diff options
| author | rtr <rtr@pkgsrc.org> | 2008-08-12 11:46:49 +0000 |
|---|---|---|
| committer | rtr <rtr@pkgsrc.org> | 2008-08-12 11:46:49 +0000 |
| commit | 9ee3fe9c3270e5dfdba3496ab849f763141db4b5 (patch) | |
| tree | 4a1ce4b64ae01a4d08dfd4db23215f86a3c450f5 /net | |
| parent | e80e8554da38b98d535115d05104706b88b1107a (diff) | |
| download | pkgsrc-9ee3fe9c3270e5dfdba3496ab849f763141db4b5.tar.gz | |
pullup ticket #2476 - requested by ghen
powerdns: security fix
revisions pulled up:
pkgsrc/net/powerdns/Makefile 1.4
pkgsrc/net/powerdns/distinfo 1.3
pkgsrc/net/powerdns/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: ghen
Date: Mon Aug 11 13:59:48 UTC 2008
Modified Files:
pkgsrc/net/powerdns: Makefile distinfo
Added Files:
pkgsrc/net/powerdns/patches: patch-ac
Log Message:
Fix for CVE-2008-3337 taken from PowerDNS 2.9.21.1: return SERVFAIL to
mailformed queries instead of just dropping them (as this facilitates
DNS spoofing attacks). Bump PKGREVISION.
Diffstat (limited to 'net')
| -rw-r--r-- | net/powerdns/Makefile | 4 | ||||
| -rw-r--r-- | net/powerdns/distinfo | 3 | ||||
| -rw-r--r-- | net/powerdns/patches/patch-ac | 22 |
3 files changed, 26 insertions, 3 deletions
diff --git a/net/powerdns/Makefile b/net/powerdns/Makefile index c124bac449d..a10656c8e8f 100644 --- a/net/powerdns/Makefile +++ b/net/powerdns/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.3 2008/01/30 22:36:14 heinz Exp $ +# $NetBSD: Makefile,v 1.3.6.1 2008/08/12 11:46:49 rtr Exp $ PKG_DESTDIR_SUPPORT= user-destdir .include "Makefile.common" PKGNAME= ${DISTNAME:S/pdns/powerdns/} -PKGREVISION= 1 +PKGREVISION= 2 COMMENT= Modern, advanced and high performance nameserver CONFIGURE_ARGS+= --with-modules="geo" diff --git a/net/powerdns/distinfo b/net/powerdns/distinfo index f4defbbf812..7ec27b38b36 100644 --- a/net/powerdns/distinfo +++ b/net/powerdns/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.2 2007/05/09 08:05:24 ghen Exp $ +$NetBSD: distinfo,v 1.2.12.1 2008/08/12 11:46:49 rtr Exp $ SHA1 (pdns-2.9.21.tar.gz) = 2b86e4b44ef43db308c62e32b10ed0d5221a45c9 RMD160 (pdns-2.9.21.tar.gz) = ed53de20a4e660ab2537b3c888b0a85225764a51 Size (pdns-2.9.21.tar.gz) = 991071 bytes SHA1 (patch-aa) = 034845af3a9b66f57e482e3b43e43b61c17f51ab SHA1 (patch-ab) = d47887faff80330122ccf1cfd047c11e114c1153 +SHA1 (patch-ac) = aa7387cd9c283810d41d6097ecfbe6e688621432 diff --git a/net/powerdns/patches/patch-ac b/net/powerdns/patches/patch-ac new file mode 100644 index 00000000000..2df83a0488e --- /dev/null +++ b/net/powerdns/patches/patch-ac @@ -0,0 +1,22 @@ +$NetBSD: patch-ac,v 1.2.2.2 2008/08/12 11:46:49 rtr Exp $ + +Fix for CVE-2008-3337 taken from PowerDNS 2.9.21.1: return SERVFAIL to +mailformed queries instead of just dropping them (as this facilitates +DNS spoofing attacks). + +--- pdns/packethandler.cc.orig 2007-04-21 15:56:36.000000000 +0200 ++++ pdns/packethandler.cc +@@ -576,9 +576,11 @@ DNSPacket *PacketHandler::questionOrRecu + + if(!validDNSName(p->qdomain)) { + if(arg().mustDo("log-dns-details")) +- L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain<<"': dropping"<<endl; ++ L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain<<"': sending servfail"<<endl; + S.inc("corrupt-packets"); +- return 0; ++ r=p->replyPacket(); ++ r->setRcode(RCode::ServFail); ++ return r; + } + if(p->d.opcode) { // non-zero opcode (again thanks RA!) + if(p->d.opcode==Opcode::Update) { |