Date: Tue, 05 Aug 2008 22:13:27 +0200 From: Ralf van der Enden <tremere@cainites.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/126282: [MAINTAINER] dns/powerdns: update to 2.9.21.1 (Security update!!!) Message-ID: <E1KQSuN-000JL7-U6@cainites.net> Resent-Message-ID: <200808052020.m75KK2KH000637@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 126282 >Category: ports >Synopsis: [MAINTAINER] dns/powerdns: update to 2.9.21.1 (Security update!!!) >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Aug 05 20:20:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Ralf van der Enden >Release: FreeBSD 7.0-RELEASE-p3 i386 >Organization: >Environment: System: FreeBSD lan.cainites.net 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #3: Sun Jul 13 22:22:16 CEST 2008 >Description: - Update to 2.9.21.1 NOTE: This is a security update!!! Quoted from a mail from the PowerDNS admin: ... "Brian Dowling of Simplicity Communications and Florian Weimer have brought some bad PowerDNS behaviour to my attention. In short, PowerDNS does not respond to certain queries it considers malformed. This in itself is not a problem, and was even thought of as a security measure. Brian and Florian, independently I think, have discovered that not answering a query for an invalid DNS record within a valid domain allows for a larger spoofing window of the valid domain. Because of the Kaminsky-discovery, this has become bad. For a sophisticated attacker, this provides no benefit. However, such a long window allows unsophisticated hackers to achieve better results." ... Removed file(s): - files/patch-pdns_qtype_cc Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- powerdns-2.9.21.1.patch begins here --- diff -ruN --exclude=CVS /usr/ports/dns/powerdns/Makefile /usr/ports/dns/powerdns.new/Makefile --- /usr/ports/dns/powerdns/Makefile 2008-06-06 15:22:59.000000000 +0200 +++ /usr/ports/dns/powerdns.new/Makefile 2008-08-05 22:03:34.000000000 +0200 @@ -6,8 +6,7 @@ # PORTNAME= powerdns -PORTVERSION= 2.9.21 -PORTREVISION= 1 +PORTVERSION= 2.9.21.1 CATEGORIES= dns ipv6 MASTER_SITES= http://downloads.powerdns.com/releases/ \ http://mirrors.evolva.ro/powerdns.com/releases/ @@ -117,10 +116,6 @@ PLIST_SUB+= WITHOPENDBX="@comment " .endif -.if ${OSVERSION} < 500039 -USE_GCC=3.4 -.endif - .if defined(WITH_OPENLDAP) post-patch: ${REINPLACE_CMD} -e 's;-I. ;-I. -I${LOCALBASE}/include ;' \ @@ -135,7 +130,7 @@ .if !exists(${PREFIX}/etc/pdns/pdns.conf) ${INSTALL_DATA} ${PREFIX}/etc/pdns/pdns.conf-dist ${PREFIX}/etc/pdns/pdns.conf .endif -.if !defined(NOPORTDOCS) +.if !defined(NOPORTEXAMPLES) ${MKDIR} ${EXAMPLESDIR} .for i in pdns.conf tables-mssql_or_sybase.sql tables-mysql.sql tables-pgsql.sql tables-sqlite.sql ${INSTALL_DATA} ${FILESDIR}/$i ${EXAMPLESDIR}/ diff -ruN --exclude=CVS /usr/ports/dns/powerdns/distinfo /usr/ports/dns/powerdns.new/distinfo --- /usr/ports/dns/powerdns/distinfo 2008-05-07 14:45:23.000000000 +0200 +++ /usr/ports/dns/powerdns.new/distinfo 2008-08-05 22:02:34.000000000 +0200 @@ -1,3 +1,3 @@ -MD5 (pdns-2.9.21.tar.gz) = a0d650dd1489ed46b36dfcc1d73653af -SHA256 (pdns-2.9.21.tar.gz) = 4b24db683ba2217caa1edf54545841dcdfa6fd27b66017577d8b0dd54f8e7ed5 -SIZE (pdns-2.9.21.tar.gz) = 991071 +MD5 (pdns-2.9.21.1.tar.gz) = 0e104d8d609d664b41cd91f4c8bd41e0 +SHA256 (pdns-2.9.21.1.tar.gz) = abfd368228354c6f247369b7ff3468ae84bab0462171e068fece3a0bc16f94fd +SIZE (pdns-2.9.21.1.tar.gz) = 1008160 diff -ruN --exclude=CVS /usr/ports/dns/powerdns/files/patch-pdns_qtype_cc /usr/ports/dns/powerdns.new/files/patch-pdns_qtype_cc --- /usr/ports/dns/powerdns/files/patch-pdns_qtype_cc 2007-04-27 09:25:40.000000000 +0200 +++ /usr/ports/dns/powerdns.new/files/patch-pdns_qtype_cc 1970-01-01 01:00:00.000000000 +0100 @@ -1,15 +0,0 @@ -=================================================================== ---- pdns/qtype.cc (revision 978) -+++ pdns/qtype.cc (revision 1046) -@@ -57,6 +57,11 @@ - insert("LOC",29); - insert("SRV",33); -+ insert("CERT", 37); - insert("A6",38); - insert("NAPTR",35); -+ insert("DS", 43); -+ insert("SSHFP", 44); -+ insert("RRSIG", 46); -+ insert("DNSKEY", 48); - insert("SPF",99); - insert("AXFR",252); diff -ruN --exclude=CVS /usr/ports/dns/powerdns/pkg-plist /usr/ports/dns/powerdns.new/pkg-plist --- /usr/ports/dns/powerdns/pkg-plist 2008-05-07 14:45:23.000000000 +0200 +++ /usr/ports/dns/powerdns.new/pkg-plist 2008-08-05 21:59:23.000000000 +0200 @@ -37,10 +37,10 @@ @unexec if cmp -s %D/etc/pdns/pdns.conf %D/etc/pdns/pdns.conf-dist; then rm -f %D/etc/pdns/pdns.conf; fi etc/pdns/pdns.conf-dist @exec [ -f %B/pdns.conf ] || cp %B/%f %B/pdns.conf -%%PORTDOCS%%%%EXAMPLESDIR%%/pdns.conf -%%PORTDOCS%%%%EXAMPLESDIR%%/tables-mssql_or_sybase.sql -%%PORTDOCS%%%%EXAMPLESDIR%%/tables-mysql.sql -%%PORTDOCS%%%%EXAMPLESDIR%%/tables-pgsql.sql -%%PORTDOCS%%%%EXAMPLESDIR%%/tables-sqlite.sql -%%PORTDOCS%%@dirrm %%EXAMPLESDIR%% +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/pdns.conf +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-mssql_or_sybase.sql +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-mysql.sql +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-pgsql.sql +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-sqlite.sql +%%PORTEXAMPLES%%@dirrm %%EXAMPLESDIR%% @dirrmtry etc/pdns --- powerdns-2.9.21.1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1KQSuN-000JL7-U6>