diff options
| author |   Sven Wegener <swegener@gentoo.org> | 2014-12-18 21:06:24 +0000 |
|---|---|---|
| committer | Sven Wegener <swegener@gentoo.org> | 2014-12-18 21:06:24 +0000 |
| commit | 06d1e61f8678134f0a7306b40dd6aa755b055d00 (patch) | |
| tree | fa337adcc1403189d6541e7e7da3953010df6ad5 /net-dns | |
| parent | fail prominently in case of config directories being a regular file, bug #532892 (diff) | |
| download | gentoo-2-06d1e61f8678134f0a7306b40dd6aa755b055d00.tar.gz gentoo-2-06d1e61f8678134f0a7306b40dd6aa755b055d00.tar.bz2 gentoo-2-06d1e61f8678134f0a7306b40dd6aa755b055d00.zip | |
Revision bump for 3.6.1 with patch for security bug #531992.
(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0x64D4CF24)
Diffstat (limited to 'net-dns')
| -rw-r--r-- | net-dns/pdns-recursor/ChangeLog | 9 | ||||
| -rw-r--r-- | net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch | 52 | ||||
| -rw-r--r-- | net-dns/pdns-recursor/pdns-recursor-3.6.1-r1.ebuild | 59 |
3 files changed, 119 insertions, 1 deletions
diff --git a/net-dns/pdns-recursor/ChangeLog b/net-dns/pdns-recursor/ChangeLog index c278e3631faf..a0265e56b259 100644 --- a/net-dns/pdns-recursor/ChangeLog +++ b/net-dns/pdns-recursor/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-dns/pdns-recursor # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns-recursor/ChangeLog,v 1.51 2014/12/09 20:01:31 swegener Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns-recursor/ChangeLog,v 1.52 2014/12/18 21:06:24 swegener Exp $ + +*pdns-recursor-3.6.1-r1 (18 Dec 2014) + + 18 Dec 2014; Sven Wegener <swegener@gentoo.org> + +pdns-recursor-3.6.1-r1.ebuild, + +files/pdns-recursor-3.6.1-CVE-2014-8601.patch: + Revision bump for 3.6.1 with patch for security bug #531992. *pdns-recursor-3.6.2 (09 Dec 2014) diff --git a/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch b/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch new file mode 100644 index 000000000000..44ccc2803848 --- /dev/null +++ b/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch @@ -0,0 +1,52 @@ +https://downloads.powerdns.com/patches/2014-02/3.6.1.patch + +diff --git a/pdns_recursor.cc b/pdns_recursor.cc +index f1ef93c..8e43d6e 100644 +--- a/pdns_recursor.cc ++++ b/pdns_recursor.cc +@@ -550,7 +550,14 @@ void startDoResolve(void *p) + + // if there is a RecursorLua active, and it 'took' the query in preResolve, we don't launch beginResolve + if(!t_pdl->get() || !(*t_pdl)->preresolve(dc->d_remote, g_listenSocketsAddresses[dc->d_socket], dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), ret, res, &variableAnswer)) { +- res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret); ++ try { ++ res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret); ++ } ++ catch(ImmediateServFailException &e) { ++ L<<Logger::Error<<"Sending SERVFAIL during resolve of '"<<dc->d_mdp.d_qname<<"' because: "<<e.reason<<endl; ++ ++ res = RCode::ServFail; ++ } + + if(t_pdl->get()) { + if(res == RCode::NoError) { +diff --git a/syncres.cc b/syncres.cc +index 4dc78b4..d09e44b 100644 +--- a/syncres.cc ++++ b/syncres.cc +@@ -923,6 +923,7 @@ int SyncRes::doResolveAt(set<string, CIStringCompare> nameservers, string auth, + } + else { + s_outqueries++; d_outqueries++; ++ if(d_outqueries > 50) throw ImmediateServFailException("more than 50 queries sent while resolving "+qname); + TryTCP: + if(doTCP) { + LOG(prefix<<qname<<": using TCP with "<< remoteIP->toStringWithPort() <<endl); +diff --git a/syncres.hh b/syncres.hh +index 5182527..b22de89 100644 +--- a/syncres.hh ++++ b/syncres.hh +@@ -593,6 +593,13 @@ private: + static AtomicCounter s_currentConnections; //!< total number of current TCP connections + }; + ++class ImmediateServFailException ++{ ++public: ++ ImmediateServFailException(string r){reason=r;}; ++ ++ string reason; //! Print this to tell the user what went wrong ++}; + + struct RemoteKeeper + { diff --git a/net-dns/pdns-recursor/pdns-recursor-3.6.1-r1.ebuild b/net-dns/pdns-recursor/pdns-recursor-3.6.1-r1.ebuild new file mode 100644 index 000000000000..a5bdfac17e0f --- /dev/null +++ b/net-dns/pdns-recursor/pdns-recursor-3.6.1-r1.ebuild @@ -0,0 +1,59 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns-recursor/pdns-recursor-3.6.1-r1.ebuild,v 1.1 2014/12/18 21:06:24 swegener Exp $ + +EAPI="4" + +inherit toolchain-funcs flag-o-matic eutils + +DESCRIPTION="The PowerDNS Recursor" +HOMEPAGE="http://www.powerdns.com/" +SRC_URI="http://downloads.powerdns.com/releases/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="lua" + +DEPEND="lua? ( >=dev-lang/lua-5.1 )" +RDEPEND="${DEPEND} + !<net-dns/pdns-2.9.20-r1" +DEPEND="${DEPEND} + >=dev-libs/boost-1.33.1" + +pkg_setup() { + filter-flags -ftree-vectorize +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2014-8601.patch +} + +src_configure() { + true +} + +src_compile() { + emake \ + LOCALSTATEDIR=/var/lib/powerdns \ + CC="$(tc-getCC)" \ + CXX="$(tc-getCXX)" \ + OPTFLAGS="" \ + LUA_LIBS_CONFIG="-llua" \ + LUA_CPPFLAGS_CONFIG="" \ + LUA="$(use lua && echo 1)" +} + +src_install() { + dosbin pdns_recursor rec_control + doman pdns_recursor.1 rec_control.1 + + insinto /etc/powerdns + doins "${FILESDIR}"/recursor.conf + + doinitd "${FILESDIR}"/precursor + + # Pretty ugly, uh? + dodir /var/lib/powerdns/var/lib + dosym ../.. /var/lib/powerdns/var/lib/powerdns +} |