From owner-svn-ports-all@FreeBSD.ORG Wed May 6 19:59:09 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E706F58; Wed, 6 May 2015 19:59:09 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 302D915DF; Wed, 6 May 2015 19:59:09 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t46Jx9VQ099321; Wed, 6 May 2015 19:59:09 GMT (envelope-from garga@FreeBSD.org) Received: (from garga@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t46Jx8Eu099319; Wed, 6 May 2015 19:59:08 GMT (envelope-from garga@FreeBSD.org) Message-Id: <201505061959.t46Jx8Eu099319@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: garga set sender to garga@FreeBSD.org using -f From: Renato Botelho Date: Wed, 6 May 2015 19:59:08 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r385553 - in head/dns/dnsmasq: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 May 2015 19:59:09 -0000 Author: garga Date: Wed May 6 19:59:08 2015 New Revision: 385553 URL: https://svnweb.freebsd.org/changeset/ports/385553 Log: - Add a patch to fix CVE-2015-3294 - Bump PORTREVISION PR: 199999 Approved by: mandree@ (maintainer) Obtained from: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8 MFH: 2015Q2 Security: CVE-2015-3294 Sponsored by: Netgate Added: head/dns/dnsmasq/files/patch-CVE-2015-3294 (contents, props changed) Modified: head/dns/dnsmasq/Makefile Modified: head/dns/dnsmasq/Makefile ============================================================================== --- head/dns/dnsmasq/Makefile Wed May 6 19:48:58 2015 (r385552) +++ head/dns/dnsmasq/Makefile Wed May 6 19:59:08 2015 (r385553) @@ -3,6 +3,7 @@ PORTNAME= dnsmasq DISTVERSION= 2.72 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= dns ipv6 MASTER_SITES= http://www.thekelleys.org.uk/dnsmasq/ \ Added: head/dns/dnsmasq/files/patch-CVE-2015-3294 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/dnsmasq/files/patch-CVE-2015-3294 Wed May 6 19:59:08 2015 (r385553) @@ -0,0 +1,36 @@ +X-Git-Url: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff_plain;f=src%2Frfc1035.c;h=a995ab50d74adde068c8839684f9b3a44f4976d0;hp=7a07b0cee90655e296f57fa79f4d4a3a409b7b89;hb=ad4a8ff7d9097008d7623df8543df435bfddeac8;hpb=04b0ac05377936d121a36873bb63d492cde292c9 + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 7a07b0c..a995ab5 100644 +--- a/src/rfc1035.c ++++ src/rfc1035.c +@@ -1198,7 +1198,10 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, + size_t setup_reply(struct dns_header *header, size_t qlen, + struct all_addr *addrp, unsigned int flags, unsigned long ttl) + { +- unsigned char *p = skip_questions(header, qlen); ++ unsigned char *p; ++ ++ if (!(p = skip_questions(header, qlen))) ++ return 0; + + /* clear authoritative and truncated flags, set QR flag */ + header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR; +@@ -1214,7 +1217,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + SET_RCODE(header, NOERROR); /* empty domain */ + else if (flags == F_NXDOMAIN) + SET_RCODE(header, NXDOMAIN); +- else if (p && flags == F_IPV4) ++ else if (flags == F_IPV4) + { /* we know the address */ + SET_RCODE(header, NOERROR); + header->ancount = htons(1); +@@ -1222,7 +1225,7 @@ size_t setup_reply(struct dns_header *header, size_t qlen, + add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp); + } + #ifdef HAVE_IPV6 +- else if (p && flags == F_IPV6) ++ else if (flags == F_IPV6) + { + SET_RCODE(header, NOERROR); + header->ancount = htons(1);