From owner-svn-ports-branches@FreeBSD.ORG  Wed May  6 20:12:51 2015
Return-Path: <owner-svn-ports-branches@FreeBSD.ORG>
Delivered-To: svn-ports-branches@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E74937CA;
 Wed,  6 May 2015 20:12:50 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C9E4E17C5;
 Wed,  6 May 2015 20:12:50 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t46KCo30009539;
 Wed, 6 May 2015 20:12:50 GMT (envelope-from garga@FreeBSD.org)
Received: (from garga@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t46KCo2E009537;
 Wed, 6 May 2015 20:12:50 GMT (envelope-from garga@FreeBSD.org)
Message-Id: <201505062012.t46KCo2E009537@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: garga set sender to
 garga@FreeBSD.org using -f
From: Renato Botelho <garga@FreeBSD.org>
Date: Wed, 6 May 2015 20:12:50 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r385558 - in branches/2015Q2/dns/dnsmasq: . files
X-SVN-Group: ports-branches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-branches@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for all the branches of the ports tree
 <svn-ports-branches.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-branches/>
List-Post: <mailto:svn-ports-branches@freebsd.org>
List-Help: <mailto:svn-ports-branches-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 20:12:51 -0000

Author: garga
Date: Wed May  6 20:12:49 2015
New Revision: 385558
URL: https://svnweb.freebsd.org/changeset/ports/385558

Log:
  MFH: r385553
  
  - Add a patch to fix CVE-2015-3294
  - Bump PORTREVISION
  
  PR:		199999
  Approved by:	portmgr (erwin), mandree@ (maintainer)
  Obtained from:	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8
  Security:	CVE-2015-3294
  Sponsored by:	Netgate

Added:
  branches/2015Q2/dns/dnsmasq/files/patch-CVE-2015-3294
     - copied unchanged from r385553, head/dns/dnsmasq/files/patch-CVE-2015-3294
Modified:
  branches/2015Q2/dns/dnsmasq/Makefile
Directory Properties:
  branches/2015Q2/   (props changed)

Modified: branches/2015Q2/dns/dnsmasq/Makefile
==============================================================================
--- branches/2015Q2/dns/dnsmasq/Makefile	Wed May  6 20:10:09 2015	(r385557)
+++ branches/2015Q2/dns/dnsmasq/Makefile	Wed May  6 20:12:49 2015	(r385558)
@@ -3,6 +3,7 @@
 
 PORTNAME=	dnsmasq
 DISTVERSION=	2.72
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://www.thekelleys.org.uk/dnsmasq/ \

Copied: branches/2015Q2/dns/dnsmasq/files/patch-CVE-2015-3294 (from r385553, head/dns/dnsmasq/files/patch-CVE-2015-3294)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q2/dns/dnsmasq/files/patch-CVE-2015-3294	Wed May  6 20:12:49 2015	(r385558, copy of r385553, head/dns/dnsmasq/files/patch-CVE-2015-3294)
@@ -0,0 +1,36 @@
+X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff_plain;f=src%2Frfc1035.c;h=a995ab50d74adde068c8839684f9b3a44f4976d0;hp=7a07b0cee90655e296f57fa79f4d4a3a409b7b89;hb=ad4a8ff7d9097008d7623df8543df435bfddeac8;hpb=04b0ac05377936d121a36873bb63d492cde292c9
+
+diff --git a/src/rfc1035.c b/src/rfc1035.c
+index 7a07b0c..a995ab5 100644
+--- a/src/rfc1035.c
++++ src/rfc1035.c
+@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
+ size_t setup_reply(struct dns_header *header, size_t qlen,
+ 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
+ {
+-  unsigned char *p = skip_questions(header, qlen);
++  unsigned char *p;
++
++  if (!(p = skip_questions(header, qlen)))
++    return 0;
+   
+   /* clear authoritative and truncated flags, set QR flag */
+   header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
+@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+     SET_RCODE(header, NOERROR); /* empty domain */
+   else if (flags == F_NXDOMAIN)
+     SET_RCODE(header, NXDOMAIN);
+-  else if (p && flags == F_IPV4)
++  else if (flags == F_IPV4)
+     { /* we know the address */
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);
+@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
+       add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
+     }
+ #ifdef HAVE_IPV6
+-  else if (p && flags == F_IPV6)
++  else if (flags == F_IPV6)
+     {
+       SET_RCODE(header, NOERROR);
+       header->ancount = htons(1);