svn commit: r408607 - in branches/2016Q1/dns/dnscrypt-proxy: . files

Mark Felder feld at FreeBSD.org
Wed Feb 10 00:05:07 UTC 2016 

Author: feld
Date: Wed Feb 10 00:05:06 2016
New Revision: 408607
URL: https://svnweb.freebsd.org/changeset/ports/408607

Log:
  MFH: r408606
  
  dns/dnscrypt-proxy: Update to 1.6.1
  
  * Fix code execution vulnerability
  * Fix edns0 support
  * Update OpenDNS resolver name for files/dnscrypt-proxy_multi.in
  
  PR:		206938
  Approved by:	ports-secteam (with hat)

Added:
  branches/2016Q1/dns/dnscrypt-proxy/files/patch-src_proxy_edns.c
     - copied unchanged from r408606, head/dns/dnscrypt-proxy/files/patch-src_proxy_edns.c
Modified:
  branches/2016Q1/dns/dnscrypt-proxy/Makefile
  branches/2016Q1/dns/dnscrypt-proxy/distinfo
  branches/2016Q1/dns/dnscrypt-proxy/files/dnscrypt-proxy_multi.in
Directory Properties:
  branches/2016Q1/   (props changed)

Modified: branches/2016Q1/dns/dnscrypt-proxy/Makefile
==============================================================================
--- branches/2016Q1/dns/dnscrypt-proxy/Makefile	Wed Feb 10 00:04:04 2016	(r408606)
+++ branches/2016Q1/dns/dnscrypt-proxy/Makefile	Wed Feb 10 00:05:06 2016	(r408607)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	dnscrypt-proxy
-PORTVERSION=	1.6.0
-PORTREVISION=	3
+PORTVERSION=	1.6.1
 CATEGORIES=	dns
 MASTER_SITES=	http://download.dnscrypt.org/dnscrypt-proxy/ \
 		http://www.dns-lab.com/downloads/dnscrypt-proxy/
@@ -39,9 +38,7 @@ SUB_FILES=	pkg-message
 
 USERS=		_dnscrypt-proxy
 
-PORTDOCS=	AUTHORS ChangeLog INSTALL NEWS README \
-		README-PLUGINS.markdown README-WINDOWS.markdown \
-		README.markdown TECHNOTES THANKS
+PORTDOCS=	AUTHORS ChangeLog INSTALL NEWS README* THANKS
 
 post-install:
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}

Modified: branches/2016Q1/dns/dnscrypt-proxy/distinfo
==============================================================================
--- branches/2016Q1/dns/dnscrypt-proxy/distinfo	Wed Feb 10 00:04:04 2016	(r408606)
+++ branches/2016Q1/dns/dnscrypt-proxy/distinfo	Wed Feb 10 00:05:06 2016	(r408607)
@@ -1,2 +1,2 @@
-SHA256 (dnscrypt-proxy-1.6.0.tar.gz) = 7703a41a1040fc30b19fdfbbaba36b411e66d998584b0e2fa5088f734f4f86be
-SIZE (dnscrypt-proxy-1.6.0.tar.gz) = 1579293
+SHA256 (dnscrypt-proxy-1.6.1.tar.gz) = c519012a66f3ee30be02113d1e0139be08ccd2ec45ca4102eac35be731a65340
+SIZE (dnscrypt-proxy-1.6.1.tar.gz) = 1721006

Modified: branches/2016Q1/dns/dnscrypt-proxy/files/dnscrypt-proxy_multi.in
==============================================================================
--- branches/2016Q1/dns/dnscrypt-proxy/files/dnscrypt-proxy_multi.in	Wed Feb 10 00:04:04 2016	(r408606)
+++ branches/2016Q1/dns/dnscrypt-proxy/files/dnscrypt-proxy_multi.in	Wed Feb 10 00:05:06 2016	(r408607)
@@ -57,7 +57,7 @@ for i in $dnscrypt_proxy_instances; do
     eval dnscrypt_proxy_logfile_tmp=\${${i}_logfile}
 
 :   ${dnscrypt_proxy_uid_tmp:=_dnscrypt-proxy}       # User to run daemon as
-:   ${dnscrypt_proxy_resolver_tmp:=opendns}          # resolver to use
+:   ${dnscrypt_proxy_resolver_tmp:=cisco}            # resolver to use
 :   ${dnscrypt_proxy_pidfile_tmp:=/var/run/${i}.pid} # Path to pid file
 :   ${dnscrypt_proxy_logfile_tmp:=/var/log/${i}.log} # Path to log file
 

Copied: branches/2016Q1/dns/dnscrypt-proxy/files/patch-src_proxy_edns.c (from r408606, head/dns/dnscrypt-proxy/files/patch-src_proxy_edns.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2016Q1/dns/dnscrypt-proxy/files/patch-src_proxy_edns.c	Wed Feb 10 00:05:06 2016	(r408607, copy of r408606, head/dns/dnscrypt-proxy/files/patch-src_proxy_edns.c)
@@ -0,0 +1,34 @@
+# Origin: https://github.com/jedisct1/dnscrypt-proxy/commit/a193c6ff1ca2b24bb283f0d64bf8f5faefc0def1
+# Subject: Repair edns0 support
+
+--- src/proxy/edns.c.orig	2016-02-02 15:42:19 UTC
++++ src/proxy/edns.c
+@@ -10,7 +10,7 @@
+ #include "dnscrypt_proxy.h"
+ #include "edns.h"
+ 
+-#define DNS_MAX_HOSTNAME_LEN 255U
++#define DNS_MAX_HOSTNAME_LEN 256U
+ 
+ static int
+ _skip_name(const uint8_t * const dns_packet, const size_t dns_packet_len,
+@@ -26,9 +26,6 @@ _skip_name(const uint8_t * const dns_pac
+     }
+     for (;;) {
+         name_component_len = dns_packet[offset];
+-        if (name_component_len == 0U) {
+-            break;
+-        }
+         if ((name_component_len & 0xC0) == 0xC0) {
+             name_component_len = 1U;
+         }
+@@ -40,6 +37,9 @@ _skip_name(const uint8_t * const dns_pac
+             return -1;
+         }
+         offset += name_component_len + 1U;
++        if (name_component_len == 0U) {
++            break;
++        }
+     }
+     if (offset >= dns_packet_len) {
+         return -1;

More information about the svn-ports-all mailing list