ports/126282: [MAINTAINER] dns/powerdns: update to 2.9.21.1 (Security update!!!)

Ralf van der Enden tremere at cainites.net
Tue Aug 5 20:20:02 UTC 2008 

>Number:         126282
>Category:       ports
>Synopsis:       [MAINTAINER] dns/powerdns: update to 2.9.21.1 (Security update!!!)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 05 20:20:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Ralf van der Enden
>Release:        FreeBSD 7.0-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD lan.cainites.net 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #3: Sun Jul 13 22:22:16 CEST 2008
>Description:
- Update to 2.9.21.1

NOTE: This is a security update!!!

Quoted from a mail from the PowerDNS admin:

...

"Brian Dowling of Simplicity Communications and Florian Weimer have brought
some bad PowerDNS behaviour to my attention.
 
In short, PowerDNS does not respond to certain queries it considers
malformed. This in itself is not a problem, and was even thought of as a
security measure.
 
Brian and Florian, independently I think, have discovered that not answering
a query for an invalid DNS record within a valid domain allows for a larger
spoofing window of the valid domain. Because of the Kaminsky-discovery, this
has become bad.
 
For a sophisticated attacker, this provides no benefit. However, such a long
window allows unsophisticated hackers to achieve better results."

...

Removed file(s):
- files/patch-pdns_qtype_cc

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- powerdns-2.9.21.1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/dns/powerdns/Makefile /usr/ports/dns/powerdns.new/Makefile
--- /usr/ports/dns/powerdns/Makefile	2008-06-06 15:22:59.000000000 +0200
+++ /usr/ports/dns/powerdns.new/Makefile	2008-08-05 22:03:34.000000000 +0200
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	powerdns
-PORTVERSION=	2.9.21
-PORTREVISION=	1
+PORTVERSION=	2.9.21.1
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://downloads.powerdns.com/releases/ \
 		http://mirrors.evolva.ro/powerdns.com/releases/
@@ -117,10 +116,6 @@
 PLIST_SUB+=		WITHOPENDBX="@comment "
 .endif
 
-.if ${OSVERSION} < 500039
-USE_GCC=3.4
-.endif
-
 .if defined(WITH_OPENLDAP)
 post-patch:
 	${REINPLACE_CMD} -e 's;-I. ;-I. -I${LOCALBASE}/include ;' \
@@ -135,7 +130,7 @@
 .if !exists(${PREFIX}/etc/pdns/pdns.conf)
 	${INSTALL_DATA} ${PREFIX}/etc/pdns/pdns.conf-dist ${PREFIX}/etc/pdns/pdns.conf
 .endif
-.if !defined(NOPORTDOCS)
+.if !defined(NOPORTEXAMPLES)
 	${MKDIR} ${EXAMPLESDIR}
 .for i in pdns.conf tables-mssql_or_sybase.sql tables-mysql.sql tables-pgsql.sql tables-sqlite.sql
 	${INSTALL_DATA} ${FILESDIR}/$i ${EXAMPLESDIR}/
diff -ruN --exclude=CVS /usr/ports/dns/powerdns/distinfo /usr/ports/dns/powerdns.new/distinfo
--- /usr/ports/dns/powerdns/distinfo	2008-05-07 14:45:23.000000000 +0200
+++ /usr/ports/dns/powerdns.new/distinfo	2008-08-05 22:02:34.000000000 +0200
@@ -1,3 +1,3 @@
-MD5 (pdns-2.9.21.tar.gz) = a0d650dd1489ed46b36dfcc1d73653af
-SHA256 (pdns-2.9.21.tar.gz) = 4b24db683ba2217caa1edf54545841dcdfa6fd27b66017577d8b0dd54f8e7ed5
-SIZE (pdns-2.9.21.tar.gz) = 991071
+MD5 (pdns-2.9.21.1.tar.gz) = 0e104d8d609d664b41cd91f4c8bd41e0
+SHA256 (pdns-2.9.21.1.tar.gz) = abfd368228354c6f247369b7ff3468ae84bab0462171e068fece3a0bc16f94fd
+SIZE (pdns-2.9.21.1.tar.gz) = 1008160
diff -ruN --exclude=CVS /usr/ports/dns/powerdns/files/patch-pdns_qtype_cc /usr/ports/dns/powerdns.new/files/patch-pdns_qtype_cc
--- /usr/ports/dns/powerdns/files/patch-pdns_qtype_cc	2007-04-27 09:25:40.000000000 +0200
+++ /usr/ports/dns/powerdns.new/files/patch-pdns_qtype_cc	1970-01-01 01:00:00.000000000 +0100
@@ -1,15 +0,0 @@
-===================================================================
---- pdns/qtype.cc (revision 978)
-+++ pdns/qtype.cc (revision 1046)
-@@ -57,6 +57,11 @@
-       insert("LOC",29);
-       insert("SRV",33);
-+      insert("CERT", 37);
-       insert("A6",38);
-       insert("NAPTR",35);
-+      insert("DS", 43);
-+      insert("SSHFP", 44);
-+      insert("RRSIG", 46);
-+      insert("DNSKEY", 48);
-       insert("SPF",99);
-       insert("AXFR",252);
diff -ruN --exclude=CVS /usr/ports/dns/powerdns/pkg-plist /usr/ports/dns/powerdns.new/pkg-plist
--- /usr/ports/dns/powerdns/pkg-plist	2008-05-07 14:45:23.000000000 +0200
+++ /usr/ports/dns/powerdns.new/pkg-plist	2008-08-05 21:59:23.000000000 +0200
@@ -37,10 +37,10 @@
 @unexec if cmp -s %D/etc/pdns/pdns.conf %D/etc/pdns/pdns.conf-dist; then rm -f %D/etc/pdns/pdns.conf; fi
 etc/pdns/pdns.conf-dist
 @exec [ -f %B/pdns.conf ] || cp %B/%f %B/pdns.conf
-%%PORTDOCS%%%%EXAMPLESDIR%%/pdns.conf
-%%PORTDOCS%%%%EXAMPLESDIR%%/tables-mssql_or_sybase.sql
-%%PORTDOCS%%%%EXAMPLESDIR%%/tables-mysql.sql
-%%PORTDOCS%%%%EXAMPLESDIR%%/tables-pgsql.sql
-%%PORTDOCS%%%%EXAMPLESDIR%%/tables-sqlite.sql
-%%PORTDOCS%%@dirrm %%EXAMPLESDIR%%
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/pdns.conf
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-mssql_or_sybase.sql
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-mysql.sql
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-pgsql.sql
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/tables-sqlite.sql
+%%PORTEXAMPLES%%@dirrm %%EXAMPLESDIR%%
 @dirrmtry etc/pdns
--- powerdns-2.9.21.1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list