diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
| commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
| tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-dns/djbdns | |
reinit the tree, so we can have metadata
Diffstat (limited to 'net-dns/djbdns')
17 files changed, 1488 insertions, 0 deletions
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest new file mode 100644 index 000000000000..d5c08ec96694 --- /dev/null +++ b/net-dns/djbdns/Manifest @@ -0,0 +1,21 @@ +AUX 1.05-errno-r1.patch 242 SHA256 0cf77c0386d422dc9ead4af71eb02f76d5a214ccd68e0e2c2cf9f774247cc19c SHA512 086d02600034d486f084fd2500aba9041dfa02110781594cdc3781a3ad7823f61f11c54c053c8c1241f58660527abe536906aba0e7f6c49ed3b8dbd74ba8f2b7 WHIRLPOOL 7aa306a7b1b8cf3db3ebf9318d55d40ea11841a9ce06e8bfc5fbb98d672db50751ad297e011c612c0ab19bdb062fb3b62af6d6f5d92122aab911fd5a751a82df +AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch 9944 SHA256 5d23fed3571c34b4032a6e5e724041bbe841b28393c5d66763c7108d664d63bf SHA512 6c40018bfe97f9ed2ab1bb4034ceb20089edc93514a4c9931a5e1f09cb6d9a8f221eb9652b3b1485f80df643a1fb1d2c88ff148421e86af7cf7b1485b9c61c30 WHIRLPOOL 481d450d013b7145233849a0cb2100db80668585db32fe3720646c146192dca289675e2796ee1425995f64fede19302ecaffe3115b49ef4a6e561cd4b6dc1db2 +AUX CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch 9914 SHA256 9758afe41847938719321669ff41a5d6737f48f1016bd3c6e87e6ef9eac2d3f2 SHA512 59e9aae2fd8e7c1e4d275066afceaade3b1276c6cda78cd58fef1dfbe9749c9e1bb415a80643b3c50a33372166aec055a9b3a6bcb3ed4cfd77e6e6038e069cff WHIRLPOOL 3ac8c6190ad389ef3e797c90612d633873be420a3fdcc6ed6c73da41c782ace7f1d874a91837e09b73bfd8f77767c200c95dc47c29d442cb6555291a9abfb89d +AUX CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch 3043 SHA256 0e6312ab8408d98bc3e6d1b1cddc36f51a5cd092db14bd3f84a8f47d08070c27 SHA512 f830bfd2fabd4d9b4e2649bcc4061d656d4645b93829415d070b26c6a22e8e17d941666b8e776947bf9a8ef93007f77d8be57fc9911dcc6dc2b7ac607d556ba0 WHIRLPOOL 0cca02943cf7eb95f5d33863144f5c9500bdb5c9928416cf043accf91461bc4baa31dc34b3a320a8a72ca3adcb79806d92e5c81343b719706d2242c825df05f7 +AUX CVE2008-4392_0002-dnscache-cache-soa-records.patch 2944 SHA256 1cd7b848305646d3015d8f2817acdced65894b8ab6e9dacb02077acebc50841b SHA512 f65ca7dfc8e85f469f22d72a1c79126c35243dc077abf4b688eb7d057f19456dc8a3665f558a8a3c1908f96fa1838792aa1bc317d2e89f4953020828c05926e6 WHIRLPOOL 1c7edee4de746283d53517bbcac7936ed69276865e7d78f4d7b2aa6175b534e474005cc3cf2fc85bc956508a6583a527fec5a68221b47c38922b356ae40fb69b +AUX CVE2009-0858_0001-check-response-domain-name-length.patch 366 SHA256 8ca8bd81fa6fb17576f11de9e97a582f0c30d7f5c6e797defa41a98d33770e33 SHA512 aa5fe75be9db07b25e313145a209a06a05693141c1dd850987e80062e22014056e3055efee4d219475c9a51f25c04a7a46b3d7a2fb3976226e66585cef076f83 WHIRLPOOL 53e607ed9023a16bb96c132b2c237bca542c0d78fdd36c109ba808ca8f3c24f872d8fac48d10c7b7992fc5fa40f7495f64fc96430898a19aacf2a1f0795eebe7 +AUX CVE2012-1191_0001-ghost-domain-attack.patch 642 SHA256 79d5e7371e97dbdcd261e9c18e14102bb53b2031ce447d80612c09a5ada44022 SHA512 44e205b9a19dbbd405cb57b119f307e5bbdba8fa1124187b53848791c1538f7c01dab43cb34b9332d3258756eb3c0606d36e8b18adcff3c814f0f2cff4ec6822 WHIRLPOOL 6b314776968e704e75094ecfa5d4579d7c6d7a740fe485cff8ddbf4346e51089a41d1bf023a7b049cc77326b3f44ac0150a364b85b9017f4abf0f9fb06706c8a +AUX dnsroots.patch 296 SHA256 9fe0552708f6cacd2ace4dca21e3f393acc01e73ac9e2b622aa4fe3a5874fe48 SHA512 2c745f2545d791ed6646406e749ef8e85c30b4546657ce241c413103e42cf3cfb5001c46481bd2966390563a9cc42e53e44519747350da2b8bb0fdf1d0f5c62e WHIRLPOOL 44ef58d43e35c33cf78439cefe9e5888f4f27f2151b36b7192aea0730eb3f0d5f7f9591dd6831c6aa286b23415f8e0cdc67a498d175a4583701f5f8ab795ac50 +AUX dnstracesort.patch 327 SHA256 f1d83e1365f68571fa4e007d5219720f8d65eb3730040a087fceb0ce2d8806bf SHA512 ae9cd51f24041aed135b5ba88d1efd0310b8095bccd6fb60a986756b460a4f98a93e163c3ddae7c146d56a9d41778d17449f772b91fdc58d9e69523cf6c2a6e9 WHIRLPOOL 4006c47b039623c8bba8718716a442a3d2dc1705936f83cd1556e4b49cc3de0dc7c6e828e908130bc7584809f551fac68f12f466e21cefd666076db8e63d4399 +AUX headtail-r1.patch 1756 SHA256 daec7b45c91e2db2607697eeba8034e13c6d99c7d8d521f462955dc2fce968b2 SHA512 be4c9aea40c737364a56f188ad2276d90deac0dffb73ba4b659490836c0fe92ffb65ccf23c6724b913b2d6354336727004be0cf5b43ebc47abe7004700dfe1e8 WHIRLPOOL a30025b151e9e81796b4c220475049797ed1e9434821d4e2499cd8912479635c6bd820e735f8fac5faae79edeee9abec8e2452aeee7f0e1704cc001cae64ef96 +AUX increase-cname-recustion-depth.patch 1164 SHA256 ba3460f692ca3238ab0afdb0f19cee42bcbd8fcf74bd2564a778a65027681c1e SHA512 a6ff23d44697ebe920bab7be58618f73dbbdd8cde4af4ac3e7455ee2b34a18f94cb2491b4b9ca306525aa5ee43e724f7b0ddddd58ac2702bd3cf75e0bb160431 WHIRLPOOL 2a0d0b6b44476c603a9c6edd7ba9e441618d559135805ed31edb451fd223619fd3f2e4e94004fbd4767ceb8e182e816a3ce046cb7a99608ce611eeeba8aad87f +AUX makefile-parallel-test25.patch 2828 SHA256 7fb572ac45d089ddc8a69789c857c13cb84f6a51023544e94459b624282a896b SHA512 0bb89b7141f74906f4bebf5ccc46dad5a4f9147048bfebd78f84a10b0d09f20c75ddb5e935d3e26ba9ce4f51c30270140dd635ab9e8d5ffdfb2aed94399cbe71 WHIRLPOOL 025222dc59da657e87fc9522dcec75f9f35ce405b78e0cd38d96c11470ae36732f1c616c617b63132c4b0ef51b0f5d1b8fd85eb12bb776c8f46000180e2bd104 +AUX srv_record_support.patch 5423 SHA256 0dffcfc7947fd37fba0d62a391d620049bd2845ff35573112c4bb60ffd900782 SHA512 2efedc7c7aaa209bb4a9d65ef1b28934d68c216fd428a27a099ba4801e8be04e1417bdbbf0077088264cd8bc3eb2441855c96890189d8d73804243e6ca4d0851 WHIRLPOOL c8ff0eef4bd77c5f4590c01c19b82277d31b0a7d1689d8952f76425a7027a6b8e9f0b26d413aa1f42be05b518692d531034d901ae6e3e29207f0ca560fcfa05e +AUX string_length_255.patch 299 SHA256 c9b8d0065cfe6d4a9ad460c31c2a75bcce17bfb8001f4448e3464dea07524401 SHA512 b451d23e1a45636dfae7cf69c64e3edde6b655bc0c7407586429e0d8282f17ef6215c6c33a6d238115c39d34fa57fa7699a7a10f146344c677fde10c0e207ac3 WHIRLPOOL 123bdee78c90909936a9af779925cb1da37b83a30e84cad7516f1ca8cf47d9a6445ec39103eb076dc834ec65976004f8bf9aabe63dfffd9604e1b70907c4bcb6 +DIST djbdns-1.05-man.tar.gz 17170 SHA256 ba1c58f14bc928908d8618230f400d73cfe2200ed800a272b63048e3e50be569 SHA512 98af7bd9033a2205fbbc0f23b7eab45b9756f6ceff5199a62952e19c89c9fe3c03495cb6f8621d388f883c40650309a1509095417df3f54af21a71350c4aa183 WHIRLPOOL b611e37e7422a4ae405fa15a4b9ff7eb8d0007d81310d044bc1982fe70dada1e4646cf22832e8e5320bae8d2e328eb87d59eb51c3d390f1089f30548053b839b +DIST djbdns-1.05-test27.diff.bz2 20695 SHA256 0de38133336016d5a9159d0fe1beaea809e2229820256af114cbf911f04f202a SHA512 e5acf26ff353ae20b6c2186140255bf0ae478a75a9946163d4474a003afbf8c2f47e61a12fc3ed4b9eff17ec8732e9d91bfbb10fb2762310b067180b6d471ba0 WHIRLPOOL 5c89691836a349553531816a8b4c5b6edc18c2c0a1cf8309b67344ad04c9575fbc5f9d79dcf156aeb692ccd7a6fbd2ce2838fb2fd7b85bd6cd0693a9f657e66e +DIST djbdns-1.05.tar.gz 85648 SHA256 3ccd826a02f3cde39be088e1fc6aed9fd57756b8f970de5dc99fcd2d92536b48 SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9 WHIRLPOOL 0fb67d19fcbf1cf21debcedfd3456d9cb9160079631ae1995e94aa9db3969ae02927f215ee8a5f03b34a6523cb9e3abebabf23e08e95eb1efdb626eb8b10312f +EBUILD djbdns-1.05-r32.ebuild 4351 SHA256 a3e173a023db38c4f20fde498620219195e98a5ae49f1c2d2adef7b13d6c2ba9 SHA512 03311e521344f266b46fa0e72e319363c22f344d330422343f6f4fb7474017ca97b6361decb7956a5e396b067a00aa11c82769945bec34ae285302a99804fd95 WHIRLPOOL b72d67501240ef743ac79f38950dba5f5204b62c95db8ee44a21f6c27e47d5bb250a11a071ffc701bf168ab953ef90e893cd5c424bf4396f0f54dcf482521778 +MISC ChangeLog 4915 SHA256 8ee980a3b2097262d1e602d87598d1a37bd77cca3c61fe7de97590a070198a87 SHA512 6c25da38ea8965a07bda490c4e086b21ab7694e24ea6b55988ea0321ef1a63ca1d12c035d303e0aec35f3e44d2f802c29f283346f3d1e8d97e840ab349ba4215 WHIRLPOOL 9861dd13436e1fd79681971a17e9cd5202e9cb3384d465c9b36baa5bb9de5cc35a060564ed3f5cd8489e659eeb7972c21963c7b1277e0513292428256ed7006e +MISC ChangeLog-2015 25660 SHA256 cf7b60a27d04d42e791803f46ce9d83b2e2f2217cdea4283483e70ff80f4fc7c SHA512 f71254675a3eba0663cb87c3ea8c4eb59a2dfbf328419515c2931aeda4a5927b5d8f974989e546ffa51c36fe84b6f2a780742abdd65a0048cf88da34351b9904 WHIRLPOOL cb2bbaee2a13d5b1cabaad029fec6895c4605fa7f60ad8b4ce79187b7c0364ce7d9ca5ad8fcd4585635cbe2a74dbf0c4aabaafde40a90e29c182ba6388009790 +MISC metadata.xml 244 SHA256 e017c9043889441d122efd4c2feecec335282a20ee0e88c87111e264fc71ff8a SHA512 125b00b9e85650a6dcc365871f9f8be44d85cde4b938a66f7d96b6dc0237a1cae68b30be1ee16d7850998fc31be35eaf459df1bb7d9ea169904854b532f37bab WHIRLPOOL b31eaa4e5069201623407695331e0d0cd64ec1199d26474a2e2800b521892db1d6443eb3fd533750a4193c2ce82372b77cd2cad7c77858a398c9d5c72ad62bec diff --git a/net-dns/djbdns/djbdns-1.05-r32.ebuild b/net-dns/djbdns/djbdns-1.05-r32.ebuild new file mode 100644 index 000000000000..acfed9c3992d --- /dev/null +++ b/net-dns/djbdns/djbdns-1.05-r32.ebuild @@ -0,0 +1,154 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit flag-o-matic readme.gentoo-r1 toolchain-funcs user + +DESCRIPTION="Collection of DNS client/server software" +HOMEPAGE="http://cr.yp.to/djbdns.html" +IPV6_PATCH="test27" + +SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz + http://smarden.org/pape/djb/manpages/${P}-man.tar.gz + ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )" + +SLOT="0" +LICENSE="public-domain" +KEYWORDS="alpha amd64 hppa ~mips ppc ppc64 sparc x86" +IUSE="ipv6 selinux" + +DEPEND="" +RDEPEND="sys-apps/ucspi-tcp + virtual/daemontools + selinux? ( sec-policy/selinux-djbdns )" + +src_unpack(){ + # Unpack both djbdns and its man pages to separate directories. + default + + # Now move the man pages under ${S} so that user patches can be + # applied to them as well in src_prepare(). + mv "${PN}-man" "${P}/man" || die "failed to transplant man pages" +} + +src_prepare() { + eapply \ + "${FILESDIR}/headtail-r1.patch" \ + "${FILESDIR}/dnsroots.patch" \ + "${FILESDIR}/dnstracesort.patch" \ + "${FILESDIR}/string_length_255.patch" \ + "${FILESDIR}/srv_record_support.patch" \ + "${FILESDIR}/increase-cname-recustion-depth.patch" + + # Fix CVE2009-0858 + eapply "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch" + + # Fix CVE2012-1191 + eapply "${FILESDIR}/CVE2012-1191_0001-ghost-domain-attack.patch" + + if use ipv6; then + elog 'At present dnstrace does NOT support IPv6. It will'\ + 'be compiled without IPv6 support.' + + # Create a separate copy of the source tree for dnstrace. + cp -pR "${S}" "${S}-noipv6" || die + + # The big ipv6 patch. + eapply "${WORKDIR}/${P}-${IPV6_PATCH}.diff" + + # Fix CVE2008-4392 (ipv6) + eapply \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \ + "${FILESDIR}/makefile-parallel-test25.patch" + + cd "${S}-noipv6" || die + fi + + # Fix CVE2008-4392 (no ipv6) + eapply \ + "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch" \ + "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch" + + # Later versions of the ipv6 patch include this, but even if + # USE=ipv6, we're in the ${S}-noipv6 directory at this point. + eapply "${FILESDIR}/${PV}-errno-r1.patch" + + eapply_user +} + +src_compile() { + echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die + echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die + echo "/usr" > conf-home || die + emake + + # If djbdns is compiled with IPv6 support, it breaks dnstrace. + # Therefore we must compile dnstrace separately without IPv6 + # support. + if use ipv6; then + elog 'Compiling dnstrace without ipv6 support' + cp conf-cc conf-ld conf-home "${S}-noipv6/" || die + cd "${S}-noipv6" || die + emake dnstrace + fi +} + +src_install() { + insinto /etc + doins dnsroots.global + + into /usr + dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \ + *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \ + dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort + + if use ipv6; then + dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace" + fi + + dodoc CHANGES README + + doman man/*.[158] + + readme.gentoo_create_doc +} + +pkg_preinst() { + # The nofiles group is no longer provided by baselayout. + # Share it with qmail if possible. + enewgroup nofiles 200 + + enewuser dnscache -1 -1 -1 nofiles + enewuser dnslog -1 -1 -1 nofiles + enewuser tinydns -1 -1 -1 nofiles +} + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=' +To configure djbdns, please follow the instructions at, + + http://cr.yp.to/djbdns.html + +Of particular interest are, + + axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html + dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html + tinydns : http://cr.yp.to/djbdns/run-server.html + +Portage has created users for axfrdns, dnscache, and tinydns; the +commands to configure these programs are, + + 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip + 2. dnscache-conf dnscache dnslog /var/dnscache $ip + 3. tinydns-conf tinydns dnslog /var/tinydns $ip + +(replace $ip with the ip address on which the server will run). + +If you wish to configure rbldns or walldns, you will need to create +those users yourself (although you should still use the "dnslog" +user for the logs): + + 4. rbldns-conf $username dnslog /var/rbldns $ip $base + 5. walldns-conf $username dnslog /var/walldns $ip +' diff --git a/net-dns/djbdns/files/1.05-errno-r1.patch b/net-dns/djbdns/files/1.05-errno-r1.patch new file mode 100644 index 000000000000..58f2f4b6c97a --- /dev/null +++ b/net-dns/djbdns/files/1.05-errno-r1.patch @@ -0,0 +1,11 @@ +--- a/error.h 2001-02-11 15:11:45.000000000 -0600 ++++ b/error.h 2003-02-26 02:10:21.000000000 -0600 +@@ -1,7 +1,7 @@ + #ifndef ERROR_H + #define ERROR_H + +-extern int errno; ++#include <errno.h> + + extern int error_intr; + extern int error_nomem; diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch new file mode 100644 index 000000000000..1d132d6d4f5e --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch @@ -0,0 +1,351 @@ +diff --git a/Makefile b/Makefile +index 5ccd647..eee09dd 100644 +--- a/Makefile ++++ b/Makefile +@@ -346,11 +346,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h + ./compile dns_txt.c + + dnscache: \ +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \ ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \ + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \ + libtai.a unix.a byte.a socket.lib + ./load dnscache droproot.o okclient.o log.o cache.o \ +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \ ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \ + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \ + socket.lib` + +@@ -371,7 +371,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \ + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \ + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \ + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \ +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h + ./compile dnscache.c + + dnsfilter: \ +@@ -749,11 +749,16 @@ qlog.o: \ + compile qlog.c buffer.h qlog.h uint16.h + ./compile qlog.c + ++qmerge.o: \ ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \ ++taia.h tai.h uint64.h log.h maxclient.h ++ ./compile qmerge.c ++ + query.o: \ + compile query.c error.h roots.h log.h uint64.h case.h cache.h \ + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \ + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \ +-response.h uint32.h query.h dns.h uint32.h ++response.h uint32.h query.h dns.h uint32.h qmerge.h + ./compile query.c + + random-ip: \ +diff --git a/dnscache.c b/dnscache.c +index abcba69..c84e4b8 100644 +--- a/dnscache.c ++++ b/dnscache.c +@@ -23,6 +23,7 @@ + #include "log.h" + #include "okclient.h" + #include "droproot.h" ++#include "maxclient.h" + + long interface; + +@@ -59,7 +60,6 @@ uint64 numqueries = 0; + + static int udp53; + +-#define MAXUDP 200 + static struct udpclient { + struct query q; + struct taia start; +@@ -136,7 +136,6 @@ void u_new(void) + + static int tcp53; + +-#define MAXTCP 20 + struct tcpclient { + struct query q; + struct taia start; +diff --git a/log.c b/log.c +index df465e2..1b0d98c 100644 +--- a/log.c ++++ b/log.c +@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser + line(); + } + ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control) ++{ ++ string("txpb "); ++ logtype(qtype); space(); name(q); space(); name(control); ++ line(); ++} ++ + void log_cachedanswer(const char *q,const char type[2]) + { + string("cached "); logtype(type); space(); +diff --git a/log.h b/log.h +index fe62fa3..d9a829b 100644 +--- a/log.h ++++ b/log.h +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *); + extern void log_cachedns(const char *,const char *); + + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); ++extern void log_tx_piggyback(const char *,const char *,const char *); + + extern void log_nxdomain(const char *,const char *,unsigned int); + extern void log_nodata(const char *,const char *,const char *,unsigned int); +diff --git a/maxclient.h b/maxclient.h +new file mode 100644 +index 0000000..e52fcd1 +--- /dev/null ++++ b/maxclient.h +@@ -0,0 +1,7 @@ ++#ifndef MAXCLIENT_H ++#define MAXCLIENT_H ++ ++#define MAXUDP 200 ++#define MAXTCP 20 ++ ++#endif /* MAXCLIENT_H */ +diff --git a/qmerge.c b/qmerge.c +new file mode 100644 +index 0000000..7c92299 +--- /dev/null ++++ b/qmerge.c +@@ -0,0 +1,115 @@ ++#include "qmerge.h" ++#include "byte.h" ++#include "log.h" ++#include "maxclient.h" ++ ++#define QMERGE_MAX (MAXUDP+MAXTCP) ++struct qmerge inprogress[QMERGE_MAX]; ++ ++static ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2], ++ const char *control) ++{ ++ if (!dns_domain_copy(&qmk->q, q)) return 0; ++ byte_copy(qmk->qtype, 2, qtype); ++ if (!dns_domain_copy(&qmk->control, control)) return 0; ++ return 1; ++} ++ ++static ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b) ++{ ++ return ++ byte_equal(a->qtype, 2, b->qtype) && ++ dns_domain_equal(a->q, b->q) && ++ dns_domain_equal(a->control, b->control); ++} ++ ++static ++void qmerge_key_free(struct qmerge_key *qmk) ++{ ++ dns_domain_free(&qmk->q); ++ dns_domain_free(&qmk->control); ++} ++ ++void qmerge_free(struct qmerge **x) ++{ ++ struct qmerge *qm; ++ ++ qm = *x; ++ *x = 0; ++ if (!qm || !qm->active) return; ++ ++ qm->active--; ++ if (!qm->active) { ++ qmerge_key_free(&qm->key); ++ dns_transmit_free(&qm->dt); ++ } ++} ++ ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive, ++ const char *q, const char qtype[2], const char localip[4], ++ const char *control) ++{ ++ struct qmerge_key k; ++ int i; ++ int r; ++ ++ qmerge_free(qm); ++ ++ byte_zero(&k, sizeof k); ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1; ++ for (i = 0; i < QMERGE_MAX; i++) { ++ if (!inprogress[i].active) continue; ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue; ++ log_tx_piggyback(q, qtype, control); ++ inprogress[i].active++; ++ *qm = &inprogress[i]; ++ qmerge_key_free(&k); ++ return 0; ++ } ++ ++ for (i = 0; i < QMERGE_MAX; i++) ++ if (!inprogress[i].active) ++ break; ++ if (i == QMERGE_MAX) return -1; ++ ++ log_tx(q, qtype, control, servers, 0); ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip); ++ if (r == -1) { qmerge_key_free(&k); return -1; } ++ inprogress[i].active++; ++ inprogress[i].state = 0; ++ qmerge_key_free(&inprogress[i].key); ++ byte_copy(&inprogress[i].key, sizeof k, &k); ++ *qm = &inprogress[i]; ++ return 0; ++} ++ ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline) ++{ ++ if (qm->state == 0) { ++ dns_transmit_io(&qm->dt, io, deadline); ++ qm->state = 1; ++ } ++ else { ++ io->fd = -1; ++ io->events = 0; ++ } ++} ++ ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when) ++{ ++ int r; ++ struct qmerge *qm; ++ ++ qm = *x; ++ if (qm->state == -1) return -1; /* previous error */ ++ if (qm->state == 0) return 0; /* no packet */ ++ if (qm->state == 2) return 1; /* already got packet */ ++ ++ r = dns_transmit_get(&qm->dt, io, when); ++ if (r == -1) { qm->state = -1; return -1; } /* error */ ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */ ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */ ++ return -1; /* bug */ ++} +diff --git a/qmerge.h b/qmerge.h +new file mode 100644 +index 0000000..9a58157 +--- /dev/null ++++ b/qmerge.h +@@ -0,0 +1,24 @@ ++#ifndef QMERGE_H ++#define QMERGE_H ++ ++#include "dns.h" ++ ++struct qmerge_key { ++ char *q; ++ char qtype[2]; ++ char *control; ++}; ++ ++struct qmerge { ++ int active; ++ struct qmerge_key key; ++ struct dns_transmit dt; ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */ ++}; ++ ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *); ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *); ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *); ++extern void qmerge_free(struct qmerge **); ++ ++#endif /* QMERGE_H */ +diff --git a/query.c b/query.c +index d61b20c..d9be8b8 100644 +--- a/query.c ++++ b/query.c +@@ -84,7 +84,7 @@ static void cleanup(struct query *z) + int j; + int k; + +- dns_transmit_free(&z->dt); ++ qmerge_free(&z->qm); + for (j = 0;j < QUERY_MAXALIAS;++j) + dns_domain_free(&z->alias[j]); + for (j = 0;j < QUERY_MAXLEVEL;++j) { +@@ -624,15 +624,9 @@ static int doit(struct query *z,int state) + if (j == 256) goto SERVFAIL; + + dns_sortip6(z->servers[z->level],256); +- if (z->level) { +- dtype = z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A; +- log_tx(z->name[z->level],dtype,z->control[z->level],z->servers[z->level],z->level); +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip) == -1) goto DIE; +- } +- else { +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0); +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE; +- } ++ dtype = z->level ? (z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A) : z->type; ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE; ++ + return 0; + + +@@ -646,10 +640,10 @@ static int doit(struct query *z,int state) + + HAVEPACKET: + if (++z->loop == 200) goto DIE; +- buf = z->dt.packet; +- len = z->dt.packetlen; ++ buf = z->qm->dt.packet; ++ len = z->qm->dt.packetlen; + +- whichserver = z->dt.servers + 16 * z->dt.curserver; ++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver; + control = z->control[z->level]; + d = z->name[z->level]; + /* dtype = z->level ? DNS_T_A : z->type; */ +@@ -1071,7 +1065,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip + + int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + { +- switch(dns_transmit_get(&z->dt,x,stamp)) { ++ switch(qmerge_get(&z->qm,x,stamp)) { + case 1: + return doit(z,1); + case -1: +@@ -1082,5 +1076,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + + void query_io(struct query *z,iopause_fd *x,struct taia *deadline) + { +- dns_transmit_io(&z->dt,x,deadline); ++ qmerge_io(z->qm,x,deadline); + } +diff --git a/query.h b/query.h +index 61812aa..93a322e 100644 +--- a/query.h ++++ b/query.h +@@ -1,7 +1,7 @@ + #ifndef QUERY_H + #define QUERY_H + +-#include "dns.h" ++#include "qmerge.h" + #include "uint32.h" + + #define QUERY_MAXLEVEL 5 +@@ -22,7 +22,7 @@ struct query { + uint32 scope_id; + char type[2]; + char class[2]; +- struct dns_transmit dt; ++ struct qmerge *qm; + } ; + + extern int query_start(struct query *,char *,char *,char *,char *,unsigned int); diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch new file mode 100644 index 000000000000..57e50955e69c --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch @@ -0,0 +1,349 @@ +diff --git a/Makefile b/Makefile +index 1429643..bc047c0 100644 +--- a/Makefile ++++ b/Makefile +@@ -318,11 +318,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h + ./compile dns_txt.c + + dnscache: \ +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \ ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \ + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \ + libtai.a unix.a byte.a socket.lib + ./load dnscache droproot.o okclient.o log.o cache.o \ +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \ ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \ + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \ + socket.lib` + +@@ -343,7 +343,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \ + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \ + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \ + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \ +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h + ./compile dnscache.c + + dnsfilter: \ +@@ -687,11 +687,16 @@ qlog.o: \ + compile qlog.c buffer.h qlog.h uint16.h + ./compile qlog.c + ++qmerge.o: \ ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \ ++taia.h tai.h uint64.h log.h maxclient.h ++ ./compile qmerge.c ++ + query.o: \ + compile query.c error.h roots.h log.h uint64.h case.h cache.h \ + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \ + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \ +-response.h uint32.h query.h dns.h uint32.h ++response.h uint32.h query.h dns.h uint32.h qmerge.h + ./compile query.c + + random-ip: \ +diff --git a/dnscache.c b/dnscache.c +index 8c899a3..5ccb16a 100644 +--- a/dnscache.c ++++ b/dnscache.c +@@ -22,6 +22,7 @@ + #include "log.h" + #include "okclient.h" + #include "droproot.h" ++#include "maxclient.h" + + static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2]) + { +@@ -54,7 +55,6 @@ uint64 numqueries = 0; + + static int udp53; + +-#define MAXUDP 200 + static struct udpclient { + struct query q; + struct taia start; +@@ -131,7 +131,6 @@ void u_new(void) + + static int tcp53; + +-#define MAXTCP 20 + struct tcpclient { + struct query q; + struct taia start; +diff --git a/log.c b/log.c +index c43e8b0..b8cd7ce 100644 +--- a/log.c ++++ b/log.c +@@ -150,6 +150,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser + line(); + } + ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control) ++{ ++ string("txpb "); ++ logtype(qtype); space(); name(q); space(); name(control); ++ line(); ++} ++ + void log_cachedanswer(const char *q,const char type[2]) + { + string("cached "); logtype(type); space(); +diff --git a/log.h b/log.h +index fe62fa3..d9a829b 100644 +--- a/log.h ++++ b/log.h +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *); + extern void log_cachedns(const char *,const char *); + + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); ++extern void log_tx_piggyback(const char *,const char *,const char *); + + extern void log_nxdomain(const char *,const char *,unsigned int); + extern void log_nodata(const char *,const char *,const char *,unsigned int); +diff --git a/maxclient.h b/maxclient.h +new file mode 100644 +index 0000000..e52fcd1 +--- /dev/null ++++ b/maxclient.h +@@ -0,0 +1,7 @@ ++#ifndef MAXCLIENT_H ++#define MAXCLIENT_H ++ ++#define MAXUDP 200 ++#define MAXTCP 20 ++ ++#endif /* MAXCLIENT_H */ +diff --git a/qmerge.c b/qmerge.c +new file mode 100644 +index 0000000..7c92299 +--- /dev/null ++++ b/qmerge.c +@@ -0,0 +1,115 @@ ++#include "qmerge.h" ++#include "byte.h" ++#include "log.h" ++#include "maxclient.h" ++ ++#define QMERGE_MAX (MAXUDP+MAXTCP) ++struct qmerge inprogress[QMERGE_MAX]; ++ ++static ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2], ++ const char *control) ++{ ++ if (!dns_domain_copy(&qmk->q, q)) return 0; ++ byte_copy(qmk->qtype, 2, qtype); ++ if (!dns_domain_copy(&qmk->control, control)) return 0; ++ return 1; ++} ++ ++static ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b) ++{ ++ return ++ byte_equal(a->qtype, 2, b->qtype) && ++ dns_domain_equal(a->q, b->q) && ++ dns_domain_equal(a->control, b->control); ++} ++ ++static ++void qmerge_key_free(struct qmerge_key *qmk) ++{ ++ dns_domain_free(&qmk->q); ++ dns_domain_free(&qmk->control); ++} ++ ++void qmerge_free(struct qmerge **x) ++{ ++ struct qmerge *qm; ++ ++ qm = *x; ++ *x = 0; ++ if (!qm || !qm->active) return; ++ ++ qm->active--; ++ if (!qm->active) { ++ qmerge_key_free(&qm->key); ++ dns_transmit_free(&qm->dt); ++ } ++} ++ ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive, ++ const char *q, const char qtype[2], const char localip[4], ++ const char *control) ++{ ++ struct qmerge_key k; ++ int i; ++ int r; ++ ++ qmerge_free(qm); ++ ++ byte_zero(&k, sizeof k); ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1; ++ for (i = 0; i < QMERGE_MAX; i++) { ++ if (!inprogress[i].active) continue; ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue; ++ log_tx_piggyback(q, qtype, control); ++ inprogress[i].active++; ++ *qm = &inprogress[i]; ++ qmerge_key_free(&k); ++ return 0; ++ } ++ ++ for (i = 0; i < QMERGE_MAX; i++) ++ if (!inprogress[i].active) ++ break; ++ if (i == QMERGE_MAX) return -1; ++ ++ log_tx(q, qtype, control, servers, 0); ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip); ++ if (r == -1) { qmerge_key_free(&k); return -1; } ++ inprogress[i].active++; ++ inprogress[i].state = 0; ++ qmerge_key_free(&inprogress[i].key); ++ byte_copy(&inprogress[i].key, sizeof k, &k); ++ *qm = &inprogress[i]; ++ return 0; ++} ++ ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline) ++{ ++ if (qm->state == 0) { ++ dns_transmit_io(&qm->dt, io, deadline); ++ qm->state = 1; ++ } ++ else { ++ io->fd = -1; ++ io->events = 0; ++ } ++} ++ ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when) ++{ ++ int r; ++ struct qmerge *qm; ++ ++ qm = *x; ++ if (qm->state == -1) return -1; /* previous error */ ++ if (qm->state == 0) return 0; /* no packet */ ++ if (qm->state == 2) return 1; /* already got packet */ ++ ++ r = dns_transmit_get(&qm->dt, io, when); ++ if (r == -1) { qm->state = -1; return -1; } /* error */ ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */ ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */ ++ return -1; /* bug */ ++} +diff --git a/qmerge.h b/qmerge.h +new file mode 100644 +index 0000000..9a58157 +--- /dev/null ++++ b/qmerge.h +@@ -0,0 +1,24 @@ ++#ifndef QMERGE_H ++#define QMERGE_H ++ ++#include "dns.h" ++ ++struct qmerge_key { ++ char *q; ++ char qtype[2]; ++ char *control; ++}; ++ ++struct qmerge { ++ int active; ++ struct qmerge_key key; ++ struct dns_transmit dt; ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */ ++}; ++ ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *); ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *); ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *); ++extern void qmerge_free(struct qmerge **); ++ ++#endif /* QMERGE_H */ +diff --git a/query.c b/query.c +index 46cdc00..f091fdd 100644 +--- a/query.c ++++ b/query.c +@@ -81,7 +81,7 @@ static void cleanup(struct query *z) + int j; + int k; + +- dns_transmit_free(&z->dt); ++ qmerge_free(&z->qm); + for (j = 0;j < QUERY_MAXALIAS;++j) + dns_domain_free(&z->alias[j]); + for (j = 0;j < QUERY_MAXLEVEL;++j) { +@@ -429,14 +429,8 @@ static int doit(struct query *z,int state) + if (j == 64) goto SERVFAIL; + + dns_sortip(z->servers[z->level],64); +- if (z->level) { +- log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level); +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE; +- } +- else { +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0); +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE; +- } ++ dtype = z->level ? DNS_T_A : z->type; ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE; + return 0; + + +@@ -450,10 +444,10 @@ static int doit(struct query *z,int state) + + HAVEPACKET: + if (++z->loop == 200) goto DIE; +- buf = z->dt.packet; +- len = z->dt.packetlen; ++ buf = z->qm->dt.packet; ++ len = z->qm->dt.packetlen; + +- whichserver = z->dt.servers + 4 * z->dt.curserver; ++ whichserver = z->qm->dt.servers + 4 * z->qm->dt.curserver; + control = z->control[z->level]; + d = z->name[z->level]; + dtype = z->level ? DNS_T_A : z->type; +@@ -836,7 +830,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip + + int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + { +- switch(dns_transmit_get(&z->dt,x,stamp)) { ++ switch(qmerge_get(&z->qm,x,stamp)) { + case 1: + return doit(z,1); + case -1: +@@ -847,5 +841,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + + void query_io(struct query *z,iopause_fd *x,struct taia *deadline) + { +- dns_transmit_io(&z->dt,x,deadline); ++ qmerge_io(z->qm,x,deadline); + } +diff --git a/query.h b/query.h +index eff68b2..06feab4 100644 +--- a/query.h ++++ b/query.h +@@ -1,7 +1,7 @@ + #ifndef QUERY_H + #define QUERY_H + +-#include "dns.h" ++#include "qmerge.h" + #include "uint32.h" + + #define QUERY_MAXLEVEL 5 +@@ -20,7 +20,7 @@ struct query { + char localip[4]; + char type[2]; + char class[2]; +- struct dns_transmit dt; ++ struct qmerge *qm; + } ; + + extern int query_start(struct query *,char *,char *,char *,char *); diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch new file mode 100644 index 000000000000..d5b9c10d64d3 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch @@ -0,0 +1,68 @@ +diff -urNp a/query.c b/query.c +--- a/query.c 2009-03-19 11:35:28.452472164 -0700 ++++ b/query.c 2009-03-19 11:59:19.798221593 -0700 +@@ -476,6 +476,29 @@ static int doit(struct query *z,int stat + } + } + ++ if (typematch(DNS_T_SOA,dtype)) { ++ byte_copy(key,2,DNS_T_SOA); ++ cached = cache_get(key,dlen + 2,&cachedlen,&ttl); ++ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { ++ log_cachedanswer(d,DNS_T_SOA); ++ if (!rqa(z)) goto DIE; ++ pos = 0; ++ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) { ++ pos = dns_packet_getname(cached,cachedlen,pos,&t2); ++ if (!pos) break; ++ pos = dns_packet_getname(cached,cachedlen,pos,&t3); ++ if (!pos) break; ++ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE; ++ if (!response_addname(t2)) goto DIE; ++ if (!response_addname(t3)) goto DIE; ++ if (!response_addbytes(misc,20)) goto DIE; ++ response_rfinish(RESPONSE_ANSWER); ++ } ++ cleanup(z); ++ return 1; ++ } ++ } ++ + if (typematch(DNS_T_A,dtype)) { + byte_copy(key,2,DNS_T_A); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); +@@ -541,7 +564,7 @@ static int doit(struct query *z,int stat + } + } + +- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_AAAA,dtype)) { ++ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype) && !typematch(DNS_T_AAAA,dtype)) { + byte_copy(key,2,dtype); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); + if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { +@@ -769,15 +792,24 @@ static int doit(struct query *z,int stat + else if (byte_equal(type,2,DNS_T_AXFR)) + ; + else if (byte_equal(type,2,DNS_T_SOA)) { ++ int non_authority = 0; ++ save_start(); + while (i < j) { + pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE; + pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE; +- if (records[i] < posauthority) ++ if (records[i] < posauthority) { + log_rrsoa(whichserver,t1,t2,t3,misc,ttl); ++ save_data(misc,20); ++ save_data(t2,dns_domain_length(t2)); ++ save_data(t3,dns_domain_length(t3)); ++ non_authority++; ++ } + ++i; + } ++ if (non_authority) ++ save_finish(DNS_T_SOA,t1,ttl); + } + else if (byte_equal(type,2,DNS_T_CNAME)) { + pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE; diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch new file mode 100644 index 000000000000..9230e7583ddd --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records.patch @@ -0,0 +1,70 @@ +diff --git a/query.c b/query.c +index 46cdc00..4574e97 100644 +--- a/query.c ++++ b/query.c +@@ -319,6 +319,29 @@ static int doit(struct query *z,int state) + } + } + ++ if (typematch(DNS_T_SOA,dtype)) { ++ byte_copy(key,2,DNS_T_SOA); ++ cached = cache_get(key,dlen + 2,&cachedlen,&ttl); ++ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { ++ log_cachedanswer(d,DNS_T_SOA); ++ if (!rqa(z)) goto DIE; ++ pos = 0; ++ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) { ++ pos = dns_packet_getname(cached,cachedlen,pos,&t2); ++ if (!pos) break; ++ pos = dns_packet_getname(cached,cachedlen,pos,&t3); ++ if (!pos) break; ++ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE; ++ if (!response_addname(t2)) goto DIE; ++ if (!response_addname(t3)) goto DIE; ++ if (!response_addbytes(misc,20)) goto DIE; ++ response_rfinish(RESPONSE_ANSWER); ++ } ++ cleanup(z); ++ return 1; ++ } ++ } ++ + if (typematch(DNS_T_A,dtype)) { + byte_copy(key,2,DNS_T_A); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); +@@ -351,7 +374,7 @@ static int doit(struct query *z,int state) + } + } + +- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) { ++ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) { + byte_copy(key,2,dtype); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); + if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { +@@ -585,15 +608,24 @@ static int doit(struct query *z,int state) + else if (byte_equal(type,2,DNS_T_AXFR)) + ; + else if (byte_equal(type,2,DNS_T_SOA)) { ++ int non_authority = 0; ++ save_start(); + while (i < j) { + pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE; + pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE; +- if (records[i] < posauthority) ++ if (records[i] < posauthority) { + log_rrsoa(whichserver,t1,t2,t3,misc,ttl); ++ save_data(misc,20); ++ save_data(t2,dns_domain_length(t2)); ++ save_data(t3,dns_domain_length(t3)); ++ non_authority++; ++ } + ++i; + } ++ if (non_authority) ++ save_finish(DNS_T_SOA,t1,ttl); + } + else if (byte_equal(type,2,DNS_T_CNAME)) { + pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE; + diff --git a/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch b/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch new file mode 100644 index 000000000000..23d8e9f86b12 --- /dev/null +++ b/net-dns/djbdns/files/CVE2009-0858_0001-check-response-domain-name-length.patch @@ -0,0 +1,11 @@ +--- a/response.c ++++ b/response.c +@@ -34,7 +34,7 @@ int response_addname(const char *d) + uint16_pack_big(buf,49152 + name_ptr[i]); + return response_addbytes(buf,2); + } +- if (dlen <= 128) ++ if ((dlen <= 128) && (response_len < 16384)) + if (name_num < NAMES) { + byte_copy(name[name_num],dlen,d); + name_ptr[name_num] = response_len; diff --git a/net-dns/djbdns/files/CVE2012-1191_0001-ghost-domain-attack.patch b/net-dns/djbdns/files/CVE2012-1191_0001-ghost-domain-attack.patch new file mode 100644 index 000000000000..8d9b194411f3 --- /dev/null +++ b/net-dns/djbdns/files/CVE2012-1191_0001-ghost-domain-attack.patch @@ -0,0 +1,22 @@ +Fix ghost domain attack vulnerability (CVE-2012-1191) + +Author: Peter Conrad <conrad@tivano.de> +Origin: http://marc.info/?l=djbdns&m=134269902121506&w=2 + +Gentoo-Bug: https://bugs.gentoo.org/404959 + +--- a/query.c ++++ b/query.c +@@ -792,6 +792,12 @@ static int doit(struct query *z,int state) + } + + if (!dns_domain_suffix(t1,control)) { i = j; continue; } ++ ++ if (!flagforwardonly && byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) { ++ char dummy[256]; ++ if (!roots(dummy,control)) { i = j; continue; } ++ } ++ + if (!roots_same(t1,control)) { i = j; continue; } + + if (byte_equal(type,2,DNS_T_ANY)) diff --git a/net-dns/djbdns/files/dnsroots.patch b/net-dns/djbdns/files/dnsroots.patch new file mode 100644 index 000000000000..d2524be5a870 --- /dev/null +++ b/net-dns/djbdns/files/dnsroots.patch @@ -0,0 +1,20 @@ +--- a/dnsroots.global ++++ b/dnsroots.global +@@ -1,13 +1,13 @@ + 198.41.0.4 +-128.9.0.107 ++192.228.79.201 + 192.33.4.12 +-128.8.10.90 ++199.7.91.13 + 192.203.230.10 + 192.5.5.241 + 192.112.36.4 + 128.63.2.53 + 192.36.148.17 +-198.41.0.10 ++192.58.128.30 + 193.0.14.129 +-198.32.64.12 ++199.7.83.42 + 202.12.27.33 diff --git a/net-dns/djbdns/files/dnstracesort.patch b/net-dns/djbdns/files/dnstracesort.patch new file mode 100644 index 000000000000..3bf56f5a1ce6 --- /dev/null +++ b/net-dns/djbdns/files/dnstracesort.patch @@ -0,0 +1,11 @@ +--- djbdns-1.05/dnstracesort.sh.orig 2006-04-26 21:52:54.000000000 +0200 ++++ djbdns-1.05/dnstracesort.sh 2006-04-26 21:53:02.000000000 +0200 +@@ -12,7 +12,7 @@ + } + print + } +-' | sort -t: +0 -2 +4 +3 -4 +2 -3 | uniq | awk -F: ' ++' | sort -t: -k 1,3 -k 5 -k 4,5 -k 3,4 | uniq | awk -F: ' + { + type = $1 + q = $2 diff --git a/net-dns/djbdns/files/headtail-r1.patch b/net-dns/djbdns/files/headtail-r1.patch new file mode 100644 index 000000000000..31854803ba89 --- /dev/null +++ b/net-dns/djbdns/files/headtail-r1.patch @@ -0,0 +1,67 @@ +diff -Naur /tmp/djbdns-1.05/Makefile djbdns-1.05/Makefile +--- a/Makefile 2003-11-16 20:33:41.000000000 +0100 ++++ b/Makefile 2003-11-16 20:35:15.000000000 +0100 +@@ -31,7 +31,7 @@ + + auto_home.c: \ + auto-str conf-home +- ./auto-str auto_home `head -1 conf-home` > auto_home.c ++ ./auto-str auto_home `head -n 1 conf-home` > auto_home.c + + auto_home.o: \ + compile auto_home.c +@@ -205,14 +205,14 @@ + choose: \ + warn-auto.sh choose.sh conf-home + cat warn-auto.sh choose.sh \ +- | sed s}HOME}"`head -1 conf-home`"}g \ ++ | sed s}HOME}"`head -n 1 conf-home`"}g \ + > choose + chmod 755 choose + + compile: \ + warn-auto.sh conf-cc + ( cat warn-auto.sh; \ +- echo exec "`head -1 conf-cc`" '-c $${1+"$$@"}' \ ++ echo exec "`head -n 1 conf-cc`" '-c $${1+"$$@"}' \ + ) > compile + chmod 755 compile + +@@ -449,7 +449,7 @@ + dnstracesort: \ + warn-auto.sh dnstracesort.sh conf-home + cat warn-auto.sh dnstracesort.sh \ +- | sed s}HOME}"`head -1 conf-home`"}g \ ++ | sed s}HOME}"`head -n 1 conf-home`"}g \ + > dnstracesort + chmod 755 dnstracesort + +@@ -570,7 +570,7 @@ + warn-auto.sh conf-ld + ( cat warn-auto.sh; \ + echo 'main="$$1"; shift'; \ +- echo exec "`head -1 conf-ld`" \ ++ echo exec "`head -n 1 conf-ld`" \ + '-o "$$main" "$$main".o $${1+"$$@"}' \ + ) > load + chmod 755 load +@@ -758,7 +758,7 @@ + rts: \ + warn-auto.sh rts.sh conf-home + cat warn-auto.sh rts.sh \ +- | sed s}HOME}"`head -1 conf-home`"}g \ ++ | sed s}HOME}"`head -n 1 conf-home`"}g \ + > rts + chmod 755 rts + +@@ -901,8 +901,8 @@ + systype: \ + find-systype.sh conf-cc conf-ld trycpp.c x86cpuid.c + ( cat warn-auto.sh; \ +- echo CC=\'`head -1 conf-cc`\'; \ +- echo LD=\'`head -1 conf-ld`\'; \ ++ echo CC=\'`head -n 1 conf-cc`\'; \ ++ echo LD=\'`head -n 1 conf-ld`\'; \ + cat find-systype.sh; \ + ) | sh > systype + diff --git a/net-dns/djbdns/files/increase-cname-recustion-depth.patch b/net-dns/djbdns/files/increase-cname-recustion-depth.patch new file mode 100644 index 000000000000..3415f6567056 --- /dev/null +++ b/net-dns/djbdns/files/increase-cname-recustion-depth.patch @@ -0,0 +1,43 @@ +From d8534e8482bdd3f6e4ae1dca8452e65c24dd34f7 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky <michael@orlitzky.com> +Date: Fri, 5 Aug 2016 09:13:11 -0400 +Subject: [PATCH 1/1] query.c: increase recursion depth to 200. + +The recursion loop for CNAME resolution has an upper limit of 100 +iterations by default. This has proven too small in some cases where +large CDNs are concerned. This commit increases the limit to 200. + +The patch was based on the OpenWrt fix, supplied by user ylxu. + +Gentoo-Bug: 590548 +OpenWrt-Bug: 5881 +SMEServer-Bug: 8362 +--- + query.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/query.c b/query.c +index 46cdc00..61fe708 100644 +--- a/query.c ++++ b/query.c +@@ -203,7 +203,7 @@ static int doit(struct query *z,int state) + + + NEWNAME: +- if (++z->loop == 100) goto DIE; ++ if (++z->loop == 200) goto DIE; + d = z->name[z->level]; + dtype = z->level ? DNS_T_A : z->type; + dlen = dns_domain_length(d); +@@ -449,7 +449,7 @@ static int doit(struct query *z,int state) + + + HAVEPACKET: +- if (++z->loop == 100) goto DIE; ++ if (++z->loop == 200) goto DIE; + buf = z->dt.packet; + len = z->dt.packetlen; + +-- +2.7.3 + diff --git a/net-dns/djbdns/files/makefile-parallel-test25.patch b/net-dns/djbdns/files/makefile-parallel-test25.patch new file mode 100644 index 000000000000..2754729acb97 --- /dev/null +++ b/net-dns/djbdns/files/makefile-parallel-test25.patch @@ -0,0 +1,91 @@ +diff --git a/Makefile b/Makefile +index 9ebf4c8..fe5ed73 100644 +--- a/Makefile ++++ b/Makefile +@@ -212,7 +212,7 @@ warn-auto.sh choose.sh conf-home + chmod 755 choose + + clientloc.o: \ +-compile clientloc.c open.h byte.h cdb.h ip6.h ++compile clientloc.c open.h byte.h cdb.h uint32.h ip6.h + ./compile clientloc.c + + compile: \ +@@ -336,7 +336,7 @@ taia.h tai.h uint64.h taia.h + + dns_transmit.o: \ + compile dns_transmit.c socket.h uint16.h alloc.h error.h byte.h \ +-uint16.h dns.h stralloc.h gen_alloc.h iopause.h taia.h tai.h uint64.h \ ++uint32.h dns.h stralloc.h gen_alloc.h iopause.h taia.h tai.h uint64.h \ + taia.h + ./compile dns_transmit.c + +@@ -859,15 +859,15 @@ trylsock.c compile load + rm -f trylsock.o trylsock + + socket_accept.o: \ +-compile socket_accept.c byte.h socket.h uint16.h ++compile socket_accept.c byte.h socket.h uint16.h uint32.h + ./compile socket_accept.c + + socket_accept6.o: \ +-compile socket_accept6.c byte.h socket.h uint16.h ++compile socket_accept6.c byte.h socket.h uint16.h uint32.h + ./compile socket_accept6.c + + socket_bind.o: \ +-compile socket_bind.c byte.h socket.h uint16.h ++compile socket_bind.c byte.h socket.h uint16.h uint32.h + ./compile socket_bind.c + + socket_bind6.o: \ +@@ -875,7 +875,7 @@ compile socket_bind6.c sockaddr_in6.h haveip6.h byte.h socket.h uint16.h uint32. + ./compile socket_bind6.c + + socket_conn.o: \ +-compile socket_conn.c byte.h socket.h uint16.h ++compile socket_conn.c byte.h socket.h uint16.h uint32.h + ./compile socket_conn.c + + socket_connect6.o: \ +@@ -883,11 +883,11 @@ compile socket_connect6.c byte.h socket.h uint16.h uint32.h + ./compile socket_connect6.c + + socket_listen.o: \ +-compile socket_listen.c socket.h uint16.h ++compile socket_listen.c socket.h uint16.h uint32.h + ./compile socket_listen.c + + socket_recv.o: \ +-compile socket_recv.c byte.h socket.h uint16.h ++compile socket_recv.c byte.h socket.h uint16.h uint32.h + ./compile socket_recv.c + + socket_recv6.o: \ +@@ -895,7 +895,7 @@ compile socket_recv6.c sockaddr_in6.h haveip6.h byte.h socket.h uint16.h uint32. + ./compile socket_recv6.c + + socket_send.o: \ +-compile socket_send.c byte.h socket.h uint16.h ++compile socket_send.c byte.h socket.h uint16.h uint32.h + ./compile socket_send.c + + socket_send6.o: \ +@@ -903,7 +903,7 @@ compile socket_send6.c byte.h socket.h uint16.h uint32.h ip6.h haveip6.h error.h + ./compile socket_send6.c + + socket_tcp.o: \ +-compile socket_tcp.c ndelay.h socket.h uint16.h ++compile socket_tcp.c ndelay.h socket.h uint16.h uint32.h + ./compile socket_tcp.c + + socket_tcp6.o: \ +@@ -911,7 +911,7 @@ compile socket_tcp6.c ndelay.h socket.h uint16.h uint32.h haveip6.h + ./compile socket_tcp6.c + + socket_udp.o: \ +-compile socket_udp.c ndelay.h socket.h uint16.h ++compile socket_udp.c ndelay.h socket.h uint16.h uint32.h + ./compile socket_udp.c + + socket_udp6.o: \ diff --git a/net-dns/djbdns/files/srv_record_support.patch b/net-dns/djbdns/files/srv_record_support.patch new file mode 100644 index 000000000000..736884208363 --- /dev/null +++ b/net-dns/djbdns/files/srv_record_support.patch @@ -0,0 +1,180 @@ +From: Michael Handler <handler@sub-rosa.com> +To: dns@list.cr.yp.to +Subject: tinydns-data SRV & axfr-get SRV/PTR patches +Date: Thu, 14 Sep 2000 20:37:50 -0400 + +Here's a combined patch that: + +a) adds a native SRV type to tinydns-data + +Sfqdn:ip:x:port:weight:priority:ttl:timestamp + +Standard rules for ip, x, ttl, and timestamp apply. Port, weight, and +priority all range from 0-65535. Weight and priority are optional; they +default to zero if not provided. + +Sconsole.zoinks.example.com:1.2.3.4:rack102-con1:2001:69:7:300: + +b) makes axfr-get decompose SRV and PTR records and write them out in +native format, rather than opaque. Again, this is necessary because if the +DNAME fields in the records reference the same zone as fqdn, they can have +compression pointers that are bogus outside the context of that specific +packet, and which can't be correctly loaded into data.cdb by tinydns-data. + +--michael + +Laurent G. Bercot <ska-djbdns@skarnet.org> updated it for +djbdns-1.05. Documentation patch by Alex Efros. + +diff -rNU3 djbdns-1.05/axfr-get.c djbdns-1.05-srv/axfr-get.c +--- djbdns-1.05/axfr-get.c Sun Feb 11 22:11:45 2001 ++++ djbdns-1.05/axfr-get.c Thu Oct 18 14:46:56 2001 +@@ -209,6 +209,26 @@ + if (!stralloc_cats(&line,".:")) return 0; + if (!stralloc_catulong0(&line,dist,0)) return 0; + } ++ else if (byte_equal(data,2,DNS_T_SRV)) { ++ uint16 dist, weight, port; ++ if (!stralloc_copys(&line,"S")) return 0; ++ if (!dns_domain_todot_cat(&line,d1)) return 0; ++ if (!stralloc_cats(&line,"::")) return 0; ++ pos = x_copy(buf,len,pos,data,2); ++ uint16_unpack_big(data,&dist); ++ pos = x_copy(buf,len,pos,data,2); ++ uint16_unpack_big(data,&weight); ++ pos = x_copy(buf,len,pos,data,2); ++ uint16_unpack_big(data,&port); ++ x_getname(buf,len,pos,&d1); ++ if (!dns_domain_todot_cat(&line,d1)) return 0; ++ if (!stralloc_cats(&line,".:")) return 0; ++ if (!stralloc_catulong0(&line,dist,0)) return 0; ++ if (!stralloc_cats(&line,":")) return 0; ++ if (!stralloc_catulong0(&line,weight,0)) return 0; ++ if (!stralloc_cats(&line,":")) return 0; ++ if (!stralloc_catulong0(&line,port,0)) return 0; ++ } + else if (byte_equal(data,2,DNS_T_A) && (dlen == 4)) { + char ipstr[IP4_FMT]; + if (!stralloc_copys(&line,"+")) return 0; +@@ -216,6 +236,14 @@ + if (!stralloc_cats(&line,":")) return 0; + x_copy(buf,len,pos,data,4); + if (!stralloc_catb(&line,ipstr,ip4_fmt(ipstr,data))) return 0; ++ } ++ else if (byte_equal(data,2,DNS_T_PTR)) { ++ if (!stralloc_copys(&line,"^")) return 0; ++ if (!dns_domain_todot_cat(&line,d1)) return 0; ++ if (!stralloc_cats(&line,":")) return 0; ++ x_getname(buf,len,pos,&d1); ++ if (!dns_domain_todot_cat(&line,d1)) return 0; ++ if (!stralloc_cats(&line,".")) return 0; + } + else { + unsigned char ch; +diff -rNU3 djbdns-1.05/dns.h djbdns-1.05-srv/dns.h +--- djbdns-1.05/dns.h Sun Feb 11 22:11:45 2001 ++++ djbdns-1.05/dns.h Thu Oct 18 14:46:56 2001 +@@ -20,6 +20,7 @@ + #define DNS_T_SIG "\0\30" + #define DNS_T_KEY "\0\31" + #define DNS_T_AAAA "\0\34" ++#define DNS_T_SRV "\0\41" + #define DNS_T_AXFR "\0\374" + #define DNS_T_ANY "\0\377" + +diff -rNU3 djbdns-1.05/tinydns-data.c djbdns-1.05-srv/tinydns-data.c +--- djbdns-1.05/tinydns-data.c Sun Feb 11 22:11:45 2001 ++++ djbdns-1.05/tinydns-data.c Thu Oct 18 14:50:53 2001 +@@ -196,6 +196,7 @@ + char type[2]; + char soa[20]; + char buf[4]; ++ char srv[6]; + + umask(022); + +@@ -360,6 +361,43 @@ + rr_start(DNS_T_MX,ttl,ttd,loc); + uint16_pack_big(buf,u); + rr_add(buf,2); ++ rr_addname(d2); ++ rr_finish(d1); ++ ++ if (ip4_scan(f[1].s,ip)) { ++ rr_start(DNS_T_A,ttl,ttd,loc); ++ rr_add(ip,4); ++ rr_finish(d2); ++ } ++ break; ++ ++ case 'S': ++ if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem(); ++ if (!stralloc_0(&f[6])) nomem(); ++ if (!scan_ulong(f[6].s,&ttl)) ttl = TTL_POSITIVE; ++ ttdparse(&f[7],ttd); ++ locparse(&f[8],loc); ++ ++ if (!stralloc_0(&f[1])) nomem(); ++ ++ if (byte_chr(f[2].s,f[2].len,'.') >= f[2].len) { ++ if (!stralloc_cats(&f[2],".srv.")) nomem(); ++ if (!stralloc_catb(&f[2],f[0].s,f[0].len)) nomem(); ++ } ++ if (!dns_domain_fromdot(&d2,f[2].s,f[2].len)) nomem(); ++ ++ if (!stralloc_0(&f[4])) nomem(); ++ if (!scan_ulong(f[4].s,&u)) u = 0; ++ uint16_pack_big(srv,u); ++ if (!stralloc_0(&f[5])) nomem(); ++ if (!scan_ulong(f[5].s,&u)) u = 0; ++ uint16_pack_big(srv + 2,u); ++ if (!stralloc_0(&f[3])) nomem(); ++ if (!scan_ulong(f[3].s,&u)) nomem(); ++ uint16_pack_big(srv + 4,u); ++ ++ rr_start(DNS_T_SRV,ttl,ttd,loc); ++ rr_add(srv,6); + rr_addname(d2); + rr_finish(d1); + +--- djbdns-1.05/man/tinydns-data.8 2003-10-23 10:47:32.000000000 +0300 ++++ djbdns-1.05/man/tinydns-data.8 2014-09-26 02:51:59.861716505 +0300 +@@ -487,6 +487,38 @@ + .RI \ 072 + is a colon. + ++.RI S fqdn\fR:\fIip\fR:\fIx\fR:\fIport\fR:\fIweight\fR:\fIpriority\fR:\fIttl\fR:\fItimestamp\fR:\fIlo\fR ++ ++SRV record for ++.IR fqdn . ++ ++.B tinydns-data ++creates ++.IP ++an SRV record ++showing ++.IR x\fR.srv.\fIfqdn\fR:\fIport\fR ++as a service for ++.IR fqdn ++with given \fIweight\fR and \fIpriority\fR ++(\fIport\fR, \fIweight\fR and \fIpriority\fR must be in range 0-65535; ++\fIweight\fR and \fIpriority\fR are optional; ++they default to zero if not provided) ++and ++.P ++.IP ++an A record showing ++.I ip ++as the IP address ++of ++.IR x\fR.srv.\fIfqdn . ++.P ++ ++If ++.I x ++contains a dot ++then it is treated specially; see above. ++ + .RI ^ fqdn\fR:\fIp\fR:\fIttl\fR:\fItimestamp\fR:\fIlo\fR + + PTR record for diff --git a/net-dns/djbdns/files/string_length_255.patch b/net-dns/djbdns/files/string_length_255.patch new file mode 100644 index 000000000000..ad383b756bf9 --- /dev/null +++ b/net-dns/djbdns/files/string_length_255.patch @@ -0,0 +1,11 @@ +--- a/tinydns-data.c 2001-02-11 16:11:45.000000000 -0500 ++++ b/tinydns-data.c 2011-04-02 10:41:34.356302891 -0400 +@@ -399,7 +399,7 @@ + i = 0; + while (i < f[1].len) { + k = f[1].len - i; +- if (k > 127) k = 127; ++ if (k > 255) k = 255; + ch = k; + rr_add(&ch,1); + rr_add(f[1].s + i,k); diff --git a/net-dns/djbdns/metadata.xml b/net-dns/djbdns/metadata.xml new file mode 100644 index 000000000000..b8c90c07ff33 --- /dev/null +++ b/net-dns/djbdns/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> + <email>mjo@gentoo.org</email> + <name>Michael Orlitzky</name> +</maintainer> +</pkgmetadata> |