Fixed bug #162644 and #176130.

(Portage version: 2.1.2.2)

5 files changed, 147 insertions, 4 deletions

diff --git a/net-dns/mydns/ChangeLog b/net-dns/mydns/ChangeLog
index 3ad80d6efd20..f298b593bf92 100644
--- a/net-dns/mydns/ChangeLog
+++ b/net-dns/mydns/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-dns/mydns
 # Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/mydns/ChangeLog,v 1.23 2007/04/29 18:15:14 tove Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/mydns/ChangeLog,v 1.24 2007/04/30 10:32:09 matsuu Exp $
+
+*mydns-1.1.0-r1 (30 Apr 2007)
+
+  30 Apr 2007; MATSUU Takuto <matsuu@gentoo.org>
+  +files/04-update-smash-fix.dpatch, files/mydns.rc6,
+  +mydns-1.1.0-r1.ebuild:
+  Fixed security bug #176130.
+  Fixed bug #162644.
 
   29 Apr 2007; Torsten Veller <tove@gentoo.org> mydns-1.1.0.ebuild:
   Fix *initd, *confd and *envd calls (#173884, #174266)
diff --git a/net-dns/mydns/files/04-update-smash-fix.dpatch b/net-dns/mydns/files/04-update-smash-fix.dpatch
new file mode 100644
index 000000000000..3db6b566f9b7
--- /dev/null
+++ b/net-dns/mydns/files/04-update-smash-fix.dpatch
@@ -0,0 +1,43 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04-update-smash-fix.dpatch by Philipp Kern <pkern@debian.org>
+##
+## DP: Prevent attackers to smash the heap on DNS updates and fix a
+## DP: stack-based off-by-one overflow.
+
+@DPATCH@
+diff -urNad mydns-1.1.0~/src/mydns/update.c mydns-1.1.0/src/mydns/update.c
+--- mydns-1.1.0~/src/mydns/update.c	2005-12-18 20:16:41.000000000 +0100
++++ mydns-1.1.0/src/mydns/update.c	2007-04-28 11:14:15.000000000 +0200
+@@ -228,6 +228,9 @@
+ 	DNS_GET16(rr->class, src);
+ 	DNS_GET32(rr->ttl, src);
+ 	DNS_GET16(rr->rdlength, src);
++	if(rr->rdlength > sizeof rr->rdata)
++		rr->rdlength = sizeof rr->rdata;
++
+ 	memcpy(rr->rdata, src, rr->rdlength);
+ 	src += rr->rdlength;
+ 
+@@ -328,19 +331,16 @@
+ {
+ 	int n, x;														/* Offset in 'data' */
+ 
+-	for (n = 0; src < end && n < datalen; )
++	for (n = 0; src < end && n < datalen - 1; )
+ 	{
+ 		int len = *src++;
+ 
+ 		if (n)
+ 			data[n++] = ' ';
+-		for (x = 0; x < len && src < end && n < datalen; x++)
++		for (x = 0; x < len && src < end && n < datalen - 1; x++)
+ 			data[n++] = *src++;
+ 		if (one_word_only)
+-		{
+-			data[n] = '\0';
+-			return (src);
+-		}
++			break;
+ 	}
+ 	data[n] = '\0';
+ 	return (src);
diff --git a/net-dns/mydns/files/digest-mydns-1.1.0-r1 b/net-dns/mydns/files/digest-mydns-1.1.0-r1
new file mode 100644
index 000000000000..e39ccc64c7dd
--- /dev/null
+++ b/net-dns/mydns/files/digest-mydns-1.1.0-r1
@@ -0,0 +1,3 @@
+MD5 c613a14686f08486d444cee2d68f9c87 mydns-1.1.0.tar.bz2 573261
+RMD160 ffd7c5d42d5e004e06562d4fb497cc515f31fed9 mydns-1.1.0.tar.bz2 573261
+SHA256 ecfcc8bb8fd9f707d2e7af808317cdcc3a4d701375265840944c4e0ff0d66bf6 mydns-1.1.0.tar.bz2 573261
diff --git a/net-dns/mydns/files/mydns.rc6 b/net-dns/mydns/files/mydns.rc6
index f52849b258f4..e79248da31b2 100644
--- a/net-dns/mydns/files/mydns.rc6
+++ b/net-dns/mydns/files/mydns.rc6
@@ -1,11 +1,11 @@
 #!/sbin/runscript
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/mydns/files/mydns.rc6,v 1.5 2005/01/15 03:31:00 matsuu Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/mydns/files/mydns.rc6,v 1.6 2007/04/30 10:32:09 matsuu Exp $
 
 depend() {
-	need net __db__
-	use logger
+	need net
+	use logger __db__
 }
 
 checkconfig() {
diff --git a/net-dns/mydns/mydns-1.1.0-r1.ebuild b/net-dns/mydns/mydns-1.1.0-r1.ebuild
new file mode 100644
index 000000000000..2f70d2821f0f
--- /dev/null
+++ b/net-dns/mydns/mydns-1.1.0-r1.ebuild
@@ -0,0 +1,89 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/mydns/mydns-1.1.0-r1.ebuild,v 1.1 2007/04/30 10:32:09 matsuu Exp $
+
+inherit eutils
+
+DESCRIPTION="A DNS-Server which gets its data from mysql-databases"
+HOMEPAGE="http://mydns.bboy.net/"
+SRC_URI="http://mydns.bboy.net/download/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~sparc ~x86"
+IUSE="debug nls postgres ssl static zlib"
+
+RDEPEND="virtual/libc
+	ssl? ( dev-libs/openssl )
+	zlib? ( sys-libs/zlib )
+	postgres? ( dev-db/postgresql )
+	!postgres? ( virtual/mysql )"
+DEPEND="${RDEPEND}
+	sys-devel/bison"
+
+src_unpack() {
+	unpack ${A}
+
+	cd "${S}"
+	epatch "${FILESDIR}"/${P}-m4.patch
+	epatch "${FILESDIR}"/04-update-smash-fix.dpatch
+	autoconf || die
+}
+
+src_compile() {
+	local myconf
+
+	if ! use postgres; then
+		myconf="${myconf} --with-mysql"
+	else
+		myconf="${myconf} --without-mysql --with-pgsql"
+	fi
+
+	econf --enable-alias \
+		`use_enable nls` \
+		`use_enable debug` \
+		`use_enable static static-build` \
+		`use_with ssl openssl` \
+		`use_with zlib` \
+		${myconf} || die
+
+	emake || die
+}
+
+src_install() {
+	make DESTDIR="${D}" install || die
+
+	dodoc AUTHORS BUGS ChangeLog NEWS README TODO
+
+	newinitd "${FILESDIR}"/mydns.rc6 mydns || die
+
+	if ! use postgres; then
+		sed -i -e 's/__db__/mysql/g' "${D}"/etc/init.d/mydns || die
+		dodoc QUICKSTART.mysql README.mysql
+	else
+		sed -i -e 's/__db__/postgresql/g' "${D}"/etc/init.d/mydns || die
+		dodoc QUICKSTART.postgres
+	fi
+}
+
+pkg_postinst() {
+	einfo
+	einfo "You should now run these commands:"
+	einfo
+	einfo "# /usr/sbin/mydns --dump-config > /etc/mydns.conf"
+	einfo "# chmod 0600 /etc/mydns.conf"
+	if ! use postgres; then
+		einfo "# mysqladmin -u <useruname> -p create mydns"
+		einfo "# /usr/sbin/mydns --create-tables | mysql -u <username> -p mydns"
+		einfo
+		einfo "to create the tables in the MySQL-Database."
+		einfo "For more info see QUICKSTART.mysql."
+	else
+		einfo "# createdb mydns"
+		einfo "# /usr/sbin/mydns --create-tables | psql mydns"
+		einfo
+		einfo "to create the tables in the PostgreSQL-Database."
+		einfo "For more info see QUICKSTART.postgres."
+	fi
+	einfo
+}