diff options
author | spz <spz> | 2015-04-29 18:40:55 +0000 |
---|---|---|
committer | spz <spz> | 2015-04-29 18:40:55 +0000 |
commit | f66badcb0d5df9f6426a2756c86b12c8020f1376 (patch) | |
tree | 429c5c4a796f9b398e12713edcce9433c33e66e4 | |
parent | e460ef916007a97ede01915ddfb2e11d47a023e1 (diff) | |
download | pkgsrc-f66badcb0d5df9f6426a2756c86b12c8020f1376.tar.gz |
Pullup ticket #4706 - requested by roy
net/dnsmasq: security patch
Revisions pulled up:
- net/dnsmasq/Makefile 1.28,1.27
- net/dnsmasq/distinfo 1.26,1.25
- net/dnsmasq/files/dnsmasq.sh 1.3
- net/dnsmasq/patches/patch-src_bpf.c 1.4
- net/dnsmasq/patches/patch-src_rfc1035.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: roy
Date: Wed Apr 29 12:53:02 UTC 2015
Modified Files:
pkgsrc/net/dnsmasq: Makefile distinfo
Added Files:
pkgsrc/net/dnsmasq/patches: patch-src_rfc1035.c
Log Message:
Add a patch to fix CVE-2015-3294.
Remove myself as maintainer.
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 pkgsrc/net/dnsmasq/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/net/dnsmasq/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/net/dnsmasq/patches/patch-src_rfc1035.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: abs
Date: Wed Apr 22 14:57:22 UTC 2015
Modified Files:
pkgsrc/net/dnsmasq: Makefile distinfo
pkgsrc/net/dnsmasq/files: dnsmasq.sh
pkgsrc/net/dnsmasq/patches: patch-src_bpf.c
Log Message:
Add a 'reload' rc.d option (automatically uses the pid file), which will
make dnsmasq reload the dhcp file. Add patch comment and mps
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/dnsmasq/Makefile
cvs rdiff -u -r1.24 -r1.25 pkgsrc/net/dnsmasq/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/dnsmasq/files/dnsmasq.sh
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/dnsmasq/patches/patch-src_bpf.c
-rw-r--r-- | net/dnsmasq/Makefile | 6 | ||||
-rw-r--r-- | net/dnsmasq/distinfo | 5 | ||||
-rw-r--r-- | net/dnsmasq/files/dnsmasq.sh | 3 | ||||
-rw-r--r-- | net/dnsmasq/patches/patch-src_bpf.c | 4 | ||||
-rw-r--r-- | net/dnsmasq/patches/patch-src_rfc1035.c | 44 |
5 files changed, 55 insertions, 7 deletions
diff --git a/net/dnsmasq/Makefile b/net/dnsmasq/Makefile index c7c3eeba7f2..8fd1b30bf1a 100644 --- a/net/dnsmasq/Makefile +++ b/net/dnsmasq/Makefile @@ -1,12 +1,12 @@ -# $NetBSD: Makefile,v 1.26 2014/11/23 13:16:23 cheusov Exp $ +# $NetBSD: Makefile,v 1.26.4.1 2015/04/29 18:40:55 spz Exp $ # DISTNAME= dnsmasq-2.67 -PKGREVISION= 1 +PKGREVISION= 3 CATEGORIES= net MASTER_SITES= http://www.thekelleys.org.uk/dnsmasq/ -MAINTAINER= roy@NetBSD.org +MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.thekelleys.org.uk/dnsmasq/doc.html COMMENT= Lightweight, easy to configure DNS forwarder LICENSE= gnu-gpl-v3 diff --git a/net/dnsmasq/distinfo b/net/dnsmasq/distinfo index a7b473364d7..f36ae0383b8 100644 --- a/net/dnsmasq/distinfo +++ b/net/dnsmasq/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.24 2015/01/17 13:52:12 bsiegert Exp $ +$NetBSD: distinfo,v 1.24.2.1 2015/04/29 18:40:55 spz Exp $ SHA1 (dnsmasq-2.67.tar.gz) = 550c7ea2bef2a74a089c664d95fc52420a8cb726 RMD160 (dnsmasq-2.67.tar.gz) = c2f3f9d7978bc9eddbcb77add54acdf3c8103fa8 Size (dnsmasq-2.67.tar.gz) = 600838 bytes SHA1 (patch-dnsmasq.conf.example) = 2974c722a26400915037259c79899e8a3e95bf8f -SHA1 (patch-src_bpf.c) = 8ba0482e8ba9441d5eb235dfb7b4aa556545636c +SHA1 (patch-src_bpf.c) = 5a355bc116d2853b8e202ea31847a9e36cd000b0 +SHA1 (patch-src_rfc1035.c) = 3b3a2fa2c83db937f46e4ab2a7e06f0c191f62e9 diff --git a/net/dnsmasq/files/dnsmasq.sh b/net/dnsmasq/files/dnsmasq.sh index fe2b707fce2..9111d4c7b80 100644 --- a/net/dnsmasq/files/dnsmasq.sh +++ b/net/dnsmasq/files/dnsmasq.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: dnsmasq.sh,v 1.2 2011/10/07 22:37:04 shattered Exp $ +# $NetBSD: dnsmasq.sh,v 1.2.28.1 2015/04/29 18:40:55 spz Exp $ # # PROVIDE: dnsmasq @@ -12,6 +12,7 @@ name="dnsmasq" rcvar=$name command="@PREFIX@/sbin/${name}" pidfile="/var/run/${name}.pid" +extra_commands="reload" load_rc_config $name run_rc_command "$1" diff --git a/net/dnsmasq/patches/patch-src_bpf.c b/net/dnsmasq/patches/patch-src_bpf.c index 407ace710ba..47bcd1b199a 100644 --- a/net/dnsmasq/patches/patch-src_bpf.c +++ b/net/dnsmasq/patches/patch-src_bpf.c @@ -1,4 +1,6 @@ -$NetBSD: patch-src_bpf.c,v 1.3 2015/01/17 13:52:13 bsiegert Exp $ +$NetBSD: patch-src_bpf.c,v 1.3.2.1 2015/04/29 18:40:55 spz Exp $ + +Add inet6 include for OS X --- src/bpf.c.orig 2015-01-02 04:23:05.000000000 +0000 +++ src/bpf.c diff --git a/net/dnsmasq/patches/patch-src_rfc1035.c b/net/dnsmasq/patches/patch-src_rfc1035.c new file mode 100644 index 00000000000..9d502b9b435 --- /dev/null +++ b/net/dnsmasq/patches/patch-src_rfc1035.c @@ -0,0 +1,44 @@ +From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Thu, 9 Apr 2015 21:48:00 +0100 +Subject: [PATCH] Fix crash on receipt of certain malformed DNS requests. + +--- + CHANGELOG | 3 +++ + src/rfc1035.c | 9 ++++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 7a07b0c..a995ab5 100644 +--- src/rfc1035.c ++++ src/rfc1035.c +@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, + size_t setup_reply(struct dns_header *header, size_t qlen, + struct all_addr *addrp, unsigned int flags, unsigned long ttl) + { +- unsigned char *p = skip_questions(header, qlen); ++ unsigned char *p; ++ ++ if (!(p = skip_questions(header, qlen))) ++ return 0; + + /* clear authoritative and truncated flags, set QR flag */ + header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; +@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + SET_RCODE(header, NOERROR); /* empty domain */ + else if (flags == F_NXDOMAIN) + SET_RCODE(header, NXDOMAIN); +- else if (p && flags == F_IPV4) ++ else if (flags == F_IPV4) + { /* we know the address */ + SET_RCODE(header, NOERROR); + header->ancount = htons(1); +@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); + } + #ifdef HAVE_IPV6 +- else if (p && flags == F_IPV6) ++ else if (flags == F_IPV6) + { + SET_RCODE(header, NOERROR); + header->ancount = htons(1); |