Date: Tue, 23 Jan 2018 15:45:26 +0000 (UTC) From: Kirill Ponomarev <krion@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r459779 - branches/2018Q1/dns/powerdns-recursor Message-ID: <201801231545.w0NFjQeM025244@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: krion Date: Tue Jan 23 15:45:26 2018 New Revision: 459779 URL: https://svnweb.freebsd.org/changeset/ports/459779 Log: MFH: r459742 Update to version 4.1.1 - Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation of DNSSEC signatures". An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer for a name that does exist. The 4.0.x branch is not vulnerable. - Add support for algo16 and simplify Lua/LuaJIT engine choice. PR: 225397 Submitted by: maintainer Security: CVE-2018-1000003 Approved by: ports-secteam Modified: branches/2018Q1/dns/powerdns-recursor/Makefile branches/2018Q1/dns/powerdns-recursor/distinfo Directory Properties: branches/2018Q1/ (props changed) Modified: branches/2018Q1/dns/powerdns-recursor/Makefile ============================================================================== --- branches/2018Q1/dns/powerdns-recursor/Makefile Tue Jan 23 15:17:54 2018 (r459778) +++ branches/2018Q1/dns/powerdns-recursor/Makefile Tue Jan 23 15:45:26 2018 (r459779) @@ -46,15 +46,17 @@ LUA_CONFIGURE_WITH= lua LUA_USES= lua LUAJIT_CONFIGURE_WITH= luajit +LUAJIT_DESC= Use LuaJIT instead of Lua LUAJIT_LIB_DEPENDS= libluajit-5.1.so.2:lang/luajit - +LUAJIT_USES_OFF= lua OPTALGO_CONFIGURE_ON= --enable-botan \ --enable-libsodium +OPTALGO_DESC= Enable optional algorithms (12, 15 & 16) OPTALGO_LIB_DEPENDS= libbotan-2.so:security/botan2 \ libsodium.so:security/libsodium - -SETUID_VARS= USERS=pdns_recursor GROUPS=pdns +SETUID_DESC= Run as pdns_recursor user SETUID_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-setuid +SETUID_VARS= USERS=pdns_recursor GROUPS=pdns SUB_FILES= pkg-message Modified: branches/2018Q1/dns/powerdns-recursor/distinfo ============================================================================== --- branches/2018Q1/dns/powerdns-recursor/distinfo Tue Jan 23 15:17:54 2018 (r459778) +++ branches/2018Q1/dns/powerdns-recursor/distinfo Tue Jan 23 15:45:26 2018 (r459779) @@ -1,3 +1,3 @@ -TIMESTAMP = 1512394122 -SHA256 (pdns-recursor-4.1.0.tar.bz2) = 880b9d4cc57e2b11cae5bff9b20571fb3466f4385c010d06764296fef44f60a3 -SIZE (pdns-recursor-4.1.0.tar.bz2) = 1222751 +TIMESTAMP = 1516634099 +SHA256 (pdns-recursor-4.1.1.tar.bz2) = 8feb03c7141997775cb52c131579e8e34c9896ea8bb77276328f5f6cc4e1396b +SIZE (pdns-recursor-4.1.1.tar.bz2) = 1224544
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201801231545.w0NFjQeM025244>