diff options
Diffstat (limited to 'net-dns/djbdns')
16 files changed, 1549 insertions, 0 deletions
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest new file mode 100644 index 000000000000..91dd57c4e4ca --- /dev/null +++ b/net-dns/djbdns/Manifest @@ -0,0 +1,4 @@ +DIST djbdns-1.05-man.tar.gz 17170 SHA256 ba1c58f14bc928908d8618230f400d73cfe2200ed800a272b63048e3e50be569 SHA512 98af7bd9033a2205fbbc0f23b7eab45b9756f6ceff5199a62952e19c89c9fe3c03495cb6f8621d388f883c40650309a1509095417df3f54af21a71350c4aa183 WHIRLPOOL b611e37e7422a4ae405fa15a4b9ff7eb8d0007d81310d044bc1982fe70dada1e4646cf22832e8e5320bae8d2e328eb87d59eb51c3d390f1089f30548053b839b +DIST djbdns-1.05-test25.diff.bz2 20376 SHA256 28c88de08822894cf252e54ed3be9abfdf4f492644ff74a7c479340bdce051ea SHA512 41cca597dba971010b9844071e0349d3a4b25cc4b144e12721b0bc8250589fb374e40ece8908f1081762597048179b1177e88b9a5f97be0b47b63e3183e654bb WHIRLPOOL d531001511ead02f51558909b13e14734f013213e0f13ec7589876878928bd4057f917e004e8d37955c2965aeba5d92a9fc481f2f9ac48c08edaeb9bb9b821d9 +DIST djbdns-1.05-test27.diff.bz2 20695 SHA256 0de38133336016d5a9159d0fe1beaea809e2229820256af114cbf911f04f202a SHA512 e5acf26ff353ae20b6c2186140255bf0ae478a75a9946163d4474a003afbf8c2f47e61a12fc3ed4b9eff17ec8732e9d91bfbb10fb2762310b067180b6d471ba0 WHIRLPOOL 5c89691836a349553531816a8b4c5b6edc18c2c0a1cf8309b67344ad04c9575fbc5f9d79dcf156aeb692ccd7a6fbd2ce2838fb2fd7b85bd6cd0693a9f657e66e +DIST djbdns-1.05.tar.gz 85648 SHA256 3ccd826a02f3cde39be088e1fc6aed9fd57756b8f970de5dc99fcd2d92536b48 SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9 WHIRLPOOL 0fb67d19fcbf1cf21debcedfd3456d9cb9160079631ae1995e94aa9db3969ae02927f215ee8a5f03b34a6523cb9e3abebabf23e08e95eb1efdb626eb8b10312f diff --git a/net-dns/djbdns/djbdns-1.05-r29.ebuild b/net-dns/djbdns/djbdns-1.05-r29.ebuild new file mode 100644 index 000000000000..14e4a297c817 --- /dev/null +++ b/net-dns/djbdns/djbdns-1.05-r29.ebuild @@ -0,0 +1,146 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils flag-o-matic readme.gentoo toolchain-funcs user + +DESCRIPTION="Collection of DNS client/server software" +HOMEPAGE="http://cr.yp.to/djbdns.html" +IPV6_PATCH="test25" + +SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz + http://smarden.org/pape/djb/manpages/${P}-man.tar.gz + ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )" + +SLOT="0" +LICENSE="public-domain" +KEYWORDS="alpha amd64 hppa ~mips ppc ppc64 sparc x86" +IUSE="ipv6 selinux" + +DEPEND="!app-doc/djbdns-man" +RDEPEND="${DEPEND} + sys-apps/ucspi-tcp + virtual/daemontools + selinux? ( sec-policy/selinux-djbdns )" + +src_prepare() { + epatch \ + "${FILESDIR}/headtail.patch" \ + "${FILESDIR}/dnsroots.patch" \ + "${FILESDIR}/dnstracesort.patch" \ + "${FILESDIR}/string_length_255.patch" + + # Fix CVE2009-0858 + epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" + + if use ipv6; then + elog 'At present dnstrace does NOT support IPv6. It will'\ + 'be compiled without IPv6 support.' + + # Create a separate copy of the source tree for dnstrace. + cp -pR "${S}" "${S}-noipv6" || die + + # The big ipv6 patch. + epatch "${WORKDIR}/${P}-${IPV6_PATCH}.diff" + + # Fix CVE2008-4392 (ipv6) + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-${IPV6_PATCH}.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \ + "${FILESDIR}/makefile-parallel-${IPV6_PATCH}.patch" + + cd "${S}-noipv6" || die + fi + + # Fix CVE2008-4392 (no ipv6) + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch" + + # Later versions of the ipv6 patch include this, but even if + # USE=ipv6, we're in the ${S}-noipv6 directory at this point. + epatch "${FILESDIR}/${PV}-errno.patch" + + epatch_user +} + +src_compile() { + echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die + echo "/usr" > conf-home || die + emake + + # If djbdns is compiled with IPv6 support, it breaks dnstrace. + # Therefore we must compile dnstrace separately without IPv6 + # support. + if use ipv6; then + elog 'Compiling dnstrace without ipv6 support' + cp conf-cc conf-ld conf-home "${S}-noipv6/" || die + cd "${S}-noipv6" || die + emake dnstrace + fi +} + +src_install() { + insinto /etc + doins dnsroots.global + + into /usr + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \ + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \ + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort + + if use ipv6; then + dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace" + fi + + dodoc CHANGES README + + cd "${WORKDIR}/${PN}-man" || die + doman *.1 *.5 *.8 + + readme.gentoo_create_doc +} + +pkg_preinst() { + # The nofiles group is no longer provided by baselayout. + # Share it with qmail if possible. + enewgroup nofiles 200 + + enewuser dnscache -1 -1 -1 nofiles + enewuser dnslog -1 -1 -1 nofiles + enewuser tinydns -1 -1 -1 nofiles +} + +DISABLE_AUTOFORMATTING=1 +FORCE_PRINT_ELOG=1 # remove after this message sees the stable tree +DOC_CONTENTS=' +The dnscache-setup, tinydns-setup, and djbdns-setup programs have +been removed to follow upstream more closely. To configure djbdns, +please follow the instructions at, + + http://cr.yp.to/djbdns.html + +Of particular interest are, + + axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html + dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html + tinydns : http://cr.yp.to/djbdns/run-server.html + +Portage has created users for axfrdns, dnscache, and tinydns; the +commands to configure these programs are, + + 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip + 2. dnscache-conf dnscache dnslog /var/dnscache $ip + 3. tinydns-conf tinydns dnslog /var/tinydns $ip + +(replace $ip with the ip address on which the server will run). + +If you wish to configure rbldns or walldns, you will need to create +those users yourself (although you should still use the "dnslog" +user for the logs): + + 4. rbldns-conf $username dnslog /var/rbldns $ip $base + 5. walldns-conf $username dnslog /var/walldns $ip +' diff --git a/net-dns/djbdns/djbdns-1.05-r30.ebuild b/net-dns/djbdns/djbdns-1.05-r30.ebuild new file mode 100644 index 000000000000..3afbb6619026 --- /dev/null +++ b/net-dns/djbdns/djbdns-1.05-r30.ebuild @@ -0,0 +1,151 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils flag-o-matic readme.gentoo toolchain-funcs user + +DESCRIPTION="Collection of DNS client/server software" +HOMEPAGE="http://cr.yp.to/djbdns.html" +IPV6_PATCH="test27" + +SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz + http://smarden.org/pape/djb/manpages/${P}-man.tar.gz + ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )" + +SLOT="0" +LICENSE="public-domain" +KEYWORDS="alpha amd64 hppa ~mips ppc ppc64 sparc x86" +IUSE="ipv6 selinux" + +DEPEND="" +RDEPEND="sys-apps/ucspi-tcp + virtual/daemontools + selinux? ( sec-policy/selinux-djbdns )" + +src_unpack(){ + # Unpack both djbdns and its man pages to separate directories. + default + + # Now move the man pages under ${S} so that user patches can be + # applied to them as well in src_prepare(). + mv "${PN}-man" "${P}/man" || die "failed to transplant man pages" +} + +src_prepare() { + epatch \ + "${FILESDIR}/headtail.patch" \ + "${FILESDIR}/dnsroots.patch" \ + "${FILESDIR}/dnstracesort.patch" \ + "${FILESDIR}/string_length_255.patch" \ + "${FILESDIR}/srv_record_support.patch" + + # Fix CVE2009-0858 + epatch "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" + + if use ipv6; then + elog 'At present dnstrace does NOT support IPv6. It will'\ + 'be compiled without IPv6 support.' + + # Create a separate copy of the source tree for dnstrace. + cp -pR "${S}" "${S}-noipv6" || die + + # The big ipv6 patch. + epatch "${WORKDIR}/${P}-${IPV6_PATCH}.diff" + + # Fix CVE2008-4392 (ipv6) + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \ + "${FILESDIR}/makefile-parallel-test25.patch" + + cd "${S}-noipv6" || die + fi + + # Fix CVE2008-4392 (no ipv6) + epatch \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch" + + # Later versions of the ipv6 patch include this, but even if + # USE=ipv6, we're in the ${S}-noipv6 directory at this point. + epatch "${FILESDIR}/${PV}-errno.patch" + + epatch_user +} + +src_compile() { + echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die + echo "/usr" > conf-home || die + emake + + # If djbdns is compiled with IPv6 support, it breaks dnstrace. + # Therefore we must compile dnstrace separately without IPv6 + # support. + if use ipv6; then + elog 'Compiling dnstrace without ipv6 support' + cp conf-cc conf-ld conf-home "${S}-noipv6/" || die + cd "${S}-noipv6" || die + emake dnstrace + fi +} + +src_install() { + insinto /etc + doins dnsroots.global + + into /usr + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \ + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \ + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort + + if use ipv6; then + dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace" + fi + + dodoc CHANGES README + + doman man/*.[158] + + readme.gentoo_create_doc +} + +pkg_preinst() { + # The nofiles group is no longer provided by baselayout. + # Share it with qmail if possible. + enewgroup nofiles 200 + + enewuser dnscache -1 -1 -1 nofiles + enewuser dnslog -1 -1 -1 nofiles + enewuser tinydns -1 -1 -1 nofiles +} + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=' +To configure djbdns, please follow the instructions at, + + http://cr.yp.to/djbdns.html + +Of particular interest are, + + axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html + dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html + tinydns : http://cr.yp.to/djbdns/run-server.html + +Portage has created users for axfrdns, dnscache, and tinydns; the +commands to configure these programs are, + + 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip + 2. dnscache-conf dnscache dnslog /var/dnscache $ip + 3. tinydns-conf tinydns dnslog /var/tinydns $ip + +(replace $ip with the ip address on which the server will run). + +If you wish to configure rbldns or walldns, you will need to create +those users yourself (although you should still use the "dnslog" +user for the logs): + + 4. rbldns-conf $username dnslog /var/rbldns $ip $base + 5. walldns-conf $username dnslog /var/walldns $ip +' diff --git a/net-dns/djbdns/files/1.05-errno.patch b/net-dns/djbdns/files/1.05-errno.patch new file mode 100644 index 000000000000..b4650b1a9cfe --- /dev/null +++ b/net-dns/djbdns/files/1.05-errno.patch @@ -0,0 +1,11 @@ +--- error.h 2001-02-11 15:11:45.000000000 -0600 ++++ error.h 2003-02-26 02:10:21.000000000 -0600 +@@ -1,7 +1,7 @@ + #ifndef ERROR_H + #define ERROR_H + +-extern int errno; ++#include <errno.h> + + extern int error_intr; + extern int error_nomem; diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch new file mode 100644 index 000000000000..e33e0ccd6015 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25.patch @@ -0,0 +1,351 @@ +diff --git a/Makefile b/Makefile +index 5ccd647..eee09dd 100644 +--- a/Makefile ++++ b/Makefile +@@ -346,11 +346,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h + ./compile dns_txt.c + + dnscache: \ +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \ ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \ + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \ + libtai.a unix.a byte.a socket.lib + ./load dnscache droproot.o okclient.o log.o cache.o \ +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \ ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \ + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \ + socket.lib` + +@@ -371,7 +371,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \ + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \ + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \ + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \ +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h + ./compile dnscache.c + + dnsfilter: \ +@@ -749,11 +749,16 @@ qlog.o: \ + compile qlog.c buffer.h qlog.h uint16.h + ./compile qlog.c + ++qmerge.o: \ ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \ ++taia.h tai.h uint64.h log.h maxclient.h ++ ./compile qmerge.c ++ + query.o: \ + compile query.c error.h roots.h log.h uint64.h case.h cache.h \ + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \ + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \ +-response.h uint32.h query.h dns.h uint32.h ++response.h uint32.h query.h dns.h uint32.h qmerge.h + ./compile query.c + + random-ip: \ +diff --git a/dnscache.c b/dnscache.c +index abcba69..c84e4b8 100644 +--- a/dnscache.c ++++ b/dnscache.c +@@ -23,6 +23,7 @@ + #include "log.h" + #include "okclient.h" + #include "droproot.h" ++#include "maxclient.h" + + long interface; + +@@ -59,7 +60,6 @@ uint64 numqueries = 0; + + static int udp53; + +-#define MAXUDP 200 + static struct udpclient { + struct query q; + struct taia start; +@@ -136,7 +136,6 @@ void u_new(void) + + static int tcp53; + +-#define MAXTCP 20 + struct tcpclient { + struct query q; + struct taia start; +diff --git a/log.c b/log.c +index df465e2..1b0d98c 100644 +--- a/log.c ++++ b/log.c +@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser + line(); + } + ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control) ++{ ++ string("txpb "); ++ logtype(qtype); space(); name(q); space(); name(control); ++ line(); ++} ++ + void log_cachedanswer(const char *q,const char type[2]) + { + string("cached "); logtype(type); space(); +diff --git a/log.h b/log.h +index fe62fa3..d9a829b 100644 +--- a/log.h ++++ b/log.h +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *); + extern void log_cachedns(const char *,const char *); + + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); ++extern void log_tx_piggyback(const char *,const char *,const char *); + + extern void log_nxdomain(const char *,const char *,unsigned int); + extern void log_nodata(const char *,const char *,const char *,unsigned int); +diff --git a/maxclient.h b/maxclient.h +new file mode 100644 +index 0000000..e52fcd1 +--- /dev/null ++++ b/maxclient.h +@@ -0,0 +1,7 @@ ++#ifndef MAXCLIENT_H ++#define MAXCLIENT_H ++ ++#define MAXUDP 200 ++#define MAXTCP 20 ++ ++#endif /* MAXCLIENT_H */ +diff --git a/qmerge.c b/qmerge.c +new file mode 100644 +index 0000000..7c92299 +--- /dev/null ++++ b/qmerge.c +@@ -0,0 +1,115 @@ ++#include "qmerge.h" ++#include "byte.h" ++#include "log.h" ++#include "maxclient.h" ++ ++#define QMERGE_MAX (MAXUDP+MAXTCP) ++struct qmerge inprogress[QMERGE_MAX]; ++ ++static ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2], ++ const char *control) ++{ ++ if (!dns_domain_copy(&qmk->q, q)) return 0; ++ byte_copy(qmk->qtype, 2, qtype); ++ if (!dns_domain_copy(&qmk->control, control)) return 0; ++ return 1; ++} ++ ++static ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b) ++{ ++ return ++ byte_equal(a->qtype, 2, b->qtype) && ++ dns_domain_equal(a->q, b->q) && ++ dns_domain_equal(a->control, b->control); ++} ++ ++static ++void qmerge_key_free(struct qmerge_key *qmk) ++{ ++ dns_domain_free(&qmk->q); ++ dns_domain_free(&qmk->control); ++} ++ ++void qmerge_free(struct qmerge **x) ++{ ++ struct qmerge *qm; ++ ++ qm = *x; ++ *x = 0; ++ if (!qm || !qm->active) return; ++ ++ qm->active--; ++ if (!qm->active) { ++ qmerge_key_free(&qm->key); ++ dns_transmit_free(&qm->dt); ++ } ++} ++ ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive, ++ const char *q, const char qtype[2], const char localip[4], ++ const char *control) ++{ ++ struct qmerge_key k; ++ int i; ++ int r; ++ ++ qmerge_free(qm); ++ ++ byte_zero(&k, sizeof k); ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1; ++ for (i = 0; i < QMERGE_MAX; i++) { ++ if (!inprogress[i].active) continue; ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue; ++ log_tx_piggyback(q, qtype, control); ++ inprogress[i].active++; ++ *qm = &inprogress[i]; ++ qmerge_key_free(&k); ++ return 0; ++ } ++ ++ for (i = 0; i < QMERGE_MAX; i++) ++ if (!inprogress[i].active) ++ break; ++ if (i == QMERGE_MAX) return -1; ++ ++ log_tx(q, qtype, control, servers, 0); ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip); ++ if (r == -1) { qmerge_key_free(&k); return -1; } ++ inprogress[i].active++; ++ inprogress[i].state = 0; ++ qmerge_key_free(&inprogress[i].key); ++ byte_copy(&inprogress[i].key, sizeof k, &k); ++ *qm = &inprogress[i]; ++ return 0; ++} ++ ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline) ++{ ++ if (qm->state == 0) { ++ dns_transmit_io(&qm->dt, io, deadline); ++ qm->state = 1; ++ } ++ else { ++ io->fd = -1; ++ io->events = 0; ++ } ++} ++ ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when) ++{ ++ int r; ++ struct qmerge *qm; ++ ++ qm = *x; ++ if (qm->state == -1) return -1; /* previous error */ ++ if (qm->state == 0) return 0; /* no packet */ ++ if (qm->state == 2) return 1; /* already got packet */ ++ ++ r = dns_transmit_get(&qm->dt, io, when); ++ if (r == -1) { qm->state = -1; return -1; } /* error */ ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */ ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */ ++ return -1; /* bug */ ++} +diff --git a/qmerge.h b/qmerge.h +new file mode 100644 +index 0000000..9a58157 +--- /dev/null ++++ b/qmerge.h +@@ -0,0 +1,24 @@ ++#ifndef QMERGE_H ++#define QMERGE_H ++ ++#include "dns.h" ++ ++struct qmerge_key { ++ char *q; ++ char qtype[2]; ++ char *control; ++}; ++ ++struct qmerge { ++ int active; ++ struct qmerge_key key; ++ struct dns_transmit dt; ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */ ++}; ++ ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *); ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *); ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *); ++extern void qmerge_free(struct qmerge **); ++ ++#endif /* QMERGE_H */ +diff --git a/query.c b/query.c +index d61b20c..d9be8b8 100644 +--- a/query.c ++++ b/query.c +@@ -84,7 +84,7 @@ static void cleanup(struct query *z) + int j; + int k; + +- dns_transmit_free(&z->dt); ++ qmerge_free(&z->qm); + for (j = 0;j < QUERY_MAXALIAS;++j) + dns_domain_free(&z->alias[j]); + for (j = 0;j < QUERY_MAXLEVEL;++j) { +@@ -624,15 +624,9 @@ static int doit(struct query *z,int state) + if (j == 256) goto SERVFAIL; + + dns_sortip6(z->servers[z->level],256); +- if (z->level) { +- dtype = z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A; +- log_tx(z->name[z->level],dtype,z->control[z->level],z->servers[z->level],z->level); +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip) == -1) goto DIE; +- } +- else { +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0); +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE; +- } ++ dtype = z->level ? (z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A) : z->type; ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE; ++ + return 0; + + +@@ -646,10 +640,10 @@ static int doit(struct query *z,int state) + + HAVEPACKET: + if (++z->loop == 100) goto DIE; +- buf = z->dt.packet; +- len = z->dt.packetlen; ++ buf = z->qm->dt.packet; ++ len = z->qm->dt.packetlen; + +- whichserver = z->dt.servers + 16 * z->dt.curserver; ++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver; + control = z->control[z->level]; + d = z->name[z->level]; + /* dtype = z->level ? DNS_T_A : z->type; */ +@@ -1071,7 +1065,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip + + int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + { +- switch(dns_transmit_get(&z->dt,x,stamp)) { ++ switch(qmerge_get(&z->qm,x,stamp)) { + case 1: + return doit(z,1); + case -1: +@@ -1082,5 +1076,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + + void query_io(struct query *z,iopause_fd *x,struct taia *deadline) + { +- dns_transmit_io(&z->dt,x,deadline); ++ qmerge_io(z->qm,x,deadline); + } +diff --git a/query.h b/query.h +index 61812aa..93a322e 100644 +--- a/query.h ++++ b/query.h +@@ -1,7 +1,7 @@ + #ifndef QUERY_H + #define QUERY_H + +-#include "dns.h" ++#include "qmerge.h" + #include "uint32.h" + + #define QUERY_MAXLEVEL 5 +@@ -22,7 +22,7 @@ struct query { + uint32 scope_id; + char type[2]; + char class[2]; +- struct dns_transmit dt; ++ struct qmerge *qm; + } ; + + extern int query_start(struct query *,char *,char *,char *,char *,unsigned int); diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch new file mode 100644 index 000000000000..a0391ff00712 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries.patch @@ -0,0 +1,349 @@ +diff --git a/Makefile b/Makefile +index 1429643..bc047c0 100644 +--- a/Makefile ++++ b/Makefile +@@ -318,11 +318,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h + ./compile dns_txt.c + + dnscache: \ +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \ ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \ + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \ + libtai.a unix.a byte.a socket.lib + ./load dnscache droproot.o okclient.o log.o cache.o \ +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \ ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \ + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \ + socket.lib` + +@@ -343,7 +343,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \ + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \ + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \ + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \ +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h + ./compile dnscache.c + + dnsfilter: \ +@@ -687,11 +687,16 @@ qlog.o: \ + compile qlog.c buffer.h qlog.h uint16.h + ./compile qlog.c + ++qmerge.o: \ ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \ ++taia.h tai.h uint64.h log.h maxclient.h ++ ./compile qmerge.c ++ + query.o: \ + compile query.c error.h roots.h log.h uint64.h case.h cache.h \ + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \ + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \ +-response.h uint32.h query.h dns.h uint32.h ++response.h uint32.h query.h dns.h uint32.h qmerge.h + ./compile query.c + + random-ip: \ +diff --git a/dnscache.c b/dnscache.c +index 8c899a3..5ccb16a 100644 +--- a/dnscache.c ++++ b/dnscache.c +@@ -22,6 +22,7 @@ + #include "log.h" + #include "okclient.h" + #include "droproot.h" ++#include "maxclient.h" + + static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2]) + { +@@ -54,7 +55,6 @@ uint64 numqueries = 0; + + static int udp53; + +-#define MAXUDP 200 + static struct udpclient { + struct query q; + struct taia start; +@@ -131,7 +131,6 @@ void u_new(void) + + static int tcp53; + +-#define MAXTCP 20 + struct tcpclient { + struct query q; + struct taia start; +diff --git a/log.c b/log.c +index c43e8b0..b8cd7ce 100644 +--- a/log.c ++++ b/log.c +@@ -150,6 +150,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser + line(); + } + ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control) ++{ ++ string("txpb "); ++ logtype(qtype); space(); name(q); space(); name(control); ++ line(); ++} ++ + void log_cachedanswer(const char *q,const char type[2]) + { + string("cached "); logtype(type); space(); +diff --git a/log.h b/log.h +index fe62fa3..d9a829b 100644 +--- a/log.h ++++ b/log.h +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *); + extern void log_cachedns(const char *,const char *); + + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); ++extern void log_tx_piggyback(const char *,const char *,const char *); + + extern void log_nxdomain(const char *,const char *,unsigned int); + extern void log_nodata(const char *,const char *,const char *,unsigned int); +diff --git a/maxclient.h b/maxclient.h +new file mode 100644 +index 0000000..e52fcd1 +--- /dev/null ++++ b/maxclient.h +@@ -0,0 +1,7 @@ ++#ifndef MAXCLIENT_H ++#define MAXCLIENT_H ++ ++#define MAXUDP 200 ++#define MAXTCP 20 ++ ++#endif /* MAXCLIENT_H */ +diff --git a/qmerge.c b/qmerge.c +new file mode 100644 +index 0000000..7c92299 +--- /dev/null ++++ b/qmerge.c +@@ -0,0 +1,115 @@ ++#include "qmerge.h" ++#include "byte.h" ++#include "log.h" ++#include "maxclient.h" ++ ++#define QMERGE_MAX (MAXUDP+MAXTCP) ++struct qmerge inprogress[QMERGE_MAX]; ++ ++static ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2], ++ const char *control) ++{ ++ if (!dns_domain_copy(&qmk->q, q)) return 0; ++ byte_copy(qmk->qtype, 2, qtype); ++ if (!dns_domain_copy(&qmk->control, control)) return 0; ++ return 1; ++} ++ ++static ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b) ++{ ++ return ++ byte_equal(a->qtype, 2, b->qtype) && ++ dns_domain_equal(a->q, b->q) && ++ dns_domain_equal(a->control, b->control); ++} ++ ++static ++void qmerge_key_free(struct qmerge_key *qmk) ++{ ++ dns_domain_free(&qmk->q); ++ dns_domain_free(&qmk->control); ++} ++ ++void qmerge_free(struct qmerge **x) ++{ ++ struct qmerge *qm; ++ ++ qm = *x; ++ *x = 0; ++ if (!qm || !qm->active) return; ++ ++ qm->active--; ++ if (!qm->active) { ++ qmerge_key_free(&qm->key); ++ dns_transmit_free(&qm->dt); ++ } ++} ++ ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive, ++ const char *q, const char qtype[2], const char localip[4], ++ const char *control) ++{ ++ struct qmerge_key k; ++ int i; ++ int r; ++ ++ qmerge_free(qm); ++ ++ byte_zero(&k, sizeof k); ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1; ++ for (i = 0; i < QMERGE_MAX; i++) { ++ if (!inprogress[i].active) continue; ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue; ++ log_tx_piggyback(q, qtype, control); ++ inprogress[i].active++; ++ *qm = &inprogress[i]; ++ qmerge_key_free(&k); ++ return 0; ++ } ++ ++ for (i = 0; i < QMERGE_MAX; i++) ++ if (!inprogress[i].active) ++ break; ++ if (i == QMERGE_MAX) return -1; ++ ++ log_tx(q, qtype, control, servers, 0); ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip); ++ if (r == -1) { qmerge_key_free(&k); return -1; } ++ inprogress[i].active++; ++ inprogress[i].state = 0; ++ qmerge_key_free(&inprogress[i].key); ++ byte_copy(&inprogress[i].key, sizeof k, &k); ++ *qm = &inprogress[i]; ++ return 0; ++} ++ ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline) ++{ ++ if (qm->state == 0) { ++ dns_transmit_io(&qm->dt, io, deadline); ++ qm->state = 1; ++ } ++ else { ++ io->fd = -1; ++ io->events = 0; ++ } ++} ++ ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when) ++{ ++ int r; ++ struct qmerge *qm; ++ ++ qm = *x; ++ if (qm->state == -1) return -1; /* previous error */ ++ if (qm->state == 0) return 0; /* no packet */ ++ if (qm->state == 2) return 1; /* already got packet */ ++ ++ r = dns_transmit_get(&qm->dt, io, when); ++ if (r == -1) { qm->state = -1; return -1; } /* error */ ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */ ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */ ++ return -1; /* bug */ ++} +diff --git a/qmerge.h b/qmerge.h +new file mode 100644 +index 0000000..9a58157 +--- /dev/null ++++ b/qmerge.h +@@ -0,0 +1,24 @@ ++#ifndef QMERGE_H ++#define QMERGE_H ++ ++#include "dns.h" ++ ++struct qmerge_key { ++ char *q; ++ char qtype[2]; ++ char *control; ++}; ++ ++struct qmerge { ++ int active; ++ struct qmerge_key key; ++ struct dns_transmit dt; ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */ ++}; ++ ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *); ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *); ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *); ++extern void qmerge_free(struct qmerge **); ++ ++#endif /* QMERGE_H */ +diff --git a/query.c b/query.c +index 46cdc00..f091fdd 100644 +--- a/query.c ++++ b/query.c +@@ -81,7 +81,7 @@ static void cleanup(struct query *z) + int j; + int k; + +- dns_transmit_free(&z->dt); ++ qmerge_free(&z->qm); + for (j = 0;j < QUERY_MAXALIAS;++j) + dns_domain_free(&z->alias[j]); + for (j = 0;j < QUERY_MAXLEVEL;++j) { +@@ -429,14 +429,8 @@ static int doit(struct query *z,int state) + if (j == 64) goto SERVFAIL; + + dns_sortip(z->servers[z->level],64); +- if (z->level) { +- log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level); +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE; +- } +- else { +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0); +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE; +- } ++ dtype = z->level ? DNS_T_A : z->type; ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE; + return 0; + + +@@ -450,10 +444,10 @@ static int doit(struct query *z,int state) + + HAVEPACKET: + if (++z->loop == 100) goto DIE; +- buf = z->dt.packet; +- len = z->dt.packetlen; ++ buf = z->qm->dt.packet; ++ len = z->qm->dt.packetlen; + +- whichserver = z->dt.servers + 4 * z->dt.curserver; ++ whichserver = z->qm->dt.servers + 4 * z->qm->dt.curserver; + control = z->control[z->level]; + d = z->name[z->level]; + dtype = z->level ? DNS_T_A : z->type; +@@ -836,7 +830,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip + + int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + { +- switch(dns_transmit_get(&z->dt,x,stamp)) { ++ switch(qmerge_get(&z->qm,x,stamp)) { + case 1: + return doit(z,1); + case -1: +@@ -847,5 +841,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + + void query_io(struct query *z,iopause_fd *x,struct taia *deadline) + { +- dns_transmit_io(&z->dt,x,deadline); ++ qmerge_io(z->qm,x,deadline); + } +diff --git a/query.h b/query.h +index eff68b2..06feab4 100644 +--- a/query.h ++++ b/query.h +@@ -1,7 +1,7 @@ + #ifndef QUERY_H + #define QUERY_H + +-#include "dns.h" ++#include "qmerge.h" + #include "uint32.h" + + #define QUERY_MAXLEVEL 5 +@@ -20,7 +20,7 @@ struct query { + char localip[4]; + char type[2]; + char class[2]; +- struct dns_transmit dt; ++ struct qmerge *qm; + } ; + + extern int query_start(struct query *,char *,char *,char *,char *); diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch new file mode 100644 index 000000000000..d5b9c10d64d3 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch @@ -0,0 +1,68 @@ +diff -urNp a/query.c b/query.c +--- a/query.c 2009-03-19 11:35:28.452472164 -0700 ++++ b/query.c 2009-03-19 11:59:19.798221593 -0700 +@@ -476,6 +476,29 @@ static int doit(struct query *z,int stat + } + } + ++ if (typematch(DNS_T_SOA,dtype)) { ++ byte_copy(key,2,DNS_T_SOA); ++ cached = cache_get(key,dlen + 2,&cachedlen,&ttl); ++ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { ++ log_cachedanswer(d,DNS_T_SOA); ++ if (!rqa(z)) goto DIE; ++ pos = 0; ++ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) { ++ pos = dns_packet_getname(cached,cachedlen,pos,&t2); ++ if (!pos) break; ++ pos = dns_packet_getname(cached,cachedlen,pos,&t3); ++ if (!pos) break; ++ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE; ++ if (!response_addname(t2)) goto DIE; ++ if (!response_addname(t3)) goto DIE; ++ if (!response_addbytes(misc,20)) goto DIE; ++ response_rfinish(RESPONSE_ANSWER); ++ } ++ cleanup(z); ++ return 1; ++ } ++ } ++ + if (typematch(DNS_T_A,dtype)) { + byte_copy(key,2,DNS_T_A); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); +@@ -541,7 +564,7 @@ static int doit(struct query *z,int stat + } + } + +- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_AAAA,dtype)) { ++ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype) && !typematch(DNS_T_AAAA,dtype)) { + byte_copy(key,2,dtype); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); + if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { +@@ -769,15 +792,24 @@ static int doit(struct query *z,int stat + else if (byte_equal(type,2,DNS_T_AXFR)) + ; + else if (byte_equal(type,2,DNS_T_SOA)) { ++ int non_authority = 0; ++ save_start(); + while (i < j) { + pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE; + pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE; +- if (records[i] < posauthority) ++ if (records[i] < posauthority) { + log_rrsoa(whichserver,t1,t2,t3,misc,ttl); ++ save_data(misc,20); ++ save_data(t2,dns_domain_length(t2)); ++ save_data(t3,dns_domain_length(t3)); ++ non_authority++; ++ } + ++i; + } ++ if (non_authority) ++ save_finish(DNS_T_SOA,t1,ttl); + } + else if (byte_equal(type,2,DNS_T_CNAME)) { + pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE; diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch new file mode 100644 index 000000000000..9230e7583ddd --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch @@ -0,0 +1,70 @@ +diff --git a/query.c b/query.c +index 46cdc00..4574e97 100644 +--- a/query.c ++++ b/query.c +@@ -319,6 +319,29 @@ static int doit(struct query *z,int state) + } + } + ++ if (typematch(DNS_T_SOA,dtype)) { ++ byte_copy(key,2,DNS_T_SOA); ++ cached = cache_get(key,dlen + 2,&cachedlen,&ttl); ++ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { ++ log_cachedanswer(d,DNS_T_SOA); ++ if (!rqa(z)) goto DIE; ++ pos = 0; ++ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) { ++ pos = dns_packet_getname(cached,cachedlen,pos,&t2); ++ if (!pos) break; ++ pos = dns_packet_getname(cached,cachedlen,pos,&t3); ++ if (!pos) break; ++ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE; ++ if (!response_addname(t2)) goto DIE; ++ if (!response_addname(t3)) goto DIE; ++ if (!response_addbytes(misc,20)) goto DIE; ++ response_rfinish(RESPONSE_ANSWER); ++ } ++ cleanup(z); ++ return 1; ++ } ++ } ++ + if (typematch(DNS_T_A,dtype)) { + byte_copy(key,2,DNS_T_A); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); +@@ -351,7 +374,7 @@ static int doit(struct query *z,int state) + } + } + +- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) { ++ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) { + byte_copy(key,2,dtype); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); + if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { +@@ -585,15 +608,24 @@ static int doit(struct query *z,int state) + else if (byte_equal(type,2,DNS_T_AXFR)) + ; + else if (byte_equal(type,2,DNS_T_SOA)) { ++ int non_authority = 0; ++ save_start(); + while (i < j) { + pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE; + pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE; +- if (records[i] < posauthority) ++ if (records[i] < posauthority) { + log_rrsoa(whichserver,t1,t2,t3,misc,ttl); ++ save_data(misc,20); ++ save_data(t2,dns_domain_length(t2)); ++ save_data(t3,dns_domain_length(t3)); ++ non_authority++; ++ } + ++i; + } ++ if (non_authority) ++ save_finish(DNS_T_SOA,t1,ttl); + } + else if (byte_equal(type,2,DNS_T_CNAME)) { + pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE; + diff --git a/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch b/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch new file mode 100644 index 000000000000..23d8e9f86b12 --- /dev/null +++ b/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch @@ -0,0 +1,11 @@ +--- a/response.c ++++ b/response.c +@@ -34,7 +34,7 @@ int response_addname(const char *d) + uint16_pack_big(buf,49152 + name_ptr[i]); + return response_addbytes(buf,2); + } +- if (dlen <= 128) ++ if ((dlen <= 128) && (response_len < 16384)) + if (name_num < NAMES) { + byte_copy(name[name_num],dlen,d); + name_ptr[name_num] = response_len; diff --git a/net-dns/djbdns/files/dnsroots.patch b/net-dns/djbdns/files/dnsroots.patch new file mode 100644 index 000000000000..d2524be5a870 --- /dev/null +++ b/net-dns/djbdns/files/dnsroots.patch @@ -0,0 +1,20 @@ +--- a/dnsroots.global ++++ b/dnsroots.global +@@ -1,13 +1,13 @@ + 198.41.0.4 +-128.9.0.107 ++192.228.79.201 + 192.33.4.12 +-128.8.10.90 ++199.7.91.13 + 192.203.230.10 + 192.5.5.241 + 192.112.36.4 + 128.63.2.53 + 192.36.148.17 +-198.41.0.10 ++192.58.128.30 + 193.0.14.129 +-198.32.64.12 ++199.7.83.42 + 202.12.27.33 diff --git a/net-dns/djbdns/files/dnstracesort.patch b/net-dns/djbdns/files/dnstracesort.patch new file mode 100644 index 000000000000..3bf56f5a1ce6 --- /dev/null +++ b/net-dns/djbdns/files/dnstracesort.patch @@ -0,0 +1,11 @@ +--- djbdns-1.05/dnstracesort.sh.orig 2006-04-26 21:52:54.000000000 +0200 ++++ djbdns-1.05/dnstracesort.sh 2006-04-26 21:53:02.000000000 +0200 +@@ -12,7 +12,7 @@ + } + print + } +-' | sort -t: +0 -2 +4 +3 -4 +2 -3 | uniq | awk -F: ' ++' | sort -t: -k 1,3 -k 5 -k 4,5 -k 3,4 | uniq | awk -F: ' + { + type = $1 + q = $2 diff --git a/net-dns/djbdns/files/headtail.patch b/net-dns/djbdns/files/headtail.patch new file mode 100644 index 000000000000..6321cc1ebd97 --- /dev/null +++ b/net-dns/djbdns/files/headtail.patch @@ -0,0 +1,67 @@ +diff -Naur /tmp/djbdns-1.05/Makefile djbdns-1.05/Makefile +--- a/djbdns-1.05/Makefile 2003-11-16 20:33:41.000000000 +0100 ++++ b/djbdns-1.05/Makefile 2003-11-16 20:35:15.000000000 +0100 +@@ -31,7 +31,7 @@ + + auto_home.c: \ + auto-str conf-home +- ./auto-str auto_home `head -1 conf-home` > auto_home.c ++ ./auto-str auto_home `head -n 1 conf-home` > auto_home.c + + auto_home.o: \ + compile auto_home.c +@@ -205,14 +205,14 @@ + choose: \ + warn-auto.sh choose.sh conf-home + cat warn-auto.sh choose.sh \ +- | sed s}HOME}"`head -1 conf-home`"}g \ ++ | sed s}HOME}"`head -n 1 conf-home`"}g \ + > choose + chmod 755 choose + + compile: \ + warn-auto.sh conf-cc + ( cat warn-auto.sh; \ +- echo exec "`head -1 conf-cc`" '-c $${1+"$$@"}' \ ++ echo exec "`head -n 1 conf-cc`" '-c $${1+"$$@"}' \ + ) > compile + chmod 755 compile + +@@ -449,7 +449,7 @@ + dnstracesort: \ + warn-auto.sh dnstracesort.sh conf-home + cat warn-auto.sh dnstracesort.sh \ +- | sed s}HOME}"`head -1 conf-home`"}g \ ++ | sed s}HOME}"`head -n 1 conf-home`"}g \ + > dnstracesort + chmod 755 dnstracesort + +@@ -570,7 +570,7 @@ + warn-auto.sh conf-ld + ( cat warn-auto.sh; \ + echo 'main="$$1"; shift'; \ +- echo exec "`head -1 conf-ld`" \ ++ echo exec "`head -n 1 conf-ld`" \ + '-o "$$main" "$$main".o $${1+"$$@"}' \ + ) > load + chmod 755 load +@@ -758,7 +758,7 @@ + rts: \ + warn-auto.sh rts.sh conf-home + cat warn-auto.sh rts.sh \ +- | sed s}HOME}"`head -1 conf-home`"}g \ ++ | sed s}HOME}"`head -n 1 conf-home`"}g \ + > rts + chmod 755 rts + +@@ -901,8 +901,8 @@ + systype: \ + find-systype.sh conf-cc conf-ld trycpp.c x86cpuid.c + ( cat warn-auto.sh; \ +- echo CC=\'`head -1 conf-cc`\'; \ +- echo LD=\'`head -1 conf-ld`\'; \ ++ echo CC=\'`head -n 1 conf-cc`\'; \ ++ echo LD=\'`head -n 1 conf-ld`\'; \ + cat find-systype.sh; \ + ) | sh > systype + diff --git a/net-dns/djbdns/files/makefile-parallel-test25.patch b/net-dns/djbdns/files/makefile-parallel-test25.patch new file mode 100644 index 000000000000..2754729acb97 --- /dev/null +++ b/net-dns/djbdns/files/makefile-parallel-test25.patch @@ -0,0 +1,91 @@ +diff --git a/Makefile b/Makefile +index 9ebf4c8..fe5ed73 100644 +--- a/Makefile ++++ b/Makefile +@@ -212,7 +212,7 @@ warn-auto.sh choose.sh conf-home + chmod 755 choose + + clientloc.o: \ +-compile clientloc.c open.h byte.h cdb.h ip6.h ++compile clientloc.c open.h byte.h cdb.h uint32.h ip6.h + ./compile clientloc.c + + compile: \ +@@ -336,7 +336,7 @@ taia.h tai.h uint64.h taia.h + + dns_transmit.o: \ + compile dns_transmit.c socket.h uint16.h alloc.h error.h byte.h \ +-uint16.h dns.h stralloc.h gen_alloc.h iopause.h taia.h tai.h uint64.h \ ++uint32.h dns.h stralloc.h gen_alloc.h iopause.h taia.h tai.h uint64.h \ + taia.h + ./compile dns_transmit.c + +@@ -859,15 +859,15 @@ trylsock.c compile load + rm -f trylsock.o trylsock + + socket_accept.o: \ +-compile socket_accept.c byte.h socket.h uint16.h ++compile socket_accept.c byte.h socket.h uint16.h uint32.h + ./compile socket_accept.c + + socket_accept6.o: \ +-compile socket_accept6.c byte.h socket.h uint16.h ++compile socket_accept6.c byte.h socket.h uint16.h uint32.h + ./compile socket_accept6.c + + socket_bind.o: \ +-compile socket_bind.c byte.h socket.h uint16.h ++compile socket_bind.c byte.h socket.h uint16.h uint32.h + ./compile socket_bind.c + + socket_bind6.o: \ +@@ -875,7 +875,7 @@ compile socket_bind6.c sockaddr_in6.h haveip6.h byte.h socket.h uint16.h uint32. + ./compile socket_bind6.c + + socket_conn.o: \ +-compile socket_conn.c byte.h socket.h uint16.h ++compile socket_conn.c byte.h socket.h uint16.h uint32.h + ./compile socket_conn.c + + socket_connect6.o: \ +@@ -883,11 +883,11 @@ compile socket_connect6.c byte.h socket.h uint16.h uint32.h + ./compile socket_connect6.c + + socket_listen.o: \ +-compile socket_listen.c socket.h uint16.h ++compile socket_listen.c socket.h uint16.h uint32.h + ./compile socket_listen.c + + socket_recv.o: \ +-compile socket_recv.c byte.h socket.h uint16.h ++compile socket_recv.c byte.h socket.h uint16.h uint32.h + ./compile socket_recv.c + + socket_recv6.o: \ +@@ -895,7 +895,7 @@ compile socket_recv6.c sockaddr_in6.h haveip6.h byte.h socket.h uint16.h uint32. + ./compile socket_recv6.c + + socket_send.o: \ +-compile socket_send.c byte.h socket.h uint16.h ++compile socket_send.c byte.h socket.h uint16.h uint32.h + ./compile socket_send.c + + socket_send6.o: \ +@@ -903,7 +903,7 @@ compile socket_send6.c byte.h socket.h uint16.h uint32.h ip6.h haveip6.h error.h + ./compile socket_send6.c + + socket_tcp.o: \ +-compile socket_tcp.c ndelay.h socket.h uint16.h ++compile socket_tcp.c ndelay.h socket.h uint16.h uint32.h + ./compile socket_tcp.c + + socket_tcp6.o: \ +@@ -911,7 +911,7 @@ compile socket_tcp6.c ndelay.h socket.h uint16.h uint32.h haveip6.h + ./compile socket_tcp6.c + + socket_udp.o: \ +-compile socket_udp.c ndelay.h socket.h uint16.h ++compile socket_udp.c ndelay.h socket.h uint16.h uint32.h + ./compile socket_udp.c + + socket_udp6.o: \ diff --git a/net-dns/djbdns/files/srv_record_support.patch b/net-dns/djbdns/files/srv_record_support.patch new file mode 100644 index 000000000000..736884208363 --- /dev/null +++ b/net-dns/djbdns/files/srv_record_support.patch @@ -0,0 +1,180 @@ +From: Michael Handler <handler@sub-rosa.com> +To: dns@list.cr.yp.to +Subject: tinydns-data SRV & axfr-get SRV/PTR patches +Date: Thu, 14 Sep 2000 20:37:50 -0400 + +Here's a combined patch that: + +a) adds a native SRV type to tinydns-data + +Sfqdn:ip:x:port:weight:priority:ttl:timestamp + +Standard rules for ip, x, ttl, and timestamp apply. Port, weight, and +priority all range from 0-65535. Weight and priority are optional; they +default to zero if not provided. + +Sconsole.zoinks.example.com:1.2.3.4:rack102-con1:2001:69:7:300: + +b) makes axfr-get decompose SRV and PTR records and write them out in +native format, rather than opaque. Again, this is necessary because if the +DNAME fields in the records reference the same zone as fqdn, they can have +compression pointers that are bogus outside the context of that specific +packet, and which can't be correctly loaded into data.cdb by tinydns-data. + +--michael + +Laurent G. Bercot <ska-djbdns@skarnet.org> updated it for +djbdns-1.05. Documentation patch by Alex Efros. + +diff -rNU3 djbdns-1.05/axfr-get.c djbdns-1.05-srv/axfr-get.c +--- djbdns-1.05/axfr-get.c Sun Feb 11 22:11:45 2001 ++++ djbdns-1.05/axfr-get.c Thu Oct 18 14:46:56 2001 +@@ -209,6 +209,26 @@ + if (!stralloc_cats(&line,".:")) return 0; + if (!stralloc_catulong0(&line,dist,0)) return 0; + } ++ else if (byte_equal(data,2,DNS_T_SRV)) { ++ uint16 dist, weight, port; ++ if (!stralloc_copys(&line,"S")) return 0; ++ if (!dns_domain_todot_cat(&line,d1)) return 0; ++ if (!stralloc_cats(&line,"::")) return 0; ++ pos = x_copy(buf,len,pos,data,2); ++ uint16_unpack_big(data,&dist); ++ pos = x_copy(buf,len,pos,data,2); ++ uint16_unpack_big(data,&weight); ++ pos = x_copy(buf,len,pos,data,2); ++ uint16_unpack_big(data,&port); ++ x_getname(buf,len,pos,&d1); ++ if (!dns_domain_todot_cat(&line,d1)) return 0; ++ if (!stralloc_cats(&line,".:")) return 0; ++ if (!stralloc_catulong0(&line,dist,0)) return 0; ++ if (!stralloc_cats(&line,":")) return 0; ++ if (!stralloc_catulong0(&line,weight,0)) return 0; ++ if (!stralloc_cats(&line,":")) return 0; ++ if (!stralloc_catulong0(&line,port,0)) return 0; ++ } + else if (byte_equal(data,2,DNS_T_A) && (dlen == 4)) { + char ipstr[IP4_FMT]; + if (!stralloc_copys(&line,"+")) return 0; +@@ -216,6 +236,14 @@ + if (!stralloc_cats(&line,":")) return 0; + x_copy(buf,len,pos,data,4); + if (!stralloc_catb(&line,ipstr,ip4_fmt(ipstr,data))) return 0; ++ } ++ else if (byte_equal(data,2,DNS_T_PTR)) { ++ if (!stralloc_copys(&line,"^")) return 0; ++ if (!dns_domain_todot_cat(&line,d1)) return 0; ++ if (!stralloc_cats(&line,":")) return 0; ++ x_getname(buf,len,pos,&d1); ++ if (!dns_domain_todot_cat(&line,d1)) return 0; ++ if (!stralloc_cats(&line,".")) return 0; + } + else { + unsigned char ch; +diff -rNU3 djbdns-1.05/dns.h djbdns-1.05-srv/dns.h +--- djbdns-1.05/dns.h Sun Feb 11 22:11:45 2001 ++++ djbdns-1.05/dns.h Thu Oct 18 14:46:56 2001 +@@ -20,6 +20,7 @@ + #define DNS_T_SIG "\0\30" + #define DNS_T_KEY "\0\31" + #define DNS_T_AAAA "\0\34" ++#define DNS_T_SRV "\0\41" + #define DNS_T_AXFR "\0\374" + #define DNS_T_ANY "\0\377" + +diff -rNU3 djbdns-1.05/tinydns-data.c djbdns-1.05-srv/tinydns-data.c +--- djbdns-1.05/tinydns-data.c Sun Feb 11 22:11:45 2001 ++++ djbdns-1.05/tinydns-data.c Thu Oct 18 14:50:53 2001 +@@ -196,6 +196,7 @@ + char type[2]; + char soa[20]; + char buf[4]; ++ char srv[6]; + + umask(022); + +@@ -360,6 +361,43 @@ + rr_start(DNS_T_MX,ttl,ttd,loc); + uint16_pack_big(buf,u); + rr_add(buf,2); ++ rr_addname(d2); ++ rr_finish(d1); ++ ++ if (ip4_scan(f[1].s,ip)) { ++ rr_start(DNS_T_A,ttl,ttd,loc); ++ rr_add(ip,4); ++ rr_finish(d2); ++ } ++ break; ++ ++ case 'S': ++ if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem(); ++ if (!stralloc_0(&f[6])) nomem(); ++ if (!scan_ulong(f[6].s,&ttl)) ttl = TTL_POSITIVE; ++ ttdparse(&f[7],ttd); ++ locparse(&f[8],loc); ++ ++ if (!stralloc_0(&f[1])) nomem(); ++ ++ if (byte_chr(f[2].s,f[2].len,'.') >= f[2].len) { ++ if (!stralloc_cats(&f[2],".srv.")) nomem(); ++ if (!stralloc_catb(&f[2],f[0].s,f[0].len)) nomem(); ++ } ++ if (!dns_domain_fromdot(&d2,f[2].s,f[2].len)) nomem(); ++ ++ if (!stralloc_0(&f[4])) nomem(); ++ if (!scan_ulong(f[4].s,&u)) u = 0; ++ uint16_pack_big(srv,u); ++ if (!stralloc_0(&f[5])) nomem(); ++ if (!scan_ulong(f[5].s,&u)) u = 0; ++ uint16_pack_big(srv + 2,u); ++ if (!stralloc_0(&f[3])) nomem(); ++ if (!scan_ulong(f[3].s,&u)) nomem(); ++ uint16_pack_big(srv + 4,u); ++ ++ rr_start(DNS_T_SRV,ttl,ttd,loc); ++ rr_add(srv,6); + rr_addname(d2); + rr_finish(d1); + +--- djbdns-1.05/man/tinydns-data.8 2003-10-23 10:47:32.000000000 +0300 ++++ djbdns-1.05/man/tinydns-data.8 2014-09-26 02:51:59.861716505 +0300 +@@ -487,6 +487,38 @@ + .RI \ 072 + is a colon. + ++.RI S fqdn\fR:\fIip\fR:\fIx\fR:\fIport\fR:\fIweight\fR:\fIpriority\fR:\fIttl\fR:\fItimestamp\fR:\fIlo\fR ++ ++SRV record for ++.IR fqdn . ++ ++.B tinydns-data ++creates ++.IP ++an SRV record ++showing ++.IR x\fR.srv.\fIfqdn\fR:\fIport\fR ++as a service for ++.IR fqdn ++with given \fIweight\fR and \fIpriority\fR ++(\fIport\fR, \fIweight\fR and \fIpriority\fR must be in range 0-65535; ++\fIweight\fR and \fIpriority\fR are optional; ++they default to zero if not provided) ++and ++.P ++.IP ++an A record showing ++.I ip ++as the IP address ++of ++.IR x\fR.srv.\fIfqdn . ++.P ++ ++If ++.I x ++contains a dot ++then it is treated specially; see above. ++ + .RI ^ fqdn\fR:\fIp\fR:\fIttl\fR:\fItimestamp\fR:\fIlo\fR + + PTR record for diff --git a/net-dns/djbdns/files/string_length_255.patch b/net-dns/djbdns/files/string_length_255.patch new file mode 100644 index 000000000000..ad383b756bf9 --- /dev/null +++ b/net-dns/djbdns/files/string_length_255.patch @@ -0,0 +1,11 @@ +--- a/tinydns-data.c 2001-02-11 16:11:45.000000000 -0500 ++++ b/tinydns-data.c 2011-04-02 10:41:34.356302891 -0400 +@@ -399,7 +399,7 @@ + i = 0; + while (i < f[1].len) { + k = f[1].len - i; +- if (k > 127) k = 127; ++ if (k > 255) k = 255; + ch = k; + rr_add(&ch,1); + rr_add(f[1].s + i,k); diff --git a/net-dns/djbdns/metadata.xml b/net-dns/djbdns/metadata.xml new file mode 100644 index 000000000000..7e0a8fc27b5b --- /dev/null +++ b/net-dns/djbdns/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer> + <email>mjo@gentoo.org</email> + <name>Michael Orlitzky</name> +</maintainer> +</pkgmetadata> |