[gentoo-commits] repo/gentoo:master commit in: net-dns/dnsdist/

[Sam James]

commit:     1ec6edbeb8bfb4ea53f83fdce3c94953c24c5fe6
Author:     Holger Hoffstätte <holger <AT> applied-asynchrony <DOT> com>
AuthorDate: Tue Apr 29 11:49:40 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Apr 29 20:31:23 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ec6edbe

net-dns/dnsdist: add 1.9.9

This is a direct-to-stable update to fix CVE-2025-30194:
https://mailman.powerdns.com/pipermail/dnsdist/2025-April/001577.html
The only changes are the DoH fix + patches we carried in 1.9.8-r2.
Working fine for me in production.

Bug: https://bugs.gentoo.org/955071
Signed-off-by: Holger Hoffstätte <holger <AT> applied-asynchrony.com>
Part-of: https://github.com/gentoo/gentoo/pull/41841
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-dns/dnsdist/Manifest             |   1 +
 net-dns/dnsdist/dnsdist-1.9.9.ebuild | 115 +++++++++++++++++++++++++++++++++++
 2 files changed, 116 insertions(+)

diff --git a/net-dns/dnsdist/Manifest b/net-dns/dnsdist/Manifest
index 4af84f8b67f3..3b102af1a6ba 100644
--- a/net-dns/dnsdist/Manifest
+++ b/net-dns/dnsdist/Manifest
@@ -1,2 +1,3 @@
 DIST dnsdist-1.9.6.tar.bz2 1598874 BLAKE2B 
adb56707bb768ceae974cd9b725d2bf1f4beaa6e3edc6ede22a7d93920214614f10c82d71dbb773741f56dff04e0f0aa26dc0a0e2d5d405bee89d8ada1130303
 SHA512 
8d0c88336864b788df320298678e2a8556d7c4ff468ec1b4165b87c2fe5c6c167a2c75cdd2df433346fac12694d8e39d30910b8d1d4be7f35d9e0d85edd5ef5a
 DIST dnsdist-1.9.8.tar.bz2 1593902 BLAKE2B 
854344eb6b82f98001171830715fe5cf564628405b4c79c07b43fccdbca0a4c9da7e527a748bc2972261a32ed9c51582eac2e6fdbef5c25bd71b161318a62155
 SHA512 
b89bc1ba62a2cf009a305a71eaa2553810d6d5f25f71098cb34acd86bfe5632e5f9f4b5ce057ea93665f1f5dd65e6a3d67fa364e8cecf0b648559c73061baddd
+DIST dnsdist-1.9.9.tar.bz2 1609983 BLAKE2B 
54517c396d8b5b546e9bcc5890f6df0cfa8470b65d9c7dcece0c7d503fff3fc0d4e2898a7bda8e16f9935279849128293967b38865345fa4c963705b9c9b8cad
 SHA512 
addd72f5324d75811601d9efe7af8846a448694172a14066b3ae53c7e53195f6955a038f97411703f66ce6bafd02846bf3c679839c473de6f7fc9ebecb8e6ca9

diff --git a/net-dns/dnsdist/dnsdist-1.9.9.ebuild 
b/net-dns/dnsdist/dnsdist-1.9.9.ebuild
new file mode 100644
index 000000000000..5e9f8b2e5e9e
--- /dev/null
+++ b/net-dns/dnsdist/dnsdist-1.9.9.ebuild
@@ -0,0 +1,115 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( lua5-{1..4} luajit )
+
+inherit autotools flag-o-matic lua-single
+
+DESCRIPTION="A highly DNS-, DoS- and abuse-aware loadbalancer"
+HOMEPAGE="https://www.dnsdist.org/index.html";
+
+SRC_URI="https://downloads.powerdns.com/releases/${P}.tar.bz2";
+LICENSE="GPL-2"
+SLOT="0"
+
+KEYWORDS="amd64 ~x86"
+
+IUSE="bpf cdb dnscrypt dnstap doh doh3 ipcipher lmdb quic regex snmp +ssl 
systemd test web xdp"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${LUA_REQUIRED_USE}
+               dnscrypt? ( ssl )
+               doh? ( ssl )
+               doh3? ( ssl quic )
+               ipcipher? ( ssl )
+               quic? ( ssl )"
+
+RDEPEND="acct-group/dnsdist
+       acct-user/dnsdist
+       bpf? ( dev-libs/libbpf:= )
+       cdb? ( dev-db/tinycdb:= )
+       dev-libs/boost:=
+       sys-libs/libcap
+       dev-libs/libedit
+       dev-libs/libsodium:=
+       dnstap? ( dev-libs/fstrm )
+       doh? ( net-libs/nghttp2:= )
+       doh3? ( net-libs/quiche:= )
+       lmdb? ( dev-db/lmdb:= )
+       quic? ( net-libs/quiche )
+       regex? ( dev-libs/re2:= )
+       snmp? ( net-analyzer/net-snmp:= )
+       ssl? ( dev-libs/openssl:= )
+       systemd? ( sys-apps/systemd:0= )
+       xdp? ( net-libs/xdp-tools )
+       ${LUA_DEPS}
+"
+
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+src_prepare() {
+       default
+
+       # clean up duplicate file
+       rm -f README.md
+
+       # reconfigure
+       eautoreconf
+}
+
+src_configure() {
+       # bug #822855
+       append-lfs-flags
+
+       # some things can only be enabled/disabled by defines
+       ! use dnstap && append-cppflags -DDISABLE_PROTOBUF
+       ! use web && append-cppflags -DDISABLE_BUILTIN_HTML
+
+       sed 's/hardcode_libdir_flag_spec_CXX='\''$wl-rpath 
$wl$libdir'\''/hardcode_libdir_flag_spec_CXX='\''$wl-rpath $wl\/$libdir'\''/g' \
+               -i "${S}/configure"
+
+       local myeconfargs=(
+               --sysconfdir=/etc/dnsdist
+               --with-lua="${ELUA}"
+               --without-h2o
+               --enable-tls-providers
+               --without-gnutls
+               $(use_with bpf ebpf)
+               $(use_with cdb cdb)
+               $(use_enable doh dns-over-https)
+               $(use_enable doh3 dns-over-http3)
+               $(use_enable dnscrypt)
+               $(use_enable dnstap)
+               $(use_enable ipcipher)
+               $(use_with lmdb )
+               $(use_enable quic dns-over-quic)
+               $(use_with regex re2)
+               $(use_with snmp net-snmp)
+               $(use_enable ssl dns-over-tls)
+               $(use_enable systemd) \
+               $(use_enable test unit-tests)
+               $(use_with xdp xsk)
+       )
+
+       econf "${myeconfargs[@]}"
+}
+
+src_install() {
+       default
+
+       insinto /etc/dnsdist
+       doins "${FILESDIR}"/dnsdist.conf.example
+
+       newconfd "${FILESDIR}"/dnsdist.confd ${PN}
+       newinitd "${FILESDIR}"/dnsdist.initd ${PN}
+}
+
+pkg_postinst() {
+       elog "dnsdist provides multiple instances support. You can create more 
instances"
+       elog "by symlinking the dnsdist init script to another name."
+       elog
+       elog "The name must be in the format dnsdist.<suffix> and dnsdist will 
use the"
+       elog "/etc/dnsdist/dnsdist-<suffix>.conf configuration file instead of 
the default."
+}