Date: Tue, 23 Jan 2018 11:04:06 +0000 (UTC) From: Kirill Ponomarev <krion@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r459742 - head/dns/powerdns-recursor Message-ID: <201801231104.w0NB465O003214@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: krion Date: Tue Jan 23 11:04:06 2018 New Revision: 459742 URL: https://svnweb.freebsd.org/changeset/ports/459742 Log: Update to version 4.1.1 - Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation of DNSSEC signatures". An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer for a name that does exist. The 4.0.x branch is not vulnerable. - Add support for algo16 and simplify Lua/LuaJIT engine choice. PR: 225397 Submitted by: maintainer Security: CVE-2018-1000003 Modified: head/dns/powerdns-recursor/Makefile head/dns/powerdns-recursor/distinfo Modified: head/dns/powerdns-recursor/Makefile ============================================================================== --- head/dns/powerdns-recursor/Makefile Tue Jan 23 10:51:59 2018 (r459741) +++ head/dns/powerdns-recursor/Makefile Tue Jan 23 11:04:06 2018 (r459742) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= recursor -DISTVERSION= 4.1.0 -PORTREVISION= 3 +DISTVERSION= 4.1.1 CATEGORIES= dns ipv6 MASTER_SITES= http://downloads.powerdns.com/releases/ PKGNAMEPREFIX= powerdns- @@ -35,30 +34,22 @@ CPE_VENDOR= powerdns USE_RC_SUBR= pdns-recursor -OPTIONS_DEFINE= OPTALGO SETUID -OPTIONS_DEFAULT= LUA SETUID -OPTIONS_RADIO= LUA_RG -OPTIONS_RADIO_LUA_RG= LUA LUAJIT -LUAJIT_DESC= Enable LuaJIT -LUA_RG_DESC= Lua Engine -OPTALGO_DESC= Enable optional algorithms (12, 15 & 16) -SETUID_DESC= Run as pdns_recursor user - -LUA_CONFIGURE_WITH= lua -LUA_USES= lua - +OPTIONS_DEFINE= LUAJIT OPTALGO SETUID +OPTIONS_DEFAULT= SETUID LUAJIT_CONFIGURE_WITH= luajit +LUAJIT_DESC= Use LuaJIT instead of Lua LUAJIT_LIB_DEPENDS= libluajit-5.1.so.2:lang/luajit - +LUAJIT_USES_OFF= lua OPTALGO_CONFIGURE_ON= --enable-botan \ --enable-libdecaf \ --enable-libsodium +OPTALGO_DESC= Enable optional algorithms (12, 15 & 16) OPTALGO_LIB_DEPENDS= libbotan-2.so:security/botan2 \ libdecaf.so:security/libdecaf \ libsodium.so:security/libsodium - -SETUID_VARS= USERS=pdns_recursor GROUPS=pdns +SETUID_DESC= Run as pdns_recursor user SETUID_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-setuid +SETUID_VARS= USERS=pdns_recursor GROUPS=pdns SUB_FILES= pkg-message Modified: head/dns/powerdns-recursor/distinfo ============================================================================== --- head/dns/powerdns-recursor/distinfo Tue Jan 23 10:51:59 2018 (r459741) +++ head/dns/powerdns-recursor/distinfo Tue Jan 23 11:04:06 2018 (r459742) @@ -1,3 +1,3 @@ -TIMESTAMP = 1512394122 -SHA256 (pdns-recursor-4.1.0.tar.bz2) = 880b9d4cc57e2b11cae5bff9b20571fb3466f4385c010d06764296fef44f60a3 -SIZE (pdns-recursor-4.1.0.tar.bz2) = 1222751 +TIMESTAMP = 1516634099 +SHA256 (pdns-recursor-4.1.1.tar.bz2) = 8feb03c7141997775cb52c131579e8e34c9896ea8bb77276328f5f6cc4e1396b +SIZE (pdns-recursor-4.1.1.tar.bz2) = 1224544
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201801231104.w0NB465O003214>