Re: [UPDATE] net/gdnsd to 2.4.3 (Fixes CVE-2019-13952)

Stuart Henderson Fri, 08 Nov 2019 08:05:00 -0800

On 2019/11/08 16:07, Joerg Jung wrote:
> 
> > On 8. Nov 2019, at 11:46, Frederic Cambus <f...@statdns.com> wrote:
> > 
> > Hi ports@,
> > 
> > Here is a diff to update gdnsd to 2.4.3. This fixes CVE-2019-13952.
> > 
> > While there, switch MASTER_SITES to HTTPS.
> > 
> > Comments? OK?
> 
> ok jung@
> 
> RUN_DEPENDS should be updated from GeoIP -> libmaxminddb


As-is, it doesn't pick up libmaxminddb so it probably can't use the
new db. But here's an new diff that enables it.

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/gdnsd/Makefile,v
retrieving revision 1.22
diff -u -p -r1.22 Makefile
--- Makefile    12 Jul 2019 20:48:26 -0000      1.22
+++ Makefile    8 Nov 2019 16:02:28 -0000
@@ -2,7 +2,7 @@
 
 COMMENT=               geographically-aware, authoritative-only DNS server
 
-V=                     2.4.0
+V=                     2.4.3
 DISTNAME=              gdnsd-$V
 EXTRACT_SUFX=          .tar.xz
 
@@ -15,7 +15,7 @@ MAINTAINER=           Joerg Jung <j...@openbsd.or
 # GPLv3+
 PERMIT_PACKAGE=        Yes
 
-WANTLIB=               c ev m pthread
+WANTLIB=               c ev m maxminddb pthread
 
 MASTER_SITES=          https://github.com/gdnsd/gdnsd/releases/download/v$V/
 
@@ -28,9 +28,10 @@ BUILD_DEPENDS=               devel/ragel
 # used for tests
 BUILD_DEPENDS+=                archivers/xz \
                        net/curl
-LIB_DEPENDS=           devel/libev
-RUN_DEPENDS=           net/GeoIP,-city \
-                       net/GeoIP,-db
+LIB_DEPENDS=           devel/libev \
+                       net/libmaxminddb
+RUN_DEPENDS=           net/libmaxminddb,-city \
+                       net/libmaxminddb,-db
 TEST_DEPENDS=          ${BUILD_DEPENDS} \
                        www/p5-libwww \
                        net/p5-Socket6 \
@@ -39,11 +40,12 @@ TEST_DEPENDS=               ${BUILD_DEPENDS} \
 
 LIBTOOL_FLAGS=         --tag=disable-static
 
-CONFIGURE_STYLE=       gnu
+CONFIGURE_STYLE=       autoconf
+AUTOCONF_VERSION=      2.69
 CONFIGURE_ARGS+=       --with-rundir=${VARBASE}/run/ \
                        --with-rootdir=${VARBASE}/gdnsd
-CONFIGURE_ENV=         LIBEV_LIBS="-L${LOCALBASE}/lib -lev" \
-                       LIBEV_CFLAGS="-I${LOCALBASE}/include"
+CONFIGURE_ENV=         LDFLAGS="-L${LOCALBASE}/lib" \
+                       CPPFLAGS="-I${LOCALBASE}/include"
 
 SUBST_VARS+=           VARBASE
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/gdnsd/distinfo,v
retrieving revision 1.4
diff -u -p -r1.4 distinfo
--- distinfo    12 Jul 2018 16:31:10 -0000      1.4
+++ distinfo    8 Nov 2019 16:02:28 -0000
@@ -1,2 +1,2 @@
-SHA256 (gdnsd-2.4.0.tar.xz) = PVbMuycFTcFVg52U3xNtdgrDYavoaKpqjD2/yeRku5k=
-SIZE (gdnsd-2.4.0.tar.xz) = 641820
+SHA256 (gdnsd-2.4.3.tar.xz) = I318pId2027zSaFd2kpYEGze8uvgRzqwXfmW31NueBc=
+SIZE (gdnsd-2.4.3.tar.xz) = 641580
Index: patches/patch-configure
===================================================================
RCS file: patches/patch-configure
diff -N patches/patch-configure
--- patches/patch-configure     9 Jan 2018 19:56:56 -0000       1.3
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,24 +0,0 @@
-$OpenBSD: patch-configure,v 1.3 2018/01/09 19:56:56 jung Exp $
-
-Silence warnings about base headers, drowning real warnings.
-
-Index: configure
---- configure.orig
-+++ configure
-@@ -14630,7 +14630,6 @@ for flag in \
-     -Wnull-dereference \
-     -Wold-style-definition \
-     -Wpointer-arith \
--    -Wredundant-decls \
-     -Wshadow \
-     -Wsign-conversion \
-     -Wshift-overflow=2 \
-@@ -16283,7 +16282,7 @@ else
- fi
- 
- GDNSD_DEFPATH_CONFIG="${sysconfdir}/${PACKAGE_NAME}"
--GDNSD_DEFPATH_STATE="${localstatedir}/lib/${PACKAGE_NAME}"
-+GDNSD_DEFPATH_STATE="${localstatedir}/${PACKAGE_NAME}"
- GDNSD_DEFPATH_LIB="${libdir}/${PACKAGE_NAME}"
- GDNSD_DEFPATH_LIBEXEC="${libexecdir}/${PACKAGE_NAME}"
- 
Index: patches/patch-configure_ac
===================================================================
RCS file: patches/patch-configure_ac
diff -N patches/patch-configure_ac
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-configure_ac  8 Nov 2019 16:02:28 -0000
@@ -0,0 +1,24 @@
+$OpenBSD$
+
+Silence warnings about base headers, drowning real warnings.
+
+Index: configure.ac
+--- configure.ac.orig
++++ configure.ac
+@@ -167,7 +167,6 @@ AX_APPEND_COMPILE_FLAGS([\
+     -Wnull-dereference \
+     -Wold-style-definition \
+     -Wpointer-arith \
+-    -Wredundant-decls \
+     -Wshadow \
+     -Wsign-conversion \
+     -Wshift-overflow=2 \
+@@ -445,7 +444,7 @@ AC_ARG_WITH([rundir],[AS_HELP_STRING([--with-rundir=LO
+   GDNSD_DEFPATH_RUN="${localstatedir}/run/${PACKAGE_NAME}"
+ ])
+ GDNSD_DEFPATH_CONFIG="${sysconfdir}/${PACKAGE_NAME}"
+-GDNSD_DEFPATH_STATE="${localstatedir}/lib/${PACKAGE_NAME}"
++GDNSD_DEFPATH_STATE="${localstatedir}/${PACKAGE_NAME}"
+ GDNSD_DEFPATH_LIB="${libdir}/${PACKAGE_NAME}"
+ GDNSD_DEFPATH_LIBEXEC="${libexecdir}/${PACKAGE_NAME}"
+ AC_SUBST([GDNSD_DEFPATH_RUN])
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/gdnsd/pkg/PLIST,v
retrieving revision 1.3
diff -u -p -r1.3 PLIST
--- pkg/PLIST   23 Jun 2016 16:15:58 -0000      1.3
+++ pkg/PLIST   8 Nov 2019 16:02:28 -0000
@@ -2,6 +2,9 @@
 @newgroup _gdnsd:743
 @newuser _gdnsd:743:_gdnsd:daemon:gdns user:/var/empty:/sbin/nologin
 @extraunexec rm -f ${SYSCONFDIR}/gdnsd/* ${SYSCONFDIR}/gdnsd/zones/*
+@sample ${SYSCONFDIR}/gdnsd/
+@sample ${SYSCONFDIR}/gdnsd/zones/
+@rcscript ${RCDIR}/gdnsd
 @bin bin/gdnsd_geoip_test
 include/gdnsd/
 include/gdnsd/alloc.h
@@ -63,6 +66,3 @@ share/doc/gdnsd/NEWS
 share/doc/gdnsd/README.md
 share/doc/gdnsd/gdnsd_manual.txt
 @sample ${VARBASE}/gdnsd/
-@sample ${SYSCONFDIR}/gdnsd/
-@sample ${SYSCONFDIR}/gdnsd/zones/
-@rcscript ${RCDIR}/gdnsd

Re: [UPDATE] net/gdnsd to 2.4.3 (Fixes CVE-2019-13952)

Reply via email to