CVE-2016-7068: Crafted queries can cause abnormal CPU usage
CVE-2016-7073, CVE-2016-7074: Insufficient validation of TSIG signatures
https://doc.powerdns.com/md/changelog/#powerdns-recursor-404
---
boost-fix.patch was deleted because 4.0.4 contains fix
community/pdns-recursor/APKBUILD | 21 +++--
community/pdns-recursor/boost-fix.patch | 152 --------------------------------
2 files changed, 12 insertions(+), 161 deletions(-)
delete mode 100644 community/pdns-recursor/boost-fix.patch
diff --git a/community/pdns-recursor/APKBUILD b/community/pdns-recursor/APKBUILD
index 4cdccebd0c..9606cc3106 100644
--- a/community/pdns-recursor/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Olivier Mauras <olivier@mauras.ch>
pkgname=pdns-recursor
-pkgver=4.0.3
-pkgrel=2
+pkgver=4.0.4
+pkgrel=0
pkgdesc="PowerDNS Recursive Server"
url="http://www.powerdns.com/"
arch="all"
@@ -14,11 +15,16 @@ subpackages="$pkgname-doc"
pkgusers="pdns"
pkggroups="pdns"
source="http://downloads.powerdns.com/releases/pdns-recursor-$pkgver.tar.bz2
- boost-fix.patch
pdns-recursor.initd
recursor.conf
"
+# secfixes:
+# 4.0.4-r0:
+# - CVE-2016-7068
+# - CVE-2016-7073
+# - CVE-2016-7074
+
_builddir="$srcdir/$pkgname-$pkgver"
prepare() {
@@ -56,15 +62,12 @@ package() {
"$pkgdir"/etc/pdns/recursor.conf || return 1
}
-md5sums="ca39a08cd0634d98121f27eb4d93a8a6 pdns-recursor-4.0.3.tar.bz2
-1d4b59a980a78c51290a137c20ff53a8 boost-fix.patch
+md5sums="7bc78f05154c4c822ab09117f96d819c pdns-recursor-4.0.4.tar.bz2
35f373bae0503632088956fa14754e4e pdns-recursor.initd
2950b9932de6baae360f220c7686f520 recursor.conf"
-sha256sums="ae9813a64d13d9ebe4b44e89e8e4e44fc438693b6ce4c3a98e4cab1af22d9627 pdns-recursor-4.0.3.tar.bz2
-fde7aeb34ddbb461331e85db941189fdcbcecd9588349d4eb5314d14323f8c0e boost-fix.patch
+sha256sums="2338778f49ccd03401e65f6f4b39047890e691c8ff6d810ecee45321fb4f1e4d pdns-recursor-4.0.4.tar.bz2
215d916383e3cba184f8418b98cd2ced146500006e21e2efeb0ee5b53f3df049 pdns-recursor.initd
12bdbf651db0c7fe63ddb01a239a5ddd40825f50811a5d3f4d13cda294bd0344 recursor.conf"
-sha512sums="03c77cff58851f9802eba434fb674d9cbd19b849620996df84b8dccc97539607895e06c1beb662b1ce08146bbc2b51a72bde2d6d90ef88c929ab645d9b5a33c4 pdns-recursor-4.0.3.tar.bz2
-25718ff37454580c399e263c68a081c11259cb08352cf754cdf482c2cdb09372ea2e8ff90799402b44131c575cf118abdf212ca2536d5f2af525999cba3415d8 boost-fix.patch
+sha512sums="9473dfe9abc509b2bb953139dd7892de2027ee1508902fa0c2cd30dd9a88878fcf44370b8372d573cbab12de32bb8c604005d3b39ea34db2ef86786e689d36ab pdns-recursor-4.0.4.tar.bz2
f23cb30d943e0b0aea09371dc57aa43e55b8f91062a3caa3fac17e3565a8e36dfd304f45eba588f625ca2337cd2ade450ea5ae1776872c006204cdaf912f6651 pdns-recursor.initd
954df537693a202fc195e751011bbfaa605b3f3df42ac386fa82eb809b73c2b987f5e418b5c96bb3b0669497426ce0daa39a719844701e06990b82843a4cf0d4 recursor.conf"
diff --git a/community/pdns-recursor/boost-fix.patch b/community/pdns-recursor/boost-fix.patch
deleted file mode 100644
index c6cd9a3263..0000000000
--- a/community/pdns-recursor/boost-fix.patch
@@ -1,152 +0,0 @@
-diff --git a/mtasker_fcontext.cc b/mtasker_fcontext.cc
-index bc37e76..8d96fa1 100644
---- a/mtasker_fcontext.cc
-+++ b/mtasker_fcontext.cc
-@@ -23,14 +23,15 @@
- #include <exception>
- #include <cassert>
- #include <type_traits>
--#if BOOST_VERSION > 106100
--#include <boost/context/detail/fcontext.hpp>
--#else
--#include <boost/context/fcontext.hpp>
--#endif
- #include <boost/version.hpp>
--
-+#if BOOST_VERSION < 106100
-+#include <boost/context/fcontext.hpp>
- using boost::context::make_fcontext;
-+#else
-+#include <boost/context/detail/fcontext.hpp>
-+using boost::context::detail::make_fcontext;
-+#endif /* BOOST_VERSION < 106100 */
-+
-
- #if BOOST_VERSION < 105600
- /* Note: This typedef means functions taking fcontext_t*, like jump_fcontext(),
-@@ -61,8 +62,15 @@ jump_fcontext (fcontext_t* const ofc, fcontext_t const nfc,
- }
- }
- #else
-+
-+#if BOOST_VERSION < 106100
- using boost::context::fcontext_t;
- using boost::context::jump_fcontext;
-+#else
-+using boost::context::detail::fcontext_t;
-+using boost::context::detail::jump_fcontext;
-+using boost::context::detail::transfer_t;
-+#endif /* BOOST_VERSION < 106100 */
-
- static_assert (std::is_pointer<fcontext_t>::value,
- "Boost Context has changed the fcontext_t type again :-(");
-@@ -72,7 +80,9 @@ static_assert (std::is_pointer<fcontext_t>::value,
- * jump. args_t simply provides a way to pass more by reference.
- */
- struct args_t {
-+#if BOOST_VERSION < 106100
- fcontext_t prev_ctx = nullptr;
-+#endif
- pdns_ucontext_t* self = nullptr;
- boost::function<void(void)>* work = nullptr;
- };
-@@ -80,7 +90,11 @@ struct args_t {
- extern "C" {
- static
- void
-+#if BOOST_VERSION < 106100
- threadWrapper (intptr_t const xargs) {
-+#else
-+threadWrapper (transfer_t const t) {
-+#endif
- /* Access the args passed from pdns_makecontext, and copy them directly from
- * the calling stack on to ours (we're now using the MThreads stack).
- * This saves heap allocating an args object, at the cost of an extra
-@@ -90,11 +104,28 @@ threadWrapper (intptr_t const xargs) {
- * the behaviour of the System V implementation, which can inherently only
- * be passed ints and pointers.
- */
-+#if BOOST_VERSION < 106100
- auto args = reinterpret_cast<args_t*>(xargs);
-+#else
-+ auto args = reinterpret_cast<args_t*>(t.data);
-+#endif
- auto ctx = args->self;
- auto work = args->work;
-+ /* we switch back to pdns_makecontext() */
-+#if BOOST_VERSION < 106100
- jump_fcontext (reinterpret_cast<fcontext_t*>(&ctx->uc_mcontext),
- static_cast<fcontext_t>(args->prev_ctx), 0);
-+#else
-+ transfer_t res = jump_fcontext (t.fctx, 0);
-+ /* we got switched back from pdns_swapcontext() */
-+ if (res.data) {
-+ /* if res.data is not a nullptr, it holds a pointer to the context
-+ we just switched from, and we need to fill it to be able to
-+ switch back to it later. */
-+ fcontext_t* ptr = static_cast<fcontext_t*>(res.data);
-+ *ptr = res.fctx;
-+ }
-+#endif
- args = nullptr;
-
- try {
-@@ -106,9 +137,14 @@ threadWrapper (intptr_t const xargs) {
-
- /* Emulate the System V uc_link feature. */
- auto const next_ctx = ctx->uc_link->uc_mcontext;
-+#if BOOST_VERSION < 106100
- jump_fcontext (reinterpret_cast<fcontext_t*>(&ctx->uc_mcontext),
- static_cast<fcontext_t>(next_ctx),
- static_cast<bool>(ctx->exception));
-+#else
-+ jump_fcontext (static_cast<fcontext_t>(next_ctx), 0);
-+#endif
-+
- #ifdef NDEBUG
- __builtin_unreachable();
- #endif
-@@ -129,10 +165,27 @@ pdns_ucontext_t::~pdns_ucontext_t
- void
- pdns_swapcontext
- (pdns_ucontext_t& __restrict octx, pdns_ucontext_t const& __restrict ctx) {
-+ /* we either switch back to threadwrapper() if it's the first time,
-+ or we switch back to pdns_swapcontext(),
-+ in both case we will be returning from a call to jump_fcontext(). */
-+#if BOOST_VERSION < 106100
- if (jump_fcontext (reinterpret_cast<fcontext_t*>(&octx.uc_mcontext),
- static_cast<fcontext_t>(ctx.uc_mcontext), 0)) {
- std::rethrow_exception (ctx.exception);
- }
-+#else
-+ transfer_t res = jump_fcontext (static_cast<fcontext_t>(ctx.uc_mcontext), &octx.uc_mcontext);
-+ if (res.data) {
-+ /* if res.data is not a nullptr, it holds a pointer to the context
-+ we just switched from, and we need to fill it to be able to
-+ switch back to it later. */
-+ fcontext_t* ptr = static_cast<fcontext_t*>(res.data);
-+ *ptr = res.fctx;
-+ }
-+ if (ctx.exception) {
-+ std::rethrow_exception (ctx.exception);
-+ }
-+#endif
- }
-
- void
-@@ -146,7 +199,15 @@ pdns_makecontext
- args_t args;
- args.self = &ctx;
- args.work = &start;
-+ /* jumping to threadwrapper */
-+#if BOOST_VERSION < 106100
- jump_fcontext (reinterpret_cast<fcontext_t*>(&args.prev_ctx),
- static_cast<fcontext_t>(ctx.uc_mcontext),
- reinterpret_cast<intptr_t>(&args));
-+#else
-+ transfer_t res = jump_fcontext (static_cast<fcontext_t>(ctx.uc_mcontext),
-+ &args);
-+ /* back from threadwrapper, updating the context */
-+ ctx.uc_mcontext = res.fctx;
-+#endif
- }
--
2.11.1
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---