pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
dnsdist: Upgrade to version 1.9.9, fixing CVE-2025-30194
Module Name: pkgsrc-wip
Committed By: Marcin Gondek <drixter%e-utp.net@localhost>
Pushed By: drixter
Date: Tue Apr 29 22:54:10 2025 +0200
Changeset: 85e9dda44df6419e995c342dfcf434bf05e6ed98
Modified Files:
Makefile
Added Files:
dnsdist/COMMIT_MSG
dnsdist/DESCR
dnsdist/Makefile
dnsdist/PLIST
dnsdist/distinfo
dnsdist/files/dnsdist.sh
dnsdist/files/smf/manifest.xml
dnsdist/patches/patch-configure
Log Message:
dnsdist: Upgrade to version 1.9.9, fixing CVE-2025-30194
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=85e9dda44df6419e995c342dfcf434bf05e6ed98
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
Makefile | 1 +
dnsdist/COMMIT_MSG | 14 +++++++++
dnsdist/DESCR | 4 +++
dnsdist/Makefile | 64 +++++++++++++++++++++++++++++++++++++++
dnsdist/PLIST | 4 +++
dnsdist/distinfo | 6 ++++
dnsdist/files/dnsdist.sh | 24 +++++++++++++++
dnsdist/files/smf/manifest.xml | 28 +++++++++++++++++
dnsdist/patches/patch-configure | 66 +++++++++++++++++++++++++++++++++++++++++
9 files changed, 211 insertions(+)
diffs:
diff --git a/Makefile b/Makefile
index 08f623ff99..2b160b8e2c 100644
--- a/Makefile
+++ b/Makefile
@@ -743,6 +743,7 @@ SUBDIR+= dmd-bin
SUBDIR+= dmenu-git
SUBDIR+= dmt-ux
SUBDIR+= dnrd
+SUBDIR+= dnsdist
SUBDIR+= dns2tcp
SUBDIR+= dnswalk
SUBDIR+= docbook-xsl-ko
diff --git a/dnsdist/COMMIT_MSG b/dnsdist/COMMIT_MSG
new file mode 100644
index 0000000000..7a372ce067
--- /dev/null
+++ b/dnsdist/COMMIT_MSG
@@ -0,0 +1,14 @@
+1.9.9 Released: 29th of April 2025
+Improvements
+Handle Quiche >= 0.23.0 since the API changed
+References: pull request 15118
+Fix compatibility with boost::lockfree >= 1.87.0�
+References: pull request 15137
+Update Rust to 1.84.1 for our packages
+References: pull request 15164
+
+Bug Fixes
+Fix a crash when processing timeouts for incoming DoH queries
+References: #15475, pull request 15482
+Gracefully handle timeout/response for a closed HTTP stream
+References: pull request 15485
diff --git a/dnsdist/DESCR b/dnsdist/DESCR
new file mode 100644
index 0000000000..8b6e998da8
--- /dev/null
+++ b/dnsdist/DESCR
@@ -0,0 +1,4 @@
+dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its
+goal in life is to route traffic to the best server, delivering top
+performance to legitimate users while shunting or blocking abusive
+traffic.
diff --git a/dnsdist/Makefile b/dnsdist/Makefile
new file mode 100644
index 0000000000..d48697a0cd
--- /dev/null
+++ b/dnsdist/Makefile
@@ -0,0 +1,64 @@
+# $NetBSD: Makefile,v 1.31 2025/04/17 21:51:52 wiz Exp $
+
+DISTNAME= dnsdist-1.9.9
+#PKGREVISION= 1
+CATEGORIES= net
+MASTER_SITES= https://downloads.powerdns.com/releases/
+EXTRACT_SUFX= .tar.bz2
+
+MAINTAINER= drixter%e-utp.net@localhost
+HOMEPAGE= https://dnsdist.org/
+COMMENT= Highly DNS-, DoS- and abuse-aware loadbalancer
+LICENSE= gnu-gpl-v2
+
+USE_LANGUAGES= c c++
+USE_CXX_FEATURES= c++11
+USE_TOOLS+= gmake pkg-config
+GNU_CONFIGURE= yes
+
+.include "../../mk/bsd.prefs.mk"
+
+BUILD_DEFS+= DNSDIST_USER DNSDIST_GROUP
+DNSDIST_USER?= dnsdist
+DNSDIST_GROUP?= dnsdist
+PKG_GROUPS+= ${DNSDIST_GROUP}
+PKG_USERS+= ${DNSDIST_USER}:${DNSDIST_GROUP}
+PKG_GECOS.${DNSDIST_USER}= dnsdist daemon user
+
+FILES_SUBST+= DNSDIST_USER=${DNSDIST_USER}
+FILES_SUBST+= DNSDIST_GROUP=${DNSDIST_GROUP}
+
+CONFIGURE_ARGS+= --enable-dns-over-tls
+CONFIGURE_ARGS+= --enable-dnscrypt
+CONFIGURE_ARGS+= --enable-dnstap
+CONFIGURE_ARGS+= --with-libsodium
+CONFIGURE_ARGS+= --with-libssl
+CONFIGURE_ARGS+= --with-lua
+CONFIGURE_ARGS+= --with-nghttp2
+CONFIGURE_ARGS+= --with-re2
+CONFIGURE_ARGS+= --without-net-snmp
+CONFIGURE_ARGS+= --enable-dns-over-https
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
+
+CONFIGURE_ENV+= LIBEDIT_CFLAGS="-I${BUILDLINK_PREFIX.editlinereadline}/include"
+CONFIGURE_ENV+= LIBEDIT_LIBS="-L${BUILDLINK_PREFIX.editlinereadline}/lib ${BUILDLINK_LDADD.editlinereadline}"
+
+EGDIR= ${PREFIX}/share/examples/dnsdist
+CONF_FILES= ${EGDIR}/dnsdist.conf-dist ${PKG_SYSCONFDIR}/dnsdist.conf
+INSTALLATION_DIRS+= ${EGDIR}
+INSTALL_MAKE_FLAGS= ${MAKE_FLAGS} sysconfdir=${EGDIR}
+
+RCD_SCRIPTS+= dnsdist
+
+.include "../../databases/lmdb/buildlink3.mk"
+.include "../../security/gnutls/buildlink3.mk"
+.include "../../devel/boost-headers/buildlink3.mk"
+.include "../../devel/re2/buildlink3.mk"
+.include "../../lang/lua/buildlink3.mk"
+.include "../../net/fstrm/buildlink3.mk"
+.include "../../security/libsodium/buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
+.include "../../www/nghttp2/buildlink3.mk"
+.include "../../mk/atomic64.mk"
+.include "../../mk/readline.buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/dnsdist/PLIST b/dnsdist/PLIST
new file mode 100644
index 0000000000..bf5eaf579e
--- /dev/null
+++ b/dnsdist/PLIST
@@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.2 2025/04/10 20:50:08 wiz Exp $
+bin/dnsdist
+man/man1/dnsdist.1
+share/examples/dnsdist/dnsdist.conf-dist
diff --git a/dnsdist/distinfo b/dnsdist/distinfo
new file mode 100644
index 0000000000..b6667db82e
--- /dev/null
+++ b/dnsdist/distinfo
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.16 2025/04/10 20:50:08 wiz Exp $
+
+BLAKE2s (dnsdist-1.9.9.tar.bz2) = d3fe760e21c056d782a2395a86abc009a19795fa661ea84e447ba43cbe05f156
+SHA512 (dnsdist-1.9.9.tar.bz2) = addd72f5324d75811601d9efe7af8846a448694172a14066b3ae53c7e53195f6955a038f97411703f66ce6bafd02846bf3c679839c473de6f7fc9ebecb8e6ca9
+Size (dnsdist-1.9.9.tar.bz2) = 1609983 bytes
+SHA1 (patch-configure) = 68f5c1ebc1d5d5653220a4c99a61d314d9af8029
diff --git a/dnsdist/files/dnsdist.sh b/dnsdist/files/dnsdist.sh
new file mode 100644
index 0000000000..c4b5d56543
--- /dev/null
+++ b/dnsdist/files/dnsdist.sh
@@ -0,0 +1,24 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: dnsdist.sh,v 1.2 2022/10/24 11:08:15 jperkin Exp $
+#
+# PROVIDE: dnsdist
+# REQUIRE: DAEMON network
+# KEYWORD: shutdown
+
+if [ -f /etc/rc.subr ]; then
+ . /etc/rc.subr
+fi
+
+name="dnsdist"
+rcvar=$name
+command="@PREFIX@/bin/dnsdist"
+dnsdist_flags="${dnsdist_flags:- -u @DNSDIST_USER@ -g @DNSDIST_GROUP@ -C @PKG_SYSCONFDIR@/dnsdist.conf}"
+
+if [ -f /etc/rc.subr ]; then
+ load_rc_config $name
+ run_rc_command "$1"
+else
+ echo -n "${name}"
+ ${command} ${dnsdist_flags}
+fi
diff --git a/dnsdist/files/smf/manifest.xml b/dnsdist/files/smf/manifest.xml
new file mode 100644
index 0000000000..739af89727
--- /dev/null
+++ b/dnsdist/files/smf/manifest.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="export">
+ <service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1">
+ <create_default_instance enabled="false" />
+ <single_instance />
+ <dependency name="network" grouping="require_all" restart_on="error" type="service">
+ <service_fmri value="svc:/milestone/network:default" />
+ </dependency>
+ <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
+ <service_fmri value="svc:/system/filesystem/local" />
+ </dependency>
+ <exec_method type="method" name="start" exec="@PREFIX@/bin/dnsdist --supervised -u @DNSDIST_USER@ -g @DNSDIST_GROUP@ -C %{config_file} &" timeout_seconds="60" />
+ <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
+ <property_group name="startd" type="framework">
+ <propval name="duration" type="astring" value="contract" />
+ <propval name="ignore_error" type="astring" value="core,signal" />
+ </property_group>
+ <property_group name="application" type="application">
+ <propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/dnsdist.conf" />
+ </property_group>
+ <template>
+ <common_name>
+ <loctext xml:lang="C">dnsdist daemon</loctext>
+ </common_name>
+ </template>
+ </service>
+</service_bundle>
diff --git a/dnsdist/patches/patch-configure b/dnsdist/patches/patch-configure
new file mode 100644
index 0000000000..7c1acd9a38
--- /dev/null
+++ b/dnsdist/patches/patch-configure
@@ -0,0 +1,66 @@
+$NetBSD: patch-configure,v 1.2 2025/04/10 20:50:09 wiz Exp $
+
+Fix unportable test(1) operator.
+
+--- configure.orig 2024-12-17 09:14:59.000000000 +0000
++++ configure
+@@ -25928,12 +25928,12 @@ fi
+ then :
+
+
+- if test "x$enable_fortify_source" == "xauto"
++ if test "x$enable_fortify_source" = "xauto"
+ then :
+ enable_fortify_source=3
+ fi
+
+- if test "x$enable_fortify_source" == "x3"
++ if test "x$enable_fortify_source" = "x3"
+ then :
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -D_FORTIFY_SOURCE=3" >&5
+@@ -25982,7 +25982,7 @@ fi
+
+ fi
+
+- if test "x$enable_fortify_source" == "x2"
++ if test "x$enable_fortify_source" = "x2"
+ then :
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -D_FORTIFY_SOURCE=2" >&5
+@@ -26031,7 +26031,7 @@ fi
+
+ fi
+
+- if test "x$enable_fortify_source" == "x1"
++ if test "x$enable_fortify_source" = "x1"
+ then :
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -D_FORTIFY_SOURCE=1" >&5
+@@ -26742,7 +26742,7 @@ fi
+ then :
+
+
+- if test "x$enable_lto" == "xthin"
++ if test "x$enable_lto" = "xthin"
+ then :
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -flto=thin" >&5
+@@ -26792,7 +26792,7 @@ fi
+
+ fi
+
+- if test "x$enable_lto" == "xauto"
++ if test "x$enable_lto" = "xauto"
+ then :
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -flto=auto" >&5
+@@ -26842,7 +26842,7 @@ fi
+
+ fi
+
+- if test "x$enable_lto" == "xyes"
++ if test "x$enable_lto" = "xyes"
+ then :
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -flto" >&5
Home |
Main Index |
Thread Index |
Old Index