Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 May 2009 01:29:07 GMT
From:      Olafur Osvaldsson <osvaldsson@icelandic.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/134698: [MAINTAINER] dns/nsd: update to 3.2.2
Message-ID:  <200905190129.n4J1T7lC071453@portbuild.icelandic.net>
Resent-Message-ID: <200905190340.n4J3e12N032264@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         134698
>Category:       ports
>Synopsis:       [MAINTAINER] dns/nsd: update to 3.2.2
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 19 03:40:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Olafur Osvaldsson
>Release:        FreeBSD 7.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD portbuild.icelandic.net 7.1-STABLE FreeBSD 7.1-STABLE #2: Fri Jan  9 01:33:17 GMT
>Description:
- Update to 3.2.2

We have released version 3.2.2. of NSD. This is *critical* bugfix
release. One of the bugs is a one-byte buffer overflow that allows a
carefully crafted exploit to take down your name-server. It is highly
unlikely that the one-byte-off issue can lead to other (system) exploits.

The bug affects all version of NSD 2.0.0 to 3.2.1. Whether the bug can
be exploited to depends on various aspects of the OS and is therefore
distribution and compiler dependent.

For more information:
http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html

We strongly recommend you to update your systems to the latest version.
If you have reasons for not running the latest version of NSD, we
strongly advise you to at least apply the patch that resolves the
critical bug.

Added file(s):
- files/patch-Makefile.in

>How-To-Repeat:
>Fix:

--- nsd-3.2.2.patch begins here ---
diff -ruN nsd.orig/Makefile nsd/Makefile
--- nsd.orig/Makefile	2009-05-19 00:13:11.000000000 +0000
+++ nsd/Makefile	2009-05-19 01:21:21.000000000 +0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	nsd
-PORTVERSION=	3.2.1
+PORTVERSION=	3.2.2
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://www.nlnetlabs.nl/downloads/nsd/	\
 		ftp://ftp.rhnet.is/pub/nsd/
@@ -19,20 +19,13 @@
 USE_RC_SUBR=	nsd
 
 NSDUSER?=	bind
-NSDDBDIR?=	/var/db/nsd
-NSDDBFILE?=	${NSDDBDIR}/nsd.db
-NSDDIFFFILE?=	${NSDDBDIR}/ixfr.db
-NSDXFRDFILE?=	${NSDDBDIR}/xfrd.state
+NSD_LSD=	/var
 NSDMAX_INT?=	512
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--with-user=${NSDUSER} \
 		--with-configdir=${PREFIX}/etc/nsd \
-		--with-pidfile=/var/run/nsd.pid \
-		--with-dbfile=${NSDDBFILE} \
-		--with-difffile=${NSDDIFFFILE} \
-		--with-xfrdfile=${NSDXFRDFILE} \
-		--with-libwrap
+		--localstatedir=${NSD_LSD}
 
 USE_OPENSSL=	yes
 
@@ -116,8 +109,6 @@
 post-install:
 	${INSTALL_DATA} ${WRKSRC}/nsd.conf.sample \
 		${PREFIX}/etc/nsd/nsd.conf.sample
-	@${MKDIR} ${NSDDBDIR}
-	@${CHOWN} -R ${NSDUSER} ${NSDDBDIR}
 
 .if exists(${PREFIX}/etc/nsd/nsd.conf)
 	@${ECHO_MSG} "Upgrading to new ixfr.db format if needed"
diff -ruN nsd.orig/distinfo nsd/distinfo
--- nsd.orig/distinfo	2009-05-19 00:13:11.000000000 +0000
+++ nsd/distinfo	2009-05-19 00:13:56.000000000 +0000
@@ -1,3 +1,3 @@
-MD5 (nsd-3.2.1.tar.gz) = 66b602a793b851ad109403d3d2654fad
-SHA256 (nsd-3.2.1.tar.gz) = 08c45f7e3ccd4b5d282a9582f7c5e4f024058b3239c5a588e81fd68a60e237ed
-SIZE (nsd-3.2.1.tar.gz) = 841192
+MD5 (nsd-3.2.2.tar.gz) = a0dcb0a3b3c1a8d386125eeafe403f58
+SHA256 (nsd-3.2.2.tar.gz) = d538600eba68c6b4c297f3a2bfc89c48427ccb5dbba0ea29b93ad258d14c4343
+SIZE (nsd-3.2.2.tar.gz) = 840917
diff -ruN nsd.orig/files/patch-Makefile.in nsd/files/patch-Makefile.in
--- nsd.orig/files/patch-Makefile.in	1970-01-01 00:00:00.000000000 +0000
+++ nsd/files/patch-Makefile.in	2009-05-19 01:20:00.000000000 +0000
@@ -0,0 +1,11 @@
+--- Makefile.in.orig	2009-05-19 01:19:40.000000000 +0000
++++ Makefile.in	2009-05-19 01:15:18.000000000 +0000
+@@ -318,7 +318,7 @@
+ install: all
+ 	$(INSTALL) -d $(DESTDIR)$(sbindir)
+ 	$(INSTALL) -d $(DESTDIR)$(configdir)
+-	$(INSTALL) -d $(DESTDIR)$(piddir)
++#	$(INSTALL) -d $(DESTDIR)$(piddir)
+ 	$(INSTALL) -d $(DESTDIR)$(dbdir)
+ 	$(INSTALL) -d $(DESTDIR)$(mandir)
+ 	$(INSTALL) -d $(DESTDIR)$(mandir)/man8
diff -ruN nsd.orig/pkg-plist nsd/pkg-plist
--- nsd.orig/pkg-plist	2009-05-19 00:13:11.000000000 +0000
+++ nsd/pkg-plist	2009-05-19 00:26:49.000000000 +0000
@@ -7,5 +7,3 @@
 sbin/nsdc
 sbin/zonec
 @dirrm etc/nsd
-@cwd /
-@dirrm var/db/nsd
--- nsd-3.2.2.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905190129.n4J1T7lC071453>