pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2008Q2]: pkgsrc/net/powerdns pullup ticket #2476 - requested b...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2ccc815c602e
branches:  pkgsrc-2008Q2
changeset: 544241:2ccc815c602e
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Tue Aug 12 11:46:49 2008 +0000

description:
pullup ticket #2476 - requested by ghen
powerdns: security fix

revisions pulled up:
pkgsrc/net/powerdns/Makefile            1.4
pkgsrc/net/powerdns/distinfo            1.3
pkgsrc/net/powerdns/patches/patch-ac    1.1

   Module Name: pkgsrc
   Committed By:        ghen
   Date:                Mon Aug 11 13:59:48 UTC 2008

   Modified Files:
        pkgsrc/net/powerdns: Makefile distinfo
   Added Files:
        pkgsrc/net/powerdns/patches: patch-ac

   Log Message:
   Fix for CVE-2008-3337 taken from PowerDNS 2.9.21.1: return SERVFAIL to
   mailformed queries instead of just dropping them (as this facilitates
   DNS spoofing attacks).  Bump PKGREVISION.

diffstat:

 net/powerdns/Makefile         |   4 ++--
 net/powerdns/distinfo         |   3 ++-
 net/powerdns/patches/patch-ac |  22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diffs (56 lines):

diff -r 5b1d61f93616 -r 2ccc815c602e net/powerdns/Makefile
--- a/net/powerdns/Makefile     Tue Aug 12 11:22:38 2008 +0000
+++ b/net/powerdns/Makefile     Tue Aug 12 11:46:49 2008 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.3 2008/01/30 22:36:14 heinz Exp $
+# $NetBSD: Makefile,v 1.3.6.1 2008/08/12 11:46:49 rtr Exp $
 
 PKG_DESTDIR_SUPPORT=   user-destdir
 
 .include "Makefile.common"
 
 PKGNAME=               ${DISTNAME:S/pdns/powerdns/}
-PKGREVISION=           1
+PKGREVISION=           2
 COMMENT=               Modern, advanced and high performance nameserver
 
 CONFIGURE_ARGS+=       --with-modules="geo"
diff -r 5b1d61f93616 -r 2ccc815c602e net/powerdns/distinfo
--- a/net/powerdns/distinfo     Tue Aug 12 11:22:38 2008 +0000
+++ b/net/powerdns/distinfo     Tue Aug 12 11:46:49 2008 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.2 2007/05/09 08:05:24 ghen Exp $
+$NetBSD: distinfo,v 1.2.12.1 2008/08/12 11:46:49 rtr Exp $
 
 SHA1 (pdns-2.9.21.tar.gz) = 2b86e4b44ef43db308c62e32b10ed0d5221a45c9
 RMD160 (pdns-2.9.21.tar.gz) = ed53de20a4e660ab2537b3c888b0a85225764a51
 Size (pdns-2.9.21.tar.gz) = 991071 bytes
 SHA1 (patch-aa) = 034845af3a9b66f57e482e3b43e43b61c17f51ab
 SHA1 (patch-ab) = d47887faff80330122ccf1cfd047c11e114c1153
+SHA1 (patch-ac) = aa7387cd9c283810d41d6097ecfbe6e688621432
diff -r 5b1d61f93616 -r 2ccc815c602e net/powerdns/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/powerdns/patches/patch-ac     Tue Aug 12 11:46:49 2008 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ac,v 1.2.2.2 2008/08/12 11:46:49 rtr Exp $
+
+Fix for CVE-2008-3337 taken from PowerDNS 2.9.21.1: return SERVFAIL to
+mailformed queries instead of just dropping them (as this facilitates
+DNS spoofing attacks).
+
+--- pdns/packethandler.cc.orig 2007-04-21 15:56:36.000000000 +0200
++++ pdns/packethandler.cc
+@@ -576,9 +576,11 @@ DNSPacket *PacketHandler::questionOrRecu
+ 
+     if(!validDNSName(p->qdomain)) {
+       if(arg().mustDo("log-dns-details"))
+-        L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain<<"': dropping"<<endl;
++        L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain<<"': sending servfail"<<endl;
+       S.inc("corrupt-packets");
+-      return 0;
++      r=p->replyPacket(); 
++      r->setRcode(RCode::ServFail);
++      return r;
+     }
+     if(p->d.opcode) { // non-zero opcode (again thanks RA!)
+       if(p->d.opcode==Opcode::Update) {



Home | Main Index | Thread Index | Old Index