X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com [209.85.215.65]) by lists.alpinelinux.org (Postfix) with ESMTP id 098765C4642 for ; Mon, 3 Apr 2017 08:52:42 +0000 (GMT) Received: by mail-lf0-f65.google.com with SMTP id r36so12243010lfi.0 for ; Mon, 03 Apr 2017 01:52:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=CgNaI6HQLgksxEvF0+r5AzONQmX/tdi0wXAc3ysMzWQ=; b=aOUMgn078g64muwPOUmVEugT9bjy7LFf+7j0vqZQicBaAVCKyMJRduiQVfoGmbzdDZ SWo2ubsoF2EAN+WuH+G7yUlRPf1qQFckehQssyvcz1Ec96UPWgQbMEPc/O7mhB5JAvtG SSexTMamilUI4gSzX2N7JqrRW+cXtD1DA2RAupywR7tZO9LRNk6+Av2PAQmOl9eRI1tw kDtrhTiglnbKexwk0495aXM6b3FSTWL0kijJbChcprYa60kRiaRaWKs5r/Gy7bRfQeQW ljCdQXSeuq/i7SQ7jagaeRUUVLnVxBQPZen8TdhhRBv267paCbdhN0bXa9xUPD3n8Dce ScRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=CgNaI6HQLgksxEvF0+r5AzONQmX/tdi0wXAc3ysMzWQ=; b=b/5bFKYPFR3HIMVB/KP3j/+OZzhG110u/wJsURlMo4H+8fcrwagdq1vz9cBmgtEA1f kfwTmGT4teR/bqla8Gz6m6BpZJ/niB/aC18KUGZJaURRNgsrg/MVSZZ+/tXjRV5xXIW3 Lg6S6+RNGO1uJbVQkavBxKKdYbgoVj6xdF6jmZuKrXj848qlJ0wLrW7zzXkLKO7D7EBD SDAXOcGiN7knZScleoW5nsPKc166dyrn6xG0QDLPO9o3bNGsnwisATYpCI2iZssvaJ4/ 99df4BOvOXZCCGjGZ5J+AOrph408QdBGpT5yXtMgsp6EVSh+L0UXT5ycFtEirTz/XJqr sEIA== X-Gm-Message-State: AFeK/H1wcYc94/wgTzq6YYaEvZEBBgjMZLVrpDnA7vAhFlu4BOrE3tPDZUMDts60kA3YBw== X-Received: by 10.46.76.9 with SMTP id z9mr4460091lja.135.1491209561136; Mon, 03 Apr 2017 01:52:41 -0700 (PDT) Received: from v3-5.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id 191sm2425786lfz.44.2017.04.03.01.52.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Apr 2017 01:52:40 -0700 (PDT) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.5] community/pdns-recursor: security upgrade to 4.0.4 - fixes #7045 Date: Mon, 3 Apr 2017 08:52:32 +0000 Message-Id: <20170403085232.19315-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.11.1 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-7068: Crafted queries can cause abnormal CPU usage CVE-2016-7073, CVE-2016-7074: Insufficient validation of TSIG signatures https://doc.powerdns.com/md/changelog/#powerdns-recursor-404 --- boost-fix.patch was deleted because 4.0.4 contains fix community/pdns-recursor/APKBUILD | 21 +++-- community/pdns-recursor/boost-fix.patch | 152 -------------------------------- 2 files changed, 12 insertions(+), 161 deletions(-) delete mode 100644 community/pdns-recursor/boost-fix.patch diff --git a/community/pdns-recursor/APKBUILD b/community/pdns-recursor/APKBUILD index 4cdccebd0c..9606cc3106 100644 --- a/community/pdns-recursor/APKBUILD +++ b/community/pdns-recursor/APKBUILD @@ -1,7 +1,8 @@ +# Contributor: Sergei Lukin # Contributor: Olivier Mauras pkgname=pdns-recursor -pkgver=4.0.3 -pkgrel=2 +pkgver=4.0.4 +pkgrel=0 pkgdesc="PowerDNS Recursive Server" url="http://www.powerdns.com/" arch="all" @@ -14,11 +15,16 @@ subpackages="$pkgname-doc" pkgusers="pdns" pkggroups="pdns" source="http://downloads.powerdns.com/releases/pdns-recursor-$pkgver.tar.bz2 - boost-fix.patch pdns-recursor.initd recursor.conf " +# secfixes: +# 4.0.4-r0: +# - CVE-2016-7068 +# - CVE-2016-7073 +# - CVE-2016-7074 + _builddir="$srcdir/$pkgname-$pkgver" prepare() { @@ -56,15 +62,12 @@ package() { "$pkgdir"/etc/pdns/recursor.conf || return 1 } -md5sums="ca39a08cd0634d98121f27eb4d93a8a6 pdns-recursor-4.0.3.tar.bz2 -1d4b59a980a78c51290a137c20ff53a8 boost-fix.patch +md5sums="7bc78f05154c4c822ab09117f96d819c pdns-recursor-4.0.4.tar.bz2 35f373bae0503632088956fa14754e4e pdns-recursor.initd 2950b9932de6baae360f220c7686f520 recursor.conf" -sha256sums="ae9813a64d13d9ebe4b44e89e8e4e44fc438693b6ce4c3a98e4cab1af22d9627 pdns-recursor-4.0.3.tar.bz2 -fde7aeb34ddbb461331e85db941189fdcbcecd9588349d4eb5314d14323f8c0e boost-fix.patch +sha256sums="2338778f49ccd03401e65f6f4b39047890e691c8ff6d810ecee45321fb4f1e4d pdns-recursor-4.0.4.tar.bz2 215d916383e3cba184f8418b98cd2ced146500006e21e2efeb0ee5b53f3df049 pdns-recursor.initd 12bdbf651db0c7fe63ddb01a239a5ddd40825f50811a5d3f4d13cda294bd0344 recursor.conf" -sha512sums="03c77cff58851f9802eba434fb674d9cbd19b849620996df84b8dccc97539607895e06c1beb662b1ce08146bbc2b51a72bde2d6d90ef88c929ab645d9b5a33c4 pdns-recursor-4.0.3.tar.bz2 -25718ff37454580c399e263c68a081c11259cb08352cf754cdf482c2cdb09372ea2e8ff90799402b44131c575cf118abdf212ca2536d5f2af525999cba3415d8 boost-fix.patch +sha512sums="9473dfe9abc509b2bb953139dd7892de2027ee1508902fa0c2cd30dd9a88878fcf44370b8372d573cbab12de32bb8c604005d3b39ea34db2ef86786e689d36ab pdns-recursor-4.0.4.tar.bz2 f23cb30d943e0b0aea09371dc57aa43e55b8f91062a3caa3fac17e3565a8e36dfd304f45eba588f625ca2337cd2ade450ea5ae1776872c006204cdaf912f6651 pdns-recursor.initd 954df537693a202fc195e751011bbfaa605b3f3df42ac386fa82eb809b73c2b987f5e418b5c96bb3b0669497426ce0daa39a719844701e06990b82843a4cf0d4 recursor.conf" diff --git a/community/pdns-recursor/boost-fix.patch b/community/pdns-recursor/boost-fix.patch deleted file mode 100644 index c6cd9a3263..0000000000 --- a/community/pdns-recursor/boost-fix.patch +++ /dev/null @@ -1,152 +0,0 @@ -diff --git a/mtasker_fcontext.cc b/mtasker_fcontext.cc -index bc37e76..8d96fa1 100644 ---- a/mtasker_fcontext.cc -+++ b/mtasker_fcontext.cc -@@ -23,14 +23,15 @@ - #include - #include - #include --#if BOOST_VERSION > 106100 --#include --#else --#include --#endif - #include -- -+#if BOOST_VERSION < 106100 -+#include - using boost::context::make_fcontext; -+#else -+#include -+using boost::context::detail::make_fcontext; -+#endif /* BOOST_VERSION < 106100 */ -+ - - #if BOOST_VERSION < 105600 - /* Note: This typedef means functions taking fcontext_t*, like jump_fcontext(), -@@ -61,8 +62,15 @@ jump_fcontext (fcontext_t* const ofc, fcontext_t const nfc, - } - } - #else -+ -+#if BOOST_VERSION < 106100 - using boost::context::fcontext_t; - using boost::context::jump_fcontext; -+#else -+using boost::context::detail::fcontext_t; -+using boost::context::detail::jump_fcontext; -+using boost::context::detail::transfer_t; -+#endif /* BOOST_VERSION < 106100 */ - - static_assert (std::is_pointer::value, - "Boost Context has changed the fcontext_t type again :-("); -@@ -72,7 +80,9 @@ static_assert (std::is_pointer::value, - * jump. args_t simply provides a way to pass more by reference. - */ - struct args_t { -+#if BOOST_VERSION < 106100 - fcontext_t prev_ctx = nullptr; -+#endif - pdns_ucontext_t* self = nullptr; - boost::function* work = nullptr; - }; -@@ -80,7 +90,11 @@ struct args_t { - extern "C" { - static - void -+#if BOOST_VERSION < 106100 - threadWrapper (intptr_t const xargs) { -+#else -+threadWrapper (transfer_t const t) { -+#endif - /* Access the args passed from pdns_makecontext, and copy them directly from - * the calling stack on to ours (we're now using the MThreads stack). - * This saves heap allocating an args object, at the cost of an extra -@@ -90,11 +104,28 @@ threadWrapper (intptr_t const xargs) { - * the behaviour of the System V implementation, which can inherently only - * be passed ints and pointers. - */ -+#if BOOST_VERSION < 106100 - auto args = reinterpret_cast(xargs); -+#else -+ auto args = reinterpret_cast(t.data); -+#endif - auto ctx = args->self; - auto work = args->work; -+ /* we switch back to pdns_makecontext() */ -+#if BOOST_VERSION < 106100 - jump_fcontext (reinterpret_cast(&ctx->uc_mcontext), - static_cast(args->prev_ctx), 0); -+#else -+ transfer_t res = jump_fcontext (t.fctx, 0); -+ /* we got switched back from pdns_swapcontext() */ -+ if (res.data) { -+ /* if res.data is not a nullptr, it holds a pointer to the context -+ we just switched from, and we need to fill it to be able to -+ switch back to it later. */ -+ fcontext_t* ptr = static_cast(res.data); -+ *ptr = res.fctx; -+ } -+#endif - args = nullptr; - - try { -@@ -106,9 +137,14 @@ threadWrapper (intptr_t const xargs) { - - /* Emulate the System V uc_link feature. */ - auto const next_ctx = ctx->uc_link->uc_mcontext; -+#if BOOST_VERSION < 106100 - jump_fcontext (reinterpret_cast(&ctx->uc_mcontext), - static_cast(next_ctx), - static_cast(ctx->exception)); -+#else -+ jump_fcontext (static_cast(next_ctx), 0); -+#endif -+ - #ifdef NDEBUG - __builtin_unreachable(); - #endif -@@ -129,10 +165,27 @@ pdns_ucontext_t::~pdns_ucontext_t - void - pdns_swapcontext - (pdns_ucontext_t& __restrict octx, pdns_ucontext_t const& __restrict ctx) { -+ /* we either switch back to threadwrapper() if it's the first time, -+ or we switch back to pdns_swapcontext(), -+ in both case we will be returning from a call to jump_fcontext(). */ -+#if BOOST_VERSION < 106100 - if (jump_fcontext (reinterpret_cast(&octx.uc_mcontext), - static_cast(ctx.uc_mcontext), 0)) { - std::rethrow_exception (ctx.exception); - } -+#else -+ transfer_t res = jump_fcontext (static_cast(ctx.uc_mcontext), &octx.uc_mcontext); -+ if (res.data) { -+ /* if res.data is not a nullptr, it holds a pointer to the context -+ we just switched from, and we need to fill it to be able to -+ switch back to it later. */ -+ fcontext_t* ptr = static_cast(res.data); -+ *ptr = res.fctx; -+ } -+ if (ctx.exception) { -+ std::rethrow_exception (ctx.exception); -+ } -+#endif - } - - void -@@ -146,7 +199,15 @@ pdns_makecontext - args_t args; - args.self = &ctx; - args.work = &start; -+ /* jumping to threadwrapper */ -+#if BOOST_VERSION < 106100 - jump_fcontext (reinterpret_cast(&args.prev_ctx), - static_cast(ctx.uc_mcontext), - reinterpret_cast(&args)); -+#else -+ transfer_t res = jump_fcontext (static_cast(ctx.uc_mcontext), -+ &args); -+ /* back from threadwrapper, updating the context */ -+ ctx.uc_mcontext = res.fctx; -+#endif - } -- 2.11.1 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---