Revision bump for 3.6.1 with patch for security bug #531992.

Package-Manager: portage-2.2.15/cvs/Linux x86_64 Manifest-Sign-Key: 0x64D4CF24
author: Sven Wegener <swegener@gentoo.org> 2014-12-18 21:06:27 +0000
committer: Sven Wegener <swegener@gentoo.org> 2014-12-18 21:06:27 +0000
commit: e20afd1a319d36824166e9a2009426a95b178d6e (patch)
tree: a256b63de68ab75c505bedff7a79a2b48bfabcf3 /net-dns
parent: fail prominently in case of config directories being a regular file, bug #532892 (diff)
download: historical-e20afd1a319d36824166e9a2009426a95b178d6e.tar.gz
historical-e20afd1a319d36824166e9a2009426a95b178d6e.tar.bz2
historical-e20afd1a319d36824166e9a2009426a95b178d6e.zip
4 files changed, 125 insertions, 5 deletions
diff --git a/net-dns/pdns-recursor/ChangeLog b/net-dns/pdns-recursor/ChangeLog
index c278e3631faf..a0265e56b259 100644
--- a/net-dns/pdns-recursor/ChangeLog
+++ b/net-dns/pdns-recursor/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-dns/pdns-recursor
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns-recursor/ChangeLog,v 1.51 2014/12/09 20:01:31 swegener Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns-recursor/ChangeLog,v 1.52 2014/12/18 21:06:24 swegener Exp $
+
+*pdns-recursor-3.6.1-r1 (18 Dec 2014)
+
+  18 Dec 2014; Sven Wegener <swegener@gentoo.org>
+  +pdns-recursor-3.6.1-r1.ebuild,
+  +files/pdns-recursor-3.6.1-CVE-2014-8601.patch:
+  Revision bump for 3.6.1 with patch for security bug #531992.
 
 *pdns-recursor-3.6.2 (09 Dec 2014)
 
diff --git a/net-dns/pdns-recursor/Manifest b/net-dns/pdns-recursor/Manifest
index 4949fec14be3..04a7dd8ea31f 100644
--- a/net-dns/pdns-recursor/Manifest
+++ b/net-dns/pdns-recursor/Manifest
@@ -3,20 +3,22 @@ Hash: SHA256
 
 AUX pdns-recursor-3.1.7.2-error-message.patch 463 SHA256 b2c55bc015c88fb4a297d1bac8ba417d81b026df990d1f14f9e9667e51771f5d SHA512 7b91c957302aeb161519bd3204656a6345613458015a4e9d438fdbfe432753e363b823ceb279e683d8a6a6f1e644a11b6a37f8310b9bf4fbbf8656c8880005e3 WHIRLPOOL 1261da56f2b2207dd60ec33ccdca6a243329428e963bf90134d580e66817cce2015218075085a3ba44911c16d00e1fe81664b45bb9980da9fb73ba2f5170ae85
 AUX pdns-recursor-3.5.3-fdlimit.patch 2176 SHA256 e7a35aaf0b6440990ed4c17c27d99554aba6f24d76298bd34c2a7af1a7d0bf17 SHA512 7a5266d8b1196f86e8996533760d03df2054a4b44dec8f0d9875f3661b7dd65b1a3b94855d05ea03d7296cab0e5fe3ce622e71d4f6d12b386a5eedd9ade17179 WHIRLPOOL 40a99f1c07fba773ee0d257150d1fa53466ea3707454ac55df98266f71de8346124f0e83aeab76ef39f3a5e0d2a7f0e5df9dc4f2db69421e45284e8e49ef87a2
+AUX pdns-recursor-3.6.1-CVE-2014-8601.patch 1985 SHA256 f493f21570835b3baf115864e763efd0d101ec11d5ba0231c030d8a3d4542c41 SHA512 c260c0708b68e62fa3a3342526b49ecb01f7ceb1e9d2821a40ae3ba0661cf2f226cf5b67f4e4839ca4b6320cec2466c73139798515fc7a147b1082f42ba7c917 WHIRLPOOL ec925f4361dc4087cea1bc3a2fac4680bae92bf8c1654ab756e5e56162d4f66e121a97a25b5aad4073eaee8599a5c35999545a6d93c500cb1a4cc06766c3324f
 AUX precursor 598 SHA256 7bb044d496dd94aef5ac6c0b347d8a474f2b7a5473542eb782be42e06a8f9b77 SHA512 4a045eca495eb0e2ef1d6838d4bb8b6223778a572530175a5809c441a7baac9ba69d6afc4c4e46c7d35bb9874609fbd4a57dcc807209484a81ae19d76abea9d4 WHIRLPOOL 1722bcf6414d866762d8560534833ba09d152fffad29b875be3cdf951e9befa066b068458129f4e7530c0adf88ff206fbf66fbf863c07a0e73544476c377b50d
 AUX recursor.conf 452 SHA256 b36b3310a26785d5e8a38c03bce9afcf8a08e321a81ee385e9557dcaa3957255 SHA512 ac4b3cd3080bfc1aad731859c24663c25b741217db4a1122ca734b15806c6a40a166693b9d297fd7c46cafaf67314b48fdf4829cb920fc2b085d6cac2f9f1c61 WHIRLPOOL 5e7c4fab788aca49161f53083b7107b101dbaaaef2dda279c2893f8c950a0fd3db6f316e20c2f78bed9a1d1e9117df619fbae14554a9300f06d087156aa5b690
 DIST pdns-recursor-3.5.3.tar.bz2 176298 SHA256 192c0b47a1cfcdccaa88d70fd33766a4c381f4223f966416f15e169df5d58eaa SHA512 2cfc1706cd1a4a06cae89e4f20da8458629fd9a2c4be6c30037f7162cb1dc91e98a22e602d890a9da09c7d495fb0c61855ae937e39a75ef99e08a095f7062312 WHIRLPOOL eeb888b317b04be86c16c47d48064820b31718074a8e1d0d4e7b7744c9ac3e2b600fde53122ef19f3f144186370474a2a50b2c38772be2af2ce6baa6d6d01194
 DIST pdns-recursor-3.6.1.tar.bz2 196460 SHA256 e57bad320d67d08604fc6f6b7e49b5553cfb5baf3460a3e06d53ba2f7d8de396 SHA512 cd878ed28345129bb0aca2c15a238ea5a0b5fe94e9aae1d0ae023a9a66ec4abae3667aa82e3950e46e9cdde8168878aaaeb759bb247de1841b5cff471ffb347a WHIRLPOOL c645e1cb269ad551d8a4c7f2b413e361898f1ac5561fa2ddf9a627edfe961fce8b1b84a09ea4a82a4a4f67a8f1d5fdce226a08ebacb28adf57ebbe8c1a13d3a5
 DIST pdns-recursor-3.6.2.tar.bz2 200313 SHA256 d9abf5bb5982cee1c3ba6eaa684d2777b7c0d3f038e201dd4e7362b4652750a4 SHA512 1476ccdb84c20dcb116b7e1d808b1cf2745acca78cd3b72a6985f19429d40af658a1ae85e8d5bc31c36c9858f76f5536b1f335e7dbfad5988db410a7931aa209 WHIRLPOOL c8fb1a861276f6e18d4288f78d119e7731caaec31b040919c9b6fcc93d53b05c5c7cb75cf2aedb4c3c975f822d6a33bb12d57a1402d88dab51459906c147e319
 EBUILD pdns-recursor-3.5.3-r1.ebuild 1316 SHA256 c77b9ee6d60a9accbb15058748533e824273bdc6fb8b088c5d3a16b1859dc930 SHA512 6a32dcc625cdcaede040c1adefffd792e19f576e1b8c2174389148d9e7b48820142c0cb82873d302e55049c1601db9fb9bd7d4a6cb44ccce856a95526b4643c8 WHIRLPOOL f188a47be9a175e8193bb7e4a87ededda9a1fd7e2f6ed096831ac50dddee48e927f5946363417ce4c6b6557a5e74a1103549747a6189b48d08d03bc436301367
+EBUILD pdns-recursor-3.6.1-r1.ebuild 1247 SHA256 8457f86f8c6c3d73445b9db304d9596c7330e1ab5ccda30b9d289e3d5ccae244 SHA512 a63e0dd72d73adb68caefcd5eb244c3e2b44fe2437c01c98585059ff60e4b9582fd341bf1050accaf6f6ea4819cc5b5b91a165d4678c609bea4df574992307f5 WHIRLPOOL 2cc50af4b745ab21cb059972ed4618701a05a9e22c1c971b24f7a6ab56666ebf9764fb97acc60c8ada023199538930a8cf962ef765e347d0d6ac2408b796f171
 EBUILD pdns-recursor-3.6.1.ebuild 1178 SHA256 86e4470236db8eb55ec14a57fdd315fd90898270925bbbc8a42f39e489a3ba3c SHA512 4e3c781a2ed03f0e24a844a1374558e81a17c3a5d59a8ec5aa6a6973d054595f85eb483ea41700247e66ae1c2fa40e2d219882b8e7d88460157bab9e77cbe68e WHIRLPOOL 355889d3ad480f811cc4d272d973203c7fcec7b1ca0b4f0b6079535f4a0695ae32f797d0c767fb6c30b30841fc1e82b34751c233e90ebbc328e232b4842f637c
 EBUILD pdns-recursor-3.6.2.ebuild 1178 SHA256 6841ff8c1bd616074e18bd148faa40b34088dd70a3689c1b5a5a63790475f013 SHA512 adabfc7eb6b9f1851554f175c475943c3fecdf7ebe35feb3694a1f50a4808296c8b5a903f8c1ac7221ab8e06612b2168dddfbb19a3456a6843f22d398c837a98 WHIRLPOOL 8647a94990f6daab002905192a678c66e5a0d1cf08bcb76642e27c6afca693d15c5caa46b0416328d47c6582cb94493938ed67ad76850f6fa0a1d67fb494a691
-MISC ChangeLog 8200 SHA256 f2c306d6a6a90754e3e4b7fdbd9b1947e06fc8369d8c82284e8d9c47db241719 SHA512 6420a8669f41ea125c40697660ebf183027277d61427f3ca4b8fad3e5e45b934768d4c4ec8a992edf07111469d8bfdad956eba207152a575d79c4f545fc59fe3 WHIRLPOOL f77d252267cd6d6c0f18f6749a081126636e5483b7b0f7fd93d71e4dd61b932fb7fc080e9a94f27ab1e26bfef08d1cb3b244ddefa83eed950b2d036027afaa53
+MISC ChangeLog 8437 SHA256 72f24247a7a03e8178d007698a407a83283ff688b752368174da589e182fec13 SHA512 3d6628944207da32210a83c3553e975414d4dc396f9f19fa1de9f04dba4e04db6786f56a755080277c089d61c316ea83dab4635feed75ba8df99803901ded06b WHIRLPOOL ec154560c5f549a03f25ffd6a15e775c4a99e3b5ffebed165511a74fccf21163351c466c970ff4402be11c19f4f20ee5b930c9b7cf92f2c43c7d2b8873430365
 MISC metadata.xml 816 SHA256 823df6ce02714ac732203b18964ed5d7a60ea1bf8a7d58ad8271307dc5d4b520 SHA512 24c7ebfd35accfcfa658f17ab2482589cfa0cf49f9928af9fc420414b83e4ef31fc2ddb6a823513fb48de4d075e833169e8a3946f96e3e09e602a6aa177658cb WHIRLPOOL 985daca0021bc9bd73ffa2aa98976ed5eeb479ff179fe417d90d962b005f0a5ff4d2d723361738a0a8815823f2108d1899b23607b0b8d73bc9d35ec25950cf9b
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iEYEAREIAAYFAlSHVRcACgkQI1lqEGTUzyQM/wCfa7EvSdHXBQqSUQ2bZYSyScbY
-dYgAn3MTerjI+xZHOnsdTnXWzzkZWIPC
-=6hDN
+iEYEAREIAAYFAlSTQdMACgkQI1lqEGTUzyTcfwCdFnn99Y0dIwrHzRz67BhokQar
+Xu8AmQEda8gc3E2/8vwsZKbU0MGGbeki
+=2QS8
 -----END PGP SIGNATURE-----
diff --git a/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch b/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch
new file mode 100644
index 000000000000..44ccc2803848
--- /dev/null
+++ b/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch
@@ -0,0 +1,52 @@
+https://downloads.powerdns.com/patches/2014-02/3.6.1.patch
+
+diff --git a/pdns_recursor.cc b/pdns_recursor.cc
+index f1ef93c..8e43d6e 100644
+--- a/pdns_recursor.cc
++++ b/pdns_recursor.cc
+@@ -550,7 +550,14 @@ void startDoResolve(void *p)
+ 
+     // if there is a RecursorLua active, and it 'took' the query in preResolve, we don't launch beginResolve
+     if(!t_pdl->get() || !(*t_pdl)->preresolve(dc->d_remote, g_listenSocketsAddresses[dc->d_socket], dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), ret, res, &variableAnswer)) {
+-      res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret);
++       try {
++         res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret);
++       }
++       catch(ImmediateServFailException &e) {
++         L<<Logger::Error<<"Sending SERVFAIL during resolve of '"<<dc->d_mdp.d_qname<<"' because: "<<e.reason<<endl;
++
++         res = RCode::ServFail;
++       }
+ 
+       if(t_pdl->get()) {
+         if(res == RCode::NoError) {
+diff --git a/syncres.cc b/syncres.cc
+index 4dc78b4..d09e44b 100644
+--- a/syncres.cc
++++ b/syncres.cc
+@@ -923,6 +923,7 @@ int SyncRes::doResolveAt(set<string, CIStringCompare> nameservers, string auth,
+           }
+           else {
+             s_outqueries++; d_outqueries++;
++            if(d_outqueries > 50) throw ImmediateServFailException("more than 50 queries sent while resolving "+qname);
+           TryTCP:
+             if(doTCP) {
+               LOG(prefix<<qname<<": using TCP with "<< remoteIP->toStringWithPort() <<endl);
+diff --git a/syncres.hh b/syncres.hh
+index 5182527..b22de89 100644
+--- a/syncres.hh
++++ b/syncres.hh
+@@ -593,6 +593,13 @@ private:
+   static AtomicCounter s_currentConnections; //!< total number of current TCP connections
+ };
+ 
++class ImmediateServFailException
++{
++public:
++  ImmediateServFailException(string r){reason=r;};
++
++  string reason; //! Print this to tell the user what went wrong
++};
+ 
+ struct RemoteKeeper
+ {
diff --git a/net-dns/pdns-recursor/pdns-recursor-3.6.1-r1.ebuild b/net-dns/pdns-recursor/pdns-recursor-3.6.1-r1.ebuild
new file mode 100644
index 000000000000..a5bdfac17e0f
--- /dev/null
+++ b/net-dns/pdns-recursor/pdns-recursor-3.6.1-r1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-dns/pdns-recursor/pdns-recursor-3.6.1-r1.ebuild,v 1.1 2014/12/18 21:06:24 swegener Exp $
+
+EAPI="4"
+
+inherit toolchain-funcs flag-o-matic eutils
+
+DESCRIPTION="The PowerDNS Recursor"
+HOMEPAGE="http://www.powerdns.com/"
+SRC_URI="http://downloads.powerdns.com/releases/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="lua"
+
+DEPEND="lua? ( >=dev-lang/lua-5.1 )"
+RDEPEND="${DEPEND}
+	!<net-dns/pdns-2.9.20-r1"
+DEPEND="${DEPEND}
+	>=dev-libs/boost-1.33.1"
+
+pkg_setup() {
+	filter-flags -ftree-vectorize
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-CVE-2014-8601.patch
+}
+
+src_configure() {
+	true
+}
+
+src_compile() {
+	emake \
+		LOCALSTATEDIR=/var/lib/powerdns \
+		CC="$(tc-getCC)" \
+		CXX="$(tc-getCXX)" \
+		OPTFLAGS="" \
+		LUA_LIBS_CONFIG="-llua" \
+		LUA_CPPFLAGS_CONFIG="" \
+		LUA="$(use lua && echo 1)"
+}
+
+src_install() {
+	dosbin pdns_recursor rec_control
+	doman pdns_recursor.1 rec_control.1
+
+	insinto /etc/powerdns
+	doins "${FILESDIR}"/recursor.conf
+
+	doinitd "${FILESDIR}"/precursor
+
+	# Pretty ugly, uh?
+	dodir /var/lib/powerdns/var/lib
+	dosym ../.. /var/lib/powerdns/var/lib/powerdns
+}
author	Sven Wegener <swegener@gentoo.org>	2014-12-18 21:06:27 +0000
committer	Sven Wegener <swegener@gentoo.org>	2014-12-18 21:06:27 +0000
commit	e20afd1a319d36824166e9a2009426a95b178d6e (patch)
tree	a256b63de68ab75c505bedff7a79a2b48bfabcf3 /net-dns
parent	fail prominently in case of config directories being a regular file, bug #532892 (diff)
download	historical-e20afd1a319d36824166e9a2009426a95b178d6e.tar.gz historical-e20afd1a319d36824166e9a2009426a95b178d6e.tar.bz2 historical-e20afd1a319d36824166e9a2009426a95b178d6e.zip