From bf2698bee900c3b2ada36fa1e5c5a5c0a3ad9077 Mon Sep 17 00:00:00 2001 From: schmonz Date: Fri, 28 Sep 2018 20:36:24 +0000 Subject: Rename 'djbdns-qmerge2' option to 'djbdns-mergequeries', still enabled by default. Deprecate 'djbdns-qmerge1'. When applying the 'djbdns-mergequeries' patch, also apply a missing bounds check. Patch from Tim Stewart on dns@list.cr.yp.to. Bump PKGREVISION. --- net/djbdns/Makefile | 4 +- net/djbdns/distinfo | 12 +- net/djbdns/files/patch-mergequeries | 259 ++++++++++++++++++++++++ net/djbdns/files/patch-mergequeries-boundscheck | 27 +++ net/djbdns/files/patch-qmerge2 | 256 ----------------------- net/djbdns/options.mk | 33 ++- net/djbdns/patches/patch-response.c | 3 +- 7 files changed, 305 insertions(+), 289 deletions(-) create mode 100644 net/djbdns/files/patch-mergequeries create mode 100644 net/djbdns/files/patch-mergequeries-boundscheck delete mode 100644 net/djbdns/files/patch-qmerge2 diff --git a/net/djbdns/Makefile b/net/djbdns/Makefile index a19fb6e571a..dea1cb04d67 100644 --- a/net/djbdns/Makefile +++ b/net/djbdns/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.66 2018/06/18 10:44:38 schmonz Exp $ +# $NetBSD: Makefile,v 1.67 2018/09/28 20:36:24 schmonz Exp $ DISTNAME= djbdns-1.05 -PKGREVISION= 13 +PKGREVISION= 14 CATEGORIES= net MASTER_SITES= http://cr.yp.to/djbdns/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${MANPAGES} diff --git a/net/djbdns/distinfo b/net/djbdns/distinfo index 8722d685d51..bb11a03cd35 100644 --- a/net/djbdns/distinfo +++ b/net/djbdns/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.26 2018/06/18 10:44:38 schmonz Exp $ +$NetBSD: distinfo,v 1.27 2018/09/28 20:36:24 schmonz Exp $ SHA1 (djbdns-1.05.tar.gz) = 2efdb3a039d0c548f40936aa9cb30829e0ce8c3d RMD160 (djbdns-1.05.tar.gz) = a832cbfd93e4ccec6a565492a4ee0b3c1b4b68ed @@ -20,16 +20,8 @@ SHA1 (djbdns-cachestats.patch) = ab0b2835140768d89159d5564534d39520d7f403 RMD160 (djbdns-cachestats.patch) = e09994d84573e781ce18b59f909f8bd013de5d8e SHA512 (djbdns-cachestats.patch) = e78b6a8fc43f94e5bc5971d85f952ef9cac4fa827b00036994fa51dcebb9c9755c36488ac24a9ec7b92097a38938191147faf8cce84a9e636072684db28a2e62 Size (djbdns-cachestats.patch) = 2341 bytes -SHA1 (0001-dnscache-merge-similar-outgoing-queries.patch) = 8dd3ce7758d3a97cafbe6a60ea83f48e916f496d -RMD160 (0001-dnscache-merge-similar-outgoing-queries.patch) = c416dd6575819cfd40ef0d306ccb14d34a5afc90 -SHA512 (0001-dnscache-merge-similar-outgoing-queries.patch) = cbec128b021a341c68906289ca02d3a7fe088c8b3835f2ae3dbb581ad6520712eb344d66e11bb82368dbca2e93e46facd4e10d121fc091099b3a7bfd5e6d081e -Size (0001-dnscache-merge-similar-outgoing-queries.patch) = 9914 bytes -SHA1 (0002-dnscache-cache-soa-records.patch) = ac9b6a62c62588205cc4dc71da4e0ad6630f9635 -RMD160 (0002-dnscache-cache-soa-records.patch) = 0b58e57bc11b36113c5fef73a64c869895f83889 -SHA512 (0002-dnscache-cache-soa-records.patch) = f65ca7dfc8e85f469f22d72a1c79126c35243dc077abf4b688eb7d057f19456dc8a3665f558a8a3c1908f96fa1838792aa1bc317d2e89f4953020828c05926e6 -Size (0002-dnscache-cache-soa-records.patch) = 2944 bytes SHA1 (patch-Makefile) = 0dffb59090ccb4977c65885f062eb37255ccd0d9 SHA1 (patch-dnscache-conf.c) = 873897ad6b97baff363874a6a79c8da44383c283 SHA1 (patch-dnsroots.global) = 183964d516e08c46773847fe542f5a502ec2edcf SHA1 (patch-hier.c) = 874af27489ad4597e213cfe05a7f2f919081db20 -SHA1 (patch-response.c) = 4f089b63664b7e4685b77fc55b287860c8c68229 +SHA1 (patch-response.c) = 24c8f3bc4b629dd04a0b83285eff4579750d92ff diff --git a/net/djbdns/files/patch-mergequeries b/net/djbdns/files/patch-mergequeries new file mode 100644 index 00000000000..39e5de50929 --- /dev/null +++ b/net/djbdns/files/patch-mergequeries @@ -0,0 +1,259 @@ +$NetBSD: patch-mergequeries,v 1.1 2018/09/28 20:36:24 schmonz Exp $ + +Address the dnscache poisoning weaknesses described in CVE-2008-4392. +From Jeff King in + +--- clients.h.orig 2009-04-21 23:43:02.000000000 -0400 ++++ clients.h +@@ -0,0 +1,7 @@ ++#ifndef CLIENTS_H ++#define CLIENTS_H ++ ++#define MAXUDP 200 ++#define MAXTCP 20 ++ ++#endif /* CLIENTS_H */ +--- dns.h.orig 2001-02-11 16:11:45.000000000 -0500 ++++ dns.h +@@ -4,6 +4,7 @@ + #include "stralloc.h" + #include "iopause.h" + #include "taia.h" ++#include "clients.h" + + #define DNS_C_IN "\0\1" + #define DNS_C_ANY "\0\377" +@@ -37,8 +38,14 @@ struct dns_transmit { + const char *servers; + char localip[4]; + char qtype[2]; ++ struct dns_transmit *master; ++ struct dns_transmit *slaves[MAXUDP]; ++ int nslaves; + } ; + ++extern void dns_enable_merge(void (*logger)(const char *, const char *, ++ const char *)); ++ + extern void dns_random_init(const char *); + extern unsigned int dns_random(unsigned int); + +--- dns_transmit.c.orig 2001-02-11 16:11:45.000000000 -0500 ++++ dns_transmit.c +@@ -7,6 +7,61 @@ + #include "byte.h" + #include "uint16.h" + #include "dns.h" ++#include "strerr.h" ++ ++static int merge_enable; ++static void (*merge_logger)(const char *, const char *, const char *); ++void dns_enable_merge(void (*f)(const char *, const char *, const char *)) ++{ ++ merge_enable = 1; ++ merge_logger = f; ++} ++ ++static int merge_equal(struct dns_transmit *a, struct dns_transmit *b) ++{ ++ const char *ip1 = a->servers + 4 * a->curserver; ++ const char *ip2 = b->servers + 4 * b->curserver; ++ return ++ byte_equal(ip1, 4, ip2) && ++ byte_equal(a->qtype, 2, b->qtype) && ++ dns_domain_equal(a->query + 14, b->query + 14); ++} ++ ++struct dns_transmit *inprogress[MAXUDP]; ++ ++static int try_merge(struct dns_transmit *d) ++{ ++ int i; ++ for (i = 0; i < MAXUDP; i++) { ++ if (!inprogress[i]) continue; ++ if (!merge_equal(d, inprogress[i])) continue; ++ d->master = inprogress[i]; ++ inprogress[i]->slaves[inprogress[i]->nslaves++] = d; ++ return 1; ++ } ++ return 0; ++} ++ ++static void register_inprogress(struct dns_transmit *d) ++{ ++ int i; ++ for (i = 0; i < MAXUDP; i++) { ++ if (!inprogress[i]) { ++ inprogress[i] = d; ++ return; ++ } ++ } ++ strerr_die1x(100, "BUG: out of inprogress slots"); ++} ++ ++static void unregister_inprogress(struct dns_transmit *d) ++{ ++ int i; ++ for (i = 0; i < MAXUDP; i++) { ++ if (inprogress[i] == d) ++ inprogress[i] = 0; ++ } ++} + + static int serverwantstcp(const char *buf,unsigned int len) + { +@@ -59,8 +114,28 @@ static void packetfree(struct dns_transm + d->packet = 0; + } + ++static void mergefree(struct dns_transmit *d) ++{ ++ int i; ++ if (merge_enable) ++ unregister_inprogress(d); ++ /* unregister us from our master */ ++ if (d->master) { ++ for (i = 0; i < d->master->nslaves; i++) ++ if (d->master->slaves[i] == d) ++ d->master->slaves[i] = 0; ++ } ++ /* and unregister all of our slaves from us */ ++ for (i = 0; i < d->nslaves; i++) { ++ if (d->slaves[i]) ++ d->slaves[i]->master = NULL; ++ } ++ d->nslaves = 0; ++} ++ + static void queryfree(struct dns_transmit *d) + { ++ mergefree(d); + if (!d->query) return; + alloc_free(d->query); + d->query = 0; +@@ -99,11 +174,18 @@ static int thisudp(struct dns_transmit * + const char *ip; + + socketfree(d); ++ mergefree(d); + + while (d->udploop < 4) { + for (;d->curserver < 16;++d->curserver) { + ip = d->servers + 4 * d->curserver; + if (byte_diff(ip,4,"\0\0\0\0")) { ++ if (merge_enable && try_merge(d)) { ++ if (merge_logger) ++ merge_logger(ip, d->qtype, d->query + 14); ++ return 0; ++ } ++ + d->query[2] = dns_random(256); + d->query[3] = dns_random(256); + +@@ -118,6 +200,8 @@ static int thisudp(struct dns_transmit * + taia_uint(&d->deadline,timeouts[d->udploop]); + taia_add(&d->deadline,&d->deadline,&now); + d->tcpstate = 0; ++ if (merge_enable) ++ register_inprogress(d); + return 0; + } + +@@ -226,8 +310,12 @@ void dns_transmit_io(struct dns_transmit + x->fd = d->s1 - 1; + + switch(d->tcpstate) { +- case 0: case 3: case 4: case 5: +- x->events = IOPAUSE_READ; ++ case 0: ++ if (d->master) return; ++ if (d->packet) { taia_now(deadline); return; } ++ /* otherwise, fall through */ ++ case 3: case 4: case 5: ++ x->events = IOPAUSE_READ; + break; + case 1: case 2: + x->events = IOPAUSE_WRITE; +@@ -244,10 +332,14 @@ int dns_transmit_get(struct dns_transmit + unsigned char ch; + int r; + int fd; ++ int i; + + errno = error_io; + fd = d->s1 - 1; + ++ if (d->tcpstate == 0 && d->master) return 0; ++ if (d->tcpstate == 0 && d->packet) return 1; ++ + if (!x->revents) { + if (taia_less(when,&d->deadline)) return 0; + errno = error_timeout; +@@ -279,6 +371,15 @@ have sent query to curserver on UDP sock + d->packet = alloc(d->packetlen); + if (!d->packet) { dns_transmit_free(d); return -1; } + byte_copy(d->packet,d->packetlen,udpbuf); ++ ++ for (i = 0; i < d->nslaves; i++) { ++ if (!d->slaves[i]) continue; ++ d->slaves[i]->packetlen = d->packetlen; ++ d->slaves[i]->packet = alloc(d->packetlen); ++ if (!d->slaves[i]->packet) { dns_transmit_free(d->slaves[i]); continue; } ++ byte_copy(d->slaves[i]->packet,d->packetlen,udpbuf); ++ } ++ + queryfree(d); + return 1; + } +--- dnscache.c.orig 2001-02-11 16:11:45.000000000 -0500 ++++ dnscache.c +@@ -54,7 +54,6 @@ uint64 numqueries = 0; + + static int udp53; + +-#define MAXUDP 200 + static struct udpclient { + struct query q; + struct taia start; +@@ -131,7 +130,6 @@ void u_new(void) + + static int tcp53; + +-#define MAXTCP 20 + struct tcpclient { + struct query q; + struct taia start; +@@ -435,6 +433,8 @@ int main() + response_hidettl(); + if (env_get("FORWARDONLY")) + query_forwardonly(); ++ if (env_get("MERGEQUERIES")) ++ dns_enable_merge(log_merge); + + if (!roots_init()) + strerr_die2sys(111,FATAL,"unable to read servers: "); +--- log.c.orig 2001-02-11 16:11:45.000000000 -0500 ++++ log.c +@@ -150,6 +150,12 @@ void log_tx(const char *q,const char qty + line(); + } + ++void log_merge(const char *addr, const char qtype[2], const char *q) ++{ ++ string("merge "); ip(addr); space(); logtype(qtype); space(); name(q); ++ line(); ++} ++ + void log_cachedanswer(const char *q,const char type[2]) + { + string("cached "); logtype(type); space(); +--- log.h.orig 2001-02-11 16:11:45.000000000 -0500 ++++ log.h +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const cha + extern void log_cachedns(const char *,const char *); + + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); ++extern void log_merge(const char *, const char *, const char *); + + extern void log_nxdomain(const char *,const char *,unsigned int); + extern void log_nodata(const char *,const char *,const char *,unsigned int); diff --git a/net/djbdns/files/patch-mergequeries-boundscheck b/net/djbdns/files/patch-mergequeries-boundscheck new file mode 100644 index 00000000000..1383b8ee2c5 --- /dev/null +++ b/net/djbdns/files/patch-mergequeries-boundscheck @@ -0,0 +1,27 @@ +$NetBSD: patch-mergequeries-boundscheck,v 1.1 2018/09/28 20:36:24 schmonz Exp $ + +Add a missing bounds check to the MERGEQUERIES patch's try_merge(). +From Tim Stewart in + +--- dns_transmit.c.orig 2018-09-28 20:25:42.000000000 +0000 ++++ dns_transmit.c +@@ -35,6 +35,7 @@ static int try_merge(struct dns_transmit + for (i = 0; i < MAXUDP; i++) { + if (!inprogress[i]) continue; + if (!merge_equal(d, inprogress[i])) continue; ++ if (inprogress[i]->nslaves == MAXUDP) continue; + d->master = inprogress[i]; + inprogress[i]->slaves[inprogress[i]->nslaves++] = d; + return 1; +@@ -127,8 +128,10 @@ static void mergefree(struct dns_transmi + } + /* and unregister all of our slaves from us */ + for (i = 0; i < d->nslaves; i++) { +- if (d->slaves[i]) ++ if (d->slaves[i]) { + d->slaves[i]->master = NULL; ++ d->slaves[i] = 0; ++ } + } + d->nslaves = 0; + } diff --git a/net/djbdns/files/patch-qmerge2 b/net/djbdns/files/patch-qmerge2 deleted file mode 100644 index 87c2223aec9..00000000000 --- a/net/djbdns/files/patch-qmerge2 +++ /dev/null @@ -1,256 +0,0 @@ -$NetBSD: patch-qmerge2,v 1.2 2015/12/29 04:04:29 dholland Exp $ - ---- clients.h.orig 2009-04-21 23:43:02.000000000 -0400 -+++ clients.h -@@ -0,0 +1,7 @@ -+#ifndef CLIENTS_H -+#define CLIENTS_H -+ -+#define MAXUDP 200 -+#define MAXTCP 20 -+ -+#endif /* CLIENTS_H */ ---- dns.h.orig 2001-02-11 16:11:45.000000000 -0500 -+++ dns.h -@@ -4,6 +4,7 @@ - #include "stralloc.h" - #include "iopause.h" - #include "taia.h" -+#include "clients.h" - - #define DNS_C_IN "\0\1" - #define DNS_C_ANY "\0\377" -@@ -37,8 +38,14 @@ struct dns_transmit { - const char *servers; - char localip[4]; - char qtype[2]; -+ struct dns_transmit *master; -+ struct dns_transmit *slaves[MAXUDP]; -+ int nslaves; - } ; - -+extern void dns_enable_merge(void (*logger)(const char *, const char *, -+ const char *)); -+ - extern void dns_random_init(const char *); - extern unsigned int dns_random(unsigned int); - ---- dns_transmit.c.orig 2001-02-11 16:11:45.000000000 -0500 -+++ dns_transmit.c -@@ -7,6 +7,61 @@ - #include "byte.h" - #include "uint16.h" - #include "dns.h" -+#include "strerr.h" -+ -+static int merge_enable; -+static void (*merge_logger)(const char *, const char *, const char *); -+void dns_enable_merge(void (*f)(const char *, const char *, const char *)) -+{ -+ merge_enable = 1; -+ merge_logger = f; -+} -+ -+static int merge_equal(struct dns_transmit *a, struct dns_transmit *b) -+{ -+ const char *ip1 = a->servers + 4 * a->curserver; -+ const char *ip2 = b->servers + 4 * b->curserver; -+ return -+ byte_equal(ip1, 4, ip2) && -+ byte_equal(a->qtype, 2, b->qtype) && -+ dns_domain_equal(a->query + 14, b->query + 14); -+} -+ -+struct dns_transmit *inprogress[MAXUDP]; -+ -+static int try_merge(struct dns_transmit *d) -+{ -+ int i; -+ for (i = 0; i < MAXUDP; i++) { -+ if (!inprogress[i]) continue; -+ if (!merge_equal(d, inprogress[i])) continue; -+ d->master = inprogress[i]; -+ inprogress[i]->slaves[inprogress[i]->nslaves++] = d; -+ return 1; -+ } -+ return 0; -+} -+ -+static void register_inprogress(struct dns_transmit *d) -+{ -+ int i; -+ for (i = 0; i < MAXUDP; i++) { -+ if (!inprogress[i]) { -+ inprogress[i] = d; -+ return; -+ } -+ } -+ strerr_die1x(100, "BUG: out of inprogress slots"); -+} -+ -+static void unregister_inprogress(struct dns_transmit *d) -+{ -+ int i; -+ for (i = 0; i < MAXUDP; i++) { -+ if (inprogress[i] == d) -+ inprogress[i] = 0; -+ } -+} - - static int serverwantstcp(const char *buf,unsigned int len) - { -@@ -59,8 +114,28 @@ static void packetfree(struct dns_transm - d->packet = 0; - } - -+static void mergefree(struct dns_transmit *d) -+{ -+ int i; -+ if (merge_enable) -+ unregister_inprogress(d); -+ /* unregister us from our master */ -+ if (d->master) { -+ for (i = 0; i < d->master->nslaves; i++) -+ if (d->master->slaves[i] == d) -+ d->master->slaves[i] = 0; -+ } -+ /* and unregister all of our slaves from us */ -+ for (i = 0; i < d->nslaves; i++) { -+ if (d->slaves[i]) -+ d->slaves[i]->master = NULL; -+ } -+ d->nslaves = 0; -+} -+ - static void queryfree(struct dns_transmit *d) - { -+ mergefree(d); - if (!d->query) return; - alloc_free(d->query); - d->query = 0; -@@ -99,11 +174,18 @@ static int thisudp(struct dns_transmit * - const char *ip; - - socketfree(d); -+ mergefree(d); - - while (d->udploop < 4) { - for (;d->curserver < 16;++d->curserver) { - ip = d->servers + 4 * d->curserver; - if (byte_diff(ip,4,"\0\0\0\0")) { -+ if (merge_enable && try_merge(d)) { -+ if (merge_logger) -+ merge_logger(ip, d->qtype, d->query + 14); -+ return 0; -+ } -+ - d->query[2] = dns_random(256); - d->query[3] = dns_random(256); - -@@ -118,6 +200,8 @@ static int thisudp(struct dns_transmit * - taia_uint(&d->deadline,timeouts[d->udploop]); - taia_add(&d->deadline,&d->deadline,&now); - d->tcpstate = 0; -+ if (merge_enable) -+ register_inprogress(d); - return 0; - } - -@@ -226,8 +310,12 @@ void dns_transmit_io(struct dns_transmit - x->fd = d->s1 - 1; - - switch(d->tcpstate) { -- case 0: case 3: case 4: case 5: -- x->events = IOPAUSE_READ; -+ case 0: -+ if (d->master) return; -+ if (d->packet) { taia_now(deadline); return; } -+ /* otherwise, fall through */ -+ case 3: case 4: case 5: -+ x->events = IOPAUSE_READ; - break; - case 1: case 2: - x->events = IOPAUSE_WRITE; -@@ -244,10 +332,14 @@ int dns_transmit_get(struct dns_transmit - unsigned char ch; - int r; - int fd; -+ int i; - - errno = error_io; - fd = d->s1 - 1; - -+ if (d->tcpstate == 0 && d->master) return 0; -+ if (d->tcpstate == 0 && d->packet) return 1; -+ - if (!x->revents) { - if (taia_less(when,&d->deadline)) return 0; - errno = error_timeout; -@@ -279,6 +371,15 @@ have sent query to curserver on UDP sock - d->packet = alloc(d->packetlen); - if (!d->packet) { dns_transmit_free(d); return -1; } - byte_copy(d->packet,d->packetlen,udpbuf); -+ -+ for (i = 0; i < d->nslaves; i++) { -+ if (!d->slaves[i]) continue; -+ d->slaves[i]->packetlen = d->packetlen; -+ d->slaves[i]->packet = alloc(d->packetlen); -+ if (!d->slaves[i]->packet) { dns_transmit_free(d->slaves[i]); continue; } -+ byte_copy(d->slaves[i]->packet,d->packetlen,udpbuf); -+ } -+ - queryfree(d); - return 1; - } ---- dnscache.c.orig 2001-02-11 16:11:45.000000000 -0500 -+++ dnscache.c -@@ -54,7 +54,6 @@ uint64 numqueries = 0; - - static int udp53; - --#define MAXUDP 200 - static struct udpclient { - struct query q; - struct taia start; -@@ -131,7 +130,6 @@ void u_new(void) - - static int tcp53; - --#define MAXTCP 20 - struct tcpclient { - struct query q; - struct taia start; -@@ -435,6 +433,8 @@ int main() - response_hidettl(); - if (env_get("FORWARDONLY")) - query_forwardonly(); -+ if (env_get("MERGEQUERIES")) -+ dns_enable_merge(log_merge); - - if (!roots_init()) - strerr_die2sys(111,FATAL,"unable to read servers: "); ---- log.c.orig 2001-02-11 16:11:45.000000000 -0500 -+++ log.c -@@ -150,6 +150,12 @@ void log_tx(const char *q,const char qty - line(); - } - -+void log_merge(const char *addr, const char qtype[2], const char *q) -+{ -+ string("merge "); ip(addr); space(); logtype(qtype); space(); name(q); -+ line(); -+} -+ - void log_cachedanswer(const char *q,const char type[2]) - { - string("cached "); logtype(type); space(); ---- log.h.orig 2001-02-11 16:11:45.000000000 -0500 -+++ log.h -@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const cha - extern void log_cachedns(const char *,const char *); - - extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); -+extern void log_merge(const char *, const char *, const char *); - - extern void log_nxdomain(const char *,const char *,unsigned int); - extern void log_nodata(const char *,const char *,const char *,unsigned int); diff --git a/net/djbdns/options.mk b/net/djbdns/options.mk index b38563ffd81..81047c67bab 100644 --- a/net/djbdns/options.mk +++ b/net/djbdns/options.mk @@ -1,12 +1,14 @@ -# $NetBSD: options.mk,v 1.19 2018/06/18 10:44:38 schmonz Exp $ +# $NetBSD: options.mk,v 1.20 2018/09/28 20:36:24 schmonz Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.djbdns PKG_SUPPORTED_OPTIONS+= # inet6 PKG_SUPPORTED_OPTIONS+= djbdns-cachestats djbdns-ignoreip2 -PKG_SUPPORTED_OPTIONS+= djbdns-tinydns64 -PKG_OPTIONS_OPTIONAL_GROUPS= qmerge -PKG_OPTIONS_GROUP.qmerge= djbdns-qmerge1 djbdns-qmerge2 -PKG_SUGGESTED_OPTIONS+= djbdns-qmerge2 djbdns-tinydns64 +PKG_SUPPORTED_OPTIONS+= djbdns-mergequeries djbdns-tinydns64 +PKG_SUGGESTED_OPTIONS+= djbdns-mergequeries djbdns-tinydns64 + +# For users migrating from 2018Q2; remove compatibility after 2018Q3 is branched +PKG_OPTIONS_LEGACY_OPTS+= djbdns-qmerge1:djbdns-mergequeries +PKG_OPTIONS_LEGACY_OPTS+= djbdns-qmerge2:djbdns-mergequeries .include "../../mk/bsd.options.mk" @@ -35,22 +37,13 @@ PATCHFILES+= ${IGNOREIP2_PATCH} SITES.${IGNOREIP2_PATCH}= http://www.tinydns.org/ .endif -.if !empty(PKG_OPTIONS:Mdjbdns-qmerge1) -DNSCACHE_MERGE_PATCH= 0001-dnscache-merge-similar-outgoing-queries.patch -DNSCACHE_SOA_PATCH= 0002-dnscache-cache-soa-records.patch -PATCHFILES+= ${DNSCACHE_MERGE_PATCH} ${DNSCACHE_SOA_PATCH} -PATCH_DIST_STRIP.${DNSCACHE_MERGE_PATCH}= -p1 -PATCH_DIST_STRIP.${DNSCACHE_SOA_PATCH}= -p1 -SITES.${DNSCACHE_MERGE_PATCH}= http://www.your.org/dnscache/ -SITES.${DNSCACHE_SOA_PATCH}= http://www.your.org/dnscache/ -.endif - -.if !empty(PKG_OPTIONS:Mdjbdns-qmerge2) +.if !empty(PKG_OPTIONS:Mdjbdns-mergequeries) USE_TOOLS+= patch -post-patch: patch-qmerge2 -.PHONY: patch-qmerge2 -patch-qmerge2: - cd ${WRKSRC} && ${PATCH} ${PATCH_ARGS} < ${FILESDIR}/patch-qmerge2 +post-patch: patch-mergequeries +.PHONY: patch-mergequeries +patch-mergequeries: + cd ${WRKSRC} && ${PATCH} ${PATCH_ARGS} < ${FILESDIR}/patch-mergequeries + cd ${WRKSRC} && ${PATCH} ${PATCH_ARGS} < ${FILESDIR}/patch-mergequeries-boundscheck .endif .if !empty(PKG_OPTIONS:Mdjbdns-tinydns64) diff --git a/net/djbdns/patches/patch-response.c b/net/djbdns/patches/patch-response.c index dc8409f3114..f0b396a50c7 100644 --- a/net/djbdns/patches/patch-response.c +++ b/net/djbdns/patches/patch-response.c @@ -1,6 +1,7 @@ -$NetBSD: patch-response.c,v 1.1 2017/05/26 15:16:45 schmonz Exp $ +$NetBSD: patch-response.c,v 1.2 2018/09/28 20:36:24 schmonz Exp $ Fix the security hole found by Matthew Dempsky. +From DJB in --- response.c.orig 2001-02-11 16:11:45.000000000 -0500 +++ response.c -- cgit v1.2.3