diff options
| author | roy <roy@pkgsrc.org> | 2015-04-29 12:53:02 +0000 |
|---|---|---|
| committer | roy <roy@pkgsrc.org> | 2015-04-29 12:53:02 +0000 |
| commit | b5a7572a9b6f62c4e4155b1fb75b2c3b23b4717f (patch) | |
| tree | 9f2f2a9001e90021ee5d066fc9604acf57d15003 /net | |
| parent | ad0afef1c9b72771171369ea28cba97fa4f50f61 (diff) | |
| download | pkgsrc-b5a7572a9b6f62c4e4155b1fb75b2c3b23b4717f.tar.gz | |
Add a patch to fix CVE-2015-3294.
Remove myself as maintainer.
Diffstat (limited to 'net')
| -rw-r--r-- | net/dnsmasq/Makefile | 6 | ||||
| -rw-r--r-- | net/dnsmasq/distinfo | 3 | ||||
| -rw-r--r-- | net/dnsmasq/patches/patch-src_rfc1035.c | 44 |
3 files changed, 49 insertions, 4 deletions
diff --git a/net/dnsmasq/Makefile b/net/dnsmasq/Makefile index 997a825602a..18824b19d42 100644 --- a/net/dnsmasq/Makefile +++ b/net/dnsmasq/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.27 2015/04/22 14:57:22 abs Exp $ +# $NetBSD: Makefile,v 1.28 2015/04/29 12:53:02 roy Exp $ DISTNAME= dnsmasq-2.67 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= net MASTER_SITES= http://www.thekelleys.org.uk/dnsmasq/ -MAINTAINER= roy@NetBSD.org +MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.thekelleys.org.uk/dnsmasq/doc.html COMMENT= Lightweight, easy to configure DNS forwarder LICENSE= gnu-gpl-v3 diff --git a/net/dnsmasq/distinfo b/net/dnsmasq/distinfo index ea0b35d9e44..31b73025e25 100644 --- a/net/dnsmasq/distinfo +++ b/net/dnsmasq/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.25 2015/04/22 14:57:22 abs Exp $ +$NetBSD: distinfo,v 1.26 2015/04/29 12:53:02 roy Exp $ SHA1 (dnsmasq-2.67.tar.gz) = 550c7ea2bef2a74a089c664d95fc52420a8cb726 RMD160 (dnsmasq-2.67.tar.gz) = c2f3f9d7978bc9eddbcb77add54acdf3c8103fa8 Size (dnsmasq-2.67.tar.gz) = 600838 bytes SHA1 (patch-dnsmasq.conf.example) = 2974c722a26400915037259c79899e8a3e95bf8f SHA1 (patch-src_bpf.c) = 5a355bc116d2853b8e202ea31847a9e36cd000b0 +SHA1 (patch-src_rfc1035.c) = 3b3a2fa2c83db937f46e4ab2a7e06f0c191f62e9 diff --git a/net/dnsmasq/patches/patch-src_rfc1035.c b/net/dnsmasq/patches/patch-src_rfc1035.c new file mode 100644 index 00000000000..9d502b9b435 --- /dev/null +++ b/net/dnsmasq/patches/patch-src_rfc1035.c @@ -0,0 +1,44 @@ +From ad4a8ff7d9097008d7623df8543df435bfddeac8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley <simon@thekelleys.org.uk> +Date: Thu, 9 Apr 2015 21:48:00 +0100 +Subject: [PATCH] Fix crash on receipt of certain malformed DNS requests. + +--- + CHANGELOG | 3 +++ + src/rfc1035.c | 9 ++++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 7a07b0c..a995ab5 100644 +--- src/rfc1035.c ++++ src/rfc1035.c +@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, + size_t setup_reply(struct dns_header *header, size_t qlen, + struct all_addr *addrp, unsigned int flags, unsigned long ttl) + { +- unsigned char *p = skip_questions(header, qlen); ++ unsigned char *p; ++ ++ if (!(p = skip_questions(header, qlen))) ++ return 0; + + /* clear authoritative and truncated flags, set QR flag */ + header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; +@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + SET_RCODE(header, NOERROR); /* empty domain */ + else if (flags == F_NXDOMAIN) + SET_RCODE(header, NXDOMAIN); +- else if (p && flags == F_IPV4) ++ else if (flags == F_IPV4) + { /* we know the address */ + SET_RCODE(header, NOERROR); + header->ancount = htons(1); +@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); + } + #ifdef HAVE_IPV6 +- else if (p && flags == F_IPV6) ++ else if (flags == F_IPV6) + { + SET_RCODE(header, NOERROR); + header->ancount = htons(1); |