CVS commit: pkgsrc/net/dnsmasq

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/dnsmasq
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Fri, 23 Mar 2018 12:58:43 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Fri Mar 23 12:58:43 UTC 2018

Modified Files:
        pkgsrc/net/dnsmasq: Makefile distinfo

Log Message:
dnsmasq: updated to 2.79

version 2.79
Fix parsing of CNAME arguments, which are confused by extra spaces.
Thanks to Diego Aguirre for spotting the bug.

Where available, use IP_UNICAST_IF or IPV6_UNICAST_IF to bind
upstream servers to an interface, rather than SO_BINDTODEVICE.
Thanks to Beniamino Galvani for the patch.

Always return a SERVFAIL answer to DNS queries without the
recursion desired bit set, UNLESS acting as an authoritative
DNS server. This avoids a potential route to cache snooping.

Add support for Ed25519 signatures in DNSSEC validation.

No longer support RSA/MD5 signatures in DNSSEC validation,
since these are not secure. This behaviour is mandated in
RFC-6944.

Fix incorrect error exit code from dhcp_release6 utility.
Thanks Gaudenz Steinlin for the bug report.

Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC
time validation when --dnssec-no-timecheck is in use.
Note that this is an incompatible change from earlier releases.

Allow more than one --bridge-interface option to refer to an
interface, so that we can use
--bridge-interface=int1,alias1
--bridge-interface=int1,alias2
as an alternative to
--bridge-interface=int1,alias1,alias2
Thanks to Neil Jerram for work on this.

Fix for DNSSEC with wildcard-derived NSEC records.
It's OK for NSEC records to be expanded from wildcards,
but in that case, the proof of non-existence is only valid
starting at the wildcard name, *.<domain> NOT the name expanded
from the wildcard. Without this check it's possible for an
attacker to craft an NSEC which wrongly proves non-existence.
Thanks to Ralph Dolmans for finding this, and co-ordinating
the vulnerability tracking and fix release.
CVE-2017-15107 applies.

Remove special handling of A-for-A DNS queries. These
are no longer a significant problem in the global DNS.
http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf
Thanks to Mattias Hellström for the initial patch.

Fix failure to delete dynamically created dhcp options
from files in -dhcp-optsdir directories. Thanks to
Lindgren Fredrik for the bug report.

Add to --synth-domain the ability to create names using
sequential numbers, as well as encodings of IP addresses.
For instance,
--synth-domain=thekelleys.org.uk,192.168.0.50,192.168.0.70,internal-*
creates 21 domain names of the form
internal-4.thekelleys.org.uk over the address range given, with
internal-0.thekelleys.org.uk being 192.168.0.50 and
internal-20.thekelleys.org.uk being 192.168.0.70
Thanks to Andy Hawkins for the suggestion.

Tidy up Crypto code, removing workarounds for ancient
versions of libnettle. We now require libnettle 3.


To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 pkgsrc/net/dnsmasq/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/net/dnsmasq/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/dnsmasq/Makefile
diff -u pkgsrc/net/dnsmasq/Makefile:1.36 pkgsrc/net/dnsmasq/Makefile:1.37
--- pkgsrc/net/dnsmasq/Makefile:1.36    Tue Oct 24 01:04:19 2017
+++ pkgsrc/net/dnsmasq/Makefile Fri Mar 23 12:58:43 2018
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.36 2017/10/24 01:04:19 khorben Exp $
+# $NetBSD: Makefile,v 1.37 2018/03/23 12:58:43 adam Exp $
 
-DISTNAME=      dnsmasq-2.78
+DISTNAME=      dnsmasq-2.79
 CATEGORIES=    net
 MASTER_SITES=  http://www.thekelleys.org.uk/dnsmasq/
 EXTRACT_SUFX=  .tar.xz
@@ -32,7 +32,7 @@ PKG_GECOS.${DNSMASQ_USER}=DNS\ forwarder
 CFLAGS.SunOS+= -DNO_IPSET
 
 # Override the defaults
-AUTO_MKDIRS=yes
+AUTO_MKDIRS=           yes
 CFLAGS+=               -DCONFFILE='"${PKG_SYSCONFDIR}/dnsmasq.conf"'
 MAKE_FLAGS+=           COPTS=${CFLAGS:Q}
 MAKE_FLAGS+=           LDFLAGS=${LDFLAGS:Q}
@@ -45,8 +45,7 @@ BUILD_MAKE_FLAGS+=    AWK="${AWK}"
 INSTALL_MAKE_FLAGS+=   AWK="${AWK}"
 
 post-install:
-       ${INSTALL_DATA} ${WRKSRC}/dnsmasq.conf.example \
-               ${DESTDIR}${EGDIR}
+       ${INSTALL_DATA} ${WRKSRC}/dnsmasq.conf.example ${DESTDIR}${EGDIR}
 .if !empty(PKG_OPTIONS:Mdbus)
        ${INSTALL_DATA} ${WRKSRC}/dbus/dnsmasq.conf \
                ${DESTDIR}${EGDIR}/dnsmasq-dbus.conf

Index: pkgsrc/net/dnsmasq/distinfo
diff -u pkgsrc/net/dnsmasq/distinfo:1.34 pkgsrc/net/dnsmasq/distinfo:1.35
--- pkgsrc/net/dnsmasq/distinfo:1.34    Mon Oct  2 15:50:55 2017
+++ pkgsrc/net/dnsmasq/distinfo Fri Mar 23 12:58:43 2018
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.34 2017/10/02 15:50:55 wiz Exp $
+$NetBSD: distinfo,v 1.35 2018/03/23 12:58:43 adam Exp $
 
-SHA1 (dnsmasq-2.78.tar.xz) = 07d452c0a18637a9d4e2751e57971b493631bb23
-RMD160 (dnsmasq-2.78.tar.xz) = a724387aeb5ea46080b85caac6bddc9bb04a5814
-SHA512 (dnsmasq-2.78.tar.xz) = 9b79b84e5a768d52f90f6335ccef2c404ecd7a13e78e49f4cd0755fffc6cf34d0dc96ad4c72cad1dab3c5743a8d0d789b3e9b6e625b03c5675bb898ca61a698b
-Size (dnsmasq-2.78.tar.xz) = 489172 bytes
+SHA1 (dnsmasq-2.79.tar.xz) = d4a1af08b02b27736954ce8b2db2da7799d75812
+RMD160 (dnsmasq-2.79.tar.xz) = e4cb81b4a08b32c5253520ee146d5f40cd3ff7b3
+SHA512 (dnsmasq-2.79.tar.xz) = 2c06212696ab55e1584f6133872f5b196013509e4b1822d0457787b456e14341afdde887749e370a2e512124cb4138f012f4601b08690707be4acc7cf2f2876f
+Size (dnsmasq-2.79.tar.xz) = 493036 bytes
 SHA1 (patch-src_bpf.c) = 05dc64c016c608e6b963ce9ee80c28e872a88f9e

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/www/apache-tomcat7
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/www/apache-tomcat7
Indexes:

Home | Main Index | Thread Index | Old Index