version bump, fix #493302 and polarssl dependency

(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key B658FA13)

8 files changed, 476 insertions, 1 deletions

diff --git a/net-dns/pdns/ChangeLog b/net-dns/pdns/ChangeLog
index 4c51847d8206..2e744574d66a 100644
--- a/net-dns/pdns/ChangeLog
+++ b/net-dns/pdns/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for net-dns/pdns
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/ChangeLog,v 1.89 2013/09/22 10:31:55 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/ChangeLog,v 1.90 2013/12/16 14:56:40 ultrabug Exp $
+
+*pdns-3.3 (16 Dec 2013)
+
+  16 Dec 2013; Ultrabug <ultrabug@gentoo.org> +pdns-3.3.ebuild,
+  +files/pdns-3.3-fix-autoconf.patch,
+  +files/pdns-3.3-fix-conditional-polarssl.patch,
+  +files/pdns-3.3-fix-curl-link.patch,
+  +files/pdns-3.3-fix-polarssl_1.3.0.patch, +files/pdns-3.3-lib_lua.patch,
+  +files/pdns-3.3_sha.hh:
+  Version bump, fix #493302 thx to @Nawadanp, add support for polarSSL 1.3.0 in
+  tree
 
   22 Sep 2013; Agostino Sarubbo <ago@gentoo.org> pdns-3.2.ebuild:
   Add ~amd64/~x86, wrt bug #456412
diff --git a/net-dns/pdns/files/pdns-3.3-fix-autoconf.patch b/net-dns/pdns/files/pdns-3.3-fix-autoconf.patch
new file mode 100644
index 000000000000..e3ee3037b5df
--- /dev/null
+++ b/net-dns/pdns/files/pdns-3.3-fix-autoconf.patch
@@ -0,0 +1,13 @@
+diff --git a/configure.ac b/configure.ac
+index 1beab82..243b693 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -180,7 +180,7 @@ AC_ARG_WITH([system-polarssl],
+  [system_polarssl=$withval],
+  [system_polarssl=yes])
+ AC_MSG_RESULT($system_polarssl)
+-AM_CONDITIONAL(HAVE_LIBPOLARSSL, false)
++AM_CONDITIONAL(HAVE_LIBPOLARSSL, test x"$system_polarssl" = "xyes")
+ if test x$system_polarssl = xyes; then
+  AC_MSG_CHECKING([PolarSSL version >= 1.1])
+  AC_COMPILE_IFELSE(
diff --git a/net-dns/pdns/files/pdns-3.3-fix-conditional-polarssl.patch b/net-dns/pdns/files/pdns-3.3-fix-conditional-polarssl.patch
new file mode 100644
index 000000000000..15a2c504f49d
--- /dev/null
+++ b/net-dns/pdns/files/pdns-3.3-fix-conditional-polarssl.patch
@@ -0,0 +1,26 @@
+--- a/pdns/Makefile.am	2013-12-10 11:53:54.530368351 +0100
++++ b/pdns/Makefile.am	2013-12-10 11:55:33.398973939 +0100
+@@ -70,7 +70,11 @@
+ 
+ #
+ pdns_server_LDFLAGS=@moduleobjects@ @modulelibs@ @DYNLINKFLAGS@ @LIBDL@ @THREADFLAGS@  $(BOOST_SERIALIZATION_LDFLAGS) -rdynamic 
++if HAVE_LIBPOLARSSL
++pdns_server_LDADD= $(BOOST_SERIALIZATION_LIBS) $(LUA_LIBS) $(SQLITE3_LIBS) $(LIBCURL_LIBS) $(MYSQL_lib)
++else
+ pdns_server_LDADD= ext/polarssl-1.1.2/library/libpolarssl.a $(BOOST_SERIALIZATION_LIBS) $(LUA_LIBS) $(SQLITE3_LIBS) $(LIBCURL_LIBS) $(MYSQL_lib)
++endif
+ 
+ if BOTAN110
+ pdns_server_SOURCES += botan110signers.cc botansigners.cc
+@@ -112,7 +116,11 @@
+ 
+ 
+ pdnssec_LDFLAGS=@moduleobjects@ @modulelibs@ @DYNLINKFLAGS@ @LIBDL@ @THREADFLAGS@  $(BOOST_PROGRAM_OPTIONS_LDFLAGS) $(BOOST_SERIALIZATION_LDFLAGS) 
++if HAVE_LIBPOLARSSL
++pdnssec_LDADD= $(BOOST_PROGRAM_OPTIONS_LIBS) $(BOOST_SERIALIZATION_LIBS) $(SQLITE3_LIBS) $(LIBCURL_LIBS) $(MYSQL_lib)
++else
+ pdnssec_LDADD= ext/polarssl-1.1.2/library/libpolarssl.a $(BOOST_PROGRAM_OPTIONS_LIBS) $(BOOST_SERIALIZATION_LIBS) $(SQLITE3_LIBS) $(LIBCURL_LIBS) $(MYSQL_lib)
++endif
+ 
+ if BOTAN110
+ pdnssec_SOURCES += botan110signers.cc botansigners.cc
diff --git a/net-dns/pdns/files/pdns-3.3-fix-curl-link.patch b/net-dns/pdns/files/pdns-3.3-fix-curl-link.patch
new file mode 100644
index 000000000000..64366a09d7f3
--- /dev/null
+++ b/net-dns/pdns/files/pdns-3.3-fix-curl-link.patch
@@ -0,0 +1,11 @@
+--- a/modules/remotebackend/Makefile.am	2013-12-10 11:45:24.487559267 +0100
++++ b/modules/remotebackend/Makefile.am	2013-12-10 11:45:48.887215368 +0100
+@@ -13,7 +13,7 @@
+ libremotebackend_la_SOURCES=remotebackend.hh remotebackend.cc unixconnector.cc httpconnector.cc pipeconnector.cc 
+ 
+ libremotebackend_la_LDFLAGS=-module -avoid-version
+-libremotebackend_la_LIBS=$(LIBCURL_LIBS)
++libremotebackend_la_LIBADD=$(LIBCURL_LIBS)
+ 
+ TESTS_ENVIRONMENT = env BOOST_TEST_LOG_LEVEL=message REMOTEBACKEND_HTTP=$(REMOTEBACKEND_HTTP) ./testrunner.sh 
+ TESTS=test_remotebackend_pipe test_remotebackend_http test_remotebackend_post test_remotebackend_json
diff --git a/net-dns/pdns/files/pdns-3.3-fix-polarssl_1.3.0.patch b/net-dns/pdns/files/pdns-3.3-fix-polarssl_1.3.0.patch
new file mode 100644
index 000000000000..032cfd028461
--- /dev/null
+++ b/net-dns/pdns/files/pdns-3.3-fix-polarssl_1.3.0.patch
@@ -0,0 +1,77 @@
+--- /dev/shm/portage/net-dns/pdns-3.3/work/pdns-3.3/pdns/polarrsakeyinfra.cc	2013-04-26 21:54:34.000000000 +0200
++++ pdns/pdns/polarrsakeyinfra.cc	2013-12-16 15:08:59.476418683 +0100
+@@ -1,20 +1,8 @@
+-#ifdef HAVE_LIBPOLARSSLSSL
+ #include <polarssl/rsa.h>
+ #include <polarssl/base64.h>
+-#include <polarssl/sha1.h>
+-#include <polarssl/sha2.h>
+-#include <polarssl/sha4.h>
++#include <sha.hh>
+ #include <polarssl/entropy.h>
+ #include <polarssl/ctr_drbg.h>
+-#else
+-#include "ext/polarssl-1.1.2/include/polarssl/rsa.h"
+-#include "ext/polarssl-1.1.2/include/polarssl/base64.h"
+-#include "ext/polarssl-1.1.2/include/polarssl/sha1.h"
+-#include "ext/polarssl-1.1.2/include/polarssl/sha2.h"
+-#include "ext/polarssl-1.1.2/include/polarssl/sha4.h"
+-#include "ext/polarssl-1.1.2/include/polarssl/entropy.h"
+-#include "ext/polarssl-1.1.2/include/polarssl/ctr_drbg.h"
+-#endif
+ #include <boost/assign/std/vector.hpp> // for 'operator+=()'
+ #include <boost/foreach.hpp>
+ #include "dnssecinfra.hh"
+@@ -147,7 +135,8 @@
+ {
+   string hash = this->hash(msg);
+   unsigned char signature[mpi_size(&d_context.N)];
+-  int hashKind;
++  md_type_t hashKind;
++
+   if(hash.size()==20)
+     hashKind= SIG_RSA_SHA1;
+   else if(hash.size()==32) 
+@@ -169,7 +158,7 @@
+ 
+ bool RSADNSCryptoKeyEngine::verify(const std::string& msg, const std::string& signature) const
+ {
+-  int hashKind;
++  md_type_t hashKind;
+   string hash=this->hash(msg);
+   if(hash.size()==20)
+     hashKind= SIG_RSA_SHA1;
+@@ -178,7 +167,11 @@
+   else
+     hashKind = SIG_RSA_SHA512;
+   
+-  int ret=rsa_pkcs1_verify(const_cast<rsa_context*>(&d_context), RSA_PUBLIC, 
++  int ret=rsa_pkcs1_verify(const_cast<rsa_context*>(&d_context),
++#if POLARSSL_VERSION_NUMBER >= 0x01020900
++    NULL, NULL,
++#endif
++    RSA_PUBLIC,
+     hashKind,
+     hash.size(),
+     (const unsigned char*) hash.c_str(), (unsigned char*) signature.c_str());
+@@ -195,12 +188,20 @@
+   } 
+   else if(d_algorithm == 8) { // RSASHA256
+     unsigned char hash[32];
++#if POLARSSL_VERSION_NUMBER >= 0x01030000
++    sha256((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
++#else
+     sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
++#endif
+     return string((char*)hash, sizeof(hash));
+   } 
+   else if(d_algorithm == 10) { // RSASHA512
+     unsigned char hash[64];
++#if POLARSSL_VERSION_NUMBER >= 0x01030000
++    sha512((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
++#else
+     sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
++#endif
+     return string((char*)hash, sizeof(hash));
+   }
+   throw runtime_error("PolarSSL hashing method can't hash algorithm "+lexical_cast<string>(d_algorithm));
diff --git a/net-dns/pdns/files/pdns-3.3-lib_lua.patch b/net-dns/pdns/files/pdns-3.3-lib_lua.patch
new file mode 100644
index 000000000000..916ae26c911a
--- /dev/null
+++ b/net-dns/pdns/files/pdns-3.3-lib_lua.patch
@@ -0,0 +1,16 @@
+--- a/modules/luabackend/Makefile.am	2013-12-10 11:57:48.597065748 +0100
++++ b/modules/luabackend/Makefile.am	2013-12-10 12:00:05.855127730 +0100
+@@ -1,4 +1,4 @@
+-AM_CPPFLAGS=-I/usr/include/lua5.1 @THREADFLAGS@
++AM_CPPFLAGS=$(LUA_CFLAGS) @THREADFLAGS@
+ #AM_CPPFLAGS=-I/usr/local/include/luajit-2.0 -DUSE_LUAJIT @THREADFLAGS@
+ EXTRA_DIST=OBJECTFILES OBJECTLIBS 
+ 
+@@ -8,5 +8,6 @@
+ libluabackend_la_SOURCES=luabackend.cc luabackend.hh minimal.cc reload.cc lua_functions.cc master.cc private.cc slave.cc supermaster.cc dnssec.cc \
+ 	lua_functions.hh 
+ 
+-libluabackend_la_LDFLAGS=-module -avoid-version -llua5.1
++libluabackend_la_LDFLAGS=-module -avoid-version
++libluabackend_la_LIBADD=$(LUA_LIBS)
+ #-lluajit-5.1
diff --git a/net-dns/pdns/files/pdns-3.3_sha.hh b/net-dns/pdns/files/pdns-3.3_sha.hh
new file mode 100644
index 000000000000..f90e8cb3e720
--- /dev/null
+++ b/net-dns/pdns/files/pdns-3.3_sha.hh
@@ -0,0 +1,134 @@
+#ifndef _SHA_HH
+#define _SHA_HH
+
+#include <string>
+#include <stdint.h>
+#include <polarssl/version.h>
+#if POLARSSL_VERSION_NUMBER >= 0x01030000
+  #include <polarssl/sha1.h>
+  #include <polarssl/sha256.h>
+  #include <polarssl/sha512.h>
+  typedef sha256_context sha2_context;
+  typedef sha512_context sha4_context;
+  #define sha2_finish sha256_finish
+  #define sha2_hmac_finish sha256_hmac_finish
+  #define sha2_hmac_starts sha256_hmac_starts
+  #define sha2_hmac_update sha256_hmac_update
+  #define sha2_starts sha256_starts
+  #define sha2_update sha256_update
+  #define sha4_finish sha512_finish
+  #define sha4_hmac_finish sha512_hmac_finish
+  #define sha4_hmac_starts sha512_hmac_starts
+  #define sha4_hmac_update sha512_hmac_update
+  #define sha4_starts sha512_starts
+  #define sha4_update sha512_update
+  #define POLARSSL_SHA2_C POLARSSL_SHA256_C
+  #define POLARSSL_SHA4_C POLARSSL_SHA512_C
+  #define SIG_RSA_SHA1    POLARSSL_MD_SHA1
+  #define SIG_RSA_SHA224  POLARSSL_MD_SHA224
+  #define SIG_RSA_SHA256  POLARSSL_MD_SHA256
+  #define SIG_RSA_SHA384  POLARSSL_MD_SHA384
+  #define SIG_RSA_SHA512  POLARSSL_MD_SHA512
+#else
+  #include <polarssl/sha1.h>
+  #include <polarssl/sha2.h>
+  #include <polarssl/sha4.h>
+  typedef int md_type_t;
+#endif
+
+class SHA1Summer
+{
+public:
+   SHA1Summer() { sha1_starts(&d_context); };
+   void feed(const std::string &str) { feed(str.c_str(), str.length()); };
+   void feed(const char *ptr, size_t len) { sha1_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
+   const std::string get() const { 
+     sha1_context ctx2;
+     unsigned char result[20] = {0};
+     ctx2=d_context;
+     sha1_finish(&ctx2, result);
+     return std::string(result, result + sizeof result);
+   };
+private:
+   SHA1Summer(const SHA1Summer&);
+   SHA1Summer& operator=(const SHA1Summer&);
+   sha1_context d_context;
+};
+
+class SHA224Summer
+{
+public:
+   SHA224Summer() { sha2_starts(&d_context, 1); };
+   void feed(const std::string &str) { feed(str.c_str(), str.length()); };
+   void feed(const char *ptr, size_t len) { sha2_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
+   const std::string get() const { 
+     sha2_context ctx2;
+     unsigned char result[32] = {0};
+     ctx2=d_context;
+     sha2_finish(&ctx2, result);
+     return std::string(result, result + 28);
+   };
+private:
+   SHA224Summer(const SHA1Summer&);
+   SHA224Summer& operator=(const SHA1Summer&);
+   sha2_context d_context;
+};
+
+class SHA256Summer
+{
+public:
+   SHA256Summer() { sha2_starts(&d_context, 0); };
+   void feed(const std::string &str) { feed(str.c_str(), str.length()); };
+   void feed(const char *ptr, size_t len) { sha2_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
+   const std::string get() const {
+     sha2_context ctx2;
+     unsigned char result[32] = {0};
+     ctx2=d_context;
+     sha2_finish(&ctx2, result);
+     return std::string(result, result + 32);
+   };
+private:
+   SHA256Summer(const SHA1Summer&);
+   SHA256Summer& operator=(const SHA1Summer&);
+   sha2_context d_context;
+};
+
+class SHA384Summer
+{
+public:
+   SHA384Summer() { sha4_starts(&d_context, 1); };
+   void feed(const std::string &str) { feed(str.c_str(), str.length()); };
+   void feed(const char *ptr, size_t len) { sha4_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
+   const std::string get() const {
+     sha4_context ctx2;
+     unsigned char result[64] = {0};
+     ctx2 = d_context;
+     sha4_finish(&ctx2, result);
+     return std::string(result, result + 48);
+   };
+private:
+   SHA384Summer(const SHA1Summer&);
+   SHA384Summer& operator=(const SHA1Summer&);
+   sha4_context d_context;
+};
+
+class SHA512Summer
+{
+public:
+   SHA512Summer() { sha4_starts(&d_context, 0); };
+   void feed(const std::string &str) { feed(str.c_str(), str.length()); };
+   void feed(const char *ptr, size_t len) { sha4_update(&d_context, reinterpret_cast<const unsigned char*>(ptr), len); };
+   const std::string get() const {
+     sha4_context ctx2;
+     unsigned char result[64] = {0};
+     ctx2=d_context;
+     sha4_finish(&ctx2, result);
+     return std::string(result, result + sizeof result);
+   };
+private:
+   SHA512Summer(const SHA1Summer&);
+   SHA512Summer& operator=(const SHA1Summer&);
+   sha4_context d_context;
+};
+
+#endif /* sha.hh */
diff --git a/net-dns/pdns/pdns-3.3.ebuild b/net-dns/pdns/pdns-3.3.ebuild
new file mode 100644
index 000000000000..e13cac88aa6d
--- /dev/null
+++ b/net-dns/pdns/pdns-3.3.ebuild
@@ -0,0 +1,187 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns/pdns-3.3.ebuild,v 1.1 2013/12/16 14:56:40 ultrabug Exp $
+
+EAPI=5
+
+inherit autotools eutils multilib systemd user toolchain-funcs
+
+DESCRIPTION="The PowerDNS Daemon"
+HOMEPAGE="http://www.powerdns.com/"
+SRC_URI="http://downloads.powerdns.com/releases/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+# other possible flags:
+# db2: we lack the dep
+# oracle: dito (need Oracle Client Libraries)
+# xdb: (almost) dead, surely not supported
+
+IUSE="botan cryptopp debug doc ldap lua mydns mysql odbc opendbx postgres remote
+remote-http sqlite static tinydns"
+
+REQUIRED_USE="mydns? ( mysql )"
+
+RDEPEND="!static? (
+		net-libs/polarssl
+		>=dev-libs/boost-1.34:=
+		botan? ( =dev-libs/botan-1.10* )
+		cryptopp? ( dev-libs/crypto++ )
+		lua? ( dev-lang/lua )
+		mysql? ( virtual/mysql )
+		postgres? ( dev-db/postgresql-base:= )
+		ldap? ( >=net-nds/openldap-2.0.27-r4 )
+		sqlite? ( dev-db/sqlite:3 )
+		odbc? ( dev-db/unixODBC )
+		opendbx? ( dev-db/opendbx )
+		remote-http? ( net-misc/curl )
+		tinydns? ( dev-db/cdb ) )"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	static? (
+		net-libs/polarssl[static-libs(+)]
+		>=dev-libs/boost-1.34[static-libs(+)]
+		botan? ( =dev-libs/botan-1.10*[static-libs(+)] )
+		cryptopp? ( dev-libs/crypto++[static-libs(+)] )
+		lua? ( dev-lang/lua[static-libs(+)] )
+		mysql? ( virtual/mysql[static-libs(+)] )
+		postgres? ( dev-db/postgresql-base[static-libs(+)] )
+		ldap? ( >=net-nds/openldap-2.0.27-r4[static-libs(+)] )
+		sqlite? ( dev-db/sqlite:3[static-libs(+)] )
+		odbc? ( dev-db/unixODBC[static-libs(+)] )
+		opendbx? ( dev-db/opendbx[static-libs(+)] )
+		remote-http? ( net-misc/curl[static-libs(+)] )
+		tinydns? ( dev-db/cdb ) )
+	doc? ( app-doc/doxygen )"
+
+src_prepare() {
+	#TODO: kill me, I'm dirty @ultrabug
+	cp "${FILESDIR}/${P}_sha.hh" pdns/sha.hh
+	epatch \
+		"${FILESDIR}/${P}-fix-polarssl_1.3.0.patch" \
+		"${FILESDIR}/${P}-fix-autoconf.patch" \
+		"${FILESDIR}/${P}-fix-conditional-polarssl.patch" \
+		"${FILESDIR}/${P}-fix-curl-link.patch" \
+		"${FILESDIR}/${P}-lib_lua.patch"
+	eautoreconf
+}
+
+src_configure() {
+	local dynmodules="pipe geo" # the default backends, always enabled
+	local modules=""
+
+	#use db2 && dynmodules+=" db2"
+	use ldap && dynmodules+=" ldap"
+	use lua && dynmodules+=" lua"
+	use mydns && dynmodules+=" mydns"
+	use mysql && dynmodules+=" gmysql"
+	use odbc && dynmodules+=" godbc"
+	use opendbx && dynmodules+=" opendbx"
+	#use oracle && dynmodules+=" goracle oracle"
+	use postgres && dynmodules+=" gpgsql"
+	use remote && dynmodules+=" remote"
+	use sqlite && dynmodules+=" gsqlite3"
+	use tinydns && dynmodules+=" tinydns"
+	#use xdb && dynmodules+=" xdb"
+
+	if use static ; then
+		modules="${dynmodules}"
+		dynmodules=""
+	fi
+
+	use botan && myconf+=" --enable-botan1.10"
+	use cryptopp && myconf+=" --enable-cryptopp"
+	use debug && myconf+=" --enable-verbose-logging"
+	use remote-http && myconf+=" --enable-remotebackend-http"
+
+	econf \
+		--with-system-polarssl \
+		--disable-static \
+		--sysconfdir=/etc/powerdns \
+		--libdir=/usr/$(get_libdir)/powerdns \
+		--with-modules="${modules}" \
+		--with-dynmodules="${dynmodules}" \
+		--with-pgsql-includes=/usr/include \
+		--with-pgsql-lib=/usr/$(get_libdir) \
+		--with-mysql-lib=/usr/$(get_libdir) \
+		$(use_with lua) \
+		$(use_enable static static-binaries) \
+		${myconf}
+}
+
+src_compile() {
+	default
+	use doc && emake -C codedocs codedocs
+}
+
+src_install () {
+	default
+
+	mv "${D}"/etc/powerdns/pdns.conf{-dist,}
+
+	fperms 0700 /etc/powerdns
+	fperms 0600 /etc/powerdns/pdns.conf
+
+	# set defaults: setuid=pdns, setgid=pdns
+	sed -i \
+		-e 's/^# set\([ug]\)id=$/set\1id=pdns/g' \
+		"${D}"/etc/powerdns/pdns.conf
+
+	doinitd "${FILESDIR}"/pdns
+	systemd_newunit contrib/systemd-pdns.service pdns.service
+
+	keepdir /var/empty
+
+	use doc && dohtml -r codedocs/html/.
+
+	# Install development headers
+	insinto /usr/include/pdns
+	doins pdns/*.hh
+	insinto /usr/include/pdns/backends/gsql
+	doins pdns/backends/gsql/*.hh
+
+	if use ldap ; then
+		insinto /etc/openldap/schema
+		doins "${FILESDIR}"/dnsdomain2.schema
+	fi
+
+	prune_libtool_files --all
+}
+
+pkg_preinst() {
+	enewgroup pdns
+	enewuser pdns -1 -1 /var/empty pdns
+}
+
+pkg_postinst() {
+	elog "PowerDNS provides multiple instances support. You can create more instances"
+	elog "by symlinking the pdns init script to another name."
+	elog
+	elog "The name must be in the format pdns.<suffix> and PowerDNS will use the"
+	elog "/etc/powerdns/pdns-<suffix>.conf configuration file instead of the default."
+
+	if use ldap ; then
+		ewarn "The official LDAP backend module is only compile-tested by upstream."
+		ewarn "Try net-dns/pdns-ldap-backend if you have problems with it."
+	fi
+
+	local fix_perms=0
+
+	for rv in ${REPLACING_VERSIONS} ; do
+		version_compare ${rv} 3.2
+		[[ $? -eq 1 ]] && fix_perms=1
+	done
+
+	if [[ $fix_perms -eq 1 ]] ; then
+		ewarn "To fix a security bug (bug #458018) had the following"
+		ewarn "files/directories the world-readable bit removed (if set):"
+		ewarn "  ${EPREFIX}/etc/pdns"
+		ewarn "  ${EPREFIX}/etc/pdns/pdns.conf"
+		ewarn "Check if this is correct for your setup"
+		ewarn "This is a one-time change and will not happen on subsequent updates."
+		chmod o-rwx "${EPREFIX}"/etc/pdns/{,pdns.conf}
+	fi
+
+}