pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q2]: pkgsrc/net/powerdns pullup ticket #2476 - requested b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/2ccc815c602e
branches: pkgsrc-2008Q2
changeset: 544241:2ccc815c602e
user: rtr <rtr%pkgsrc.org@localhost>
date: Tue Aug 12 11:46:49 2008 +0000
description:
pullup ticket #2476 - requested by ghen
powerdns: security fix
revisions pulled up:
pkgsrc/net/powerdns/Makefile 1.4
pkgsrc/net/powerdns/distinfo 1.3
pkgsrc/net/powerdns/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: ghen
Date: Mon Aug 11 13:59:48 UTC 2008
Modified Files:
pkgsrc/net/powerdns: Makefile distinfo
Added Files:
pkgsrc/net/powerdns/patches: patch-ac
Log Message:
Fix for CVE-2008-3337 taken from PowerDNS 2.9.21.1: return SERVFAIL to
mailformed queries instead of just dropping them (as this facilitates
DNS spoofing attacks). Bump PKGREVISION.
diffstat:
net/powerdns/Makefile | 4 ++--
net/powerdns/distinfo | 3 ++-
net/powerdns/patches/patch-ac | 22 ++++++++++++++++++++++
3 files changed, 26 insertions(+), 3 deletions(-)
diffs (56 lines):
diff -r 5b1d61f93616 -r 2ccc815c602e net/powerdns/Makefile
--- a/net/powerdns/Makefile Tue Aug 12 11:22:38 2008 +0000
+++ b/net/powerdns/Makefile Tue Aug 12 11:46:49 2008 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.3 2008/01/30 22:36:14 heinz Exp $
+# $NetBSD: Makefile,v 1.3.6.1 2008/08/12 11:46:49 rtr Exp $
PKG_DESTDIR_SUPPORT= user-destdir
.include "Makefile.common"
PKGNAME= ${DISTNAME:S/pdns/powerdns/}
-PKGREVISION= 1
+PKGREVISION= 2
COMMENT= Modern, advanced and high performance nameserver
CONFIGURE_ARGS+= --with-modules="geo"
diff -r 5b1d61f93616 -r 2ccc815c602e net/powerdns/distinfo
--- a/net/powerdns/distinfo Tue Aug 12 11:22:38 2008 +0000
+++ b/net/powerdns/distinfo Tue Aug 12 11:46:49 2008 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.2 2007/05/09 08:05:24 ghen Exp $
+$NetBSD: distinfo,v 1.2.12.1 2008/08/12 11:46:49 rtr Exp $
SHA1 (pdns-2.9.21.tar.gz) = 2b86e4b44ef43db308c62e32b10ed0d5221a45c9
RMD160 (pdns-2.9.21.tar.gz) = ed53de20a4e660ab2537b3c888b0a85225764a51
Size (pdns-2.9.21.tar.gz) = 991071 bytes
SHA1 (patch-aa) = 034845af3a9b66f57e482e3b43e43b61c17f51ab
SHA1 (patch-ab) = d47887faff80330122ccf1cfd047c11e114c1153
+SHA1 (patch-ac) = aa7387cd9c283810d41d6097ecfbe6e688621432
diff -r 5b1d61f93616 -r 2ccc815c602e net/powerdns/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/powerdns/patches/patch-ac Tue Aug 12 11:46:49 2008 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ac,v 1.2.2.2 2008/08/12 11:46:49 rtr Exp $
+
+Fix for CVE-2008-3337 taken from PowerDNS 2.9.21.1: return SERVFAIL to
+mailformed queries instead of just dropping them (as this facilitates
+DNS spoofing attacks).
+
+--- pdns/packethandler.cc.orig 2007-04-21 15:56:36.000000000 +0200
++++ pdns/packethandler.cc
+@@ -576,9 +576,11 @@ DNSPacket *PacketHandler::questionOrRecu
+
+ if(!validDNSName(p->qdomain)) {
+ if(arg().mustDo("log-dns-details"))
+- L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain<<"': dropping"<<endl;
++ L<<Logger::Error<<"Received a malformed qdomain from "<<p->getRemote()<<", '"<<p->qdomain<<"': sending servfail"<<endl;
+ S.inc("corrupt-packets");
+- return 0;
++ r=p->replyPacket();
++ r->setRcode(RCode::ServFail);
++ return r;
+ }
+ if(p->d.opcode) { // non-zero opcode (again thanks RA!)
+ if(p->d.opcode==Opcode::Update) {
Home |
Main Index |
Thread Index |
Old Index