summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorschmonz <schmonz@pkgsrc.org>2018-09-28 20:36:24 +0000
committerschmonz <schmonz@pkgsrc.org>2018-09-28 20:36:24 +0000
commitbf2698bee900c3b2ada36fa1e5c5a5c0a3ad9077 (patch)
treef15ee47257d5bdda1127548e103468d1c18d6df4
parent8206641206ed99bd18db5b7f130aa10982736d6b (diff)
downloadpkgsrc-bf2698bee900c3b2ada36fa1e5c5a5c0a3ad9077.tar.gz
Rename 'djbdns-qmerge2' option to 'djbdns-mergequeries', still enabled
by default. Deprecate 'djbdns-qmerge1'. When applying the 'djbdns-mergequeries' patch, also apply a missing bounds check. Patch from Tim Stewart on dns@list.cr.yp.to. Bump PKGREVISION.
-rw-r--r--net/djbdns/Makefile4
-rw-r--r--net/djbdns/distinfo12
-rw-r--r--net/djbdns/files/patch-mergequeries (renamed from net/djbdns/files/patch-qmerge2)5
-rw-r--r--net/djbdns/files/patch-mergequeries-boundscheck27
-rw-r--r--net/djbdns/options.mk33
-rw-r--r--net/djbdns/patches/patch-response.c3
6 files changed, 50 insertions, 34 deletions
diff --git a/net/djbdns/Makefile b/net/djbdns/Makefile
index a19fb6e571a..dea1cb04d67 100644
--- a/net/djbdns/Makefile
+++ b/net/djbdns/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.66 2018/06/18 10:44:38 schmonz Exp $
+# $NetBSD: Makefile,v 1.67 2018/09/28 20:36:24 schmonz Exp $
DISTNAME= djbdns-1.05
-PKGREVISION= 13
+PKGREVISION= 14
CATEGORIES= net
MASTER_SITES= http://cr.yp.to/djbdns/
DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${MANPAGES}
diff --git a/net/djbdns/distinfo b/net/djbdns/distinfo
index 8722d685d51..bb11a03cd35 100644
--- a/net/djbdns/distinfo
+++ b/net/djbdns/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.26 2018/06/18 10:44:38 schmonz Exp $
+$NetBSD: distinfo,v 1.27 2018/09/28 20:36:24 schmonz Exp $
SHA1 (djbdns-1.05.tar.gz) = 2efdb3a039d0c548f40936aa9cb30829e0ce8c3d
RMD160 (djbdns-1.05.tar.gz) = a832cbfd93e4ccec6a565492a4ee0b3c1b4b68ed
@@ -20,16 +20,8 @@ SHA1 (djbdns-cachestats.patch) = ab0b2835140768d89159d5564534d39520d7f403
RMD160 (djbdns-cachestats.patch) = e09994d84573e781ce18b59f909f8bd013de5d8e
SHA512 (djbdns-cachestats.patch) = e78b6a8fc43f94e5bc5971d85f952ef9cac4fa827b00036994fa51dcebb9c9755c36488ac24a9ec7b92097a38938191147faf8cce84a9e636072684db28a2e62
Size (djbdns-cachestats.patch) = 2341 bytes
-SHA1 (0001-dnscache-merge-similar-outgoing-queries.patch) = 8dd3ce7758d3a97cafbe6a60ea83f48e916f496d
-RMD160 (0001-dnscache-merge-similar-outgoing-queries.patch) = c416dd6575819cfd40ef0d306ccb14d34a5afc90
-SHA512 (0001-dnscache-merge-similar-outgoing-queries.patch) = cbec128b021a341c68906289ca02d3a7fe088c8b3835f2ae3dbb581ad6520712eb344d66e11bb82368dbca2e93e46facd4e10d121fc091099b3a7bfd5e6d081e
-Size (0001-dnscache-merge-similar-outgoing-queries.patch) = 9914 bytes
-SHA1 (0002-dnscache-cache-soa-records.patch) = ac9b6a62c62588205cc4dc71da4e0ad6630f9635
-RMD160 (0002-dnscache-cache-soa-records.patch) = 0b58e57bc11b36113c5fef73a64c869895f83889
-SHA512 (0002-dnscache-cache-soa-records.patch) = f65ca7dfc8e85f469f22d72a1c79126c35243dc077abf4b688eb7d057f19456dc8a3665f558a8a3c1908f96fa1838792aa1bc317d2e89f4953020828c05926e6
-Size (0002-dnscache-cache-soa-records.patch) = 2944 bytes
SHA1 (patch-Makefile) = 0dffb59090ccb4977c65885f062eb37255ccd0d9
SHA1 (patch-dnscache-conf.c) = 873897ad6b97baff363874a6a79c8da44383c283
SHA1 (patch-dnsroots.global) = 183964d516e08c46773847fe542f5a502ec2edcf
SHA1 (patch-hier.c) = 874af27489ad4597e213cfe05a7f2f919081db20
-SHA1 (patch-response.c) = 4f089b63664b7e4685b77fc55b287860c8c68229
+SHA1 (patch-response.c) = 24c8f3bc4b629dd04a0b83285eff4579750d92ff
diff --git a/net/djbdns/files/patch-qmerge2 b/net/djbdns/files/patch-mergequeries
index 87c2223aec9..39e5de50929 100644
--- a/net/djbdns/files/patch-qmerge2
+++ b/net/djbdns/files/patch-mergequeries
@@ -1,4 +1,7 @@
-$NetBSD: patch-qmerge2,v 1.2 2015/12/29 04:04:29 dholland Exp $
+$NetBSD: patch-mergequeries,v 1.1 2018/09/28 20:36:24 schmonz Exp $
+
+Address the dnscache poisoning weaknesses described in CVE-2008-4392.
+From Jeff King in <https://marc.info/?l=djbdns&m=123859517723684&w=2>
--- clients.h.orig 2009-04-21 23:43:02.000000000 -0400
+++ clients.h
diff --git a/net/djbdns/files/patch-mergequeries-boundscheck b/net/djbdns/files/patch-mergequeries-boundscheck
new file mode 100644
index 00000000000..1383b8ee2c5
--- /dev/null
+++ b/net/djbdns/files/patch-mergequeries-boundscheck
@@ -0,0 +1,27 @@
+$NetBSD: patch-mergequeries-boundscheck,v 1.1 2018/09/28 20:36:24 schmonz Exp $
+
+Add a missing bounds check to the MERGEQUERIES patch's try_merge().
+From Tim Stewart in <https://marc.info/?l=djbdns&m=153020962703821>
+
+--- dns_transmit.c.orig 2018-09-28 20:25:42.000000000 +0000
++++ dns_transmit.c
+@@ -35,6 +35,7 @@ static int try_merge(struct dns_transmit
+ for (i = 0; i < MAXUDP; i++) {
+ if (!inprogress[i]) continue;
+ if (!merge_equal(d, inprogress[i])) continue;
++ if (inprogress[i]->nslaves == MAXUDP) continue;
+ d->master = inprogress[i];
+ inprogress[i]->slaves[inprogress[i]->nslaves++] = d;
+ return 1;
+@@ -127,8 +128,10 @@ static void mergefree(struct dns_transmi
+ }
+ /* and unregister all of our slaves from us */
+ for (i = 0; i < d->nslaves; i++) {
+- if (d->slaves[i])
++ if (d->slaves[i]) {
+ d->slaves[i]->master = NULL;
++ d->slaves[i] = 0;
++ }
+ }
+ d->nslaves = 0;
+ }
diff --git a/net/djbdns/options.mk b/net/djbdns/options.mk
index b38563ffd81..81047c67bab 100644
--- a/net/djbdns/options.mk
+++ b/net/djbdns/options.mk
@@ -1,12 +1,14 @@
-# $NetBSD: options.mk,v 1.19 2018/06/18 10:44:38 schmonz Exp $
+# $NetBSD: options.mk,v 1.20 2018/09/28 20:36:24 schmonz Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.djbdns
PKG_SUPPORTED_OPTIONS+= # inet6
PKG_SUPPORTED_OPTIONS+= djbdns-cachestats djbdns-ignoreip2
-PKG_SUPPORTED_OPTIONS+= djbdns-tinydns64
-PKG_OPTIONS_OPTIONAL_GROUPS= qmerge
-PKG_OPTIONS_GROUP.qmerge= djbdns-qmerge1 djbdns-qmerge2
-PKG_SUGGESTED_OPTIONS+= djbdns-qmerge2 djbdns-tinydns64
+PKG_SUPPORTED_OPTIONS+= djbdns-mergequeries djbdns-tinydns64
+PKG_SUGGESTED_OPTIONS+= djbdns-mergequeries djbdns-tinydns64
+
+# For users migrating from 2018Q2; remove compatibility after 2018Q3 is branched
+PKG_OPTIONS_LEGACY_OPTS+= djbdns-qmerge1:djbdns-mergequeries
+PKG_OPTIONS_LEGACY_OPTS+= djbdns-qmerge2:djbdns-mergequeries
.include "../../mk/bsd.options.mk"
@@ -35,22 +37,13 @@ PATCHFILES+= ${IGNOREIP2_PATCH}
SITES.${IGNOREIP2_PATCH}= http://www.tinydns.org/
.endif
-.if !empty(PKG_OPTIONS:Mdjbdns-qmerge1)
-DNSCACHE_MERGE_PATCH= 0001-dnscache-merge-similar-outgoing-queries.patch
-DNSCACHE_SOA_PATCH= 0002-dnscache-cache-soa-records.patch
-PATCHFILES+= ${DNSCACHE_MERGE_PATCH} ${DNSCACHE_SOA_PATCH}
-PATCH_DIST_STRIP.${DNSCACHE_MERGE_PATCH}= -p1
-PATCH_DIST_STRIP.${DNSCACHE_SOA_PATCH}= -p1
-SITES.${DNSCACHE_MERGE_PATCH}= http://www.your.org/dnscache/
-SITES.${DNSCACHE_SOA_PATCH}= http://www.your.org/dnscache/
-.endif
-
-.if !empty(PKG_OPTIONS:Mdjbdns-qmerge2)
+.if !empty(PKG_OPTIONS:Mdjbdns-mergequeries)
USE_TOOLS+= patch
-post-patch: patch-qmerge2
-.PHONY: patch-qmerge2
-patch-qmerge2:
- cd ${WRKSRC} && ${PATCH} ${PATCH_ARGS} < ${FILESDIR}/patch-qmerge2
+post-patch: patch-mergequeries
+.PHONY: patch-mergequeries
+patch-mergequeries:
+ cd ${WRKSRC} && ${PATCH} ${PATCH_ARGS} < ${FILESDIR}/patch-mergequeries
+ cd ${WRKSRC} && ${PATCH} ${PATCH_ARGS} < ${FILESDIR}/patch-mergequeries-boundscheck
.endif
.if !empty(PKG_OPTIONS:Mdjbdns-tinydns64)
diff --git a/net/djbdns/patches/patch-response.c b/net/djbdns/patches/patch-response.c
index dc8409f3114..f0b396a50c7 100644
--- a/net/djbdns/patches/patch-response.c
+++ b/net/djbdns/patches/patch-response.c
@@ -1,6 +1,7 @@
-$NetBSD: patch-response.c,v 1.1 2017/05/26 15:16:45 schmonz Exp $
+$NetBSD: patch-response.c,v 1.2 2018/09/28 20:36:24 schmonz Exp $
Fix the security hole found by Matthew Dempsky.
+From DJB in <https://marc.info/?l=djbdns&m=123613000920446&w=2>
--- response.c.orig 2001-02-11 16:11:45.000000000 -0500
+++ response.c