svn commit: r489514 - in head/dns: . nsec3walker nsec3walker/files

Kurt Jaeger pi at FreeBSD.org
Sun Jan 6 17:30:02 UTC 2019 

Author: pi
Date: Sun Jan  6 17:29:59 2019
New Revision: 489514
URL: https://svnweb.freebsd.org/changeset/ports/489514

Log:
  New port: dns/nsec3walker: Walk NSEC3 secured DNSSEC zones
  
  Installing current DNSSEC (NSEC3) exposes private DNS data to low-cost
  DNS database espionage. The nsec3walker tool allows administrators and users
  to see how much private information is being given away by DNSSEC.
  
  WWW: https://dnscurve.org/nsec3walker.html
  
  PR:		215995
  Submitted by:	Piotr Kubaj <pkubaj at anongoth.pl>

Added:
  head/dns/nsec3walker/
  head/dns/nsec3walker/Makefile   (contents, props changed)
  head/dns/nsec3walker/distinfo   (contents, props changed)
  head/dns/nsec3walker/files/
  head/dns/nsec3walker/files/patch-Makefile   (contents, props changed)
  head/dns/nsec3walker/files/patch-collect   (contents, props changed)
  head/dns/nsec3walker/files/patch-unhash   (contents, props changed)
  head/dns/nsec3walker/pkg-descr   (contents, props changed)
Modified:
  head/dns/Makefile

Modified: head/dns/Makefile
==============================================================================
--- head/dns/Makefile	Sun Jan  6 16:57:40 2019	(r489513)
+++ head/dns/Makefile	Sun Jan  6 17:29:59 2019	(r489514)
@@ -113,6 +113,7 @@
     SUBDIR += namesilo_ddns
     SUBDIR += noip
     SUBDIR += nsd
+    SUBDIR += nsec3walker
     SUBDIR += nslint
     SUBDIR += nsnotifyd
     SUBDIR += nsping

Added: head/dns/nsec3walker/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/nsec3walker/Makefile	Sun Jan  6 17:29:59 2019	(r489514)
@@ -0,0 +1,31 @@
+# Created by: Piotr Kubaj <pkubaj at anongoth.pl>
+# $FreeBSD$
+
+PORTNAME=	nsec3walker
+PORTVERSION=	20101223
+CATEGORIES=	dns
+MASTER_SITES=	https://dnscurve.org/
+
+MAINTAINER=	pkubaj at anongoth.pl
+COMMENT=	Walk NSEC3 secured DNSSEC zones
+
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}bsddb>0:databases/py-bsddb@${PY_FLAVOR} \
+		dig:dns/bind-tools
+
+USES=		python shebangfix ssl
+
+SHEBANG_FILES=	${WRKSRC}/collect ${WRKSRC}/unhash
+PLIST_FILES=	bin/collect \
+		bin/dicthashes \
+		bin/query \
+		bin/randomhashes \
+		bin/unhash
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/collect ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/dicthashes ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_SCRIPT} ${WRKSRC}/query ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/randomhashes ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_SCRIPT} ${WRKSRC}/unhash ${STAGEDIR}${PREFIX}/bin
+
+.include <bsd.port.mk>

Added: head/dns/nsec3walker/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/nsec3walker/distinfo	Sun Jan  6 17:29:59 2019	(r489514)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1484146216
+SHA256 (nsec3walker-20101223.tar.gz) = 74d873b93d67634d9c1c16c938818ecb90dc6ad391ca6dc57b421c627eeb2e30
+SIZE (nsec3walker-20101223.tar.gz) = 3658

Added: head/dns/nsec3walker/files/patch-Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/nsec3walker/files/patch-Makefile	Sun Jan  6 17:29:59 2019	(r489514)
@@ -0,0 +1,12 @@
+--- Makefile.orig	2010-12-24 09:49:40 UTC
++++ Makefile
+@@ -1,7 +1,7 @@
+ all: dicthashes randomhashes
+ 
+ dicthashes: dicthashes.c
+-	gcc -O3 -o dicthashes dicthashes.c -lcrypto -lm
++	cc -O3 -o dicthashes dicthashes.c -lcrypto -lm
+ 
+ randomhashes: randomhashes.c
+-	gcc -O3 -o randomhashes randomhashes.c -lcrypto -lm
++	cc -O3 -o randomhashes randomhashes.c -lcrypto -lm

Added: head/dns/nsec3walker/files/patch-collect
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/nsec3walker/files/patch-collect	Sun Jan  6 17:29:59 2019	(r489514)
@@ -0,0 +1,20 @@
+--- collect.orig	2010-12-24 09:49:40 UTC
++++ collect
+@@ -71,7 +71,7 @@ while len(todo) > 0 or len(nexthash) == 
+     print "querying",guess,h
+     numqueries += 1
+     server = servers[r.randrange(len(servers))]
+-    query = subprocess.Popen(["./query",guess,server],stdout=subprocess.PIPE).stdout
++    query = subprocess.Popen(["query",guess,server],stdout=subprocess.PIPE).stdout
+     for x in query:
+       y = x.strip().split(' ')
+       if y[0] == "ns":
+@@ -84,7 +84,7 @@ while len(todo) > 0 or len(nexthash) == 
+           print "iterations",y[4]
+           salt = binascii.a2b_hex(y[3])
+           iterations = int(y[4])
+-	  hashprocess = subprocess.Popen(["./randomhashes",domain,y[4],y[3]],stdout=subprocess.PIPE)
++	  hashprocess = subprocess.Popen(["randomhashes",domain,y[4],y[3]],stdout=subprocess.PIPE)
+ 	  hashes = hashprocess.stdout
+ 	if salt != binascii.a2b_hex(y[3]):
+ 	  print "newsalt",binascii.a2b_hex(y[3])

Added: head/dns/nsec3walker/files/patch-unhash
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/nsec3walker/files/patch-unhash	Sun Jan  6 17:29:59 2019	(r489514)
@@ -0,0 +1,11 @@
+--- unhash.orig	2017-01-13 09:05:36 UTC
++++ unhash
+@@ -35,7 +35,7 @@ print "names:",numnames
+ 
+ if domain and salt and numnames:
+   dictprocess = subprocess.Popen(["cat",dictionary],stdout=subprocess.PIPE)
+-  hashprocess = subprocess.Popen(["./dicthashes",domain,iterations,salt],stdin=dictprocess.stdout,stdout=subprocess.PIPE)
++  hashprocess = subprocess.Popen(["dicthashes",domain,iterations,salt],stdin=dictprocess.stdout,stdout=subprocess.PIPE)
+   for line in hashprocess.stdout:
+     numhashes += 1
+     x = line.strip().split()

Added: head/dns/nsec3walker/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/nsec3walker/pkg-descr	Sun Jan  6 17:29:59 2019	(r489514)
@@ -0,0 +1,5 @@
+Installing current DNSSEC (NSEC3) exposes private DNS data to low-cost
+DNS database espionage. The nsec3walker tool allows administrators and users
+to see how much private information is being given away by DNSSEC.
+
+WWW: https://dnscurve.org/nsec3walker.html

More information about the svn-ports-all mailing list