3 files changed, 164 insertions, 1 deletions

diff --git a/net-dns/unbound/ChangeLog b/net-dns/unbound/ChangeLog
index 96db5df30130..c1bd6a401acb 100644
--- a/net-dns/unbound/ChangeLog
+++ b/net-dns/unbound/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-dns/unbound
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/unbound/ChangeLog,v 1.83 2014/12/08 18:39:07 radhermit Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/unbound/ChangeLog,v 1.84 2014/12/21 07:17:57 zx2c4 Exp $
+
+*unbound-1.5.1-r1 (21 Dec 2014)
+
+  21 Dec 2014; Jason A. Donenfeld <zx2c4@gentoo.org>
+  +files/unbound-1.5.1-pmtudisc.patch, +unbound-1.5.1-r1.ebuild:
+  Fix breakage on 3.14 LTS kernels.
 
 *unbound-1.5.1 (08 Dec 2014)
 
diff --git a/net-dns/unbound/files/unbound-1.5.1-pmtudisc.patch b/net-dns/unbound/files/unbound-1.5.1-pmtudisc.patch
new file mode 100644
index 000000000000..fb24734d0f2b
--- /dev/null
+++ b/net-dns/unbound/files/unbound-1.5.1-pmtudisc.patch
@@ -0,0 +1,35 @@
+diff -ru unbound-1.5.1-orig/services/listen_dnsport.c unbound-1.5.1/services/listen_dnsport.c
+--- unbound-1.5.1-orig/services/listen_dnsport.c	2014-09-16 15:49:21.000000000 +0200
++++ unbound-1.5.1/services/listen_dnsport.c	2014-12-21 08:15:39.126734451 +0100
+@@ -361,6 +361,7 @@
+ 		}
+ # endif /* IPv6 MTU */
+ 	} else if(family == AF_INET) {
++		int omit = 0;
+ #  if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+ /* linux 3.15 has IP_PMTUDISC_OMIT, Hannes Frederic Sowa made it so that
+  * PMTU information is not accepted, but fragmentation is allowed
+@@ -373,8 +374,11 @@
+ #    else
+ 		int action = IP_PMTUDISC_DONT;
+ #    endif
++blahblah:
+ 		if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, 
+ 			&action, (socklen_t)sizeof(action)) < 0) {
++			omit++;
++			if (errno != EINVAL) {
+ 			log_err("setsockopt(..., IP_MTU_DISCOVER, "
+ #    if defined(IP_PMTUDISC_OMIT)
+ 				"IP_PMTUDISC_OMIT"
+@@ -391,6 +395,11 @@
+ 			*noproto = 0;
+ 			*inuse = 0;
+ 			return -1;
++		}}
++		if (omit == 1) {
++		omit++;
++		action = IP_PMTUDISC_DONT;
++		goto blahblah;
+ 		}
+ #  elif defined(IP_DONTFRAG)
+ 		int off = 0;
diff --git a/net-dns/unbound/unbound-1.5.1-r1.ebuild b/net-dns/unbound/unbound-1.5.1-r1.ebuild
new file mode 100644
index 000000000000..f2c751084214
--- /dev/null
+++ b/net-dns/unbound/unbound-1.5.1-r1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/unbound/unbound-1.5.1-r1.ebuild,v 1.1 2014/12/21 07:17:57 zx2c4 Exp $
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils flag-o-matic multilib-minimal python-single-r1 systemd user
+
+MY_P=${PN}-${PV/_/}
+DESCRIPTION="A validating, recursive and caching DNS resolver"
+HOMEPAGE="http://unbound.net/"
+SRC_URI="http://unbound.net/downloads/${MY_P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~x86"
+IUSE="debug dnstap +ecdsa gost python selinux static-libs test threads"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# Note: expat is needed by executable only but the Makefile is custom
+# and doesn't make it possible to easily install the library without
+# the executables. MULTILIB_USEDEP may be dropped once build system
+# is fixed.
+
+CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
+	>=dev-libs/libevent-2.0.21[${MULTILIB_USEDEP}]
+	>=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}]
+	dnstap? (
+		dev-libs/fstrm[${MULTILIB_USEDEP}]
+		>=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}]
+	)
+	ecdsa? ( dev-libs/openssl:0[-bindist] )
+	python? ( ${PYTHON_DEPS} )"
+
+DEPEND="${CDEPEND}
+	python? ( dev-lang/swig )
+	test? (
+		net-dns/ldns-utils[examples]
+		dev-util/splint
+		app-text/wdiff
+	)"
+
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-bind )"
+
+# bug #347415
+RDEPEND="${RDEPEND}
+	net-dns/dnssec-root"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	enewgroup unbound
+	enewuser unbound -1 -1 /etc/unbound unbound
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	# To avoid below error messages, set 'trust-anchor-file' to same value in
+	# 'auto-trust-anchor-file'.
+	# [23109:0] error: Could not open autotrust file for writing,
+	# /etc/dnssec/root-anchors.txt: Permission denied
+	epatch "${FILESDIR}"/${PN}-1.4.12-gentoo.patch
+	epatch "${FILESDIR}"/${PN}-1.5.1-pmtudisc.patch
+
+	# required for the python part
+	multilib_copy_sources
+}
+
+src_configure() {
+	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable gost) \
+		$(use_enable dnstap) \
+		$(use_enable ecdsa) \
+		$(use_enable static-libs static) \
+		$(multilib_native_use_with python pythonmodule) \
+		$(multilib_native_use_with python pyunbound) \
+		$(use_with threads pthreads) \
+		--disable-rpath \
+		--with-libevent="${EPREFIX}"/usr \
+		--with-pidfile="${EPREFIX}"/var/run/unbound.pid \
+		--with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt \
+		--with-ssl="${EPREFIX}"/usr \
+		--with-libexpat="${EPREFIX}"/usr
+
+		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
+		# $(use_enable debug lock-checks) \
+		# $(use_enable debug alloc-checks) \
+		# $(use_enable debug alloc-lite) \
+		# $(use_enable debug alloc-nonregional) \
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --modules
+	use python && python_optimize
+
+	newinitd "${FILESDIR}"/unbound.initd unbound
+	newconfd "${FILESDIR}"/unbound.confd unbound
+
+	systemd_dounit "${FILESDIR}"/unbound.service
+	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"
+	systemd_dounit "${FILESDIR}"/unbound-anchor.service
+
+	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
+
+	# bug #315519
+	dodoc contrib/unbound_munin_
+
+	docinto selinux
+	dodoc contrib/selinux/*
+
+	exeinto /usr/share/${PN}
+	doexe contrib/update-anchor.sh
+}