDEPEND="${DEPEND}
+	!<net-dns/pdns-2.9.20-r1"
+DEPEND="${DEPEND}
+	>=dev-libs/boost-1.33.1"
+
+pkg_setup() {
+	filter-flags -ftree-vectorize
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-3.1.7.2-error-message.patch \
+		"${FILESDIR}"/pdns-recursor-3.3-fdlimit.patch
+
+	sed -i -e s:/var/run/:/var/lib/powerdns: "${S}"/config.h || die
+}
+
+src_configure() {
+	true
+}
+
+src_compile() {
+	emake \
+		CC="$(tc-getCC)" \
+		CXX="$(tc-getCXX)" \
+		OPTFLAGS="" \
+		LUA_LIBS_CONFIG="-llua" \
+		LUA_CPPFLAGS_CONFIG="" \
+		LUA="$(use lua && echo 1)" \
+		|| die "emake failed"
+}
+
+src_install() {
+	dosbin pdns_recursor rec_control || die "dosbin failed"
+	doman pdns_recursor.1 rec_control.1 || die "doman failed"
+
+	insinto /etc/powerdns
+	doins "${FILESDIR}"/recursor.conf || die "doins failed"
+
+	doinitd "${FILESDIR}"/precursor || die "doinitd failed"
+
+	# Pretty ugly, uh?
+	dodir /var/lib/powerdns/var/lib
+	dosym ../.. /var/lib/powerdns/var/lib/powerdns
+}