Gentoo Archives: gentoo-commits

From: Sven Wegener <swegener@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-dns/pdns-recursor/, net-dns/pdns-recursor/files/
Date: Mon, 04 Dec 2017 15:47:01
Message-Id: 1512402081.c5edd5a90d920ff49ad549fe840599e3dc63fc0f.swegener@gentoo
1 commit: c5edd5a90d920ff49ad549fe840599e3dc63fc0f
2 Author: Sven Wegener <swegener <AT> gentoo <DOT> org>
3 AuthorDate: Mon Dec 4 15:41:21 2017 +0000
4 Commit: Sven Wegener <swegener <AT> gentoo <DOT> org>
5 CommitDate: Mon Dec 4 15:41:21 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5edd5a9
7
8 net-dns/pdns-recursor: Version bump
9
10 Package-Manager: Portage-2.3.14, Repoman-2.3.6
11
12 net-dns/pdns-recursor/Manifest | 2 +-
13 .../pdns-recursor/files/CVE-2017-15093-4.0.6.patch | 47 ----------------------
14 .../pdns-recursor/files/CVE-2017-15094-4.0.6.patch | 28 -------------
15 ....0_rc3-r1.ebuild => pdns-recursor-4.1.0.ebuild} | 4 --
16 4 files changed, 1 insertion(+), 80 deletions(-)
17
18 diff --git a/net-dns/pdns-recursor/Manifest b/net-dns/pdns-recursor/Manifest
19 index 587e95d0995..c9752e96db9 100644
20 --- a/net-dns/pdns-recursor/Manifest
21 +++ b/net-dns/pdns-recursor/Manifest
22 @@ -1,2 +1,2 @@
23 DIST pdns-recursor-4.0.7.tar.bz2 1107546 BLAKE2B 3ccda73878599e3ade69e4dc6b0787e588a8403fb7cacfbe574409513b8723cbfd29a3c73d857120def801da60a4bedbc0f0c396e6642adb0287204cde301331 SHA512 0c8873adcce5ed9b41f161bc71635da23496b4ae48dbffff7dcdf9c5181e720f9aa94e18bd64e0dff9fa03eae8410dc93585a74d13f0c16d38b0d1c0f4146bb2
24 -DIST pdns-recursor-4.1.0-rc3.tar.bz2 1191353 BLAKE2B fcbc6f08f962c9c2f459448770406734eff2caab43b615690e9d910b65327e45182aa2c9bcadadeaa6eb3984a8cb463849d5e001ffb98bb618966da5b8557a8a SHA512 141e3fcbf5e7c81ae0228fb7a15c599ef5ae41e2c2d169e2f7b4f57c6c832ac40d3e20302d219ba565c4a514b1297906684247a1a56cd740e3ea0bff4a7da51d
25 +DIST pdns-recursor-4.1.0.tar.bz2 1222751 BLAKE2B b2b5a7dee227b28eb3a1451a4d07cb1804e039e6b405c332f30fbb8df39f395906607f3c074b2469b01885b702d12e86e4ffd6114811404134c16956905c744f SHA512 1e4d70f3794005c3f45b2ec0ab580c3697e7de3096f3378b9b9d1cd53f10f95e577522ca9f634eb235b166f007e8a2bfa99f312ddf19f266ad4bb0965167fd7c
26
27 diff --git a/net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch
28 deleted file mode 100644
29 index 2695830b442..00000000000
30 --- a/net-dns/pdns-recursor/files/CVE-2017-15093-4.0.6.patch
31 +++ /dev/null
32 @@ -1,47 +0,0 @@
33 -diff -ru pdns-recursor-4.0.6.orig/ws-recursor.cc pdns-recursor-4.0.6/ws-recursor.cc
34 ---- pdns-recursor-4.0.6.orig/ws-recursor.cc 2017-07-04 17:43:07.000000000 +0200
35 -+++ pdns-recursor-4.0.6/ws-recursor.cc 2017-11-02 18:13:55.762458134 +0100
36 -@@ -76,10 +76,11 @@
37 - throw ApiException("'value' must be an array");
38 - }
39 -
40 -+ NetmaskGroup nmg;
41 - for (auto value : jlist.array_items()) {
42 - try {
43 -- Netmask(value.string_value());
44 -- } catch (NetmaskException &e) {
45 -+ nmg.addMask(value.string_value());
46 -+ } catch (const NetmaskException &e) {
47 - throw ApiException(e.reason);
48 - }
49 - }
50 -@@ -91,9 +92,7 @@
51 -
52 - // Clear allow-from, and provide a "parent" value
53 - ss << "allow-from=" << endl;
54 -- for (auto value : jlist.array_items()) {
55 -- ss << "allow-from+=" << value.string_value() << endl;
56 -- }
57 -+ ss << "allow-from+=" << nmg.toString() << endl;
58 -
59 - apiWriteConfigFile("allow-from", ss.str());
60 -
61 -@@ -201,10 +200,15 @@
62 - if (server == "") {
63 - throw ApiException("Forwarded-to server must not be an empty string");
64 - }
65 -- if (!serverlist.empty()) {
66 -- serverlist += ";";
67 -+ try {
68 -+ ComboAddress ca = parseIPAndPort(server, 53);
69 -+ if (!serverlist.empty()) {
70 -+ serverlist += ";";
71 -+ }
72 -+ serverlist += ca.toStringWithPort();
73 -+ } catch (const PDNSException &e) {
74 -+ throw ApiException(e.reason);
75 - }
76 -- serverlist += server;
77 - }
78 - if (serverlist == "")
79 - throw ApiException("Need at least one upstream server when forwarding");
80
81 diff --git a/net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch b/net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch
82 deleted file mode 100644
83 index ee7cf6878d9..00000000000
84 --- a/net-dns/pdns-recursor/files/CVE-2017-15094-4.0.6.patch
85 +++ /dev/null
86 @@ -1,28 +0,0 @@
87 -diff -ru pdns-recursor-4.0.6.orig/opensslsigners.cc pdns-recursor-4.0.6/opensslsigners.cc
88 ---- pdns-recursor-4.0.6.orig/opensslsigners.cc 2017-07-04 17:43:07.000000000 +0200
89 -+++ pdns-recursor-4.0.6/opensslsigners.cc 2017-11-02 18:18:37.489408103 +0100
90 -@@ -474,7 +474,7 @@
91 - if (iqmp == NULL) {
92 - RSA_free(key);
93 - BN_clear_free(dmq1);
94 -- BN_clear_free(iqmp);
95 -+ BN_clear_free(dmp1);
96 - throw runtime_error(getName()+" allocation of BIGNUM iqmp failed");
97 - }
98 - RSA_set0_crt_params(key, dmp1, dmq1, iqmp);
99 -@@ -562,6 +562,7 @@
100 - BIGNUM *n = BN_bin2bn((unsigned char*)modulus.c_str(), modulus.length(), NULL);
101 - if (!n) {
102 - RSA_free(key);
103 -+ BN_clear_free(e);
104 - throw runtime_error(getName()+" error loading n value of public key");
105 - }
106 -
107 -@@ -866,6 +867,7 @@
108 -
109 - int ret = EC_POINT_oct2point(d_ecgroup, pub_key, (unsigned char*) ecdsaPoint.c_str(), ecdsaPoint.length(), d_ctx);
110 - if (ret != 1) {
111 -+ EC_POINT_free(pub_key);
112 - throw runtime_error(getName()+" reading ECP point from binary failed");
113 - }
114 -
115
116 diff --git a/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild b/net-dns/pdns-recursor/pdns-recursor-4.1.0.ebuild
117 similarity index 96%
118 rename from net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild
119 rename to net-dns/pdns-recursor/pdns-recursor-4.1.0.ebuild
120 index 224ae2f7537..346091e0ec1 100644
121 --- a/net-dns/pdns-recursor/pdns-recursor-4.1.0_rc3-r1.ebuild
122 +++ b/net-dns/pdns-recursor/pdns-recursor-4.1.0.ebuild
123 @@ -33,10 +33,6 @@ DEPEND="${DEPEND}
124
125 S="${WORKDIR}"/${P/_/-}
126
127 -PATCHES=(
128 - "${FILESDIR}"/CVE-2017-{15093,15094}-4.0.6.patch
129 -)
130 -
131 pkg_setup() {
132 filter-flags -ftree-vectorize
133 }