pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/ldns Update to version 1.6.17.
details: https://anonhg.NetBSD.org/pkgsrc/rev/e9063769f2f5
branches: trunk
changeset: 641918:e9063769f2f5
user: he <he%pkgsrc.org@localhost>
date: Fri Nov 21 09:19:32 2014 +0000
description:
Update to version 1.6.17.
Pkgsrc changes:
* adapt PLIST (1 new file installed)
* fix name of patch file
Upstream changes:
1.6.17 2014-01-10
* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
* Add --disable-dane option to configure and check availability of the
for dane needed X509_check_ca function in openssl.
* bugfix #490: Get rid of type-punned pointer warnings.
Thanks Adam Tkac.
* Make sure executables are linked against libcrypto with the
LIBSSL_LDFLAGS. Thanks Leo Baltus.
* Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
* README now shows preferred way to configure for examples and drill.
* Bind to source address for resolvers. drill binds to source with -I.
Thanks Bryan Duff.
* -T option for ldns-dane that has specific exit status for PKIX
validated connections without (secure) TLSA records.
* Fix b{32,64}_{ntop,pton} detection and handling.
* New RR type TKEY, but without operational practice.
* New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
* New output format flag (and accompanying functions) to print certain
RR's as unknown type
* -u and -U parameter for ldns-read-zone to mark/unmark a RR type
for printing as unknown type
* bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
* bugfix #497: Properly test for EOF when reading key files with drill.
* New functions: ldns_pkt_ixfr_request_new and
ldns_pkt_ixfr_request_new_frm_str.
* Use SNI with ldns-dane
* bugfix #507: ldnsx Fix use of non-existent variables and not
properly referring to instance variable. Patch from shussain.
* bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type
dictionary. Patch from shussain.
* bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
file pointer.
* Fix memory leak in contrib/python: ldns_pkt.new_query.
* Fix buffer overflow in fget_token and bget_token.
* ldns-verify-zone NSEC3 checking from quadratic to linear performance.
Thanks NIC MX (nicmexico.mx)
* ldns-dane setup new ssl session for each new connect to prevent hangs
* bugfix #521: drill trace continue on empty non-terminals with NSEC3
* bugfix #525: Fix documentation of ldns_resolver_set_retry
* Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
* Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
* Configure option to build perl bindings: --with-p5-dns-ldns
(DNS::LDNS is a contribution from Erik Ostlyngen)
* bugfix #527: Move -lssl before -lcrypto when linking
* Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
* Compare names case insensitive with ldns_pkt_rr_list_by_name and
ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
* A separate --enable for each draft RR type: --enable-rrtype-ninfo,
--enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
--enable-rrtype-ta
* bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
* bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
* Adjust ldns_sha1() so that the input data is not modified (Thanks
Marc Buijsman)
* Messages to stderr are now off by default and can be reenabled with
the --enable-stderr-msgs configure option.
diffstat:
net/ldns/Makefile | 5 +-
net/ldns/PLIST | 3 +-
net/ldns/distinfo | 9 +-
net/ldns/patches/patch-examples_ldns-keygen.c | 76 +++++++++++++++++++++++++++
net/ldns/patches/patch_examples_ldns-keygen.c | 76 ---------------------------
5 files changed, 85 insertions(+), 84 deletions(-)
diffs (204 lines):
diff -r b2815451287f -r e9063769f2f5 net/ldns/Makefile
--- a/net/ldns/Makefile Fri Nov 21 07:14:32 2014 +0000
+++ b/net/ldns/Makefile Fri Nov 21 09:19:32 2014 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.31 2014/05/29 23:37:04 wiz Exp $
+# $NetBSD: Makefile,v 1.32 2014/11/21 09:19:32 he Exp $
-DISTNAME= ldns-1.6.16
-PKGREVISION= 5
+DISTNAME= ldns-1.6.17
CATEGORIES= net
MASTER_SITES= http://www.nlnetlabs.nl/downloads/ldns/
diff -r b2815451287f -r e9063769f2f5 net/ldns/PLIST
--- a/net/ldns/PLIST Fri Nov 21 07:14:32 2014 +0000
+++ b/net/ldns/PLIST Fri Nov 21 09:19:32 2014 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2012/10/25 19:24:59 pettai Exp $
+@comment $NetBSD: PLIST,v 1.7 2014/11/21 09:19:32 he Exp $
bin/ldns-config
include/ldns/buffer.h
include/ldns/common.h
@@ -18,6 +18,7 @@
include/ldns/net.h
include/ldns/packet.h
include/ldns/parse.h
+include/ldns/radix.h
include/ldns/rbtree.h
include/ldns/rdata.h
include/ldns/resolver.h
diff -r b2815451287f -r e9063769f2f5 net/ldns/distinfo
--- a/net/ldns/distinfo Fri Nov 21 07:14:32 2014 +0000
+++ b/net/ldns/distinfo Fri Nov 21 09:19:32 2014 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.17 2012/11/13 16:22:31 pettai Exp $
+$NetBSD: distinfo,v 1.18 2014/11/21 09:19:32 he Exp $
-SHA1 (ldns-1.6.16.tar.gz) = 5b4fc6c5c3078cd061905c47178478cb1015c62a
-RMD160 (ldns-1.6.16.tar.gz) = e4281eb00275ae5700a4d601ee64faf9aa72f37c
-Size (ldns-1.6.16.tar.gz) = 1109941 bytes
+SHA1 (ldns-1.6.17.tar.gz) = 4218897b3c002aadfc7280b3f40cda829e05c9a4
+RMD160 (ldns-1.6.17.tar.gz) = 5382cfaafa7ec1fadcf390f804fbf14e04d7c03a
+Size (ldns-1.6.17.tar.gz) = 1315403 bytes
+SHA1 (patch-examples_ldns-keygen.c) = 45bf69e4689ab7f58d3fc82ebd7cefe542a95c32
diff -r b2815451287f -r e9063769f2f5 net/ldns/patches/patch-examples_ldns-keygen.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/ldns/patches/patch-examples_ldns-keygen.c Fri Nov 21 09:19:32 2014 +0000
@@ -0,0 +1,76 @@
+$NetBSD: patch-examples_ldns-keygen.c,v 1.1 2014/11/21 09:19:32 he Exp $
+
+Get bugfix #573: ldns-keygen write private keys with mode 0600.
+From http://git.nlnetlabs.nl/ldns/commit/?h=develop&id=169f38c1e25750f935838b670871056428977e6b
+Fixes CVE-2014-3209.
+
+--- examples/ldns-keygen.c.orig 2010-10-18 13:59:21.000000000 +0000
++++ examples/ldns-keygen.c
+@@ -10,6 +10,9 @@
+
+ #include <ldns/ldns.h>
+
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
+ #include <errno.h>
+
+ #ifdef HAVE_SSL
+@@ -48,6 +51,7 @@ int
+ main(int argc, char *argv[])
+ {
+ int c;
++ int fd;
+ char *prog;
+
+ /* default key size */
+@@ -250,21 +254,21 @@ main(int argc, char *argv[])
+ /* print the priv key to stderr */
+ filename = LDNS_XMALLOC(char, strlen(owner) + 21);
+ snprintf(filename, strlen(owner) + 20, "K%s+%03u+%05u.private", owner, algorithm, (unsigned int) ldns_key_keytag(key));
+- file = fopen(filename, "w");
++ /* use open() here to prevent creating world-readable private keys (CVE-2014-3209)*/
++ fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
++ if (fd < 0) {
++ goto fail;
++ }
++
++ file = fdopen(fd, "w");
+ if (!file) {
+- fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+- ldns_key_deep_free(key);
+- free(owner);
+- ldns_rr_free(pubkey);
+- ldns_rr_free(ds);
+- LDNS_FREE(filename);
+- exit(EXIT_FAILURE);
+- } else {
+- ldns_key_print(file, key);
+- fclose(file);
+- LDNS_FREE(filename);
++ goto fail;
+ }
+
++ ldns_key_print(file, key);
++ fclose(file);
++ LDNS_FREE(filename);
++
+ /* print the DS to .ds */
+ if (algorithm != LDNS_SIGN_HMACMD5 &&
+ algorithm != LDNS_SIGN_HMACSHA1 &&
+@@ -296,6 +300,15 @@ main(int argc, char *argv[])
+ ldns_rr_free(pubkey);
+ ldns_rr_free(ds);
+ exit(EXIT_SUCCESS);
++
++fail:
++ fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
++ ldns_key_deep_free(key);
++ free(owner);
++ ldns_rr_free(pubkey);
++ ldns_rr_free(ds);
++ LDNS_FREE(filename);
++ exit(EXIT_FAILURE);
+ }
+ #else
+ int
diff -r b2815451287f -r e9063769f2f5 net/ldns/patches/patch_examples_ldns-keygen.c
--- a/net/ldns/patches/patch_examples_ldns-keygen.c Fri Nov 21 07:14:32 2014 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-$NetBSD: patch_examples_ldns-keygen.c,v 1.1 2014/05/17 14:55:51 he Exp $
-
-Get bugfix #573: ldns-keygen write private keys with mode 0600.
-From http://git.nlnetlabs.nl/ldns/commit/?h=develop&id=169f38c1e25750f935838b670871056428977e6b
-Fixes CVE-2014-3209.
-
---- examples/ldns-keygen.c.orig 2010-10-18 13:59:21.000000000 +0000
-+++ examples/ldns-keygen.c
-@@ -10,6 +10,9 @@
-
- #include <ldns/ldns.h>
-
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
- #include <errno.h>
-
- #ifdef HAVE_SSL
-@@ -48,6 +51,7 @@ int
- main(int argc, char *argv[])
- {
- int c;
-+ int fd;
- char *prog;
-
- /* default key size */
-@@ -250,21 +254,21 @@ main(int argc, char *argv[])
- /* print the priv key to stderr */
- filename = LDNS_XMALLOC(char, strlen(owner) + 21);
- snprintf(filename, strlen(owner) + 20, "K%s+%03u+%05u.private", owner, algorithm, (unsigned int) ldns_key_keytag(key));
-- file = fopen(filename, "w");
-+ /* use open() here to prevent creating world-readable private keys (CVE-2014-3209)*/
-+ fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
-+ if (fd < 0) {
-+ goto fail;
-+ }
-+
-+ file = fdopen(fd, "w");
- if (!file) {
-- fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
-- ldns_key_deep_free(key);
-- free(owner);
-- ldns_rr_free(pubkey);
-- ldns_rr_free(ds);
-- LDNS_FREE(filename);
-- exit(EXIT_FAILURE);
-- } else {
-- ldns_key_print(file, key);
-- fclose(file);
-- LDNS_FREE(filename);
-+ goto fail;
- }
-
-+ ldns_key_print(file, key);
-+ fclose(file);
-+ LDNS_FREE(filename);
-+
- /* print the DS to .ds */
- if (algorithm != LDNS_SIGN_HMACMD5 &&
- algorithm != LDNS_SIGN_HMACSHA1 &&
-@@ -296,6 +300,15 @@ main(int argc, char *argv[])
- ldns_rr_free(pubkey);
- ldns_rr_free(ds);
- exit(EXIT_SUCCESS);
-+
-+fail:
-+ fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
-+ ldns_key_deep_free(key);
-+ free(owner);
-+ ldns_rr_free(pubkey);
-+ ldns_rr_free(ds);
-+ LDNS_FREE(filename);
-+ exit(EXIT_FAILURE);
- }
- #else
- int
Home |
Main Index |
Thread Index |
Old Index