summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-dns/pdns/ChangeLog6
-rw-r--r--net-dns/pdns/pdns-3.2.ebuild64
2 files changed, 52 insertions, 18 deletions
diff --git a/net-dns/pdns/ChangeLog b/net-dns/pdns/ChangeLog
index 481935f3509d..6c503ce184d8 100644
--- a/net-dns/pdns/ChangeLog
+++ b/net-dns/pdns/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for net-dns/pdns
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/ChangeLog,v 1.87 2013/05/20 19:05:48 dev-zero Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/ChangeLog,v 1.88 2013/05/23 12:14:11 dev-zero Exp $
+
+ 23 May 2013; Tiziano Müller <dev-zero@gentoo.org> pdns-3.2.ebuild:
+ Fix dependencies for USE=static and add pkg_postinst functionality to fix
+ permissions on /etc/pdns (bug #458018), as discussed with swegener.
*pdns-3.2 (20 May 2013)
diff --git a/net-dns/pdns/pdns-3.2.ebuild b/net-dns/pdns/pdns-3.2.ebuild
index 4a6afb9afb2c..4e4c295c852f 100644
--- a/net-dns/pdns/pdns-3.2.ebuild
+++ b/net-dns/pdns/pdns-3.2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/pdns-3.2.ebuild,v 1.1 2013/05/20 19:05:48 dev-zero Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/pdns-3.2.ebuild,v 1.2 2013/05/23 12:14:11 dev-zero Exp $
EAPI=5
@@ -19,29 +19,41 @@ KEYWORDS=""
# oracle: dito (need Oracle Client Libraries)
# xdb: (almost) dead, surely not supported
-# TODO: sort out static deps
-
IUSE="botan cryptopp debug doc ldap lua mydns mysql odbc opendbx postgres remote
remote-http sqlite static tinydns"
REQUIRED_USE="mydns? ( mysql )"
-RDEPEND="net-libs/polarssl
- botan? ( =dev-libs/botan-1.10* )
- cryptopp? ( dev-libs/crypto++ )
- lua? ( dev-lang/lua )
- mysql? ( virtual/mysql )
- postgres? ( dev-db/postgresql-base:= )
- ldap? ( >=net-nds/openldap-2.0.27-r4 )
- sqlite? ( dev-db/sqlite:3 )
- odbc? ( dev-db/unixODBC )
- opendbx? ( dev-db/opendbx )
- remote-http? ( net-misc/curl )
- tinydns? ( dev-db/cdb )
- !static? ( >=dev-libs/boost-1.34:= )"
+RDEPEND="!static? (
+ net-libs/polarssl
+ >=dev-libs/boost-1.34:=
+ botan? ( =dev-libs/botan-1.10* )
+ cryptopp? ( dev-libs/crypto++ )
+ lua? ( dev-lang/lua )
+ mysql? ( virtual/mysql )
+ postgres? ( dev-db/postgresql-base:= )
+ ldap? ( >=net-nds/openldap-2.0.27-r4 )
+ sqlite? ( dev-db/sqlite:3 )
+ odbc? ( dev-db/unixODBC )
+ opendbx? ( dev-db/opendbx )
+ remote-http? ( net-misc/curl )
+ tinydns? ( dev-db/cdb ) )"
DEPEND="${RDEPEND}
virtual/pkgconfig
- static? ( >=dev-libs/boost-1.34[static-libs] )
+ static? (
+ net-libs/polarssl[static-libs(+)]
+ >=dev-libs/boost-1.34[static-libs(+)]
+ botan? ( =dev-libs/botan-1.10*[static-libs(+)] )
+ cryptopp? ( dev-libs/crypto++[static-libs(+)] )
+ lua? ( dev-lang/lua[static-libs(+)] )
+ mysql? ( virtual/mysql[static-libs(+)] )
+ postgres? ( dev-db/postgresql-base[static-libs(+)] )
+ ldap? ( >=net-nds/openldap-2.0.27-r4[static-libs(+)] )
+ sqlite? ( dev-db/sqlite:3[static-libs(+)] )
+ odbc? ( dev-db/unixODBC[static-libs(+)] )
+ opendbx? ( dev-db/opendbx[static-libs(+)] )
+ remote-http? ( net-misc/curl[static-libs(+)] )
+ tinydns? ( dev-db/cdb ) )
doc? ( app-doc/doxygen )"
src_prepare() {
@@ -151,4 +163,22 @@ pkg_postinst() {
ewarn "The official LDAP backend module is only compile-tested by upstream."
ewarn "Try net-dns/pdns-ldap-backend if you have problems with it."
fi
+
+ local fix_perms=0
+
+ for rv in ${REPLACING_VERSIONS} ; do
+ version_compare ${rv} 3.2
+ [[ $? -eq 1 ]] && fix_perms=1
+ done
+
+ if [[ $fix_perms -eq 1 ]] ; then
+ ewarn "To fix a security bug (bug #458018) had the following"
+ ewarn "files/directories the world-readable bit removed (if set):"
+ ewarn " ${EPREFIX}/etc/pdns"
+ ewarn " ${EPREFIX}/etc/pdns/pdns.conf"
+ ewarn "Check if this is correct for your setup"
+ ewarn "This is a one-time change and will not happen on subsequent updates."
+ chmod o-rwx "${EPREFIX}"/etc/pdns/{,pdns.conf}
+ fi
+
}