Pullup ticket #4706 - requested by roy

net/dnsmasq: security patch

Revisions pulled up:
- net/dnsmasq/Makefile                                          1.28,1.27
- net/dnsmasq/distinfo                                          1.26,1.25
- net/dnsmasq/files/dnsmasq.sh                                  1.3
- net/dnsmasq/patches/patch-src_bpf.c                           1.4
- net/dnsmasq/patches/patch-src_rfc1035.c                       1.1

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   roy
   Date:           Wed Apr 29 12:53:02 UTC 2015

   Modified Files:
           pkgsrc/net/dnsmasq: Makefile distinfo
   Added Files:
           pkgsrc/net/dnsmasq/patches: patch-src_rfc1035.c

   Log Message:
   Add a patch to fix CVE-2015-3294.
   Remove myself as maintainer.


   To generate a diff of this commit:
   cvs rdiff -u -r1.27 -r1.28 pkgsrc/net/dnsmasq/Makefile
   cvs rdiff -u -r1.25 -r1.26 pkgsrc/net/dnsmasq/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/net/dnsmasq/patches/patch-src_rfc1035.c

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   abs
   Date:           Wed Apr 22 14:57:22 UTC 2015

   Modified Files:
           pkgsrc/net/dnsmasq: Makefile distinfo
           pkgsrc/net/dnsmasq/files: dnsmasq.sh
           pkgsrc/net/dnsmasq/patches: patch-src_bpf.c

   Log Message:
   Add a 'reload' rc.d option (automatically uses the pid file), which will
   make dnsmasq reload the dhcp file. Add patch comment and mps
   Bump PKGREVISION


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/dnsmasq/Makefile
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/net/dnsmasq/distinfo
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/net/dnsmasq/files/dnsmasq.sh
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/dnsmasq/patches/patch-src_bpf.c

5 files changed, 55 insertions, 7 deletions

diff --git a/net/dnsmasq/Makefile b/net/dnsmasq/Makefile
index c7c3eeba7f2..8fd1b30bf1a 100644
--- a/net/dnsmasq/Makefile
+++ b/net/dnsmasq/Makefile
@@ -1,12 +1,12 @@
-# $NetBSD: Makefile,v 1.26 2014/11/23 13:16:23 cheusov Exp $
+# $NetBSD: Makefile,v 1.26.4.1 2015/04/29 18:40:55 spz Exp $
 #
 
 DISTNAME=		dnsmasq-2.67
-PKGREVISION=		1
+PKGREVISION=		3
 CATEGORIES=		net
 MASTER_SITES=		http://www.thekelleys.org.uk/dnsmasq/
 
-MAINTAINER=		roy@NetBSD.org
+MAINTAINER=		pkgsrc-users@NetBSD.org
 HOMEPAGE=		http://www.thekelleys.org.uk/dnsmasq/doc.html
 COMMENT=		Lightweight, easy to configure DNS forwarder
 LICENSE=		gnu-gpl-v3
diff --git a/net/dnsmasq/distinfo b/net/dnsmasq/distinfo
index a7b473364d7..f36ae0383b8 100644
--- a/net/dnsmasq/distinfo
+++ b/net/dnsmasq/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.24 2015/01/17 13:52:12 bsiegert Exp $
+$NetBSD: distinfo,v 1.24.2.1 2015/04/29 18:40:55 spz Exp $
 
 SHA1 (dnsmasq-2.67.tar.gz) = 550c7ea2bef2a74a089c664d95fc52420a8cb726
 RMD160 (dnsmasq-2.67.tar.gz) = c2f3f9d7978bc9eddbcb77add54acdf3c8103fa8
 Size (dnsmasq-2.67.tar.gz) = 600838 bytes
 SHA1 (patch-dnsmasq.conf.example) = 2974c722a26400915037259c79899e8a3e95bf8f
-SHA1 (patch-src_bpf.c) = 8ba0482e8ba9441d5eb235dfb7b4aa556545636c
+SHA1 (patch-src_bpf.c) = 5a355bc116d2853b8e202ea31847a9e36cd000b0
+SHA1 (patch-src_rfc1035.c) = 3b3a2fa2c83db937f46e4ab2a7e06f0c191f62e9
diff --git a/net/dnsmasq/files/dnsmasq.sh b/net/dnsmasq/files/dnsmasq.sh
index fe2b707fce2..9111d4c7b80 100644
--- a/net/dnsmasq/files/dnsmasq.sh
+++ b/net/dnsmasq/files/dnsmasq.sh
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: dnsmasq.sh,v 1.2 2011/10/07 22:37:04 shattered Exp $
+# $NetBSD: dnsmasq.sh,v 1.2.28.1 2015/04/29 18:40:55 spz Exp $
 #
 
 # PROVIDE: dnsmasq
@@ -12,6 +12,7 @@ name="dnsmasq"
 rcvar=$name
 command="@PREFIX@/sbin/${name}"
 pidfile="/var/run/${name}.pid"
+extra_commands="reload"
 
 load_rc_config $name
 run_rc_command "$1"
diff --git a/net/dnsmasq/patches/patch-src_bpf.c b/net/dnsmasq/patches/patch-src_bpf.c
index 407ace710ba..47bcd1b199a 100644
--- a/net/dnsmasq/patches/patch-src_bpf.c
+++ b/net/dnsmasq/patches/patch-src_bpf.c
@@ -1,4 +1,6 @@
-$NetBSD: patch-src_bpf.c,v 1.3 2015/01/17 13:52:13 bsiegert Exp $
+$NetBSD: patch-src_bpf.c,v 1.3.2.1 2015/04/29 18:40:55 spz Exp $
+
+Add inet6 include for OS X
 
 --- src/bpf.c.orig     2015-01-02 04:23:05.000000000 +0000
 +++ src/bpf.c
diff --git a/net/dnsmasq/patches/patch-src_rfc1035.c b/net/dnsmasq/patches/patch-src_rfc1035.c
new file mode 100644
index 00000000000..9d502b9b435
--- /dev/null
+++ b/net/dnsmasq/patches/patch-src_rfc1035.c
@@ -0,0 +1,44 @@
+From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Thu, 9 Apr 2015 21:48:00 +0100
+Subject: [PATCH] Fix crash on receipt of certain malformed DNS requests.
+
+---
+ CHANGELOG     |    3 +++
+ src/rfc1035.c |    9 ++++++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 7a07b0c..a995ab5 100644
+--- src/rfc1035.c
++++ src/rfc1035.c
+@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
+ size_t setup_reply(struct dns_header *header, size_t qlen,
+ 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
+ {
+-  unsigned char *p = skip_questions(header, qlen);
++  unsigned char *p;
++
++  if (!(p = skip_questions(header, qlen)))
++    return 0;
+   
+   /* clear authoritative and truncated flags, set QR flag */
+   header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
+@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+     SET_RCODE(header, NOERROR); /* empty domain */
+   else if (flags == F_NXDOMAIN)
+     SET_RCODE(header, NXDOMAIN);
+-  else if (p && flags == F_IPV4)
++  else if (flags == F_IPV4)
+     { /* we know the address */
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);
+@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+       add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
+     }
+ #ifdef HAVE_IPV6
+-  else if (p && flags == F_IPV6)
++  else if (flags == F_IPV6)
+     {
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);