diff options
author | Jason Unovitch <junovitch@FreeBSD.org> | 2017-01-18 11:23:10 +0000 |
---|---|---|
committer | Jason Unovitch <junovitch@FreeBSD.org> | 2017-01-18 11:23:10 +0000 |
commit | 5a64da09acb2444d25b45fdeb127c9c5b69994ee (patch) | |
tree | 504bee867feb408c233f596434f3d221ca09cdb1 /dns | |
parent | Document mulitiple PowerDNS vulnerabilities (diff) |
dns/powerdns: update 4.0.1 -> 4.0.3
- Switch to USES=localbase while here
- Remove LibreSSL patch (see https://github.com/PowerDNS/pdns/pull/4310)
Changes: https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-402
https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-403
PR: 216136
Reported by: Dani <i.dani@outlook.com>
Submitted by: ghostonthewire@gmail.com (original 4.0.2 patch)
Approved by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Security: CVE-2016-2120
Security: CVE-2016-7068
Security: CVE-2016-7072
Security: CVE-2016-7073
Security: CVE-2016-7074
Security: https://vuxml.FreeBSD.org/freebsd/e3200958-dd6c-11e6-ae1b-002590263bf5.html
MFH: 2017Q1
Notes
Notes:
svn path=/head/; revision=431786
Diffstat (limited to 'dns')
-rw-r--r-- | dns/powerdns/Makefile | 7 | ||||
-rw-r--r-- | dns/powerdns/distinfo | 6 | ||||
-rw-r--r-- | dns/powerdns/files/patch-libressl | 31 |
3 files changed, 5 insertions, 39 deletions
diff --git a/dns/powerdns/Makefile b/dns/powerdns/Makefile index e39ff67e2981..f4b70f58253d 100644 --- a/dns/powerdns/Makefile +++ b/dns/powerdns/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= powerdns -PORTVERSION= 4.0.1 -PORTREVISION= 3 +PORTVERSION= 4.0.3 CATEGORIES= dns ipv6 MASTER_SITES= http://downloads.powerdns.com/releases/ DISTNAME= pdns-${PORTVERSION} @@ -17,14 +16,12 @@ LIB_DEPENDS= libboost_serialization.so:devel/boost-libs BROKEN_powerpc64= Does not build BROKEN_sparc64= Does not compile: error: to_string is not a member of std -USES= compiler:c++11-lib cpe gmake libtool pathfix pkgconfig ssl \ +USES= compiler:c++11-lib cpe gmake libtool localbase:ldflags pathfix pkgconfig ssl \ tar:bzip2 USE_LDCONFIG= YES USE_SUBMAKE= YES GNU_CONFIGURE= YES INSTALL_TARGET= install-strip -CXXFLAGS+= -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib CONFIGURE_ARGS= --disable-static \ --with-modules="" \ --with-dynmodules="pipe bind ${MODULES}" \ diff --git a/dns/powerdns/distinfo b/dns/powerdns/distinfo index da7f200fbffd..95225bd481cd 100644 --- a/dns/powerdns/distinfo +++ b/dns/powerdns/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1470038374 -SHA256 (pdns-4.0.1.tar.bz2) = d191eed4a6664430e85969f49835c59e810ecbb7b3eb506e64c6b2734091edd7 -SIZE (pdns-4.0.1.tar.bz2) = 1304788 +TIMESTAMP = 1484653707 +SHA256 (pdns-4.0.3.tar.bz2) = 60fa21550b278b41f58701af31c9f2b121badf271fb9d7642f6d35bfbea8e282 +SIZE (pdns-4.0.3.tar.bz2) = 1312299 diff --git a/dns/powerdns/files/patch-libressl b/dns/powerdns/files/patch-libressl deleted file mode 100644 index 59d46acf9527..000000000000 --- a/dns/powerdns/files/patch-libressl +++ /dev/null @@ -1,31 +0,0 @@ ---- pdns/dns_random.cc.orig 2016-07-29 14:32:32 UTC -+++ pdns/dns_random.cc -@@ -2,7 +2,7 @@ - #include "config.h" - #endif - #include <openssl/aes.h> --#if OPENSSL_VERSION_NUMBER > 0x1000100fL -+#if OPENSSL_VERSION_NUMBER > 0x1000100fL && !defined LIBRESSL_VERSION_NUMBER - // Older OpenSSL does not have CRYPTO_ctr128_encrypt. Before 1.1.0 the header - // file did not have the necessary extern "C" wrapper. In 1.1.0, AES_ctr128_encrypt - // was removed. -@@ -53,7 +53,7 @@ unsigned int dns_random(unsigned int n) - if(!g_initialized) - abort(); - uint32_t out; --#if OPENSSL_VERSION_NUMBER > 0x1000100fL -+#if OPENSSL_VERSION_NUMBER > 0x1000100fL && !defined LIBRESSL_VERSION_NUMBER - CRYPTO_ctr128_encrypt((const unsigned char*)&g_in, (unsigned char*) &out, sizeof(g_in), &aes_key, g_counter, g_stream, &g_offset, (block128_f) AES_encrypt); - #else - AES_ctr128_encrypt((const unsigned char*)&g_in, (unsigned char*) &out, sizeof(g_in), &aes_key, g_counter, g_stream, &g_offset); ---- pdns/opensslsigners.cc.orig 2016-07-29 14:32:32 UTC -+++ pdns/opensslsigners.cc -@@ -12,7 +12,7 @@ - #include "opensslsigners.hh" - #include "dnssecinfra.hh" - --#if OPENSSL_VERSION_NUMBER < 0x1010000fL -+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL || defined LIBRESSL_VERSION_NUMBER) - /* OpenSSL < 1.1.0 needs support for threading/locking in the calling application. */ - static pthread_mutex_t *openssllocks; - |