Update to version 4.1.1
- Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation of DNSSEC signatures". An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer for a name that does exist. The 4.0.x branch is not vulnerable. - Add support for algo16 and simplify Lua/LuaJIT engine choice. PR: 225397 Submitted by: maintainer Security: CVE-2018-1000003
This commit is contained in:
Kirill Ponomarev
parent
53f7f97663
commit
8d79c72317
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=459742
2 changed files with 11 additions and 20 deletions
|
|
@ -2,8 +2,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= recursor
|
||||
DISTVERSION= 4.1.0
|
||||
PORTREVISION= 3
|
||||
DISTVERSION= 4.1.1
|
||||
CATEGORIES= dns ipv6
|
||||
MASTER_SITES= http://downloads.powerdns.com/releases/
|
||||
PKGNAMEPREFIX= powerdns-
|
||||
|
|
@ -35,30 +34,22 @@ CPE_VENDOR= powerdns
|
|||
|
||||
USE_RC_SUBR= pdns-recursor
|
||||
|
||||
OPTIONS_DEFINE= OPTALGO SETUID
|
||||
OPTIONS_DEFAULT= LUA SETUID
|
||||
OPTIONS_RADIO= LUA_RG
|
||||
OPTIONS_RADIO_LUA_RG= LUA LUAJIT
|
||||
LUAJIT_DESC= Enable LuaJIT
|
||||
LUA_RG_DESC= Lua Engine
|
||||
OPTALGO_DESC= Enable optional algorithms (12, 15 & 16)
|
||||
SETUID_DESC= Run as pdns_recursor user
|
||||
|
||||
LUA_CONFIGURE_WITH= lua
|
||||
LUA_USES= lua
|
||||
|
||||
OPTIONS_DEFINE= LUAJIT OPTALGO SETUID
|
||||
OPTIONS_DEFAULT= SETUID
|
||||
LUAJIT_CONFIGURE_WITH= luajit
|
||||
LUAJIT_DESC= Use LuaJIT instead of Lua
|
||||
LUAJIT_LIB_DEPENDS= libluajit-5.1.so.2:lang/luajit
|
||||
|
||||
LUAJIT_USES_OFF= lua
|
||||
OPTALGO_CONFIGURE_ON= --enable-botan \
|
||||
--enable-libdecaf \
|
||||
--enable-libsodium
|
||||
OPTALGO_DESC= Enable optional algorithms (12, 15 & 16)
|
||||
OPTALGO_LIB_DEPENDS= libbotan-2.so:security/botan2 \
|
||||
libdecaf.so:security/libdecaf \
|
||||
libsodium.so:security/libsodium
|
||||
|
||||
SETUID_VARS= USERS=pdns_recursor GROUPS=pdns
|
||||
SETUID_DESC= Run as pdns_recursor user
|
||||
SETUID_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-setuid
|
||||
SETUID_VARS= USERS=pdns_recursor GROUPS=pdns
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
TIMESTAMP = 1512394122
|
||||
SHA256 (pdns-recursor-4.1.0.tar.bz2) = 880b9d4cc57e2b11cae5bff9b20571fb3466f4385c010d06764296fef44f60a3
|
||||
SIZE (pdns-recursor-4.1.0.tar.bz2) = 1222751
|
||||
TIMESTAMP = 1516634099
|
||||
SHA256 (pdns-recursor-4.1.1.tar.bz2) = 8feb03c7141997775cb52c131579e8e34c9896ea8bb77276328f5f6cc4e1396b
|
||||
SIZE (pdns-recursor-4.1.1.tar.bz2) = 1224544
|
||||
|
|
|
|||
Loading…
Reference in a new issue