Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-dns
diff options
context:
space:
mode:
Diffstat (limited to 'net-dns')
-rw-r--r--net-dns/djbdns/ChangeLog10
-rw-r--r--net-dns/djbdns/Manifest28
-rw-r--r--net-dns/djbdns/djbdns-1.05-r29.ebuild146
-rw-r--r--net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch351
4 files changed, 532 insertions, 3 deletions
diff --git a/net-dns/djbdns/ChangeLog b/net-dns/djbdns/ChangeLog
index f5339f7ba1d1..9139f52b11fc 100644
--- a/net-dns/djbdns/ChangeLog
+++ b/net-dns/djbdns/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-dns/djbdns
-# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/ChangeLog,v 1.143 2013/12/04 18:14:57 mjo Exp $
+# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/ChangeLog,v 1.144 2014/04/17 02:10:16 mjo Exp $
+
+*djbdns-1.05-r29 (17 Apr 2014)
+
+ 17 Apr 2014; Michael Orlitzky <mjo@gentoo.org> +djbdns-1.05-r29.ebuild, +files
+ /CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch:
+ Version bump with new ipv6 patch and unconditional man pages (bug #504640).
04 Dec 2013; Michael Orlitzky <mjo@gentoo.org> metadata.xml:
Remove proxy-maintainers herd and use @gentoo.org email address for
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest
index b6c419799abe..21b0e74588de 100644
--- a/net-dns/djbdns/Manifest
+++ b/net-dns/djbdns/Manifest
@@ -1,4 +1,8 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
AUX 1.05-errno.patch 238 SHA256 40e01efac08e95bf87b46e2d86378b0a60c234c64080b7f42039178ac6de61af SHA512 a4d58f88933bf567e6b23ed519c6605ed9f7be7f517062b47efb2a073bbac86e1753f4c359f35505777d8ab1259120ac3ff97d8c1c037ff379b144fd47730903 WHIRLPOOL 0f4ab6f25ec21c0da8b7b2fb5fa1be2f3b57027067b5a83f5bf95508b3a0242a8cd31e115f24ba01efe129755d993f7b9c91cbc4d2a4a71629be8cbc5b7502b1
+AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch 9944 SHA256 720e6027b1f2d6baac37f6fb4b35b882cd464c9e30b5b99844cbadb9bf723f6d SHA512 6d69e3a04730c1d2ac5d1a48468332d44792f4d7ebb0c68391391ac04cc7e32f7b5c1d0e2308a34c68e1382eb55dfeef3e5fbf5b01fb28e128af45549b9f9534 WHIRLPOOL 7f458b204608cce4c706380bc094e09be9a8e42e55e3ab8fcb18ba60c745f2aa803d0ca56339dece054996d273c62fb211246d54388edfb3fcdd9476731616ef
AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch 10049 SHA256 56c7db6c5bed3200e1f6e4995018c96158085f2f7169c7b148c7c034ddff8111 SHA512 b6eb87ca334abdcff4f5159fb80cc28150f3cc1e0d20cf6a7aa13dacfdc3ad00d250e035bb3294b691d6b5edd8c76365f5c13e1bf322a070c36c7a0960683761 WHIRLPOOL a67d154f213648602fcc2f85dd69cdae7dae1fab93884347fd5454f292ba59f58901b4b0fb5e5ab04f1111273efcce4bfa4a879945ae26abfadaf3195cc9948d
AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch 9914 SHA256 b5e030e96ed98d96d36c39e3466e04d98d39c5f1c7e94254ea3da5e99381eed6 SHA512 cbec128b021a341c68906289ca02d3a7fe088c8b3835f2ae3dbb581ad6520712eb344d66e11bb82368dbca2e93e46facd4e10d121fc091099b3a7bfd5e6d081e WHIRLPOOL eafd062004f19a21026be48512b13c627b86dd3f101e00fc15837005a1b2d70a9d92547881974cb1cfdb3fb8a819eea73c1fefa6d2dafacf635a9e98acf9ad4e
AUX CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch 3043 SHA256 0e6312ab8408d98bc3e6d1b1cddc36f51a5cd092db14bd3f84a8f47d08070c27 SHA512 f830bfd2fabd4d9b4e2649bcc4061d656d4645b93829415d070b26c6a22e8e17d941666b8e776947bf9a8ef93007f77d8be57fc9911dcc6dc2b7ac607d556ba0 WHIRLPOOL 0cca02943cf7eb95f5d33863144f5c9500bdb5c9928416cf043accf91461bc4baa31dc34b3a320a8a72ca3adcb79806d92e5c81343b719706d2242c825df05f7
@@ -12,10 +16,32 @@ AUX headtail.patch 1780 SHA256 28ebe521132fe35559273b6542505ab4f0bb7b7ccb8858552
AUX makefile-parallel.patch 2182 SHA256 cec0762d0f3a1469b854bcfc0af6bb42b5bf2d81b623dcfa7c7e9bf516f28fec SHA512 82dbddb67160e4bc38c223cfa6f5377dfa3b79aed24bf7c8a6e429766885b400c31c0ee2e0391ef1561a3d0dc935e999b291d792e10acc96c1f4d32ddc95ac74 WHIRLPOOL 55935e24af2fd5b3adcd43e7ae7fb13a9679984c28f652fa34356cbca10356584a065f299bd2c77f14f238ae50a93b8ff515711b493bf2d425c8a179b9417a5f
AUX string_length_255.patch 299 SHA256 c9b8d0065cfe6d4a9ad460c31c2a75bcce17bfb8001f4448e3464dea07524401 SHA512 b451d23e1a45636dfae7cf69c64e3edde6b655bc0c7407586429e0d8282f17ef6215c6c33a6d238115c39d34fa57fa7699a7a10f146344c677fde10c0e207ac3 WHIRLPOOL 123bdee78c90909936a9af779925cb1da37b83a30e84cad7516f1ca8cf47d9a6445ec39103eb076dc834ec65976004f8bf9aabe63dfffd9604e1b70907c4bcb6
AUX tinydns-setup 3212 SHA256 2d4e144e5408793f1d5ffa23abc510a04e449a6306965c1a35fb8956a419696f SHA512 87dd97cd84f7d2515fb9c28921c9860ee92d41048ea0b32c904166b8799cfa828cb77161701b1dbb6af8de2c23df9e36de251a90900ce00fe12c439917dffe1c WHIRLPOOL 77c373f001d8ed742663e2d8dd62b5697a61b5debe6c38720ab64b09d63338fdeee08caa89992dbac0ac676b45fb3fbbe193da453114a659282a4f119d8f0c23
+DIST djbdns-1.05-man.tar.gz 17170 SHA256 ba1c58f14bc928908d8618230f400d73cfe2200ed800a272b63048e3e50be569 SHA512 98af7bd9033a2205fbbc0f23b7eab45b9756f6ceff5199a62952e19c89c9fe3c03495cb6f8621d388f883c40650309a1509095417df3f54af21a71350c4aa183 WHIRLPOOL b611e37e7422a4ae405fa15a4b9ff7eb8d0007d81310d044bc1982fe70dada1e4646cf22832e8e5320bae8d2e328eb87d59eb51c3d390f1089f30548053b839b
DIST djbdns-1.05-test23.diff.bz2 18480 SHA256 e702f47b4a4c77fe5cec474a8219a072cfaaee07282650b7e0dd322ed82e8f33 SHA512 a19e9af9096b97f7b73eca55bdb9bbd9df66bdef052da8323b1e7d5de5a83565f5e9f78b16552c837ad9e9edca899af9a0e6a1ab7f3f23a4ecb89400b87113c8 WHIRLPOOL d4863044e268f5a59f0c114caec4c3735497d49a13cd298e0447475db321141e868bbcd29b3004df12217f74421a026c720ec8615a233f505263752d5b759d65
+DIST djbdns-1.05-test25.diff.bz2 20376 SHA256 28c88de08822894cf252e54ed3be9abfdf4f492644ff74a7c479340bdce051ea SHA512 41cca597dba971010b9844071e0349d3a4b25cc4b144e12721b0bc8250589fb374e40ece8908f1081762597048179b1177e88b9a5f97be0b47b63e3183e654bb WHIRLPOOL d531001511ead02f51558909b13e14734f013213e0f13ec7589876878928bd4057f917e004e8d37955c2965aeba5d92a9fc481f2f9ac48c08edaeb9bb9b821d9
DIST djbdns-1.05.tar.gz 85648 SHA256 3ccd826a02f3cde39be088e1fc6aed9fd57756b8f970de5dc99fcd2d92536b48 SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9 WHIRLPOOL 0fb67d19fcbf1cf21debcedfd3456d9cb9160079631ae1995e94aa9db3969ae02927f215ee8a5f03b34a6523cb9e3abebabf23e08e95eb1efdb626eb8b10312f
EBUILD djbdns-1.05-r26.ebuild 3961 SHA256 80630b561baa77dbf96cc61b3f2eb1c027765e5d47c324434760adfc5f4cd572 SHA512 24e6e144537011324fbeacaafd27e2698d61bd6d68f0644cd56e6909b5297ee92f4f592c8e9cfd81198e7d7285b2de7dd188d2b376a6235b7dd8b45436b826b4 WHIRLPOOL 68afe576c37866e845d9febb38f38c12da6509a1252b9f8d34f4ead91068b0505160163987d7b3244aa5b7c11b25918191478bc9f652c452a8b40d2e774f8331
EBUILD djbdns-1.05-r27.ebuild 3250 SHA256 fcb155fe18abe95182f7aad59ae418007c0d2907109da515f6437f239108987b SHA512 c2975d4d4aa505dcaae89c22dbcff2c0f6b5001f3d43ba1fa55e9b4966dce6be7806627061b64f5f76734fe1f7aa49c94c3da3774ae0aa4f1fa7ea4a89342d19 WHIRLPOOL 7d1640db149b5d416118d8c490ae82d7bc034ea0a1f18ecd96df003d1f596249df3987b6c57e5f522cba32faa88dc25104ce1ca0cbe1c5b310c322e3c8b6c050
EBUILD djbdns-1.05-r28.ebuild 4044 SHA256 420d8cb1cc2886c28bc7671cce5180947fc9a1de01d1292412b26c18cb8e164d SHA512 d82bcfabcb5a4207ed9f8c47859c377c0e6d06fd099bfe4aa12b536280b4f6196e30b6102844b79a9493d9e255359f1accf69603a9c19a7780a32a39f823a624 WHIRLPOOL 761b0a01ba8fcc08df9b976abf8966d07dc3eaf90a4a15d87245d54771927fe7041852d6a9bf82696bad4197121357f525c23b63e8e900ab733517c2210a73a0
-MISC ChangeLog 22833 SHA256 c09b79932ac920defa9ffbe1dfa100c7ec05f329d724e7af4bfe5e7345d53616 SHA512 7bb6d0684dd6d3e7bc8fab726716b3e9f16f9d53649ad0c42cbbb0124dbfc022e793d2d99d1457b28a1885792a118e146c068e340ac2694ef08c13139690ed40 WHIRLPOOL 4a81405b3ef959d84fa285bf3ac6f0d81394ca2b9495b12a37423cbff65e89a236e256c7ffec810e83555f94d5df457b1d27eb182a260cd4d55806be065d8dad
+EBUILD djbdns-1.05-r29.ebuild 4249 SHA256 ba8314d2cd9dfe68269ec1332a4eb9ce5ae87daa8ea2b12190d057cbd18518c7 SHA512 3677e7e0486a11e09c81339c4b32a81f00f8cf495e9815a2760e6e11fccbabce97c927c9592fb17620c2cbc190abaa4aeb0dbf5f6d1a4dd74d22206f2897be62 WHIRLPOOL 35aa7187dbec19dbfdf0711d26d330314b67e38098564f346c7aaa79de441e90682c68fb75e7d01e5de87a7149d48174d23c7b46adc712fdbcdd04cbd4364fa6
+MISC ChangeLog 23105 SHA256 1f1858120423671044d053709b6d4b7e2d2f58f828f824a77e3b44ead2d47a6a SHA512 3fe2a6f21b89e95a8d4d02c362aab2d2ff5e28621485bb83b20bcae9e56b7e8bd934e71aa6d65540f61a314d9c3cec80a269f24c29f8e9eff25e0c6415646506 WHIRLPOOL 9ac76eff950ec7a3f2b6fc439b829e851b9be8c8ec135166379839b40de6026ab75e272f607c850919e7c2b3d82f92dced00c4ba59a6c39cf8a5ad3c73ef506f
MISC metadata.xml 230 SHA256 3e0eae03231007dbb4fe0b289ba7f2bbcae601e58701665162548029933f6be1 SHA512 f0395378896dfdc3161b587248f933ddccfb6e3493a5010b281444b5602a6c6846d0ca618f43a362406ad084e7b479b304291fb122bd87a01173502d03833d70 WHIRLPOOL 24c4a89f282aab3a772a2311806d98ec308a3acea4b56c76cefcdf8ee9cb965c912cbad3a24f0127f8cfcecb4ded0f68ff264caac26a9030857ef1ae4e33356f
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+iQJ8BAEBCABmBQJTTzgMXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxNEU5RDcyRDdCMUFGREVGQzBCNDFDMUY2
+RjQ4RDNEQTA1QzJEQURCAAoJEG9I09oFwtrb+xMQAKWC/Wyl5KmPdttbnSAO5wKt
+/7wixkM+vEDhB/IOEJOg8LpY3NXB7bFLQk1fyvCPIyeAsJhAaaGR5h3NBT5UjmqX
+FEuy4U5YvKft4tFveJdc0no2snHywuxWgA71RclPTAwzTeG6Ul7IAg9bxNcFx4/y
+RrmEIqbiFGAZAfcliD0Mc85JTUMuOKTNriaQsl7obq8K42TocJPa8urMYeGKeZot
+b/G46bpB8aoRJichoysja0pZX2Lkoa4dXsrLwMyehbbfe/dDZIlkI4fA58MaSyvJ
+9ymRwG3vSA5PJR4qgBhJOtOHNkgqM8Q5AKNpDwaIe0oWcGyDkDFlOCvVAuwxLfwp
+Orau6dPpCEvZRMC7ozXL8TdRsFbgEJFtrYnchn8/q1Lx7w+WntnHAI1/A1FhkiAx
+4+23XhMM6kFKL3DESDDp1NiuougP2QK1x+VF2j6ljkoo3Rl1PTK3y595jFGiFDFY
+fFJRy0toihXno5oiuuG4rYKX8JO0JDipHPWvgbtQDV3/Y4GvXusXlapeIvVDCuE3
+IUI/a0it/lN09+xXKKGITUW95DnnJ3FYaHewuOcJLvVx9O+hBWKICHu+uAh0woJl
+INjT18lgLfHzZ+7wmmT9ze27FIKGzYEpf4a+/tiWphWvgp6rmg2fhU1SY58QAGsM
+GNgJa9Ed3IE31SaJet2g
+=K5lb
+-----END PGP SIGNATURE-----
diff --git a/net-dns/djbdns/djbdns-1.05-r29.ebuild b/net-dns/djbdns/djbdns-1.05-r29.ebuild
new file mode 100644
index 000000000000..28e2f7d4670b
--- /dev/null
+++ b/net-dns/djbdns/djbdns-1.05-r29.ebuild
@@ -0,0 +1,146 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/djbdns/djbdns-1.05-r29.ebuild,v 1.1 2014/04/17 02:10:16 mjo Exp $
+
+EAPI=5
+inherit eutils flag-o-matic readme.gentoo toolchain-funcs user
+
+DESCRIPTION="Collection of DNS client/server software"
+HOMEPAGE="http://cr.yp.to/djbdns.html"
+IPV6_PATCH="test25"
+
+SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz
+ http://smarden.org/pape/djb/manpages/${P}-man.tar.gz
+ ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )"
+
+SLOT="0"
+LICENSE="public-domain"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ipv6 selinux"
+
+DEPEND="!app-doc/djbdns-man"
+RDEPEND="${DEPEND}
+ sys-apps/ucspi-tcp
+ virtual/daemontools
+ selinux? ( sec-policy/selinux-djbdns )"
+
+src_prepare() {
+ epatch \
+ "${FILESDIR}/headtail.patch" \
+ "${FILESDIR}/dnsroots.patch" \
+ "${FILESDIR}/dnstracesort.patch" \
+ "${FILESDIR}/string_length_255.patch"
+
+ # Fix CVE2009-0858
+ epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
+
+ if use ipv6; then
+ elog 'At present dnstrace does NOT support IPv6. It will'\
+ 'be compiled without IPv6 support.'
+
+ # Create a separate copy of the source tree for dnstrace.
+ cp -pR "${S}" "${S}-noipv6" || die
+
+ # The big ipv6 patch.
+ epatch "${WORKDIR}/${P}-${IPV6_PATCH}.diff"
+
+ # Fix CVE2008-4392 (ipv6)
+ epatch \
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-${IPV6_PATCH}.patch" \
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \
+ "${FILESDIR}/makefile-parallel.patch"
+
+ cd "${S}-noipv6" || die
+ fi
+
+ # Fix CVE2008-4392 (no ipv6)
+ epatch \
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+
+ # Later versions of the ipv6 patch include this, but even if
+ # USE=ipv6, we're in the ${S}-noipv6 directory at this point.
+ epatch "${FILESDIR}/${PV}-errno.patch"
+
+ epatch_user
+}
+
+src_compile() {
+ echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die
+ echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die
+ echo "/usr" > conf-home || die
+ emake
+
+ # If djbdns is compiled with IPv6 support, it breaks dnstrace.
+ # Therefore we must compile dnstrace separately without IPv6
+ # support.
+ if use ipv6; then
+ elog 'Compiling dnstrace without ipv6 support'
+ cp conf-cc conf-ld conf-home "${S}-noipv6/" || die
+ cd "${S}-noipv6" || die
+ emake dnstrace
+ fi
+}
+
+src_install() {
+ insinto /etc
+ doins dnsroots.global
+
+ into /usr
+ dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+ *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+ dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
+
+ if use ipv6; then
+ dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace"
+ fi
+
+ dodoc CHANGES README
+
+ cd "${WORKDIR}/${PN}-man" || die
+ doman *.1 *.5 *.8
+
+ readme.gentoo_create_doc
+}
+
+pkg_preinst() {
+ # The nofiles group is no longer provided by baselayout.
+ # Share it with qmail if possible.
+ enewgroup nofiles 200
+
+ enewuser dnscache -1 -1 -1 nofiles
+ enewuser dnslog -1 -1 -1 nofiles
+ enewuser tinydns -1 -1 -1 nofiles
+}
+
+DISABLE_AUTOFORMATTING=1
+FORCE_PRINT_ELOG=1 # remove after this message sees the stable tree
+DOC_CONTENTS='
+The dnscache-setup, tinydns-setup, and djbdns-setup programs have
+been removed to follow upstream more closely. To configure djbdns,
+please follow the instructions at,
+
+ http://cr.yp.to/djbdns.html
+
+Of particular interest are,
+
+ axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html
+ dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html
+ tinydns : http://cr.yp.to/djbdns/run-server.html
+
+Portage has created users for axfrdns, dnscache, and tinydns; the
+commands to configure these programs are,
+
+ 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip
+ 2. dnscache-conf dnscache dnslog /var/dnscache $ip
+ 3. tinydns-conf tinydns dnslog /var/tinydns $ip
+
+(replace $ip with the ip address on which the server will run).
+
+If you wish to configure rbldns or walldns, you will need to create
+those users yourself (although you should still use the "dnslog"
+user for the logs):
+
+ 4. rbldns-conf $username dnslog /var/rbldns $ip $base
+ 5. walldns-conf $username dnslog /var/walldns $ip
+'
diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch
new file mode 100644
index 000000000000..e33e0ccd6015
--- /dev/null
+++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch
@@ -0,0 +1,351 @@
+diff --git a/Makefile b/Makefile
+index 5ccd647..eee09dd 100644
+--- a/Makefile
++++ b/Makefile
+@@ -346,11 +346,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h
+ ./compile dns_txt.c
+
+ dnscache: \
+-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
+ response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
+ libtai.a unix.a byte.a socket.lib
+ ./load dnscache droproot.o okclient.o log.o cache.o \
+- query.o response.o dd.o roots.o iopause.o prot.o dns.a \
++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
+ env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \
+ socket.lib`
+
+@@ -371,7 +371,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \
+ uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
+ iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
+ iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
+-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
+ ./compile dnscache.c
+
+ dnsfilter: \
+@@ -749,11 +749,16 @@ qlog.o: \
+ compile qlog.c buffer.h qlog.h uint16.h
+ ./compile qlog.c
+
++qmerge.o: \
++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
++taia.h tai.h uint64.h log.h maxclient.h
++ ./compile qmerge.c
++
+ query.o: \
+ compile query.c error.h roots.h log.h uint64.h case.h cache.h \
+ uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
+ taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
+-response.h uint32.h query.h dns.h uint32.h
++response.h uint32.h query.h dns.h uint32.h qmerge.h
+ ./compile query.c
+
+ random-ip: \
+diff --git a/dnscache.c b/dnscache.c
+index abcba69..c84e4b8 100644
+--- a/dnscache.c
++++ b/dnscache.c
+@@ -23,6 +23,7 @@
+ #include "log.h"
+ #include "okclient.h"
+ #include "droproot.h"
++#include "maxclient.h"
+
+ long interface;
+
+@@ -59,7 +60,6 @@ uint64 numqueries = 0;
+
+ static int udp53;
+
+-#define MAXUDP 200
+ static struct udpclient {
+ struct query q;
+ struct taia start;
+@@ -136,7 +136,6 @@ void u_new(void)
+
+ static int tcp53;
+
+-#define MAXTCP 20
+ struct tcpclient {
+ struct query q;
+ struct taia start;
+diff --git a/log.c b/log.c
+index df465e2..1b0d98c 100644
+--- a/log.c
++++ b/log.c
+@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser
+ line();
+ }
+
++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
++{
++ string("txpb ");
++ logtype(qtype); space(); name(q); space(); name(control);
++ line();
++}
++
+ void log_cachedanswer(const char *q,const char type[2])
+ {
+ string("cached "); logtype(type); space();
+diff --git a/log.h b/log.h
+index fe62fa3..d9a829b 100644
+--- a/log.h
++++ b/log.h
+@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *);
+ extern void log_cachedns(const char *,const char *);
+
+ extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
++extern void log_tx_piggyback(const char *,const char *,const char *);
+
+ extern void log_nxdomain(const char *,const char *,unsigned int);
+ extern void log_nodata(const char *,const char *,const char *,unsigned int);
+diff --git a/maxclient.h b/maxclient.h
+new file mode 100644
+index 0000000..e52fcd1
+--- /dev/null
++++ b/maxclient.h
+@@ -0,0 +1,7 @@
++#ifndef MAXCLIENT_H
++#define MAXCLIENT_H
++
++#define MAXUDP 200
++#define MAXTCP 20
++
++#endif /* MAXCLIENT_H */
+diff --git a/qmerge.c b/qmerge.c
+new file mode 100644
+index 0000000..7c92299
+--- /dev/null
++++ b/qmerge.c
+@@ -0,0 +1,115 @@
++#include "qmerge.h"
++#include "byte.h"
++#include "log.h"
++#include "maxclient.h"
++
++#define QMERGE_MAX (MAXUDP+MAXTCP)
++struct qmerge inprogress[QMERGE_MAX];
++
++static
++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
++ const char *control)
++{
++ if (!dns_domain_copy(&qmk->q, q)) return 0;
++ byte_copy(qmk->qtype, 2, qtype);
++ if (!dns_domain_copy(&qmk->control, control)) return 0;
++ return 1;
++}
++
++static
++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
++{
++ return
++ byte_equal(a->qtype, 2, b->qtype) &&
++ dns_domain_equal(a->q, b->q) &&
++ dns_domain_equal(a->control, b->control);
++}
++
++static
++void qmerge_key_free(struct qmerge_key *qmk)
++{
++ dns_domain_free(&qmk->q);
++ dns_domain_free(&qmk->control);
++}
++
++void qmerge_free(struct qmerge **x)
++{
++ struct qmerge *qm;
++
++ qm = *x;
++ *x = 0;
++ if (!qm || !qm->active) return;
++
++ qm->active--;
++ if (!qm->active) {
++ qmerge_key_free(&qm->key);
++ dns_transmit_free(&qm->dt);
++ }
++}
++
++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
++ const char *q, const char qtype[2], const char localip[4],
++ const char *control)
++{
++ struct qmerge_key k;
++ int i;
++ int r;
++
++ qmerge_free(qm);
++
++ byte_zero(&k, sizeof k);
++ if (!qmerge_key_init(&k, q, qtype, control)) return -1;
++ for (i = 0; i < QMERGE_MAX; i++) {
++ if (!inprogress[i].active) continue;
++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
++ log_tx_piggyback(q, qtype, control);
++ inprogress[i].active++;
++ *qm = &inprogress[i];
++ qmerge_key_free(&k);
++ return 0;
++ }
++
++ for (i = 0; i < QMERGE_MAX; i++)
++ if (!inprogress[i].active)
++ break;
++ if (i == QMERGE_MAX) return -1;
++
++ log_tx(q, qtype, control, servers, 0);
++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
++ if (r == -1) { qmerge_key_free(&k); return -1; }
++ inprogress[i].active++;
++ inprogress[i].state = 0;
++ qmerge_key_free(&inprogress[i].key);
++ byte_copy(&inprogress[i].key, sizeof k, &k);
++ *qm = &inprogress[i];
++ return 0;
++}
++
++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
++{
++ if (qm->state == 0) {
++ dns_transmit_io(&qm->dt, io, deadline);
++ qm->state = 1;
++ }
++ else {
++ io->fd = -1;
++ io->events = 0;
++ }
++}
++
++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
++{
++ int r;
++ struct qmerge *qm;
++
++ qm = *x;
++ if (qm->state == -1) return -1; /* previous error */
++ if (qm->state == 0) return 0; /* no packet */
++ if (qm->state == 2) return 1; /* already got packet */
++
++ r = dns_transmit_get(&qm->dt, io, when);
++ if (r == -1) { qm->state = -1; return -1; } /* error */
++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
++ if (r == 1) { qm->state = 2; return 1; } /* got packet */
++ return -1; /* bug */
++}
+diff --git a/qmerge.h b/qmerge.h
+new file mode 100644
+index 0000000..9a58157
+--- /dev/null
++++ b/qmerge.h
+@@ -0,0 +1,24 @@
++#ifndef QMERGE_H
++#define QMERGE_H
++
++#include "dns.h"
++
++struct qmerge_key {
++ char *q;
++ char qtype[2];
++ char *control;
++};
++
++struct qmerge {
++ int active;
++ struct qmerge_key key;
++ struct dns_transmit dt;
++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
++};
++
++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
++extern void qmerge_free(struct qmerge **);
++
++#endif /* QMERGE_H */
+diff --git a/query.c b/query.c
+index d61b20c..d9be8b8 100644
+--- a/query.c
++++ b/query.c
+@@ -84,7 +84,7 @@ static void cleanup(struct query *z)
+ int j;
+ int k;
+
+- dns_transmit_free(&z->dt);
++ qmerge_free(&z->qm);
+ for (j = 0;j < QUERY_MAXALIAS;++j)
+ dns_domain_free(&z->alias[j]);
+ for (j = 0;j < QUERY_MAXLEVEL;++j) {
+@@ -624,15 +624,9 @@ static int doit(struct query *z,int state)
+ if (j == 256) goto SERVFAIL;
+
+ dns_sortip6(z->servers[z->level],256);
+- if (z->level) {
+- dtype = z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A;
+- log_tx(z->name[z->level],dtype,z->control[z->level],z->servers[z->level],z->level);
+- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip) == -1) goto DIE;
+- }
+- else {
+- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
+- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
+- }
++ dtype = z->level ? (z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A) : z->type;
++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
++
+ return 0;
+
+
+@@ -646,10 +640,10 @@ static int doit(struct query *z,int state)
+
+ HAVEPACKET:
+ if (++z->loop == 100) goto DIE;
+- buf = z->dt.packet;
+- len = z->dt.packetlen;
++ buf = z->qm->dt.packet;
++ len = z->qm->dt.packetlen;
+
+- whichserver = z->dt.servers + 16 * z->dt.curserver;
++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver;
+ control = z->control[z->level];
+ d = z->name[z->level];
+ /* dtype = z->level ? DNS_T_A : z->type; */
+@@ -1071,7 +1065,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip
+
+ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ {
+- switch(dns_transmit_get(&z->dt,x,stamp)) {
++ switch(qmerge_get(&z->qm,x,stamp)) {
+ case 1:
+ return doit(z,1);
+ case -1:
+@@ -1082,5 +1076,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+
+ void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
+ {
+- dns_transmit_io(&z->dt,x,deadline);
++ qmerge_io(z->qm,x,deadline);
+ }
+diff --git a/query.h b/query.h
+index 61812aa..93a322e 100644
+--- a/query.h
++++ b/query.h
+@@ -1,7 +1,7 @@
+ #ifndef QUERY_H
+ #define QUERY_H
+
+-#include "dns.h"
++#include "qmerge.h"
+ #include "uint32.h"
+
+ #define QUERY_MAXLEVEL 5
+@@ -22,7 +22,7 @@ struct query {
+ uint32 scope_id;
+ char type[2];
+ char class[2];
+- struct dns_transmit dt;
++ struct qmerge *qm;
+ } ;
+
+ extern int query_start(struct query *,char *,char *,char *,char *,unsigned int);