From 407525b571b48cfd65e1ad7a02d250a927c967c9 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Fri, 1 Dec 2017 03:04:39 +0000
Subject: gentoo resync : 01.12.2017

---
 net-dns/pdns/files/CVE-2017-15091-4.0.4.patch | 30 +++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 net-dns/pdns/files/CVE-2017-15091-4.0.4.patch

(limited to 'net-dns/pdns/files')

diff --git a/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch b/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch
new file mode 100644
index 000000000000..a9506af8ef95
--- /dev/null
+++ b/net-dns/pdns/files/CVE-2017-15091-4.0.4.patch
@@ -0,0 +1,30 @@
+diff -ru pdns-4.0.4.orig/pdns/ws-auth.cc pdns-4.0.4/pdns/ws-auth.cc
+--- pdns-4.0.4.orig/pdns/ws-auth.cc	2017-06-22 22:07:25.000000000 +0200
++++ pdns-4.0.4/pdns/ws-auth.cc	2017-11-02 18:07:20.986764858 +0100
+@@ -860,7 +860,7 @@
+ static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
+   DNSName zonename = apiZoneIdToName(req->parameters["id"]);
+ 
+-  if(req->method != "PUT")
++  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+     throw HttpMethodNotAllowedException();
+ 
+   UeberBackend B;
+@@ -879,7 +879,7 @@
+ static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
+   DNSName zonename = apiZoneIdToName(req->parameters["id"]);
+ 
+-  if(req->method != "PUT")
++  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+     throw HttpMethodNotAllowedException();
+ 
+   UeberBackend B;
+@@ -1191,7 +1191,7 @@
+ }
+ 
+ void apiServerCacheFlush(HttpRequest* req, HttpResponse* resp) {
+-  if(req->method != "PUT")
++  if(req->method != "PUT" || ::arg().mustDo("api-readonly"))
+     throw HttpMethodNotAllowedException();
+ 
+   DNSName canon = apiNameToDNSName(req->getvars["domain"]);
-- 
cgit v1.2.3