From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1046893-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 116FA138334
	for <garchives@archives.gentoo.org>; Fri, 14 Sep 2018 22:13:59 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CD4E8E0A5B;
	Fri, 14 Sep 2018 22:13:56 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id A3EB0E0A5B
	for <gentoo-commits@lists.gentoo.org>; Fri, 14 Sep 2018 22:13:56 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 4284F335D13
	for <gentoo-commits@lists.gentoo.org>; Fri, 14 Sep 2018 22:13:54 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 455EB3DB
	for <gentoo-commits@lists.gentoo.org>; Fri, 14 Sep 2018 22:13:51 +0000 (UTC)
From: "Thomas Deutschmann" <whissi@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" <whissi@gentoo.org>
Message-ID: <1536962625.d2dac37b7f5220aa1ca458c50977c404efc69d32.whissi@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-dns/unbound/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-dns/unbound/metadata.xml net-dns/unbound/unbound-1.8.0-r1.ebuild
X-VCS-Directories: net-dns/unbound/
X-VCS-Committer: whissi
X-VCS-Committer-Name: Thomas Deutschmann
X-VCS-Revision: d2dac37b7f5220aa1ca458c50977c404efc69d32
X-VCS-Branch: master
Date: Fri, 14 Sep 2018 22:13:51 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 78c8545b-2d37-44e3-9fe3-6a800aaf0c11
X-Archives-Hash: 14f889a0df7488cf9ff81fe91bdfda47

commit:     d2dac37b7f5220aa1ca458c50977c404efc69d32
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 14 18:19:56 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Sep 14 22:03:45 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2dac37b

net-dns/unbound: move EDNS client subnet support behind USE flag due to privacy concerns

With EDNS client subnet support enabled, unbound will add client IP address
to requests. This could lead to an unexpected IP address leak. Therefore
we hide that feature behind a USE flag (ecs) and let user decide.

Package-Manager: Portage-2.3.49, Repoman-2.3.10

 net-dns/unbound/metadata.xml            | 1 +
 net-dns/unbound/unbound-1.8.0-r1.ebuild | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml
index 01e8dfa9bcc..322609af4ff 100644
--- a/net-dns/unbound/metadata.xml
+++ b/net-dns/unbound/metadata.xml
@@ -23,6 +23,7 @@
     <flag name="dnscrypt">Enable DNSCrypt support</flag>
     <flag name="dnstap">Enable dnstap support</flag>
     <flag name="ecdsa">Enable ECDSA support</flag>
+    <flag name="ecs">Enable EDNS client subnet support</flag>
     <flag name="gost">Enable GOST support</flag>
     <flag name="redis">Enable cache db backend which uses <pkg>dev-libs/hiredis</pkg></flag>
   </use>

diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild
index f544060754e..6d9dee1cdfc 100644
--- a/net-dns/unbound/unbound-1.8.0-r1.ebuild
+++ b/net-dns/unbound/unbound-1.8.0-r1.ebuild
@@ -14,7 +14,7 @@ SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"
 LICENSE="BSD GPL-2"
 SLOT="0/8" # ABI version of libunbound.so
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
-IUSE="debug dnscrypt dnstap +ecdsa gost libressl python redis selinux static-libs systemd test threads"
+IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads"
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 
 # Note: expat is needed by executable only but the Makefile is custom
@@ -96,6 +96,7 @@ multilib_src_configure() {
 		$(use_enable dnscrypt) \
 		$(use_enable dnstap) \
 		$(use_enable ecdsa) \
+		$(use_enable ecs subnet) \
 		$(multilib_native_use_enable redis cachedb) \
 		$(use_enable static-libs static) \
 		$(use_enable systemd) \
@@ -105,7 +106,6 @@ multilib_src_configure() {
 		--disable-flto \
 		--disable-rpath \
 		--enable-ipsecmod \
-		--enable-subnet \
 		--enable-tfo-client \
 		--enable-tfo-server \
 		--with-libevent="${EPREFIX%/}"/usr \