MFH: r541029

Update to 4.3.2 This update contains a security fix for CVE-2020-14196. The issue is: CVE-2020-14196: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction. In the default configuration the API webserver is not enabled. Only installations using a non-default value for webserver and webserver-address are affected. As usual, there were also other smaller enhancements and bugfixes. In particular, the 4.3.2 release contains fixes that allow long CNAME chains to resolve properly, where previously they could fail if qname minimization is enabled. PR: 247707 Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) Security: 641cd669-bc37-11ea-babf-6805ca2fa271 Sponsored by: Netzkommune GmbH Approved by: ports-secteam (with hat)
author: Jochen Neumeister <joneum@FreeBSD.org> 2020-07-02 10:22:06 +0000
committer: Jochen Neumeister <joneum@FreeBSD.org> 2020-07-02 10:22:06 +0000
commit: 61d14644ae13b3f1d8575cd9b0ce3514be3bfee4 (patch)
tree: 20a0ac85f0fd12bd8359e8226996c2baef6ef7a0 /dns
parent: 934bf0bb02b000d5256bc7e29b51708e2fa80d84 (diff)
download: ports-61d14644ae13b3f1d8575cd9b0ce3514be3bfee4.tar.gz
ports-61d14644ae13b3f1d8575cd9b0ce3514be3bfee4.zip
3 files changed, 4 insertions, 95 deletions
diff --git a/dns/powerdns-recursor/Makefile b/dns/powerdns-recursor/Makefile
index 7b3e8b37bad2..509c09bbb0be 100644
--- a/dns/powerdns-recursor/Makefile
+++ b/dns/powerdns-recursor/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	recursor
-DISTVERSION=	4.3.1
-PORTREVISION=	1
+DISTVERSION=	4.3.2
 CATEGORIES=	dns
 MASTER_SITES=	http://downloads.powerdns.com/releases/
 PKGNAMEPREFIX=	powerdns-
diff --git a/dns/powerdns-recursor/distinfo b/dns/powerdns-recursor/distinfo
index d58170fcbdd9..f89c12a938ee 100644
--- a/dns/powerdns-recursor/distinfo
+++ b/dns/powerdns-recursor/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1589879472
-SHA256 (pdns-recursor-4.3.1.tar.bz2) = 54230852fcad3c6291651069c383f7ea88c5d29ce3c561decb2f40a063f52fd9
-SIZE (pdns-recursor-4.3.1.tar.bz2) = 1334817
+TIMESTAMP = 1593680318
+SHA256 (pdns-recursor-4.3.2.tar.bz2) = fcaeba94d5005ec3b973c1800d22eee686f785d3e635ad495d6f44067a4561e1
+SIZE (pdns-recursor-4.3.2.tar.bz2) = 1354549
diff --git a/dns/powerdns-recursor/files/patch-hostnamemax b/dns/powerdns-recursor/files/patch-hostnamemax
deleted file mode 100644
index 38beefb1026d..000000000000
--- a/dns/powerdns-recursor/files/patch-hostnamemax
+++ /dev/null
@@ -1,90 +0,0 @@
-diff --git misc.cc misc.cc
-index f9248af42a..5cb4dbe812 100644
---- misc.cc
-+++ misc.cc
-@@ -57,6 +57,7 @@
- #include <sys/types.h>
- #include <pwd.h>
- #include <grp.h>
-+#include <limits.h>
- #ifdef __FreeBSD__
- #  include <pthread_np.h>
- #endif
-@@ -1563,3 +1564,39 @@ bool setPipeBufferSize(int fd, size_t size)
-   return false;
- #endif /* F_SETPIPE_SZ */
- }
-+
-+static size_t getMaxHostNameSize()
-+{
-+#if defined(HOST_NAME_MAX)
-+  return HOST_NAME_MAX;
-+#endif
-+
-+#if defined(_SC_HOST_NAME_MAX)
-+  auto tmp = sysconf(_SC_HOST_NAME_MAX);
-+  if (tmp != -1) {
-+    return tmp;
-+  }
-+#endif
-+
-+  /* _POSIX_HOST_NAME_MAX */
-+  return 255;
-+}
-+
-+std::string getCarbonHostName()
-+{
-+  std::string hostname;
-+  hostname.resize(getMaxHostNameSize() + 1, 0);
-+
-+  if (gethostname(const_cast<char*>(hostname.c_str()), hostname.size()) != 0) {
-+    throw std::runtime_error(stringerror());
-+  }
-+
-+  auto pos = hostname.find(".");
-+  if (pos != std::string::npos) {
-+    hostname.resize(pos);
-+  }
-+
-+  boost::replace_all(hostname, ".", "_");
-+
-+  return hostname;
-+}
-diff --git misc.hh misc.hh
-index 4bd9439a87..795e8ec855 100644
---- misc.hh
-+++ misc.hh
-@@ -607,3 +607,5 @@ bool isSettingThreadCPUAffinitySupported();
- int mapThreadToCPUList(pthread_t tid, const std::set<int>& cpus);
- 
- std::vector<ComboAddress> getResolvers(const std::string& resolvConfPath);
-+
-+std::string getCarbonHostName();
-diff --git rec-carbon.cc rec-carbon.cc
-index 4e0cedb00f..458a25d5ca 100644
---- rec-carbon.cc
-+++ rec-carbon.cc
-@@ -32,17 +32,13 @@ try
-   if(namespace_name.empty()) {
-     namespace_name="pdns";
-   }
--  if(hostname.empty()) {
--    char tmp[HOST_NAME_MAX+1];
--    memset(tmp, 0, sizeof(tmp));
--    if (gethostname(tmp, sizeof(tmp)) != 0) {
--      throw std::runtime_error("The 'carbon-ourname' setting has not been set and we are unable to determine the system's hostname: " + stringerror());
-+  if (hostname.empty()) {
-+    try {
-+      hostname = getCarbonHostName();
-+    }
-+    catch(const std::exception& e) {
-+      throw std::runtime_error(std::string("The 'carbon-ourname' setting has not been set and we are unable to determine the system's hostname: ") + e.what());
-     }
--    char *p = strchr(tmp, '.');
--    if(p) *p=0;
--
--    hostname=tmp;
--    boost::replace_all(hostname, ".", "_");    
-   }
-   if(instance_name.empty()) {
-     instance_name="recursor";
author	Jochen Neumeister <joneum@FreeBSD.org>	2020-07-02 10:22:06 +0000
committer	Jochen Neumeister <joneum@FreeBSD.org>	2020-07-02 10:22:06 +0000
commit	61d14644ae13b3f1d8575cd9b0ce3514be3bfee4 (patch)
tree	20a0ac85f0fd12bd8359e8226996c2baef6ef7a0 /dns
parent	934bf0bb02b000d5256bc7e29b51708e2fa80d84 (diff)
download	ports-61d14644ae13b3f1d8575cd9b0ce3514be3bfee4.tar.gz ports-61d14644ae13b3f1d8575cd9b0ce3514be3bfee4.zip