Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Michael Orlitzky <mjo@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-dns/djbdns/, net-dns/djbdns/files/
Date: Fri, 05 Aug 2016 13:44:33
Message-Id: 1470404515.e36913e087879c62aaa678f2ba35927a17af9b1c.mjo@gentoo
1 commit: e36913e087879c62aaa678f2ba35927a17af9b1c
2 Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
3 AuthorDate: Fri Aug 5 13:41:35 2016 +0000
4 Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
5 CommitDate: Fri Aug 5 13:41:55 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e36913e0
7
8 net-dns/djbdns: new revision with increased dnscache recursion depth.
9
10 There is a hard limit on the number of recursive queries that dnscache
11 will perform. This new revision adds a patch, increasing a loop
12 iteration limit from 100 to 200, and thus increasing the recursion
13 depth. The patch was based on a similar fix for OpenWrt, suggested by
14 John Stile.
15
16 With the new revision, the ebuild was updated to EAPI=6. The eutils
17 eclass was dropped as "epatch" was replaced with "eapply"; some
18 patches needed new revisions to work with -p1, as eapply does. Two
19 other patches needed revisions to avoid fuzz from the new fix.
20
21 Gentoo-Bug: 590548
22 Reported-By: John Stile
23
24 Package-Manager: portage-2.2.28
25
26 net-dns/djbdns/djbdns-1.05-r31.ebuild | 152 +++++++++
27 net-dns/djbdns/files/1.05-errno-r1.patch | 11 +
28 ...e-similar-outgoing-queries-ipv6-test25-r1.patch | 351 +++++++++++++++++++++
29 ...nscache-merge-similar-outgoing-queries-r1.patch | 349 ++++++++++++++++++++
30 net-dns/djbdns/files/headtail-r1.patch | 67 ++++
31 .../files/increase-cname-recustion-depth.patch | 43 +++
32 6 files changed, 973 insertions(+)
33
34 diff --git a/net-dns/djbdns/djbdns-1.05-r31.ebuild b/net-dns/djbdns/djbdns-1.05-r31.ebuild
35 new file mode 100644
36 index 0000000..28341aa
37 --- /dev/null
38 +++ b/net-dns/djbdns/djbdns-1.05-r31.ebuild
39 @@ -0,0 +1,152 @@
40 +# Copyright 1999-2016 Gentoo Foundation
41 +# Distributed under the terms of the GNU General Public License v2
42 +# $Id$
43 +
44 +EAPI=6
45 +inherit flag-o-matic readme.gentoo-r1 toolchain-funcs user
46 +
47 +DESCRIPTION="Collection of DNS client/server software"
48 +HOMEPAGE="http://cr.yp.to/djbdns.html"
49 +IPV6_PATCH="test27"
50 +
51 +SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz
52 + http://smarden.org/pape/djb/manpages/${P}-man.tar.gz
53 + ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )"
54 +
55 +SLOT="0"
56 +LICENSE="public-domain"
57 +KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
58 +IUSE="ipv6 selinux"
59 +
60 +DEPEND=""
61 +RDEPEND="sys-apps/ucspi-tcp
62 + virtual/daemontools
63 + selinux? ( sec-policy/selinux-djbdns )"
64 +
65 +src_unpack(){
66 + # Unpack both djbdns and its man pages to separate directories.
67 + default
68 +
69 + # Now move the man pages under ${S} so that user patches can be
70 + # applied to them as well in src_prepare().
71 + mv "${PN}-man" "${P}/man" || die "failed to transplant man pages"
72 +}
73 +
74 +src_prepare() {
75 + eapply \
76 + "${FILESDIR}/headtail-r1.patch" \
77 + "${FILESDIR}/dnsroots.patch" \
78 + "${FILESDIR}/dnstracesort.patch" \
79 + "${FILESDIR}/string_length_255.patch" \
80 + "${FILESDIR}/srv_record_support.patch" \
81 + "${FILESDIR}/increase-cname-recustion-depth.patch"
82 +
83 + # Fix CVE2009-0858
84 + eapply "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
85 +
86 + if use ipv6; then
87 + elog 'At present dnstrace does NOT support IPv6. It will'\
88 + 'be compiled without IPv6 support.'
89 +
90 + # Create a separate copy of the source tree for dnstrace.
91 + cp -pR "${S}" "${S}-noipv6" || die
92 +
93 + # The big ipv6 patch.
94 + eapply "${WORKDIR}/${P}-${IPV6_PATCH}.diff"
95 +
96 + # Fix CVE2008-4392 (ipv6)
97 + eapply \
98 + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch" \
99 + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \
100 + "${FILESDIR}/makefile-parallel-test25.patch"
101 +
102 + cd "${S}-noipv6" || die
103 + fi
104 +
105 + # Fix CVE2008-4392 (no ipv6)
106 + eapply \
107 + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch" \
108 + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
109 +
110 + # Later versions of the ipv6 patch include this, but even if
111 + # USE=ipv6, we're in the ${S}-noipv6 directory at this point.
112 + eapply "${FILESDIR}/${PV}-errno-r1.patch"
113 +
114 + eapply_user
115 +}
116 +
117 +src_compile() {
118 + echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die
119 + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die
120 + echo "/usr" > conf-home || die
121 + emake
122 +
123 + # If djbdns is compiled with IPv6 support, it breaks dnstrace.
124 + # Therefore we must compile dnstrace separately without IPv6
125 + # support.
126 + if use ipv6; then
127 + elog 'Compiling dnstrace without ipv6 support'
128 + cp conf-cc conf-ld conf-home "${S}-noipv6/" || die
129 + cd "${S}-noipv6" || die
130 + emake dnstrace
131 + fi
132 +}
133 +
134 +src_install() {
135 + insinto /etc
136 + doins dnsroots.global
137 +
138 + into /usr
139 + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
140 + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
141 + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
142 +
143 + if use ipv6; then
144 + dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace"
145 + fi
146 +
147 + dodoc CHANGES README
148 +
149 + doman man/*.[158]
150 +
151 + readme.gentoo_create_doc
152 +}
153 +
154 +pkg_preinst() {
155 + # The nofiles group is no longer provided by baselayout.
156 + # Share it with qmail if possible.
157 + enewgroup nofiles 200
158 +
159 + enewuser dnscache -1 -1 -1 nofiles
160 + enewuser dnslog -1 -1 -1 nofiles
161 + enewuser tinydns -1 -1 -1 nofiles
162 +}
163 +
164 +DISABLE_AUTOFORMATTING=1
165 +DOC_CONTENTS='
166 +To configure djbdns, please follow the instructions at,
167 +
168 + http://cr.yp.to/djbdns.html
169 +
170 +Of particular interest are,
171 +
172 + axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html
173 + dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html
174 + tinydns : http://cr.yp.to/djbdns/run-server.html
175 +
176 +Portage has created users for axfrdns, dnscache, and tinydns; the
177 +commands to configure these programs are,
178 +
179 + 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip
180 + 2. dnscache-conf dnscache dnslog /var/dnscache $ip
181 + 3. tinydns-conf tinydns dnslog /var/tinydns $ip
182 +
183 +(replace $ip with the ip address on which the server will run).
184 +
185 +If you wish to configure rbldns or walldns, you will need to create
186 +those users yourself (although you should still use the "dnslog"
187 +user for the logs):
188 +
189 + 4. rbldns-conf $username dnslog /var/rbldns $ip $base
190 + 5. walldns-conf $username dnslog /var/walldns $ip
191 +'
192
193 diff --git a/net-dns/djbdns/files/1.05-errno-r1.patch b/net-dns/djbdns/files/1.05-errno-r1.patch
194 new file mode 100644
195 index 0000000..58f2f4b
196 --- /dev/null
197 +++ b/net-dns/djbdns/files/1.05-errno-r1.patch
198 @@ -0,0 +1,11 @@
199 +--- a/error.h 2001-02-11 15:11:45.000000000 -0600
200 ++++ b/error.h 2003-02-26 02:10:21.000000000 -0600
201 +@@ -1,7 +1,7 @@
202 + #ifndef ERROR_H
203 + #define ERROR_H
204 +
205 +-extern int errno;
206 ++#include <errno.h>
207 +
208 + extern int error_intr;
209 + extern int error_nomem;
210
211 diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch
212 new file mode 100644
213 index 0000000..1d132d6
214 --- /dev/null
215 +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch
216 @@ -0,0 +1,351 @@
217 +diff --git a/Makefile b/Makefile
218 +index 5ccd647..eee09dd 100644
219 +--- a/Makefile
220 ++++ b/Makefile
221 +@@ -346,11 +346,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h
222 + ./compile dns_txt.c
223 +
224 + dnscache: \
225 +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
226 ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
227 + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
228 + libtai.a unix.a byte.a socket.lib
229 + ./load dnscache droproot.o okclient.o log.o cache.o \
230 +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \
231 ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
232 + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \
233 + socket.lib`
234 +
235 +@@ -371,7 +371,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \
236 + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
237 + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
238 + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
239 +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
240 ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
241 + ./compile dnscache.c
242 +
243 + dnsfilter: \
244 +@@ -749,11 +749,16 @@ qlog.o: \
245 + compile qlog.c buffer.h qlog.h uint16.h
246 + ./compile qlog.c
247 +
248 ++qmerge.o: \
249 ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
250 ++taia.h tai.h uint64.h log.h maxclient.h
251 ++ ./compile qmerge.c
252 ++
253 + query.o: \
254 + compile query.c error.h roots.h log.h uint64.h case.h cache.h \
255 + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
256 + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
257 +-response.h uint32.h query.h dns.h uint32.h
258 ++response.h uint32.h query.h dns.h uint32.h qmerge.h
259 + ./compile query.c
260 +
261 + random-ip: \
262 +diff --git a/dnscache.c b/dnscache.c
263 +index abcba69..c84e4b8 100644
264 +--- a/dnscache.c
265 ++++ b/dnscache.c
266 +@@ -23,6 +23,7 @@
267 + #include "log.h"
268 + #include "okclient.h"
269 + #include "droproot.h"
270 ++#include "maxclient.h"
271 +
272 + long interface;
273 +
274 +@@ -59,7 +60,6 @@ uint64 numqueries = 0;
275 +
276 + static int udp53;
277 +
278 +-#define MAXUDP 200
279 + static struct udpclient {
280 + struct query q;
281 + struct taia start;
282 +@@ -136,7 +136,6 @@ void u_new(void)
283 +
284 + static int tcp53;
285 +
286 +-#define MAXTCP 20
287 + struct tcpclient {
288 + struct query q;
289 + struct taia start;
290 +diff --git a/log.c b/log.c
291 +index df465e2..1b0d98c 100644
292 +--- a/log.c
293 ++++ b/log.c
294 +@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser
295 + line();
296 + }
297 +
298 ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
299 ++{
300 ++ string("txpb ");
301 ++ logtype(qtype); space(); name(q); space(); name(control);
302 ++ line();
303 ++}
304 ++
305 + void log_cachedanswer(const char *q,const char type[2])
306 + {
307 + string("cached "); logtype(type); space();
308 +diff --git a/log.h b/log.h
309 +index fe62fa3..d9a829b 100644
310 +--- a/log.h
311 ++++ b/log.h
312 +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *);
313 + extern void log_cachedns(const char *,const char *);
314 +
315 + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
316 ++extern void log_tx_piggyback(const char *,const char *,const char *);
317 +
318 + extern void log_nxdomain(const char *,const char *,unsigned int);
319 + extern void log_nodata(const char *,const char *,const char *,unsigned int);
320 +diff --git a/maxclient.h b/maxclient.h
321 +new file mode 100644
322 +index 0000000..e52fcd1
323 +--- /dev/null
324 ++++ b/maxclient.h
325 +@@ -0,0 +1,7 @@
326 ++#ifndef MAXCLIENT_H
327 ++#define MAXCLIENT_H
328 ++
329 ++#define MAXUDP 200
330 ++#define MAXTCP 20
331 ++
332 ++#endif /* MAXCLIENT_H */
333 +diff --git a/qmerge.c b/qmerge.c
334 +new file mode 100644
335 +index 0000000..7c92299
336 +--- /dev/null
337 ++++ b/qmerge.c
338 +@@ -0,0 +1,115 @@
339 ++#include "qmerge.h"
340 ++#include "byte.h"
341 ++#include "log.h"
342 ++#include "maxclient.h"
343 ++
344 ++#define QMERGE_MAX (MAXUDP+MAXTCP)
345 ++struct qmerge inprogress[QMERGE_MAX];
346 ++
347 ++static
348 ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
349 ++ const char *control)
350 ++{
351 ++ if (!dns_domain_copy(&qmk->q, q)) return 0;
352 ++ byte_copy(qmk->qtype, 2, qtype);
353 ++ if (!dns_domain_copy(&qmk->control, control)) return 0;
354 ++ return 1;
355 ++}
356 ++
357 ++static
358 ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
359 ++{
360 ++ return
361 ++ byte_equal(a->qtype, 2, b->qtype) &&
362 ++ dns_domain_equal(a->q, b->q) &&
363 ++ dns_domain_equal(a->control, b->control);
364 ++}
365 ++
366 ++static
367 ++void qmerge_key_free(struct qmerge_key *qmk)
368 ++{
369 ++ dns_domain_free(&qmk->q);
370 ++ dns_domain_free(&qmk->control);
371 ++}
372 ++
373 ++void qmerge_free(struct qmerge **x)
374 ++{
375 ++ struct qmerge *qm;
376 ++
377 ++ qm = *x;
378 ++ *x = 0;
379 ++ if (!qm || !qm->active) return;
380 ++
381 ++ qm->active--;
382 ++ if (!qm->active) {
383 ++ qmerge_key_free(&qm->key);
384 ++ dns_transmit_free(&qm->dt);
385 ++ }
386 ++}
387 ++
388 ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
389 ++ const char *q, const char qtype[2], const char localip[4],
390 ++ const char *control)
391 ++{
392 ++ struct qmerge_key k;
393 ++ int i;
394 ++ int r;
395 ++
396 ++ qmerge_free(qm);
397 ++
398 ++ byte_zero(&k, sizeof k);
399 ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1;
400 ++ for (i = 0; i < QMERGE_MAX; i++) {
401 ++ if (!inprogress[i].active) continue;
402 ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
403 ++ log_tx_piggyback(q, qtype, control);
404 ++ inprogress[i].active++;
405 ++ *qm = &inprogress[i];
406 ++ qmerge_key_free(&k);
407 ++ return 0;
408 ++ }
409 ++
410 ++ for (i = 0; i < QMERGE_MAX; i++)
411 ++ if (!inprogress[i].active)
412 ++ break;
413 ++ if (i == QMERGE_MAX) return -1;
414 ++
415 ++ log_tx(q, qtype, control, servers, 0);
416 ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
417 ++ if (r == -1) { qmerge_key_free(&k); return -1; }
418 ++ inprogress[i].active++;
419 ++ inprogress[i].state = 0;
420 ++ qmerge_key_free(&inprogress[i].key);
421 ++ byte_copy(&inprogress[i].key, sizeof k, &k);
422 ++ *qm = &inprogress[i];
423 ++ return 0;
424 ++}
425 ++
426 ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
427 ++{
428 ++ if (qm->state == 0) {
429 ++ dns_transmit_io(&qm->dt, io, deadline);
430 ++ qm->state = 1;
431 ++ }
432 ++ else {
433 ++ io->fd = -1;
434 ++ io->events = 0;
435 ++ }
436 ++}
437 ++
438 ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
439 ++{
440 ++ int r;
441 ++ struct qmerge *qm;
442 ++
443 ++ qm = *x;
444 ++ if (qm->state == -1) return -1; /* previous error */
445 ++ if (qm->state == 0) return 0; /* no packet */
446 ++ if (qm->state == 2) return 1; /* already got packet */
447 ++
448 ++ r = dns_transmit_get(&qm->dt, io, when);
449 ++ if (r == -1) { qm->state = -1; return -1; } /* error */
450 ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
451 ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */
452 ++ return -1; /* bug */
453 ++}
454 +diff --git a/qmerge.h b/qmerge.h
455 +new file mode 100644
456 +index 0000000..9a58157
457 +--- /dev/null
458 ++++ b/qmerge.h
459 +@@ -0,0 +1,24 @@
460 ++#ifndef QMERGE_H
461 ++#define QMERGE_H
462 ++
463 ++#include "dns.h"
464 ++
465 ++struct qmerge_key {
466 ++ char *q;
467 ++ char qtype[2];
468 ++ char *control;
469 ++};
470 ++
471 ++struct qmerge {
472 ++ int active;
473 ++ struct qmerge_key key;
474 ++ struct dns_transmit dt;
475 ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
476 ++};
477 ++
478 ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
479 ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
480 ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
481 ++extern void qmerge_free(struct qmerge **);
482 ++
483 ++#endif /* QMERGE_H */
484 +diff --git a/query.c b/query.c
485 +index d61b20c..d9be8b8 100644
486 +--- a/query.c
487 ++++ b/query.c
488 +@@ -84,7 +84,7 @@ static void cleanup(struct query *z)
489 + int j;
490 + int k;
491 +
492 +- dns_transmit_free(&z->dt);
493 ++ qmerge_free(&z->qm);
494 + for (j = 0;j < QUERY_MAXALIAS;++j)
495 + dns_domain_free(&z->alias[j]);
496 + for (j = 0;j < QUERY_MAXLEVEL;++j) {
497 +@@ -624,15 +624,9 @@ static int doit(struct query *z,int state)
498 + if (j == 256) goto SERVFAIL;
499 +
500 + dns_sortip6(z->servers[z->level],256);
501 +- if (z->level) {
502 +- dtype = z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A;
503 +- log_tx(z->name[z->level],dtype,z->control[z->level],z->servers[z->level],z->level);
504 +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip) == -1) goto DIE;
505 +- }
506 +- else {
507 +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
508 +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
509 +- }
510 ++ dtype = z->level ? (z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A) : z->type;
511 ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
512 ++
513 + return 0;
514 +
515 +
516 +@@ -646,10 +640,10 @@ static int doit(struct query *z,int state)
517 +
518 + HAVEPACKET:
519 + if (++z->loop == 200) goto DIE;
520 +- buf = z->dt.packet;
521 +- len = z->dt.packetlen;
522 ++ buf = z->qm->dt.packet;
523 ++ len = z->qm->dt.packetlen;
524 +
525 +- whichserver = z->dt.servers + 16 * z->dt.curserver;
526 ++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver;
527 + control = z->control[z->level];
528 + d = z->name[z->level];
529 + /* dtype = z->level ? DNS_T_A : z->type; */
530 +@@ -1071,7 +1065,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip
531 +
532 + int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
533 + {
534 +- switch(dns_transmit_get(&z->dt,x,stamp)) {
535 ++ switch(qmerge_get(&z->qm,x,stamp)) {
536 + case 1:
537 + return doit(z,1);
538 + case -1:
539 +@@ -1082,5 +1076,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
540 +
541 + void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
542 + {
543 +- dns_transmit_io(&z->dt,x,deadline);
544 ++ qmerge_io(z->qm,x,deadline);
545 + }
546 +diff --git a/query.h b/query.h
547 +index 61812aa..93a322e 100644
548 +--- a/query.h
549 ++++ b/query.h
550 +@@ -1,7 +1,7 @@
551 + #ifndef QUERY_H
552 + #define QUERY_H
553 +
554 +-#include "dns.h"
555 ++#include "qmerge.h"
556 + #include "uint32.h"
557 +
558 + #define QUERY_MAXLEVEL 5
559 +@@ -22,7 +22,7 @@ struct query {
560 + uint32 scope_id;
561 + char type[2];
562 + char class[2];
563 +- struct dns_transmit dt;
564 ++ struct qmerge *qm;
565 + } ;
566 +
567 + extern int query_start(struct query *,char *,char *,char *,char *,unsigned int);
568
569 diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch
570 new file mode 100644
571 index 0000000..57e5095
572 --- /dev/null
573 +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch
574 @@ -0,0 +1,349 @@
575 +diff --git a/Makefile b/Makefile
576 +index 1429643..bc047c0 100644
577 +--- a/Makefile
578 ++++ b/Makefile
579 +@@ -318,11 +318,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h
580 + ./compile dns_txt.c
581 +
582 + dnscache: \
583 +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
584 ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
585 + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
586 + libtai.a unix.a byte.a socket.lib
587 + ./load dnscache droproot.o okclient.o log.o cache.o \
588 +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \
589 ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
590 + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \
591 + socket.lib`
592 +
593 +@@ -343,7 +343,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \
594 + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
595 + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
596 + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
597 +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
598 ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
599 + ./compile dnscache.c
600 +
601 + dnsfilter: \
602 +@@ -687,11 +687,16 @@ qlog.o: \
603 + compile qlog.c buffer.h qlog.h uint16.h
604 + ./compile qlog.c
605 +
606 ++qmerge.o: \
607 ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
608 ++taia.h tai.h uint64.h log.h maxclient.h
609 ++ ./compile qmerge.c
610 ++
611 + query.o: \
612 + compile query.c error.h roots.h log.h uint64.h case.h cache.h \
613 + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
614 + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
615 +-response.h uint32.h query.h dns.h uint32.h
616 ++response.h uint32.h query.h dns.h uint32.h qmerge.h
617 + ./compile query.c
618 +
619 + random-ip: \
620 +diff --git a/dnscache.c b/dnscache.c
621 +index 8c899a3..5ccb16a 100644
622 +--- a/dnscache.c
623 ++++ b/dnscache.c
624 +@@ -22,6 +22,7 @@
625 + #include "log.h"
626 + #include "okclient.h"
627 + #include "droproot.h"
628 ++#include "maxclient.h"
629 +
630 + static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2])
631 + {
632 +@@ -54,7 +55,6 @@ uint64 numqueries = 0;
633 +
634 + static int udp53;
635 +
636 +-#define MAXUDP 200
637 + static struct udpclient {
638 + struct query q;
639 + struct taia start;
640 +@@ -131,7 +131,6 @@ void u_new(void)
641 +
642 + static int tcp53;
643 +
644 +-#define MAXTCP 20
645 + struct tcpclient {
646 + struct query q;
647 + struct taia start;
648 +diff --git a/log.c b/log.c
649 +index c43e8b0..b8cd7ce 100644
650 +--- a/log.c
651 ++++ b/log.c
652 +@@ -150,6 +150,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser
653 + line();
654 + }
655 +
656 ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
657 ++{
658 ++ string("txpb ");
659 ++ logtype(qtype); space(); name(q); space(); name(control);
660 ++ line();
661 ++}
662 ++
663 + void log_cachedanswer(const char *q,const char type[2])
664 + {
665 + string("cached "); logtype(type); space();
666 +diff --git a/log.h b/log.h
667 +index fe62fa3..d9a829b 100644
668 +--- a/log.h
669 ++++ b/log.h
670 +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *);
671 + extern void log_cachedns(const char *,const char *);
672 +
673 + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
674 ++extern void log_tx_piggyback(const char *,const char *,const char *);
675 +
676 + extern void log_nxdomain(const char *,const char *,unsigned int);
677 + extern void log_nodata(const char *,const char *,const char *,unsigned int);
678 +diff --git a/maxclient.h b/maxclient.h
679 +new file mode 100644
680 +index 0000000..e52fcd1
681 +--- /dev/null
682 ++++ b/maxclient.h
683 +@@ -0,0 +1,7 @@
684 ++#ifndef MAXCLIENT_H
685 ++#define MAXCLIENT_H
686 ++
687 ++#define MAXUDP 200
688 ++#define MAXTCP 20
689 ++
690 ++#endif /* MAXCLIENT_H */
691 +diff --git a/qmerge.c b/qmerge.c
692 +new file mode 100644
693 +index 0000000..7c92299
694 +--- /dev/null
695 ++++ b/qmerge.c
696 +@@ -0,0 +1,115 @@
697 ++#include "qmerge.h"
698 ++#include "byte.h"
699 ++#include "log.h"
700 ++#include "maxclient.h"
701 ++
702 ++#define QMERGE_MAX (MAXUDP+MAXTCP)
703 ++struct qmerge inprogress[QMERGE_MAX];
704 ++
705 ++static
706 ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
707 ++ const char *control)
708 ++{
709 ++ if (!dns_domain_copy(&qmk->q, q)) return 0;
710 ++ byte_copy(qmk->qtype, 2, qtype);
711 ++ if (!dns_domain_copy(&qmk->control, control)) return 0;
712 ++ return 1;
713 ++}
714 ++
715 ++static
716 ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
717 ++{
718 ++ return
719 ++ byte_equal(a->qtype, 2, b->qtype) &&
720 ++ dns_domain_equal(a->q, b->q) &&
721 ++ dns_domain_equal(a->control, b->control);
722 ++}
723 ++
724 ++static
725 ++void qmerge_key_free(struct qmerge_key *qmk)
726 ++{
727 ++ dns_domain_free(&qmk->q);
728 ++ dns_domain_free(&qmk->control);
729 ++}
730 ++
731 ++void qmerge_free(struct qmerge **x)
732 ++{
733 ++ struct qmerge *qm;
734 ++
735 ++ qm = *x;
736 ++ *x = 0;
737 ++ if (!qm || !qm->active) return;
738 ++
739 ++ qm->active--;
740 ++ if (!qm->active) {
741 ++ qmerge_key_free(&qm->key);
742 ++ dns_transmit_free(&qm->dt);
743 ++ }
744 ++}
745 ++
746 ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
747 ++ const char *q, const char qtype[2], const char localip[4],
748 ++ const char *control)
749 ++{
750 ++ struct qmerge_key k;
751 ++ int i;
752 ++ int r;
753 ++
754 ++ qmerge_free(qm);
755 ++
756 ++ byte_zero(&k, sizeof k);
757 ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1;
758 ++ for (i = 0; i < QMERGE_MAX; i++) {
759 ++ if (!inprogress[i].active) continue;
760 ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
761 ++ log_tx_piggyback(q, qtype, control);
762 ++ inprogress[i].active++;
763 ++ *qm = &inprogress[i];
764 ++ qmerge_key_free(&k);
765 ++ return 0;
766 ++ }
767 ++
768 ++ for (i = 0; i < QMERGE_MAX; i++)
769 ++ if (!inprogress[i].active)
770 ++ break;
771 ++ if (i == QMERGE_MAX) return -1;
772 ++
773 ++ log_tx(q, qtype, control, servers, 0);
774 ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
775 ++ if (r == -1) { qmerge_key_free(&k); return -1; }
776 ++ inprogress[i].active++;
777 ++ inprogress[i].state = 0;
778 ++ qmerge_key_free(&inprogress[i].key);
779 ++ byte_copy(&inprogress[i].key, sizeof k, &k);
780 ++ *qm = &inprogress[i];
781 ++ return 0;
782 ++}
783 ++
784 ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
785 ++{
786 ++ if (qm->state == 0) {
787 ++ dns_transmit_io(&qm->dt, io, deadline);
788 ++ qm->state = 1;
789 ++ }
790 ++ else {
791 ++ io->fd = -1;
792 ++ io->events = 0;
793 ++ }
794 ++}
795 ++
796 ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
797 ++{
798 ++ int r;
799 ++ struct qmerge *qm;
800 ++
801 ++ qm = *x;
802 ++ if (qm->state == -1) return -1; /* previous error */
803 ++ if (qm->state == 0) return 0; /* no packet */
804 ++ if (qm->state == 2) return 1; /* already got packet */
805 ++
806 ++ r = dns_transmit_get(&qm->dt, io, when);
807 ++ if (r == -1) { qm->state = -1; return -1; } /* error */
808 ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
809 ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */
810 ++ return -1; /* bug */
811 ++}
812 +diff --git a/qmerge.h b/qmerge.h
813 +new file mode 100644
814 +index 0000000..9a58157
815 +--- /dev/null
816 ++++ b/qmerge.h
817 +@@ -0,0 +1,24 @@
818 ++#ifndef QMERGE_H
819 ++#define QMERGE_H
820 ++
821 ++#include "dns.h"
822 ++
823 ++struct qmerge_key {
824 ++ char *q;
825 ++ char qtype[2];
826 ++ char *control;
827 ++};
828 ++
829 ++struct qmerge {
830 ++ int active;
831 ++ struct qmerge_key key;
832 ++ struct dns_transmit dt;
833 ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
834 ++};
835 ++
836 ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
837 ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
838 ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
839 ++extern void qmerge_free(struct qmerge **);
840 ++
841 ++#endif /* QMERGE_H */
842 +diff --git a/query.c b/query.c
843 +index 46cdc00..f091fdd 100644
844 +--- a/query.c
845 ++++ b/query.c
846 +@@ -81,7 +81,7 @@ static void cleanup(struct query *z)
847 + int j;
848 + int k;
849 +
850 +- dns_transmit_free(&z->dt);
851 ++ qmerge_free(&z->qm);
852 + for (j = 0;j < QUERY_MAXALIAS;++j)
853 + dns_domain_free(&z->alias[j]);
854 + for (j = 0;j < QUERY_MAXLEVEL;++j) {
855 +@@ -429,14 +429,8 @@ static int doit(struct query *z,int state)
856 + if (j == 64) goto SERVFAIL;
857 +
858 + dns_sortip(z->servers[z->level],64);
859 +- if (z->level) {
860 +- log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level);
861 +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE;
862 +- }
863 +- else {
864 +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
865 +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
866 +- }
867 ++ dtype = z->level ? DNS_T_A : z->type;
868 ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
869 + return 0;
870 +
871 +
872 +@@ -450,10 +444,10 @@ static int doit(struct query *z,int state)
873 +
874 + HAVEPACKET:
875 + if (++z->loop == 200) goto DIE;
876 +- buf = z->dt.packet;
877 +- len = z->dt.packetlen;
878 ++ buf = z->qm->dt.packet;
879 ++ len = z->qm->dt.packetlen;
880 +
881 +- whichserver = z->dt.servers + 4 * z->dt.curserver;
882 ++ whichserver = z->qm->dt.servers + 4 * z->qm->dt.curserver;
883 + control = z->control[z->level];
884 + d = z->name[z->level];
885 + dtype = z->level ? DNS_T_A : z->type;
886 +@@ -836,7 +830,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip
887 +
888 + int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
889 + {
890 +- switch(dns_transmit_get(&z->dt,x,stamp)) {
891 ++ switch(qmerge_get(&z->qm,x,stamp)) {
892 + case 1:
893 + return doit(z,1);
894 + case -1:
895 +@@ -847,5 +841,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
896 +
897 + void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
898 + {
899 +- dns_transmit_io(&z->dt,x,deadline);
900 ++ qmerge_io(z->qm,x,deadline);
901 + }
902 +diff --git a/query.h b/query.h
903 +index eff68b2..06feab4 100644
904 +--- a/query.h
905 ++++ b/query.h
906 +@@ -1,7 +1,7 @@
907 + #ifndef QUERY_H
908 + #define QUERY_H
909 +
910 +-#include "dns.h"
911 ++#include "qmerge.h"
912 + #include "uint32.h"
913 +
914 + #define QUERY_MAXLEVEL 5
915 +@@ -20,7 +20,7 @@ struct query {
916 + char localip[4];
917 + char type[2];
918 + char class[2];
919 +- struct dns_transmit dt;
920 ++ struct qmerge *qm;
921 + } ;
922 +
923 + extern int query_start(struct query *,char *,char *,char *,char *);
924
925 diff --git a/net-dns/djbdns/files/headtail-r1.patch b/net-dns/djbdns/files/headtail-r1.patch
926 new file mode 100644
927 index 0000000..3185480
928 --- /dev/null
929 +++ b/net-dns/djbdns/files/headtail-r1.patch
930 @@ -0,0 +1,67 @@
931 +diff -Naur /tmp/djbdns-1.05/Makefile djbdns-1.05/Makefile
932 +--- a/Makefile 2003-11-16 20:33:41.000000000 +0100
933 ++++ b/Makefile 2003-11-16 20:35:15.000000000 +0100
934 +@@ -31,7 +31,7 @@
935 +
936 + auto_home.c: \
937 + auto-str conf-home
938 +- ./auto-str auto_home `head -1 conf-home` > auto_home.c
939 ++ ./auto-str auto_home `head -n 1 conf-home` > auto_home.c
940 +
941 + auto_home.o: \
942 + compile auto_home.c
943 +@@ -205,14 +205,14 @@
944 + choose: \
945 + warn-auto.sh choose.sh conf-home
946 + cat warn-auto.sh choose.sh \
947 +- | sed s}HOME}"`head -1 conf-home`"}g \
948 ++ | sed s}HOME}"`head -n 1 conf-home`"}g \
949 + > choose
950 + chmod 755 choose
951 +
952 + compile: \
953 + warn-auto.sh conf-cc
954 + ( cat warn-auto.sh; \
955 +- echo exec "`head -1 conf-cc`" '-c $${1+"$$@"}' \
956 ++ echo exec "`head -n 1 conf-cc`" '-c $${1+"$$@"}' \
957 + ) > compile
958 + chmod 755 compile
959 +
960 +@@ -449,7 +449,7 @@
961 + dnstracesort: \
962 + warn-auto.sh dnstracesort.sh conf-home
963 + cat warn-auto.sh dnstracesort.sh \
964 +- | sed s}HOME}"`head -1 conf-home`"}g \
965 ++ | sed s}HOME}"`head -n 1 conf-home`"}g \
966 + > dnstracesort
967 + chmod 755 dnstracesort
968 +
969 +@@ -570,7 +570,7 @@
970 + warn-auto.sh conf-ld
971 + ( cat warn-auto.sh; \
972 + echo 'main="$$1"; shift'; \
973 +- echo exec "`head -1 conf-ld`" \
974 ++ echo exec "`head -n 1 conf-ld`" \
975 + '-o "$$main" "$$main".o $${1+"$$@"}' \
976 + ) > load
977 + chmod 755 load
978 +@@ -758,7 +758,7 @@
979 + rts: \
980 + warn-auto.sh rts.sh conf-home
981 + cat warn-auto.sh rts.sh \
982 +- | sed s}HOME}"`head -1 conf-home`"}g \
983 ++ | sed s}HOME}"`head -n 1 conf-home`"}g \
984 + > rts
985 + chmod 755 rts
986 +
987 +@@ -901,8 +901,8 @@
988 + systype: \
989 + find-systype.sh conf-cc conf-ld trycpp.c x86cpuid.c
990 + ( cat warn-auto.sh; \
991 +- echo CC=\'`head -1 conf-cc`\'; \
992 +- echo LD=\'`head -1 conf-ld`\'; \
993 ++ echo CC=\'`head -n 1 conf-cc`\'; \
994 ++ echo LD=\'`head -n 1 conf-ld`\'; \
995 + cat find-systype.sh; \
996 + ) | sh > systype
997 +
998
999 diff --git a/net-dns/djbdns/files/increase-cname-recustion-depth.patch b/net-dns/djbdns/files/increase-cname-recustion-depth.patch
1000 new file mode 100644
1001 index 0000000..3415f65
1002 --- /dev/null
1003 +++ b/net-dns/djbdns/files/increase-cname-recustion-depth.patch
1004 @@ -0,0 +1,43 @@
1005 +From d8534e8482bdd3f6e4ae1dca8452e65c24dd34f7 Mon Sep 17 00:00:00 2001
1006 +From: Michael Orlitzky <michael@××××××××.com>
1007 +Date: Fri, 5 Aug 2016 09:13:11 -0400
1008 +Subject: [PATCH 1/1] query.c: increase recursion depth to 200.
1009 +
1010 +The recursion loop for CNAME resolution has an upper limit of 100
1011 +iterations by default. This has proven too small in some cases where
1012 +large CDNs are concerned. This commit increases the limit to 200.
1013 +
1014 +The patch was based on the OpenWrt fix, supplied by user ylxu.
1015 +
1016 +Gentoo-Bug: 590548
1017 +OpenWrt-Bug: 5881
1018 +SMEServer-Bug: 8362
1019 +---
1020 + query.c | 4 ++--
1021 + 1 file changed, 2 insertions(+), 2 deletions(-)
1022 +
1023 +diff --git a/query.c b/query.c
1024 +index 46cdc00..61fe708 100644
1025 +--- a/query.c
1026 ++++ b/query.c
1027 +@@ -203,7 +203,7 @@ static int doit(struct query *z,int state)
1028 +
1029 +
1030 + NEWNAME:
1031 +- if (++z->loop == 100) goto DIE;
1032 ++ if (++z->loop == 200) goto DIE;
1033 + d = z->name[z->level];
1034 + dtype = z->level ? DNS_T_A : z->type;
1035 + dlen = dns_domain_length(d);
1036 +@@ -449,7 +449,7 @@ static int doit(struct query *z,int state)
1037 +
1038 +
1039 + HAVEPACKET:
1040 +- if (++z->loop == 100) goto DIE;
1041 ++ if (++z->loop == 200) goto DIE;
1042 + buf = z->dt.packet;
1043 + len = z->dt.packetlen;
1044 +
1045 +--
1046 +2.7.3
1047 +
Report Message
Find on MARC Find on Google Groups