Re: [UPDATE] net/gdnsd to 2.4.3 (Fixes CVE-2019-13952)

Fri, 08 Nov 2019 03:44:13 -0800 

On 2019/11/08 11:46, Frederic Cambus wrote:
> Hi ports@,
> 
> Here is a diff to update gdnsd to 2.4.3. This fixes CVE-2019-13952.
> 
> While there, switch MASTER_SITES to HTTPS.

OK.

I looked at updating to 3.x earlier but then I read "The TL;DR here is
that gdnsd doesn't manage its own OS security or privileges anymore. It
just runs and assumes the environment was already secured by the init
system or script, and assumes it can bind port 53" and put it in the
"too-hard basket".


> Comments? OK?
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/gdnsd/Makefile,v
> retrieving revision 1.22
> diff -u -p -r1.22 Makefile
> --- Makefile  12 Jul 2019 20:48:26 -0000      1.22
> +++ Makefile  7 Nov 2019 22:04:09 -0000
> @@ -2,13 +2,13 @@
>  
>  COMMENT=             geographically-aware, authoritative-only DNS server
>  
> -V=                   2.4.0
> +V=                   2.4.3
>  DISTNAME=            gdnsd-$V
>  EXTRACT_SUFX=                .tar.xz
>  
>  CATEGORIES=          net
>  
> -HOMEPAGE=            http://gdnsd.org/
> +HOMEPAGE=            https://gdnsd.org/
>  
>  MAINTAINER=          Joerg Jung <j...@openbsd.org>
>  
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/net/gdnsd/distinfo,v
> retrieving revision 1.4
> diff -u -p -r1.4 distinfo
> --- distinfo  12 Jul 2018 16:31:10 -0000      1.4
> +++ distinfo  7 Nov 2019 22:04:09 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (gdnsd-2.4.0.tar.xz) = PVbMuycFTcFVg52U3xNtdgrDYavoaKpqjD2/yeRku5k=
> -SIZE (gdnsd-2.4.0.tar.xz) = 641820
> +SHA256 (gdnsd-2.4.3.tar.xz) = I318pId2027zSaFd2kpYEGze8uvgRzqwXfmW31NueBc=
> +SIZE (gdnsd-2.4.3.tar.xz) = 641580
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/net/gdnsd/pkg/PLIST,v
> retrieving revision 1.3
> diff -u -p -r1.3 PLIST
> --- pkg/PLIST 23 Jun 2016 16:15:58 -0000      1.3
> +++ pkg/PLIST 7 Nov 2019 22:04:09 -0000
> @@ -2,6 +2,9 @@
>  @newgroup _gdnsd:743
>  @newuser _gdnsd:743:_gdnsd:daemon:gdns user:/var/empty:/sbin/nologin
>  @extraunexec rm -f ${SYSCONFDIR}/gdnsd/* ${SYSCONFDIR}/gdnsd/zones/*
> +@sample ${SYSCONFDIR}/gdnsd/
> +@sample ${SYSCONFDIR}/gdnsd/zones/
> +@rcscript ${RCDIR}/gdnsd
>  @bin bin/gdnsd_geoip_test
>  include/gdnsd/
>  include/gdnsd/alloc.h
> @@ -63,6 +66,3 @@ share/doc/gdnsd/NEWS
>  share/doc/gdnsd/README.md
>  share/doc/gdnsd/gdnsd_manual.txt
>  @sample ${VARBASE}/gdnsd/
> -@sample ${SYSCONFDIR}/gdnsd/
> -@sample ${SYSCONFDIR}/gdnsd/zones/
> -@rcscript ${RCDIR}/gdnsd
>

Reply via email to