From owner-svn-ports-all@freebsd.org Sun Jan 6 17:30:02 2019 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E02561494ED7; Sun, 6 Jan 2019 17:30:01 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8192F86BF2; Sun, 6 Jan 2019 17:30:01 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5AE4C3883; Sun, 6 Jan 2019 17:30:01 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x06HU11r090354; Sun, 6 Jan 2019 17:30:01 GMT (envelope-from pi@FreeBSD.org) Received: (from pi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x06HTxut090315; Sun, 6 Jan 2019 17:29:59 GMT (envelope-from pi@FreeBSD.org) Message-Id: <201901061729.x06HTxut090315@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org using -f From: Kurt Jaeger Date: Sun, 6 Jan 2019 17:29:59 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r489514 - in head/dns: . nsec3walker nsec3walker/files X-SVN-Group: ports-head X-SVN-Commit-Author: pi X-SVN-Commit-Paths: in head/dns: . nsec3walker nsec3walker/files X-SVN-Commit-Revision: 489514 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 8192F86BF2 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.96)[-0.962,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jan 2019 17:30:02 -0000 Author: pi Date: Sun Jan 6 17:29:59 2019 New Revision: 489514 URL: https://svnweb.freebsd.org/changeset/ports/489514 Log: New port: dns/nsec3walker: Walk NSEC3 secured DNSSEC zones Installing current DNSSEC (NSEC3) exposes private DNS data to low-cost DNS database espionage. The nsec3walker tool allows administrators and users to see how much private information is being given away by DNSSEC. WWW: https://dnscurve.org/nsec3walker.html PR: 215995 Submitted by: Piotr Kubaj Added: head/dns/nsec3walker/ head/dns/nsec3walker/Makefile (contents, props changed) head/dns/nsec3walker/distinfo (contents, props changed) head/dns/nsec3walker/files/ head/dns/nsec3walker/files/patch-Makefile (contents, props changed) head/dns/nsec3walker/files/patch-collect (contents, props changed) head/dns/nsec3walker/files/patch-unhash (contents, props changed) head/dns/nsec3walker/pkg-descr (contents, props changed) Modified: head/dns/Makefile Modified: head/dns/Makefile ============================================================================== --- head/dns/Makefile Sun Jan 6 16:57:40 2019 (r489513) +++ head/dns/Makefile Sun Jan 6 17:29:59 2019 (r489514) @@ -113,6 +113,7 @@ SUBDIR += namesilo_ddns SUBDIR += noip SUBDIR += nsd + SUBDIR += nsec3walker SUBDIR += nslint SUBDIR += nsnotifyd SUBDIR += nsping Added: head/dns/nsec3walker/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/Makefile Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,31 @@ +# Created by: Piotr Kubaj +# $FreeBSD$ + +PORTNAME= nsec3walker +PORTVERSION= 20101223 +CATEGORIES= dns +MASTER_SITES= https://dnscurve.org/ + +MAINTAINER= pkubaj@anongoth.pl +COMMENT= Walk NSEC3 secured DNSSEC zones + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}bsddb>0:databases/py-bsddb@${PY_FLAVOR} \ + dig:dns/bind-tools + +USES= python shebangfix ssl + +SHEBANG_FILES= ${WRKSRC}/collect ${WRKSRC}/unhash +PLIST_FILES= bin/collect \ + bin/dicthashes \ + bin/query \ + bin/randomhashes \ + bin/unhash + +do-install: + ${INSTALL_SCRIPT} ${WRKSRC}/collect ${STAGEDIR}${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/dicthashes ${STAGEDIR}${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/query ${STAGEDIR}${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/randomhashes ${STAGEDIR}${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/unhash ${STAGEDIR}${PREFIX}/bin + +.include Added: head/dns/nsec3walker/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/distinfo Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,3 @@ +TIMESTAMP = 1484146216 +SHA256 (nsec3walker-20101223.tar.gz) = 74d873b93d67634d9c1c16c938818ecb90dc6ad391ca6dc57b421c627eeb2e30 +SIZE (nsec3walker-20101223.tar.gz) = 3658 Added: head/dns/nsec3walker/files/patch-Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/files/patch-Makefile Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,12 @@ +--- Makefile.orig 2010-12-24 09:49:40 UTC ++++ Makefile +@@ -1,7 +1,7 @@ + all: dicthashes randomhashes + + dicthashes: dicthashes.c +- gcc -O3 -o dicthashes dicthashes.c -lcrypto -lm ++ cc -O3 -o dicthashes dicthashes.c -lcrypto -lm + + randomhashes: randomhashes.c +- gcc -O3 -o randomhashes randomhashes.c -lcrypto -lm ++ cc -O3 -o randomhashes randomhashes.c -lcrypto -lm Added: head/dns/nsec3walker/files/patch-collect ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/files/patch-collect Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,20 @@ +--- collect.orig 2010-12-24 09:49:40 UTC ++++ collect +@@ -71,7 +71,7 @@ while len(todo) > 0 or len(nexthash) == + print "querying",guess,h + numqueries += 1 + server = servers[r.randrange(len(servers))] +- query = subprocess.Popen(["./query",guess,server],stdout=subprocess.PIPE).stdout ++ query = subprocess.Popen(["query",guess,server],stdout=subprocess.PIPE).stdout + for x in query: + y = x.strip().split(' ') + if y[0] == "ns": +@@ -84,7 +84,7 @@ while len(todo) > 0 or len(nexthash) == + print "iterations",y[4] + salt = binascii.a2b_hex(y[3]) + iterations = int(y[4]) +- hashprocess = subprocess.Popen(["./randomhashes",domain,y[4],y[3]],stdout=subprocess.PIPE) ++ hashprocess = subprocess.Popen(["randomhashes",domain,y[4],y[3]],stdout=subprocess.PIPE) + hashes = hashprocess.stdout + if salt != binascii.a2b_hex(y[3]): + print "newsalt",binascii.a2b_hex(y[3]) Added: head/dns/nsec3walker/files/patch-unhash ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/files/patch-unhash Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,11 @@ +--- unhash.orig 2017-01-13 09:05:36 UTC ++++ unhash +@@ -35,7 +35,7 @@ print "names:",numnames + + if domain and salt and numnames: + dictprocess = subprocess.Popen(["cat",dictionary],stdout=subprocess.PIPE) +- hashprocess = subprocess.Popen(["./dicthashes",domain,iterations,salt],stdin=dictprocess.stdout,stdout=subprocess.PIPE) ++ hashprocess = subprocess.Popen(["dicthashes",domain,iterations,salt],stdin=dictprocess.stdout,stdout=subprocess.PIPE) + for line in hashprocess.stdout: + numhashes += 1 + x = line.strip().split() Added: head/dns/nsec3walker/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/nsec3walker/pkg-descr Sun Jan 6 17:29:59 2019 (r489514) @@ -0,0 +1,5 @@ +Installing current DNSSEC (NSEC3) exposes private DNS data to low-cost +DNS database espionage. The nsec3walker tool allows administrators and users +to see how much private information is being given away by DNSSEC. + +WWW: https://dnscurve.org/nsec3walker.html