From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1770072-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id E7E3915808A
	for <garchives@archives.gentoo.org>; Sat, 19 Jul 2025 16:58:25 +0000 (UTC)
Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	(Authenticated sender: relay-lists.gentoo.org@gentoo.org)
	by smtp.gentoo.org (Postfix) with ESMTPSA id C939C33BE9F
	for <garchives@archives.gentoo.org>; Sat, 19 Jul 2025 16:58:25 +0000 (UTC)
Received: from bobolink.gentoo.org (localhost [127.0.0.1])
	by bobolink.gentoo.org (Postfix) with ESMTP id B9A7811055E;
	Sat, 19 Jul 2025 16:58:24 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by bobolink.gentoo.org (Postfix) with ESMTPS id AD5F811055E
	for <gentoo-commits@lists.gentoo.org>; Sat, 19 Jul 2025 16:58:24 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 57AAB335DE9
	for <gentoo-commits@lists.gentoo.org>; Sat, 19 Jul 2025 16:58:24 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id EC3753238
	for <gentoo-commits@lists.gentoo.org>; Sat, 19 Jul 2025 16:58:22 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1752944206.df24b628253c342df306b88ce2c15d518f96e762.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-dns/knot-resolver/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-dns/knot-resolver/Manifest net-dns/knot-resolver/knot-resolver-5.7.6.ebuild
X-VCS-Directories: net-dns/knot-resolver/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: df24b628253c342df306b88ce2c15d518f96e762
X-VCS-Branch: master
Date: Sat, 19 Jul 2025 16:58:22 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 6ded87bf-02f9-48b9-b460-13419185cf4b
X-Archives-Hash: b75d926ec7daae29189e863c59fa5ff0

commit:     df24b628253c342df306b88ce2c15d518f96e762
Author:     Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr>
AuthorDate: Sat Jul 19 16:32:42 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jul 19 16:56:46 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df24b628

net-dns/knot-resolver: Bump to 5.7.6

Security fixes : DoS - rare crashes

Bug: https://bugs.gentoo.org/960462
Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr>
Part-of: https://github.com/gentoo/gentoo/pull/43069
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-dns/knot-resolver/Manifest                   |  2 +
 net-dns/knot-resolver/knot-resolver-5.7.6.ebuild | 99 ++++++++++++++++++++++++
 2 files changed, 101 insertions(+)

diff --git a/net-dns/knot-resolver/Manifest b/net-dns/knot-resolver/Manifest
index 77cd84dd12c3..9186e0c477e2 100644
--- a/net-dns/knot-resolver/Manifest
+++ b/net-dns/knot-resolver/Manifest
@@ -1,4 +1,6 @@
 DIST knot-resolver-5.7.5.tar.xz 1924960 BLAKE2B cad47756832b34399ea0437ef041ddbfeef10645004ad48ea1ca7cf8fca380b443eb20e345418ebe5dc1566f8f19ee400a1819077bda4d9d2b7949b36a6fb4df SHA512 b9ade76accf60c7eee173cfff18e1881e79bcd63d85ef583973244bf37f40c4c57fed00d840c61643b65b82b1f93f85480c4f10334416cab87fae3da46918fc3
 DIST knot-resolver-5.7.5.tar.xz.asc 833 BLAKE2B 675b91253c5ae72db9e1ef6513a681538967f72b6b7a91f2159b42e7581b398a0a90df7e75da0e6818f1a20549a23677ab34722bbcf762cad019d4c211221f1e SHA512 df06eb244fa051a5f71385424b2da2479203019c6824344ec2226bc4851a3eb12eb3bb0f6f5a3e5ccce8c5875b6867924fa46b6939545cb35b24ef799f9ef6b0
+DIST knot-resolver-5.7.6.tar.xz 1924840 BLAKE2B aca1a3f70921c63005b23f3a9ebb6b602bf0e9d75e7d981b68b4c7b60fb3c0221250ca5b2feafad717136a3376270f7314777fdb0e92e4d5932ecdc5ed5c11a8 SHA512 4dcaff56b0368bc147e04ffbf6ce4a3595fa3a59e99e73b516edc7813142abcb20823b987824b11a31e3eca3cc62fa176caf4408361daeac67b6f0587f9a0268
+DIST knot-resolver-5.7.6.tar.xz.asc 833 BLAKE2B 93579242e6deee33477610c91d72c1152bdbd05355a57893a9519955ce022034315669a91c311081a6e2b4683bf641305fe79ae360b2b61e51a02e0b5c4d8361 SHA512 478449d96dddaff9aff134a2a3bc991d8e50423f38a00e7256b54be9ab89d85d66eaa8e83815f4b31700b16fd94f8017493db6347e57d0583feec38bb35655f6
 DIST knot-resolver-6.0.14.tar.xz 2147184 BLAKE2B 335922a910f21061978dd75d8ff55601cf1968b5452d60275f817d5d1fb4455b0b5f13c062e7af4e37a20c5c706e877b0ef250f1344ccc0f4ebd254f12e18e5f SHA512 49ad64a37c476b5564d8eec8ecc6fb051925a4f649cc7e8a03d3d9265a29686ab41997a1e6db505c9a198cadde545769d8ee161f4fb06cc737d7c7f7f62afbee
 DIST knot-resolver-6.0.14.tar.xz.asc 833 BLAKE2B fb9469f1e8e197c65ee2cffdb6c0632cf2d679468468497aaf735989bcc164b1145eeecf2868e9717f1c8507e317e6a0b0e6066c7a38d947b6d7818f782823ff SHA512 6b0ffb0748bdae435417fdaefabea825905bdb8122e4aba3999dcc7407d413d5d2dd63c98373a7527b715da8da82bd6e5853d48122ff4ef70f8592098f8d516d

diff --git a/net-dns/knot-resolver/knot-resolver-5.7.6.ebuild b/net-dns/knot-resolver/knot-resolver-5.7.6.ebuild
new file mode 100644
index 000000000000..874994b45b28
--- /dev/null
+++ b/net-dns/knot-resolver/knot-resolver-5.7.6.ebuild
@@ -0,0 +1,99 @@
+# Copyright 2024-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( luajit )
+
+inherit lua-single meson optfeature tmpfiles verify-sig
+
+DESCRIPTION="A scaleable caching DNS resolver"
+HOMEPAGE="https://www.knot-resolver.cz https://gitlab.nic.cz/knot/knot-resolver"
+SRC_URI="
+	https://knot-resolver.nic.cz/release/${P}.tar.xz
+	verify-sig? ( https://knot-resolver.nic.cz/release/${P}.tar.xz.asc )
+"
+
+LICENSE="Apache-2.0 BSD CC0-1.0 GPL-3+ LGPL-2.1+ MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+
+IUSE="caps dnstap jemalloc kresc nghttp2 selinux systemd test xdp"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${LUA_REQUIRED_USE}"
+
+RDEPEND="
+	${LUA_DEPS}
+	acct-group/knot-resolver
+	acct-user/knot-resolver
+	dev-db/lmdb:=
+	dev-libs/libuv:=
+	net-dns/knot:=[xdp?]
+	net-libs/gnutls:=
+	caps? ( sys-libs/libcap-ng )
+	dnstap? (
+		dev-libs/fstrm
+		dev-libs/protobuf-c:=
+	)
+	jemalloc? ( dev-libs/jemalloc:= )
+	kresc? ( dev-libs/libedit )
+	nghttp2? ( net-libs/nghttp2:= )
+	selinux? ( sec-policy/selinux-knot )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="
+	${RDEPEND}
+	test? ( dev-util/cmocka )
+"
+BDEPEND="
+	virtual/pkgconfig
+	verify-sig? ( >=sec-keys/openpgp-keys-knot-resolver-20240304 )
+"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/${PN}.gpg
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.5.3-docdir.patch
+	"${FILESDIR}"/${PN}-5.5.3-nghttp-openssl.patch
+	"${FILESDIR}"/${PN}-5.7.4-libsystemd.patch
+)
+
+src_configure() {
+	local emesonargs=(
+		--localstatedir "${EPREFIX}"/var # double lib
+		# https://bugs.gentoo.org/870019
+		-Dauto_features=disabled
+		-Ddoc=disabled
+		-Ddocdir="${EPREFIX}"/usr/share/doc/${PF}
+		-Dopenssl=disabled
+		-Dmalloc=$(usex jemalloc jemalloc disabled)
+		-Dsystemd_files=enabled
+		$(meson_feature caps capng)
+		$(meson_feature dnstap)
+		$(meson_feature kresc client)
+		$(meson_feature nghttp2)
+		$(meson_feature systemd)
+		$(meson_feature test unit_tests)
+	)
+
+	meson_src_configure
+}
+
+src_install() {
+	meson_src_install
+	fowners -R ${PN}: /etc/${PN}
+
+	newinitd "${FILESDIR}"/kresd.initd-r2 kresd
+	newconfd "${FILESDIR}"/kresd.confd-r1 kresd
+	newinitd "${FILESDIR}"/kres-cache-gc.initd kres-cache-gc
+}
+
+pkg_postinst() {
+	tmpfiles_process knot-resolver.conf
+	optfeature_header "This package is recommended with Knot Resolver:"
+	optfeature "asynchronous execution, especially with policy module" dev-lua/cqueues
+	elog ""
+	optfeature_header "Other packages may also be useful:"
+	optfeature "legacy doh and webmgmt (metrics, tracking)" dev-lua/lua-http
+	optfeature "server map with geoIP database (webmgmt)" dev-lua/lua-mmdb
+}