From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Aug 5 20:20:02 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A78031065672 for ; Tue, 5 Aug 2008 20:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 850858FC2B for ; Tue, 5 Aug 2008 20:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m75KK2oP000638 for ; Tue, 5 Aug 2008 20:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m75KK2KH000637; Tue, 5 Aug 2008 20:20:02 GMT (envelope-from gnats) Resent-Date: Tue, 5 Aug 2008 20:20:02 GMT Resent-Message-Id: <200808052020.m75KK2KH000637@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ralf van der Enden Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 778D3106568B for ; Tue, 5 Aug 2008 20:13:29 +0000 (UTC) (envelope-from prvs=0103eb1e11=root@cainites.net) Received: from cainites.net (tunnel3563.ipv6.xs4all.nl [IPv6:2001:888:10:deb::2]) by mx1.freebsd.org (Postfix) with ESMTP id 2501E8FC08 for ; Tue, 5 Aug 2008 20:13:29 +0000 (UTC) (envelope-from prvs=0103eb1e11=root@cainites.net) Received: from root by cainites.net with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1KQSuN-000JL7-U6 for FreeBSD-gnats-submit@freebsd.org; Tue, 05 Aug 2008 22:13:27 +0200 Message-Id: Date: Tue, 05 Aug 2008 22:13:27 +0200 From: Ralf van der Enden To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/126282: [MAINTAINER] dns/powerdns: update to 2.9.21.1 (Security update!!!) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 20:20:02 -0000 >Number: 126282 >Category: ports >Synopsis: [MAINTAINER] dns/powerdns: update to 2.9.21.1 (Security update!!!) >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Aug 05 20:20:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Ralf van der Enden >Release: FreeBSD 7.0-RELEASE-p3 i386 >Organization: >Environment: System: FreeBSD lan.cainites.net 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #3: Sun Jul 13 22:22:16 CEST 2008 >Description: - Update to 2.9.21.1 NOTE: This is a security update!!! Quoted from a mail from the PowerDNS admin: ... "Brian Dowling of Simplicity Communications and Florian Weimer have brought some bad PowerDNS behaviour to my attention. In short, PowerDNS does not respond to certain queries it considers malformed. This in itself is not a problem, and was even thought of as a security measure. Brian and Florian, independently I think, have discovered that not answering a query for an invalid DNS record within a valid domain allows for a larger spoofing window of the valid domain. Because of the Kaminsky-discovery, this has become bad. For a sophisticated attacker, this provides no benefit. However, such a long window allows unsophisticated hackers to achieve better results." ... Removed file(s): - files/patch-pdns_qtype_cc Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- powerdns-2.9.21.1.patch begins here --- diff -ruN --exclude=CVS /usr/ports/dns/powerdns/Makefile /usr/ports/dns/powerdns.new/Makefile --- /usr/ports/dns/powerdns/Makefile 2008-06-06 15:22:59.000000000 +0200 +++ /usr/ports/dns/powerdns.new/Makefile 2008-08-05 22:03:34.000000000 +0200 @@ -6,8 +6,7 @@ # PORTNAME= powerdns -PORTVERSION= 2.9.21 -PORTREVISION= 1 +PORTVERSION= 2.9.21.1 CATEGORIES= dns ipv6 MASTER_SITES= http://downloads.powerdns.com/releases/ \ http://mirrors.evolva.ro/powerdns.com/releases/ @@ -117,10 +116,6 @@ PLIST_SUB+= WITHOPENDBX="@comment " .endif -.if ${OSVERSION} < 500039 -USE_GCC=3.4 -.endif - .if defined(WITH_OPENLDAP) post-patch: ${REINPLACE_CMD} -e 's;-I. ;-I. -I${LOCALBASE}/include ;' \ @@ -135,7 +130,7 @@ .if !exists(${PREFIX}/etc/pdns/pdns.conf) ${INSTALL_DATA} ${PREFIX}/etc/pdns/pdns.conf-dist ${PREFIX}/etc/pdns/pdns.conf .endif -.if !defined(NOPORTDOCS) +.if !defined(NOPORTEXAMPLES) ${MKDIR} ${EXAMPLESDIR} .for i in pdns.conf tables-mssql_or_sybase.sql tables-mysql.sql tables-pgsql.sql tables-sqlite.sql ${INSTALL_DATA} ${FILESDIR}/$i ${EXAMPLESDIR}/ diff -ruN --exclude=CVS /usr/ports/dns/powerdns/distinfo /usr/ports/dns/powerdns.new/distinfo --- /usr/ports/dns/powerdns/distinfo 2008-05-07 14:45:23.000000000 +0200 +++ /usr/ports/dns/powerdns.new/distinfo 2008-08-05 22:02:34.000000000 +0200 @@ -1,3 +1,3 @@ -MD5 (pdns-2.9.21.tar.gz) = a0d650dd1489ed46b36dfcc1d73653af -SHA256 (pdns-2.9.21.tar.gz) = 4b24db683ba2217caa1edf54545841dcdfa6fd27b66017577d8b0dd54f8e7ed5 -SIZE (pdns-2.9.21.tar.gz) = 991071 +MD5 (pdns-2.9.21.1.tar.gz) = 0e104d8d609d664b41cd91f4c8bd41e0 +SHA256 (pdns-2.9.21.1.tar.gz) = abfd368228354c6f247369b7ff3468ae84bab0462171e068fece3a0bc16f94fd +SIZE (pdns-2.9.21.1.tar.gz) = 1008160 diff -ruN --exclude=CVS /usr/ports/dns/powerdns/files/patch-pdns_qtype_cc /usr/ports/dns/powerdns.new/files/patch-pdns_qtype_cc --- /usr/ports/dns/powerdns/files/patch-pdns_qtype_cc 2007-04-27 09:25:40.000000000 +0200 +++ /usr/ports/dns/powerdns.new/files/patch-pdns_qtype_cc 1970-01-01 01:00:00.000000000 +0100 @@ -1,15 +0,0 @@ -=================================================================== ---- pdns/qtype.cc (revision 978) -+++ pdns/qtype.cc (revision 1046) -@@ -57,6 +57,11 @@ - insert("LOC",29); - insert("SRV",33); -+ insert("CERT", 37); - insert("A6",38); - insert("NAPTR",35); -+ insert("DS", 43); -+ insert("SSHFP", 44); -+ insert("RRSIG", 46); -+ insert("DNSKEY", 48); - insert("SPF",99); - insert("AXFR",252); diff -ruN --exclude=CVS /usr/ports/dns/powerdns/pkg-plist /usr/ports/dns/powerdns.new/pkg-plist --- /usr/ports/dns/powerdns/pkg-plist 2008-05-07 14:45:23.000000000 +0200 +++ /usr/ports/dns/powerdns.new/pkg-plist 2008-08-05 21:59:23.000000000 +0200 @@ -37,10 +37,10 @@ @unexec if cmp -s %D/etc/pdns/pdns.conf %D/etc/pdns/pdns.conf-dist; then rm -f %D/etc/pdns/pdns.conf; fi etc/pdns/pdns.conf-dist @exec [ -f %B/pdns.conf ] || cp %B/%f %B/pdns.conf -%%PORTDOCS%%%%EXAMPLESDIR%%/pdns.conf -%%PORTDOCS%%%%EXAMPLESDIR%%/tables-mssql_or_sybase.sql -%%PORTDOCS%%%%EXAMPLESDIR%%/tables-mysql.sql -%%PORTDOCS%%%%EXAMPLESDIR%%/tables-pgsql.sql -%%PORTDOCS%%%%EXAMPLESDIR%%/tables-sqlite.sql -%%PORTDOCS%%@dirrm %%EXAMPLESDIR%% +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/pdns.conf +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-mssql_or_sybase.sql +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-mysql.sql +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-pgsql.sql +%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-sqlite.sql +%%PORTEXAMPLES%%@dirrm %%EXAMPLESDIR%% @dirrmtry etc/pdns --- powerdns-2.9.21.1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: