commit: df24b628253c342df306b88ce2c15d518f96e762 Author: Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr> AuthorDate: Sat Jul 19 16:32:42 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Jul 19 16:56:46 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df24b628
net-dns/knot-resolver: Bump to 5.7.6 Security fixes : DoS - rare crashes Bug: https://bugs.gentoo.org/960462 Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr> Part-of: https://github.com/gentoo/gentoo/pull/43069 Signed-off-by: Sam James <sam <AT> gentoo.org> net-dns/knot-resolver/Manifest | 2 + net-dns/knot-resolver/knot-resolver-5.7.6.ebuild | 99 ++++++++++++++++++++++++ 2 files changed, 101 insertions(+) diff --git a/net-dns/knot-resolver/Manifest b/net-dns/knot-resolver/Manifest index 77cd84dd12c3..9186e0c477e2 100644 --- a/net-dns/knot-resolver/Manifest +++ b/net-dns/knot-resolver/Manifest @@ -1,4 +1,6 @@ DIST knot-resolver-5.7.5.tar.xz 1924960 BLAKE2B cad47756832b34399ea0437ef041ddbfeef10645004ad48ea1ca7cf8fca380b443eb20e345418ebe5dc1566f8f19ee400a1819077bda4d9d2b7949b36a6fb4df SHA512 b9ade76accf60c7eee173cfff18e1881e79bcd63d85ef583973244bf37f40c4c57fed00d840c61643b65b82b1f93f85480c4f10334416cab87fae3da46918fc3 DIST knot-resolver-5.7.5.tar.xz.asc 833 BLAKE2B 675b91253c5ae72db9e1ef6513a681538967f72b6b7a91f2159b42e7581b398a0a90df7e75da0e6818f1a20549a23677ab34722bbcf762cad019d4c211221f1e SHA512 df06eb244fa051a5f71385424b2da2479203019c6824344ec2226bc4851a3eb12eb3bb0f6f5a3e5ccce8c5875b6867924fa46b6939545cb35b24ef799f9ef6b0 +DIST knot-resolver-5.7.6.tar.xz 1924840 BLAKE2B aca1a3f70921c63005b23f3a9ebb6b602bf0e9d75e7d981b68b4c7b60fb3c0221250ca5b2feafad717136a3376270f7314777fdb0e92e4d5932ecdc5ed5c11a8 SHA512 4dcaff56b0368bc147e04ffbf6ce4a3595fa3a59e99e73b516edc7813142abcb20823b987824b11a31e3eca3cc62fa176caf4408361daeac67b6f0587f9a0268 +DIST knot-resolver-5.7.6.tar.xz.asc 833 BLAKE2B 93579242e6deee33477610c91d72c1152bdbd05355a57893a9519955ce022034315669a91c311081a6e2b4683bf641305fe79ae360b2b61e51a02e0b5c4d8361 SHA512 478449d96dddaff9aff134a2a3bc991d8e50423f38a00e7256b54be9ab89d85d66eaa8e83815f4b31700b16fd94f8017493db6347e57d0583feec38bb35655f6 DIST knot-resolver-6.0.14.tar.xz 2147184 BLAKE2B 335922a910f21061978dd75d8ff55601cf1968b5452d60275f817d5d1fb4455b0b5f13c062e7af4e37a20c5c706e877b0ef250f1344ccc0f4ebd254f12e18e5f SHA512 49ad64a37c476b5564d8eec8ecc6fb051925a4f649cc7e8a03d3d9265a29686ab41997a1e6db505c9a198cadde545769d8ee161f4fb06cc737d7c7f7f62afbee DIST knot-resolver-6.0.14.tar.xz.asc 833 BLAKE2B fb9469f1e8e197c65ee2cffdb6c0632cf2d679468468497aaf735989bcc164b1145eeecf2868e9717f1c8507e317e6a0b0e6066c7a38d947b6d7818f782823ff SHA512 6b0ffb0748bdae435417fdaefabea825905bdb8122e4aba3999dcc7407d413d5d2dd63c98373a7527b715da8da82bd6e5853d48122ff4ef70f8592098f8d516d diff --git a/net-dns/knot-resolver/knot-resolver-5.7.6.ebuild b/net-dns/knot-resolver/knot-resolver-5.7.6.ebuild new file mode 100644 index 000000000000..874994b45b28 --- /dev/null +++ b/net-dns/knot-resolver/knot-resolver-5.7.6.ebuild @@ -0,0 +1,99 @@ +# Copyright 2024-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( luajit ) + +inherit lua-single meson optfeature tmpfiles verify-sig + +DESCRIPTION="A scaleable caching DNS resolver" +HOMEPAGE="https://www.knot-resolver.cz https://gitlab.nic.cz/knot/knot-resolver"; +SRC_URI=" + https://knot-resolver.nic.cz/release/${P}.tar.xz + verify-sig? ( https://knot-resolver.nic.cz/release/${P}.tar.xz.asc ) +" + +LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT" +SLOT="0" +KEYWORDS="~amd64" + +IUSE="caps dnstap jemalloc kresc nghttp2 selinux systemd test xdp" +RESTRICT="!test? ( test )" +REQUIRED_USE="${LUA_REQUIRED_USE}" + +RDEPEND=" + ${LUA_DEPS} + acct-group/knot-resolver + acct-user/knot-resolver + dev-db/lmdb:= + dev-libs/libuv:= + net-dns/knot:=[xdp?] + net-libs/gnutls:= + caps? ( sys-libs/libcap-ng ) + dnstap? ( + dev-libs/fstrm + dev-libs/protobuf-c:= + ) + jemalloc? ( dev-libs/jemalloc:= ) + kresc? ( dev-libs/libedit ) + nghttp2? ( net-libs/nghttp2:= ) + selinux? ( sec-policy/selinux-knot ) + systemd? ( sys-apps/systemd:= ) +" +DEPEND=" + ${RDEPEND} + test? ( dev-util/cmocka ) +" +BDEPEND=" + virtual/pkgconfig + verify-sig? ( >=sec-keys/openpgp-keys-knot-resolver-20240304 ) +" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/${PN}.gpg + +PATCHES=( + "${FILESDIR}"/${PN}-5.5.3-docdir.patch + "${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch + "${FILESDIR}"/${PN}-5.7.4-libsystemd.patch +) + +src_configure() { + local emesonargs=( + --localstatedir "${EPREFIX}"/var # double lib + # https://bugs.gentoo.org/870019 + -Dauto_features=disabled + -Ddoc=disabled + -Ddocdir="${EPREFIX}"/usr/share/doc/${PF} + -Dopenssl=disabled + -Dmalloc=$(usex jemalloc jemalloc disabled) + -Dsystemd_files=enabled + $(meson_feature caps capng) + $(meson_feature dnstap) + $(meson_feature kresc client) + $(meson_feature nghttp2) + $(meson_feature systemd) + $(meson_feature test unit_tests) + ) + + meson_src_configure +} + +src_install() { + meson_src_install + fowners -R ${PN}: /etc/${PN} + + newinitd "${FILESDIR}"/kresd.initd-r2 kresd + newconfd "${FILESDIR}"/kresd.confd-r1 kresd + newinitd "${FILESDIR}"/kres-cache-gc.initd kres-cache-gc +} + +pkg_postinst() { + tmpfiles_process knot-resolver.conf + optfeature_header "This package is recommended with Knot Resolver:" + optfeature "asynchronous execution, especially with policy module" dev-lua/cqueues + elog "" + optfeature_header "Other packages may also be useful:" + optfeature "legacy doh and webmgmt (metrics, tracking)" dev-lua/lua-http + optfeature "server map with geoIP database (webmgmt)" dev-lua/lua-mmdb +}
