* [gentoo-commits] repo/gentoo:master commit in: net-dns/djbdns/, net-dns/djbdns/files/
@ 2016-08-05 13:44 Michael Orlitzky
0 siblings, 0 replies; 4+ messages in thread
From: Michael Orlitzky @ 2016-08-05 13:44 UTC (permalink / raw
To: gentoo-commits
commit: e36913e087879c62aaa678f2ba35927a17af9b1c
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 5 13:41:35 2016 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Fri Aug 5 13:41:55 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e36913e0
net-dns/djbdns: new revision with increased dnscache recursion depth.
There is a hard limit on the number of recursive queries that dnscache
will perform. This new revision adds a patch, increasing a loop
iteration limit from 100 to 200, and thus increasing the recursion
depth. The patch was based on a similar fix for OpenWrt, suggested by
John Stile.
With the new revision, the ebuild was updated to EAPI=6. The eutils
eclass was dropped as "epatch" was replaced with "eapply"; some
patches needed new revisions to work with -p1, as eapply does. Two
other patches needed revisions to avoid fuzz from the new fix.
Gentoo-Bug: 590548
Reported-By: John Stile
Package-Manager: portage-2.2.28
net-dns/djbdns/djbdns-1.05-r31.ebuild | 152 +++++++++
net-dns/djbdns/files/1.05-errno-r1.patch | 11 +
...e-similar-outgoing-queries-ipv6-test25-r1.patch | 351 +++++++++++++++++++++
...nscache-merge-similar-outgoing-queries-r1.patch | 349 ++++++++++++++++++++
net-dns/djbdns/files/headtail-r1.patch | 67 ++++
.../files/increase-cname-recustion-depth.patch | 43 +++
6 files changed, 973 insertions(+)
diff --git a/net-dns/djbdns/djbdns-1.05-r31.ebuild b/net-dns/djbdns/djbdns-1.05-r31.ebuild
new file mode 100644
index 0000000..28341aa
--- /dev/null
+++ b/net-dns/djbdns/djbdns-1.05-r31.ebuild
@@ -0,0 +1,152 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+inherit flag-o-matic readme.gentoo-r1 toolchain-funcs user
+
+DESCRIPTION="Collection of DNS client/server software"
+HOMEPAGE="http://cr.yp.to/djbdns.html"
+IPV6_PATCH="test27"
+
+SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz
+ http://smarden.org/pape/djb/manpages/${P}-man.tar.gz
+ ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.bz2 )"
+
+SLOT="0"
+LICENSE="public-domain"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ipv6 selinux"
+
+DEPEND=""
+RDEPEND="sys-apps/ucspi-tcp
+ virtual/daemontools
+ selinux? ( sec-policy/selinux-djbdns )"
+
+src_unpack(){
+ # Unpack both djbdns and its man pages to separate directories.
+ default
+
+ # Now move the man pages under ${S} so that user patches can be
+ # applied to them as well in src_prepare().
+ mv "${PN}-man" "${P}/man" || die "failed to transplant man pages"
+}
+
+src_prepare() {
+ eapply \
+ "${FILESDIR}/headtail-r1.patch" \
+ "${FILESDIR}/dnsroots.patch" \
+ "${FILESDIR}/dnstracesort.patch" \
+ "${FILESDIR}/string_length_255.patch" \
+ "${FILESDIR}/srv_record_support.patch" \
+ "${FILESDIR}/increase-cname-recustion-depth.patch"
+
+ # Fix CVE2009-0858
+ eapply "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
+
+ if use ipv6; then
+ elog 'At present dnstrace does NOT support IPv6. It will'\
+ 'be compiled without IPv6 support.'
+
+ # Create a separate copy of the source tree for dnstrace.
+ cp -pR "${S}" "${S}-noipv6" || die
+
+ # The big ipv6 patch.
+ eapply "${WORKDIR}/${P}-${IPV6_PATCH}.diff"
+
+ # Fix CVE2008-4392 (ipv6)
+ eapply \
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch" \
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch" \
+ "${FILESDIR}/makefile-parallel-test25.patch"
+
+ cd "${S}-noipv6" || die
+ fi
+
+ # Fix CVE2008-4392 (no ipv6)
+ eapply \
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch" \
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+
+ # Later versions of the ipv6 patch include this, but even if
+ # USE=ipv6, we're in the ${S}-noipv6 directory at this point.
+ eapply "${FILESDIR}/${PV}-errno-r1.patch"
+
+ eapply_user
+}
+
+src_compile() {
+ echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die
+ echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die
+ echo "/usr" > conf-home || die
+ emake
+
+ # If djbdns is compiled with IPv6 support, it breaks dnstrace.
+ # Therefore we must compile dnstrace separately without IPv6
+ # support.
+ if use ipv6; then
+ elog 'Compiling dnstrace without ipv6 support'
+ cp conf-cc conf-ld conf-home "${S}-noipv6/" || die
+ cd "${S}-noipv6" || die
+ emake dnstrace
+ fi
+}
+
+src_install() {
+ insinto /etc
+ doins dnsroots.global
+
+ into /usr
+ dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+ *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+ dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
+
+ if use ipv6; then
+ dobin dnsip6 dnsip6q "${S}-noipv6/dnstrace"
+ fi
+
+ dodoc CHANGES README
+
+ doman man/*.[158]
+
+ readme.gentoo_create_doc
+}
+
+pkg_preinst() {
+ # The nofiles group is no longer provided by baselayout.
+ # Share it with qmail if possible.
+ enewgroup nofiles 200
+
+ enewuser dnscache -1 -1 -1 nofiles
+ enewuser dnslog -1 -1 -1 nofiles
+ enewuser tinydns -1 -1 -1 nofiles
+}
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS='
+To configure djbdns, please follow the instructions at,
+
+ http://cr.yp.to/djbdns.html
+
+Of particular interest are,
+
+ axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html
+ dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html
+ tinydns : http://cr.yp.to/djbdns/run-server.html
+
+Portage has created users for axfrdns, dnscache, and tinydns; the
+commands to configure these programs are,
+
+ 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip
+ 2. dnscache-conf dnscache dnslog /var/dnscache $ip
+ 3. tinydns-conf tinydns dnslog /var/tinydns $ip
+
+(replace $ip with the ip address on which the server will run).
+
+If you wish to configure rbldns or walldns, you will need to create
+those users yourself (although you should still use the "dnslog"
+user for the logs):
+
+ 4. rbldns-conf $username dnslog /var/rbldns $ip $base
+ 5. walldns-conf $username dnslog /var/walldns $ip
+'
diff --git a/net-dns/djbdns/files/1.05-errno-r1.patch b/net-dns/djbdns/files/1.05-errno-r1.patch
new file mode 100644
index 0000000..58f2f4b
--- /dev/null
+++ b/net-dns/djbdns/files/1.05-errno-r1.patch
@@ -0,0 +1,11 @@
+--- a/error.h 2001-02-11 15:11:45.000000000 -0600
++++ b/error.h 2003-02-26 02:10:21.000000000 -0600
+@@ -1,7 +1,7 @@
+ #ifndef ERROR_H
+ #define ERROR_H
+
+-extern int errno;
++#include <errno.h>
+
+ extern int error_intr;
+ extern int error_nomem;
diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch
new file mode 100644
index 0000000..1d132d6
--- /dev/null
+++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test25-r1.patch
@@ -0,0 +1,351 @@
+diff --git a/Makefile b/Makefile
+index 5ccd647..eee09dd 100644
+--- a/Makefile
++++ b/Makefile
+@@ -346,11 +346,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h
+ ./compile dns_txt.c
+
+ dnscache: \
+-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
+ response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
+ libtai.a unix.a byte.a socket.lib
+ ./load dnscache droproot.o okclient.o log.o cache.o \
+- query.o response.o dd.o roots.o iopause.o prot.o dns.a \
++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
+ env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \
+ socket.lib`
+
+@@ -371,7 +371,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \
+ uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
+ iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
+ iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
+-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
+ ./compile dnscache.c
+
+ dnsfilter: \
+@@ -749,11 +749,16 @@ qlog.o: \
+ compile qlog.c buffer.h qlog.h uint16.h
+ ./compile qlog.c
+
++qmerge.o: \
++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
++taia.h tai.h uint64.h log.h maxclient.h
++ ./compile qmerge.c
++
+ query.o: \
+ compile query.c error.h roots.h log.h uint64.h case.h cache.h \
+ uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
+ taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
+-response.h uint32.h query.h dns.h uint32.h
++response.h uint32.h query.h dns.h uint32.h qmerge.h
+ ./compile query.c
+
+ random-ip: \
+diff --git a/dnscache.c b/dnscache.c
+index abcba69..c84e4b8 100644
+--- a/dnscache.c
++++ b/dnscache.c
+@@ -23,6 +23,7 @@
+ #include "log.h"
+ #include "okclient.h"
+ #include "droproot.h"
++#include "maxclient.h"
+
+ long interface;
+
+@@ -59,7 +60,6 @@ uint64 numqueries = 0;
+
+ static int udp53;
+
+-#define MAXUDP 200
+ static struct udpclient {
+ struct query q;
+ struct taia start;
+@@ -136,7 +136,6 @@ void u_new(void)
+
+ static int tcp53;
+
+-#define MAXTCP 20
+ struct tcpclient {
+ struct query q;
+ struct taia start;
+diff --git a/log.c b/log.c
+index df465e2..1b0d98c 100644
+--- a/log.c
++++ b/log.c
+@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser
+ line();
+ }
+
++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
++{
++ string("txpb ");
++ logtype(qtype); space(); name(q); space(); name(control);
++ line();
++}
++
+ void log_cachedanswer(const char *q,const char type[2])
+ {
+ string("cached "); logtype(type); space();
+diff --git a/log.h b/log.h
+index fe62fa3..d9a829b 100644
+--- a/log.h
++++ b/log.h
+@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *);
+ extern void log_cachedns(const char *,const char *);
+
+ extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
++extern void log_tx_piggyback(const char *,const char *,const char *);
+
+ extern void log_nxdomain(const char *,const char *,unsigned int);
+ extern void log_nodata(const char *,const char *,const char *,unsigned int);
+diff --git a/maxclient.h b/maxclient.h
+new file mode 100644
+index 0000000..e52fcd1
+--- /dev/null
++++ b/maxclient.h
+@@ -0,0 +1,7 @@
++#ifndef MAXCLIENT_H
++#define MAXCLIENT_H
++
++#define MAXUDP 200
++#define MAXTCP 20
++
++#endif /* MAXCLIENT_H */
+diff --git a/qmerge.c b/qmerge.c
+new file mode 100644
+index 0000000..7c92299
+--- /dev/null
++++ b/qmerge.c
+@@ -0,0 +1,115 @@
++#include "qmerge.h"
++#include "byte.h"
++#include "log.h"
++#include "maxclient.h"
++
++#define QMERGE_MAX (MAXUDP+MAXTCP)
++struct qmerge inprogress[QMERGE_MAX];
++
++static
++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
++ const char *control)
++{
++ if (!dns_domain_copy(&qmk->q, q)) return 0;
++ byte_copy(qmk->qtype, 2, qtype);
++ if (!dns_domain_copy(&qmk->control, control)) return 0;
++ return 1;
++}
++
++static
++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
++{
++ return
++ byte_equal(a->qtype, 2, b->qtype) &&
++ dns_domain_equal(a->q, b->q) &&
++ dns_domain_equal(a->control, b->control);
++}
++
++static
++void qmerge_key_free(struct qmerge_key *qmk)
++{
++ dns_domain_free(&qmk->q);
++ dns_domain_free(&qmk->control);
++}
++
++void qmerge_free(struct qmerge **x)
++{
++ struct qmerge *qm;
++
++ qm = *x;
++ *x = 0;
++ if (!qm || !qm->active) return;
++
++ qm->active--;
++ if (!qm->active) {
++ qmerge_key_free(&qm->key);
++ dns_transmit_free(&qm->dt);
++ }
++}
++
++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
++ const char *q, const char qtype[2], const char localip[4],
++ const char *control)
++{
++ struct qmerge_key k;
++ int i;
++ int r;
++
++ qmerge_free(qm);
++
++ byte_zero(&k, sizeof k);
++ if (!qmerge_key_init(&k, q, qtype, control)) return -1;
++ for (i = 0; i < QMERGE_MAX; i++) {
++ if (!inprogress[i].active) continue;
++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
++ log_tx_piggyback(q, qtype, control);
++ inprogress[i].active++;
++ *qm = &inprogress[i];
++ qmerge_key_free(&k);
++ return 0;
++ }
++
++ for (i = 0; i < QMERGE_MAX; i++)
++ if (!inprogress[i].active)
++ break;
++ if (i == QMERGE_MAX) return -1;
++
++ log_tx(q, qtype, control, servers, 0);
++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
++ if (r == -1) { qmerge_key_free(&k); return -1; }
++ inprogress[i].active++;
++ inprogress[i].state = 0;
++ qmerge_key_free(&inprogress[i].key);
++ byte_copy(&inprogress[i].key, sizeof k, &k);
++ *qm = &inprogress[i];
++ return 0;
++}
++
++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
++{
++ if (qm->state == 0) {
++ dns_transmit_io(&qm->dt, io, deadline);
++ qm->state = 1;
++ }
++ else {
++ io->fd = -1;
++ io->events = 0;
++ }
++}
++
++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
++{
++ int r;
++ struct qmerge *qm;
++
++ qm = *x;
++ if (qm->state == -1) return -1; /* previous error */
++ if (qm->state == 0) return 0; /* no packet */
++ if (qm->state == 2) return 1; /* already got packet */
++
++ r = dns_transmit_get(&qm->dt, io, when);
++ if (r == -1) { qm->state = -1; return -1; } /* error */
++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
++ if (r == 1) { qm->state = 2; return 1; } /* got packet */
++ return -1; /* bug */
++}
+diff --git a/qmerge.h b/qmerge.h
+new file mode 100644
+index 0000000..9a58157
+--- /dev/null
++++ b/qmerge.h
+@@ -0,0 +1,24 @@
++#ifndef QMERGE_H
++#define QMERGE_H
++
++#include "dns.h"
++
++struct qmerge_key {
++ char *q;
++ char qtype[2];
++ char *control;
++};
++
++struct qmerge {
++ int active;
++ struct qmerge_key key;
++ struct dns_transmit dt;
++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
++};
++
++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
++extern void qmerge_free(struct qmerge **);
++
++#endif /* QMERGE_H */
+diff --git a/query.c b/query.c
+index d61b20c..d9be8b8 100644
+--- a/query.c
++++ b/query.c
+@@ -84,7 +84,7 @@ static void cleanup(struct query *z)
+ int j;
+ int k;
+
+- dns_transmit_free(&z->dt);
++ qmerge_free(&z->qm);
+ for (j = 0;j < QUERY_MAXALIAS;++j)
+ dns_domain_free(&z->alias[j]);
+ for (j = 0;j < QUERY_MAXLEVEL;++j) {
+@@ -624,15 +624,9 @@ static int doit(struct query *z,int state)
+ if (j == 256) goto SERVFAIL;
+
+ dns_sortip6(z->servers[z->level],256);
+- if (z->level) {
+- dtype = z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A;
+- log_tx(z->name[z->level],dtype,z->control[z->level],z->servers[z->level],z->level);
+- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip) == -1) goto DIE;
+- }
+- else {
+- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
+- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
+- }
++ dtype = z->level ? (z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A) : z->type;
++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
++
+ return 0;
+
+
+@@ -646,10 +640,10 @@ static int doit(struct query *z,int state)
+
+ HAVEPACKET:
+ if (++z->loop == 200) goto DIE;
+- buf = z->dt.packet;
+- len = z->dt.packetlen;
++ buf = z->qm->dt.packet;
++ len = z->qm->dt.packetlen;
+
+- whichserver = z->dt.servers + 16 * z->dt.curserver;
++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver;
+ control = z->control[z->level];
+ d = z->name[z->level];
+ /* dtype = z->level ? DNS_T_A : z->type; */
+@@ -1071,7 +1065,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip
+
+ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ {
+- switch(dns_transmit_get(&z->dt,x,stamp)) {
++ switch(qmerge_get(&z->qm,x,stamp)) {
+ case 1:
+ return doit(z,1);
+ case -1:
+@@ -1082,5 +1076,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+
+ void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
+ {
+- dns_transmit_io(&z->dt,x,deadline);
++ qmerge_io(z->qm,x,deadline);
+ }
+diff --git a/query.h b/query.h
+index 61812aa..93a322e 100644
+--- a/query.h
++++ b/query.h
+@@ -1,7 +1,7 @@
+ #ifndef QUERY_H
+ #define QUERY_H
+
+-#include "dns.h"
++#include "qmerge.h"
+ #include "uint32.h"
+
+ #define QUERY_MAXLEVEL 5
+@@ -22,7 +22,7 @@ struct query {
+ uint32 scope_id;
+ char type[2];
+ char class[2];
+- struct dns_transmit dt;
++ struct qmerge *qm;
+ } ;
+
+ extern int query_start(struct query *,char *,char *,char *,char *,unsigned int);
diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch
new file mode 100644
index 0000000..57e5095
--- /dev/null
+++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch
@@ -0,0 +1,349 @@
+diff --git a/Makefile b/Makefile
+index 1429643..bc047c0 100644
+--- a/Makefile
++++ b/Makefile
+@@ -318,11 +318,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h
+ ./compile dns_txt.c
+
+ dnscache: \
+-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
+ response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
+ libtai.a unix.a byte.a socket.lib
+ ./load dnscache droproot.o okclient.o log.o cache.o \
+- query.o response.o dd.o roots.o iopause.o prot.o dns.a \
++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
+ env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \
+ socket.lib`
+
+@@ -343,7 +343,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \
+ uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
+ iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
+ iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
+-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
+ ./compile dnscache.c
+
+ dnsfilter: \
+@@ -687,11 +687,16 @@ qlog.o: \
+ compile qlog.c buffer.h qlog.h uint16.h
+ ./compile qlog.c
+
++qmerge.o: \
++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
++taia.h tai.h uint64.h log.h maxclient.h
++ ./compile qmerge.c
++
+ query.o: \
+ compile query.c error.h roots.h log.h uint64.h case.h cache.h \
+ uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
+ taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
+-response.h uint32.h query.h dns.h uint32.h
++response.h uint32.h query.h dns.h uint32.h qmerge.h
+ ./compile query.c
+
+ random-ip: \
+diff --git a/dnscache.c b/dnscache.c
+index 8c899a3..5ccb16a 100644
+--- a/dnscache.c
++++ b/dnscache.c
+@@ -22,6 +22,7 @@
+ #include "log.h"
+ #include "okclient.h"
+ #include "droproot.h"
++#include "maxclient.h"
+
+ static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2])
+ {
+@@ -54,7 +55,6 @@ uint64 numqueries = 0;
+
+ static int udp53;
+
+-#define MAXUDP 200
+ static struct udpclient {
+ struct query q;
+ struct taia start;
+@@ -131,7 +131,6 @@ void u_new(void)
+
+ static int tcp53;
+
+-#define MAXTCP 20
+ struct tcpclient {
+ struct query q;
+ struct taia start;
+diff --git a/log.c b/log.c
+index c43e8b0..b8cd7ce 100644
+--- a/log.c
++++ b/log.c
+@@ -150,6 +150,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser
+ line();
+ }
+
++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
++{
++ string("txpb ");
++ logtype(qtype); space(); name(q); space(); name(control);
++ line();
++}
++
+ void log_cachedanswer(const char *q,const char type[2])
+ {
+ string("cached "); logtype(type); space();
+diff --git a/log.h b/log.h
+index fe62fa3..d9a829b 100644
+--- a/log.h
++++ b/log.h
+@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *);
+ extern void log_cachedns(const char *,const char *);
+
+ extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
++extern void log_tx_piggyback(const char *,const char *,const char *);
+
+ extern void log_nxdomain(const char *,const char *,unsigned int);
+ extern void log_nodata(const char *,const char *,const char *,unsigned int);
+diff --git a/maxclient.h b/maxclient.h
+new file mode 100644
+index 0000000..e52fcd1
+--- /dev/null
++++ b/maxclient.h
+@@ -0,0 +1,7 @@
++#ifndef MAXCLIENT_H
++#define MAXCLIENT_H
++
++#define MAXUDP 200
++#define MAXTCP 20
++
++#endif /* MAXCLIENT_H */
+diff --git a/qmerge.c b/qmerge.c
+new file mode 100644
+index 0000000..7c92299
+--- /dev/null
++++ b/qmerge.c
+@@ -0,0 +1,115 @@
++#include "qmerge.h"
++#include "byte.h"
++#include "log.h"
++#include "maxclient.h"
++
++#define QMERGE_MAX (MAXUDP+MAXTCP)
++struct qmerge inprogress[QMERGE_MAX];
++
++static
++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
++ const char *control)
++{
++ if (!dns_domain_copy(&qmk->q, q)) return 0;
++ byte_copy(qmk->qtype, 2, qtype);
++ if (!dns_domain_copy(&qmk->control, control)) return 0;
++ return 1;
++}
++
++static
++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
++{
++ return
++ byte_equal(a->qtype, 2, b->qtype) &&
++ dns_domain_equal(a->q, b->q) &&
++ dns_domain_equal(a->control, b->control);
++}
++
++static
++void qmerge_key_free(struct qmerge_key *qmk)
++{
++ dns_domain_free(&qmk->q);
++ dns_domain_free(&qmk->control);
++}
++
++void qmerge_free(struct qmerge **x)
++{
++ struct qmerge *qm;
++
++ qm = *x;
++ *x = 0;
++ if (!qm || !qm->active) return;
++
++ qm->active--;
++ if (!qm->active) {
++ qmerge_key_free(&qm->key);
++ dns_transmit_free(&qm->dt);
++ }
++}
++
++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
++ const char *q, const char qtype[2], const char localip[4],
++ const char *control)
++{
++ struct qmerge_key k;
++ int i;
++ int r;
++
++ qmerge_free(qm);
++
++ byte_zero(&k, sizeof k);
++ if (!qmerge_key_init(&k, q, qtype, control)) return -1;
++ for (i = 0; i < QMERGE_MAX; i++) {
++ if (!inprogress[i].active) continue;
++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
++ log_tx_piggyback(q, qtype, control);
++ inprogress[i].active++;
++ *qm = &inprogress[i];
++ qmerge_key_free(&k);
++ return 0;
++ }
++
++ for (i = 0; i < QMERGE_MAX; i++)
++ if (!inprogress[i].active)
++ break;
++ if (i == QMERGE_MAX) return -1;
++
++ log_tx(q, qtype, control, servers, 0);
++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
++ if (r == -1) { qmerge_key_free(&k); return -1; }
++ inprogress[i].active++;
++ inprogress[i].state = 0;
++ qmerge_key_free(&inprogress[i].key);
++ byte_copy(&inprogress[i].key, sizeof k, &k);
++ *qm = &inprogress[i];
++ return 0;
++}
++
++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
++{
++ if (qm->state == 0) {
++ dns_transmit_io(&qm->dt, io, deadline);
++ qm->state = 1;
++ }
++ else {
++ io->fd = -1;
++ io->events = 0;
++ }
++}
++
++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
++{
++ int r;
++ struct qmerge *qm;
++
++ qm = *x;
++ if (qm->state == -1) return -1; /* previous error */
++ if (qm->state == 0) return 0; /* no packet */
++ if (qm->state == 2) return 1; /* already got packet */
++
++ r = dns_transmit_get(&qm->dt, io, when);
++ if (r == -1) { qm->state = -1; return -1; } /* error */
++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
++ if (r == 1) { qm->state = 2; return 1; } /* got packet */
++ return -1; /* bug */
++}
+diff --git a/qmerge.h b/qmerge.h
+new file mode 100644
+index 0000000..9a58157
+--- /dev/null
++++ b/qmerge.h
+@@ -0,0 +1,24 @@
++#ifndef QMERGE_H
++#define QMERGE_H
++
++#include "dns.h"
++
++struct qmerge_key {
++ char *q;
++ char qtype[2];
++ char *control;
++};
++
++struct qmerge {
++ int active;
++ struct qmerge_key key;
++ struct dns_transmit dt;
++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
++};
++
++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
++extern void qmerge_free(struct qmerge **);
++
++#endif /* QMERGE_H */
+diff --git a/query.c b/query.c
+index 46cdc00..f091fdd 100644
+--- a/query.c
++++ b/query.c
+@@ -81,7 +81,7 @@ static void cleanup(struct query *z)
+ int j;
+ int k;
+
+- dns_transmit_free(&z->dt);
++ qmerge_free(&z->qm);
+ for (j = 0;j < QUERY_MAXALIAS;++j)
+ dns_domain_free(&z->alias[j]);
+ for (j = 0;j < QUERY_MAXLEVEL;++j) {
+@@ -429,14 +429,8 @@ static int doit(struct query *z,int state)
+ if (j == 64) goto SERVFAIL;
+
+ dns_sortip(z->servers[z->level],64);
+- if (z->level) {
+- log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level);
+- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE;
+- }
+- else {
+- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
+- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
+- }
++ dtype = z->level ? DNS_T_A : z->type;
++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
+ return 0;
+
+
+@@ -450,10 +444,10 @@ static int doit(struct query *z,int state)
+
+ HAVEPACKET:
+ if (++z->loop == 200) goto DIE;
+- buf = z->dt.packet;
+- len = z->dt.packetlen;
++ buf = z->qm->dt.packet;
++ len = z->qm->dt.packetlen;
+
+- whichserver = z->dt.servers + 4 * z->dt.curserver;
++ whichserver = z->qm->dt.servers + 4 * z->qm->dt.curserver;
+ control = z->control[z->level];
+ d = z->name[z->level];
+ dtype = z->level ? DNS_T_A : z->type;
+@@ -836,7 +830,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip
+
+ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ {
+- switch(dns_transmit_get(&z->dt,x,stamp)) {
++ switch(qmerge_get(&z->qm,x,stamp)) {
+ case 1:
+ return doit(z,1);
+ case -1:
+@@ -847,5 +841,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+
+ void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
+ {
+- dns_transmit_io(&z->dt,x,deadline);
++ qmerge_io(z->qm,x,deadline);
+ }
+diff --git a/query.h b/query.h
+index eff68b2..06feab4 100644
+--- a/query.h
++++ b/query.h
+@@ -1,7 +1,7 @@
+ #ifndef QUERY_H
+ #define QUERY_H
+
+-#include "dns.h"
++#include "qmerge.h"
+ #include "uint32.h"
+
+ #define QUERY_MAXLEVEL 5
+@@ -20,7 +20,7 @@ struct query {
+ char localip[4];
+ char type[2];
+ char class[2];
+- struct dns_transmit dt;
++ struct qmerge *qm;
+ } ;
+
+ extern int query_start(struct query *,char *,char *,char *,char *);
diff --git a/net-dns/djbdns/files/headtail-r1.patch b/net-dns/djbdns/files/headtail-r1.patch
new file mode 100644
index 0000000..3185480
--- /dev/null
+++ b/net-dns/djbdns/files/headtail-r1.patch
@@ -0,0 +1,67 @@
+diff -Naur /tmp/djbdns-1.05/Makefile djbdns-1.05/Makefile
+--- a/Makefile 2003-11-16 20:33:41.000000000 +0100
++++ b/Makefile 2003-11-16 20:35:15.000000000 +0100
+@@ -31,7 +31,7 @@
+
+ auto_home.c: \
+ auto-str conf-home
+- ./auto-str auto_home `head -1 conf-home` > auto_home.c
++ ./auto-str auto_home `head -n 1 conf-home` > auto_home.c
+
+ auto_home.o: \
+ compile auto_home.c
+@@ -205,14 +205,14 @@
+ choose: \
+ warn-auto.sh choose.sh conf-home
+ cat warn-auto.sh choose.sh \
+- | sed s}HOME}"`head -1 conf-home`"}g \
++ | sed s}HOME}"`head -n 1 conf-home`"}g \
+ > choose
+ chmod 755 choose
+
+ compile: \
+ warn-auto.sh conf-cc
+ ( cat warn-auto.sh; \
+- echo exec "`head -1 conf-cc`" '-c $${1+"$$@"}' \
++ echo exec "`head -n 1 conf-cc`" '-c $${1+"$$@"}' \
+ ) > compile
+ chmod 755 compile
+
+@@ -449,7 +449,7 @@
+ dnstracesort: \
+ warn-auto.sh dnstracesort.sh conf-home
+ cat warn-auto.sh dnstracesort.sh \
+- | sed s}HOME}"`head -1 conf-home`"}g \
++ | sed s}HOME}"`head -n 1 conf-home`"}g \
+ > dnstracesort
+ chmod 755 dnstracesort
+
+@@ -570,7 +570,7 @@
+ warn-auto.sh conf-ld
+ ( cat warn-auto.sh; \
+ echo 'main="$$1"; shift'; \
+- echo exec "`head -1 conf-ld`" \
++ echo exec "`head -n 1 conf-ld`" \
+ '-o "$$main" "$$main".o $${1+"$$@"}' \
+ ) > load
+ chmod 755 load
+@@ -758,7 +758,7 @@
+ rts: \
+ warn-auto.sh rts.sh conf-home
+ cat warn-auto.sh rts.sh \
+- | sed s}HOME}"`head -1 conf-home`"}g \
++ | sed s}HOME}"`head -n 1 conf-home`"}g \
+ > rts
+ chmod 755 rts
+
+@@ -901,8 +901,8 @@
+ systype: \
+ find-systype.sh conf-cc conf-ld trycpp.c x86cpuid.c
+ ( cat warn-auto.sh; \
+- echo CC=\'`head -1 conf-cc`\'; \
+- echo LD=\'`head -1 conf-ld`\'; \
++ echo CC=\'`head -n 1 conf-cc`\'; \
++ echo LD=\'`head -n 1 conf-ld`\'; \
+ cat find-systype.sh; \
+ ) | sh > systype
+
diff --git a/net-dns/djbdns/files/increase-cname-recustion-depth.patch b/net-dns/djbdns/files/increase-cname-recustion-depth.patch
new file mode 100644
index 0000000..3415f65
--- /dev/null
+++ b/net-dns/djbdns/files/increase-cname-recustion-depth.patch
@@ -0,0 +1,43 @@
+From d8534e8482bdd3f6e4ae1dca8452e65c24dd34f7 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Fri, 5 Aug 2016 09:13:11 -0400
+Subject: [PATCH 1/1] query.c: increase recursion depth to 200.
+
+The recursion loop for CNAME resolution has an upper limit of 100
+iterations by default. This has proven too small in some cases where
+large CDNs are concerned. This commit increases the limit to 200.
+
+The patch was based on the OpenWrt fix, supplied by user ylxu.
+
+Gentoo-Bug: 590548
+OpenWrt-Bug: 5881
+SMEServer-Bug: 8362
+---
+ query.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/query.c b/query.c
+index 46cdc00..61fe708 100644
+--- a/query.c
++++ b/query.c
+@@ -203,7 +203,7 @@ static int doit(struct query *z,int state)
+
+
+ NEWNAME:
+- if (++z->loop == 100) goto DIE;
++ if (++z->loop == 200) goto DIE;
+ d = z->name[z->level];
+ dtype = z->level ? DNS_T_A : z->type;
+ dlen = dns_domain_length(d);
+@@ -449,7 +449,7 @@ static int doit(struct query *z,int state)
+
+
+ HAVEPACKET:
+- if (++z->loop == 100) goto DIE;
++ if (++z->loop == 200) goto DIE;
+ buf = z->dt.packet;
+ len = z->dt.packetlen;
+
+--
+2.7.3
+
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/djbdns/, net-dns/djbdns/files/
@ 2018-04-11 13:28 Michael Orlitzky
0 siblings, 0 replies; 4+ messages in thread
From: Michael Orlitzky @ 2018-04-11 13:28 UTC (permalink / raw
To: gentoo-commits
commit: 2837acf969f908129dc20336ae6bb6d748f0054f
Author: Rolf Eike Beer <eike <AT> sf-mail <DOT> de>
AuthorDate: Sun Apr 1 20:04:39 2018 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Apr 11 13:18:35 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2837acf9
net-dns/djbdns: update IPv6 patch
Closes: https://bugs.gentoo.org/652156
Closes: https://github.com/gentoo/gentoo/pull/7768
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
net-dns/djbdns/Manifest | 1 +
net-dns/djbdns/djbdns-1.05-r33.ebuild | 132 ++++++++
...erge-similar-outgoing-queries-ipv6-test28.patch | 351 +++++++++++++++++++++
3 files changed, 484 insertions(+)
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest
index c4ec7a7f792..813304725d1 100644
--- a/net-dns/djbdns/Manifest
+++ b/net-dns/djbdns/Manifest
@@ -1,3 +1,4 @@
DIST djbdns-1.05-man.tar.gz 17170 BLAKE2B 2fef7e1be8a427b2c426c2af58bf4c22795e64d03e0f605ca333e38f187ff65b333e88a7cea0e8a9ec867b446b5ca34a5c97dd24ae18b28ee4c747f2fd1f1608 SHA512 98af7bd9033a2205fbbc0f23b7eab45b9756f6ceff5199a62952e19c89c9fe3c03495cb6f8621d388f883c40650309a1509095417df3f54af21a71350c4aa183
DIST djbdns-1.05-test27.diff.bz2 20695 BLAKE2B 5eb2b5deeb81ec802bec4787b844f8b072e46a06ea28cf28a2702f8d545c3248256357669471f78b61f30c656b6f325bb8c0710dbdfa3ad2c2b00d5fb02bfc66 SHA512 e5acf26ff353ae20b6c2186140255bf0ae478a75a9946163d4474a003afbf8c2f47e61a12fc3ed4b9eff17ec8732e9d91bfbb10fb2762310b067180b6d471ba0
+DIST djbdns-1.05-test28.diff.xz 22072 BLAKE2B fff6c13220adfa056a0ac5942ff9385d83b75f8622adaebab65f557a2ca8d014fe3c255fe55ba9afca56b24880b7cd28597b26b5bcc3bbbd3ef9f581b67004fd SHA512 7fbfeda10221a0a09897c2e744df5606c83113c394ce055d822b0d8733873d72567a88c37905d21c7d2395170fc12b9e9eb133a941aa809f1b9856872ab48230
DIST djbdns-1.05.tar.gz 85648 BLAKE2B 51918fcc8944e64e72709636ee7d56975a138a2806e22c019fa836770de3a338bb8f682216b89c09d6b2861c2423e60e28dc60639f5a86aca2040e1788e4cf5c SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9
diff --git a/net-dns/djbdns/djbdns-1.05-r33.ebuild b/net-dns/djbdns/djbdns-1.05-r33.ebuild
new file mode 100644
index 00000000000..ad80420e697
--- /dev/null
+++ b/net-dns/djbdns/djbdns-1.05-r33.ebuild
@@ -0,0 +1,132 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit flag-o-matic readme.gentoo-r1 toolchain-funcs user
+
+DESCRIPTION="Collection of DNS client/server software"
+HOMEPAGE="http://cr.yp.to/djbdns.html"
+IPV6_PATCH="test28"
+
+SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz
+ http://smarden.org/pape/djb/manpages/${P}-man.tar.gz
+ ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.xz )"
+
+SLOT="0"
+LICENSE="public-domain"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ipv6 selinux"
+
+DEPEND=""
+RDEPEND="sys-apps/ucspi-tcp
+ virtual/daemontools
+ selinux? ( sec-policy/selinux-djbdns )"
+
+src_unpack(){
+ # Unpack both djbdns and its man pages to separate directories.
+ default
+
+ # Now move the man pages under ${S} so that user patches can be
+ # applied to them as well in src_prepare().
+ mv "${PN}-man" "${P}/man" || die "failed to transplant man pages"
+}
+
+PATCHES=(
+ "${FILESDIR}/headtail-r1.patch"
+ "${FILESDIR}/dnsroots.patch"
+ "${FILESDIR}/dnstracesort.patch"
+ "${FILESDIR}/string_length_255.patch"
+ "${FILESDIR}/srv_record_support.patch"
+ "${FILESDIR}/increase-cname-recustion-depth.patch"
+ "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
+ "${FILESDIR}/CVE2012-1191_0001-ghost-domain-attack.patch"
+)
+
+src_prepare() {
+ if use ipv6; then
+ PATCHES=(${PATCHES[@]}
+ # The big ipv6 patch.
+ "${WORKDIR}/${P}-${IPV6_PATCH}.diff"
+ # Fix CVE2008-4392 (ipv6)
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch"
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch"
+ "${FILESDIR}/makefile-parallel-test25.patch"
+ )
+ else
+ PATCHES=(${PATCHES[@]}
+ # Fix CVE2008-4392 (no ipv6)
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch"
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+ # Later versions of the ipv6 patch include this
+ "${FILESDIR}/${PV}-errno-r1.patch"
+ )
+ fi
+
+ default
+}
+
+src_compile() {
+ echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die
+ echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die
+ echo "/usr" > conf-home || die
+ emake
+}
+
+src_install() {
+ insinto /etc
+ doins dnsroots.global
+
+ into /usr
+ dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+ *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+ dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
+
+ if use ipv6; then
+ dobin dnsip6 dnsip6q
+ fi
+
+ dodoc CHANGES README
+
+ doman man/*.[158]
+
+ readme.gentoo_create_doc
+}
+
+pkg_preinst() {
+ # The nofiles group is no longer provided by baselayout.
+ # Share it with qmail if possible.
+ enewgroup nofiles 200
+
+ enewuser dnscache -1 -1 -1 nofiles
+ enewuser dnslog -1 -1 -1 nofiles
+ enewuser tinydns -1 -1 -1 nofiles
+}
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS='
+To configure djbdns, please follow the instructions at,
+
+ http://cr.yp.to/djbdns.html
+
+Of particular interest are,
+
+ axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html
+ dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html
+ tinydns : http://cr.yp.to/djbdns/run-server.html
+
+Portage has created users for axfrdns, dnscache, and tinydns; the
+commands to configure these programs are,
+
+ 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip
+ 2. dnscache-conf dnscache dnslog /var/dnscache $ip
+ 3. tinydns-conf tinydns dnslog /var/tinydns $ip
+
+(replace $ip with the ip address on which the server will run).
+
+If you wish to configure rbldns or walldns, you will need to create
+those users yourself (although you should still use the "dnslog"
+user for the logs):
+
+ 4. rbldns-conf $username dnslog /var/rbldns $ip $base
+ 5. walldns-conf $username dnslog /var/walldns $ip
+'
diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch
new file mode 100644
index 00000000000..d493b8985e0
--- /dev/null
+++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test28.patch
@@ -0,0 +1,351 @@
+diff --git a/Makefile b/Makefile
+index 5ccd647..eee09dd 100644
+--- a/Makefile
++++ b/Makefile
+@@ -346,11 +346,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h
+ ./compile dns_txt.c
+
+ dnscache: \
+-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
+ response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
+ libtai.a unix.a byte.a socket.lib
+ ./load dnscache droproot.o okclient.o log.o cache.o \
+- query.o response.o dd.o roots.o iopause.o prot.o dns.a \
++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
+ env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \
+ socket.lib`
+
+@@ -371,7 +371,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \
+ uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
+ iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
+ iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
+-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
+ ./compile dnscache.c
+
+ dnsfilter: \
+@@ -749,11 +749,16 @@ qlog.o: \
+ compile qlog.c buffer.h qlog.h uint16.h
+ ./compile qlog.c
+
++qmerge.o: \
++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
++taia.h tai.h uint64.h log.h maxclient.h
++ ./compile qmerge.c
++
+ query.o: \
+ compile query.c error.h roots.h log.h uint64.h case.h cache.h \
+ uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
+ taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
+-response.h uint32.h query.h dns.h uint32.h
++response.h uint32.h query.h dns.h uint32.h qmerge.h
+ ./compile query.c
+
+ random-ip: \
+diff --git a/dnscache.c b/dnscache.c
+index abcba69..c84e4b8 100644
+--- a/dnscache.c
++++ b/dnscache.c
+@@ -23,6 +23,7 @@
+ #include "okclient.h"
+ #include "droproot.h"
+ #include "openreadclose.h"
++#include "maxclient.h"
+
+ long interface;
+
+@@ -59,7 +60,6 @@ uint64 numqueries = 0;
+
+ static int udp53;
+
+-#define MAXUDP 200
+ static struct udpclient {
+ struct query q;
+ struct taia start;
+@@ -136,7 +136,6 @@ void u_new(void)
+
+ static int tcp53;
+
+-#define MAXTCP 20
+ struct tcpclient {
+ struct query q;
+ struct taia start;
+diff --git a/log.c b/log.c
+index df465e2..1b0d98c 100644
+--- a/log.c
++++ b/log.c
+@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const char ser
+ line();
+ }
+
++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
++{
++ string("txpb ");
++ logtype(qtype); space(); name(q); space(); name(control);
++ line();
++}
++
+ void log_cachedanswer(const char *q,const char type[2])
+ {
+ string("cached "); logtype(type); space();
+diff --git a/log.h b/log.h
+index fe62fa3..d9a829b 100644
+--- a/log.h
++++ b/log.h
+@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *);
+ extern void log_cachedns(const char *,const char *);
+
+ extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
++extern void log_tx_piggyback(const char *,const char *,const char *);
+
+ extern void log_nxdomain(const char *,const char *,unsigned int);
+ extern void log_nodata(const char *,const char *,const char *,unsigned int);
+diff --git a/maxclient.h b/maxclient.h
+new file mode 100644
+index 0000000..e52fcd1
+--- /dev/null
++++ b/maxclient.h
+@@ -0,0 +1,7 @@
++#ifndef MAXCLIENT_H
++#define MAXCLIENT_H
++
++#define MAXUDP 200
++#define MAXTCP 20
++
++#endif /* MAXCLIENT_H */
+diff --git a/qmerge.c b/qmerge.c
+new file mode 100644
+index 0000000..7c92299
+--- /dev/null
++++ b/qmerge.c
+@@ -0,0 +1,115 @@
++#include "qmerge.h"
++#include "byte.h"
++#include "log.h"
++#include "maxclient.h"
++
++#define QMERGE_MAX (MAXUDP+MAXTCP)
++struct qmerge inprogress[QMERGE_MAX];
++
++static
++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
++ const char *control)
++{
++ if (!dns_domain_copy(&qmk->q, q)) return 0;
++ byte_copy(qmk->qtype, 2, qtype);
++ if (!dns_domain_copy(&qmk->control, control)) return 0;
++ return 1;
++}
++
++static
++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
++{
++ return
++ byte_equal(a->qtype, 2, b->qtype) &&
++ dns_domain_equal(a->q, b->q) &&
++ dns_domain_equal(a->control, b->control);
++}
++
++static
++void qmerge_key_free(struct qmerge_key *qmk)
++{
++ dns_domain_free(&qmk->q);
++ dns_domain_free(&qmk->control);
++}
++
++void qmerge_free(struct qmerge **x)
++{
++ struct qmerge *qm;
++
++ qm = *x;
++ *x = 0;
++ if (!qm || !qm->active) return;
++
++ qm->active--;
++ if (!qm->active) {
++ qmerge_key_free(&qm->key);
++ dns_transmit_free(&qm->dt);
++ }
++}
++
++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
++ const char *q, const char qtype[2], const char localip[4],
++ const char *control)
++{
++ struct qmerge_key k;
++ int i;
++ int r;
++
++ qmerge_free(qm);
++
++ byte_zero(&k, sizeof k);
++ if (!qmerge_key_init(&k, q, qtype, control)) return -1;
++ for (i = 0; i < QMERGE_MAX; i++) {
++ if (!inprogress[i].active) continue;
++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
++ log_tx_piggyback(q, qtype, control);
++ inprogress[i].active++;
++ *qm = &inprogress[i];
++ qmerge_key_free(&k);
++ return 0;
++ }
++
++ for (i = 0; i < QMERGE_MAX; i++)
++ if (!inprogress[i].active)
++ break;
++ if (i == QMERGE_MAX) return -1;
++
++ log_tx(q, qtype, control, servers, 0);
++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
++ if (r == -1) { qmerge_key_free(&k); return -1; }
++ inprogress[i].active++;
++ inprogress[i].state = 0;
++ qmerge_key_free(&inprogress[i].key);
++ byte_copy(&inprogress[i].key, sizeof k, &k);
++ *qm = &inprogress[i];
++ return 0;
++}
++
++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
++{
++ if (qm->state == 0) {
++ dns_transmit_io(&qm->dt, io, deadline);
++ qm->state = 1;
++ }
++ else {
++ io->fd = -1;
++ io->events = 0;
++ }
++}
++
++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
++{
++ int r;
++ struct qmerge *qm;
++
++ qm = *x;
++ if (qm->state == -1) return -1; /* previous error */
++ if (qm->state == 0) return 0; /* no packet */
++ if (qm->state == 2) return 1; /* already got packet */
++
++ r = dns_transmit_get(&qm->dt, io, when);
++ if (r == -1) { qm->state = -1; return -1; } /* error */
++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
++ if (r == 1) { qm->state = 2; return 1; } /* got packet */
++ return -1; /* bug */
++}
+diff --git a/qmerge.h b/qmerge.h
+new file mode 100644
+index 0000000..9a58157
+--- /dev/null
++++ b/qmerge.h
+@@ -0,0 +1,24 @@
++#ifndef QMERGE_H
++#define QMERGE_H
++
++#include "dns.h"
++
++struct qmerge_key {
++ char *q;
++ char qtype[2];
++ char *control;
++};
++
++struct qmerge {
++ int active;
++ struct qmerge_key key;
++ struct dns_transmit dt;
++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
++};
++
++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
++extern void qmerge_free(struct qmerge **);
++
++#endif /* QMERGE_H */
+diff --git a/query.c b/query.c
+index d61b20c..d9be8b8 100644
+--- a/query.c
++++ b/query.c
+@@ -84,7 +84,7 @@ static void cleanup(struct query *z)
+ int j;
+ int k;
+
+- dns_transmit_free(&z->dt);
++ qmerge_free(&z->qm);
+ for (j = 0;j < QUERY_MAXALIAS;++j)
+ dns_domain_free(&z->alias[j]);
+ for (j = 0;j < QUERY_MAXLEVEL;++j) {
+@@ -624,15 +624,9 @@ static int doit(struct query *z,int state)
+ if (j == 256) goto SERVFAIL;
+
+ dns_sortip6(z->servers[z->level],256);
+- if (z->level) {
+- dtype = z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A;
+- log_tx(z->name[z->level],dtype,z->control[z->level],z->servers[z->level],z->level);
+- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip) == -1) goto DIE;
+- }
+- else {
+- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
+- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
+- }
++ dtype = z->level ? (z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A) : z->type;
++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
++
+ return 0;
+
+
+@@ -646,10 +640,10 @@ static int doit(struct query *z,int state)
+
+ HAVEPACKET:
+ if (++z->loop == 200) goto DIE;
+- buf = z->dt.packet;
+- len = z->dt.packetlen;
++ buf = z->qm->dt.packet;
++ len = z->qm->dt.packetlen;
+
+- whichserver = z->dt.servers + 16 * z->dt.curserver;
++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver;
+ control = z->control[z->level];
+ d = z->name[z->level];
+ /* dtype = z->level ? DNS_T_A : z->type; */
+@@ -1071,7 +1065,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],char localip
+
+ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ {
+- switch(dns_transmit_get(&z->dt,x,stamp)) {
++ switch(qmerge_get(&z->qm,x,stamp)) {
+ case 1:
+ return doit(z,1);
+ case -1:
+@@ -1082,5 +1076,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+
+ void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
+ {
+- dns_transmit_io(&z->dt,x,deadline);
++ qmerge_io(z->qm,x,deadline);
+ }
+diff --git a/query.h b/query.h
+index 61812aa..93a322e 100644
+--- a/query.h
++++ b/query.h
+@@ -1,7 +1,7 @@
+ #ifndef QUERY_H
+ #define QUERY_H
+
+-#include "dns.h"
++#include "qmerge.h"
+ #include "uint32.h"
+
+ #define QUERY_MAXLEVEL 5
+@@ -22,7 +22,7 @@ struct query {
+ uint32 scope_id;
+ char type[2];
+ char class[2];
+- struct dns_transmit dt;
++ struct qmerge *qm;
+ } ;
+
+ extern int query_start(struct query *,char *,char *,char *,char *,unsigned int);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/djbdns/, net-dns/djbdns/files/
@ 2022-11-15 23:37 Michael Orlitzky
0 siblings, 0 replies; 4+ messages in thread
From: Michael Orlitzky @ 2022-11-15 23:37 UTC (permalink / raw
To: gentoo-commits
commit: 0d1b97b7297ab5ecd5da0f9b6a7b1dfd0239a5bc
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 20:27:18 2022 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 23:24:24 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d1b97b7
net-dns/djbdns: new EAPI=8 revision with fixed parallel build.
The parallel build fix comes via an updated ipv6 patch, courtesy of
Felix von Leitner. (Thanks for the fast response!)
This also includes the ever-dangerous manual rebasing of two CVE patches
on top of the new ipv6 patch, made scarier by the fact that I don't
actually ipv6 myself. Fortunately those patches are not too crazy.
Closes: https://bugs.gentoo.org/881349
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
net-dns/djbdns/Manifest | 1 +
net-dns/djbdns/djbdns-1.05-r36.ebuild | 127 ++++++++
...erge-similar-outgoing-queries-ipv6-test29.patch | 351 +++++++++++++++++++++
...02-dnscache-cache-soa-records-ipv6-test29.patch | 69 ++++
4 files changed, 548 insertions(+)
diff --git a/net-dns/djbdns/Manifest b/net-dns/djbdns/Manifest
index af9a9ef1e60a..7892a331568a 100644
--- a/net-dns/djbdns/Manifest
+++ b/net-dns/djbdns/Manifest
@@ -1,3 +1,4 @@
DIST djbdns-1.05-man.tar.gz 17170 BLAKE2B 2fef7e1be8a427b2c426c2af58bf4c22795e64d03e0f605ca333e38f187ff65b333e88a7cea0e8a9ec867b446b5ca34a5c97dd24ae18b28ee4c747f2fd1f1608 SHA512 98af7bd9033a2205fbbc0f23b7eab45b9756f6ceff5199a62952e19c89c9fe3c03495cb6f8621d388f883c40650309a1509095417df3f54af21a71350c4aa183
DIST djbdns-1.05-test28.diff.xz 22072 BLAKE2B fff6c13220adfa056a0ac5942ff9385d83b75f8622adaebab65f557a2ca8d014fe3c255fe55ba9afca56b24880b7cd28597b26b5bcc3bbbd3ef9f581b67004fd SHA512 7fbfeda10221a0a09897c2e744df5606c83113c394ce055d822b0d8733873d72567a88c37905d21c7d2395170fc12b9e9eb133a941aa809f1b9856872ab48230
+DIST djbdns-1.05-test29.diff.xz 28884 BLAKE2B cff7dd55d68eb33a7f8725898469f39b7a1109c7a081e00b0465d599e0ea462e888f510b98a37a31190dfadb2006c6ba2f42311e235e1d9456f745dd756035a9 SHA512 f3fda79813f0067aadc399b1b8af9b33b179ee212fee188119ad2e3d8fced3b31dbd4d2a83922a138da523bb6d6784c3d98105053f9267e7e4f41cf77b76ce88
DIST djbdns-1.05.tar.gz 85648 BLAKE2B 51918fcc8944e64e72709636ee7d56975a138a2806e22c019fa836770de3a338bb8f682216b89c09d6b2861c2423e60e28dc60639f5a86aca2040e1788e4cf5c SHA512 20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9
diff --git a/net-dns/djbdns/djbdns-1.05-r36.ebuild b/net-dns/djbdns/djbdns-1.05-r36.ebuild
new file mode 100644
index 000000000000..115ca72ded0b
--- /dev/null
+++ b/net-dns/djbdns/djbdns-1.05-r36.ebuild
@@ -0,0 +1,127 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+inherit readme.gentoo-r1 toolchain-funcs
+
+DESCRIPTION="Collection of DNS client/server software"
+HOMEPAGE="https://cr.yp.to/djbdns.html"
+IPV6_PATCH="test29"
+
+SRC_URI="http://cr.yp.to/djbdns/${P}.tar.gz
+ http://smarden.org/pape/djb/manpages/${P}-man.tar.gz
+ ipv6? ( http://www.fefe.de/dns/${P}-${IPV6_PATCH}.diff.xz )"
+
+SLOT="0"
+LICENSE="public-domain"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ipv6 selinux"
+
+DEPEND=""
+RDEPEND="
+ acct-user/dnscache
+ acct-user/dnslog
+ acct-user/tinydns
+ sys-apps/ucspi-tcp
+ virtual/daemontools
+ selinux? ( sec-policy/selinux-djbdns )"
+
+src_unpack() {
+ # Unpack both djbdns and its man pages to separate directories.
+ default
+
+ # Now move the man pages under ${S} so that user patches can be
+ # applied to them as well in src_prepare().
+ mv "${PN}-man" "${P}/man" || die "failed to transplant man pages"
+}
+
+PATCHES=(
+ "${FILESDIR}/headtail-r1.patch"
+ "${FILESDIR}/dnsroots.patch"
+ "${FILESDIR}/dnstracesort.patch"
+ "${FILESDIR}/string_length_255.patch"
+ "${FILESDIR}/srv_record_support.patch"
+ "${FILESDIR}/increase-cname-recustion-depth.patch"
+ "${FILESDIR}/CVE2009-0858_0001-check-response-domain-name-length.patch"
+ "${FILESDIR}/CVE2012-1191_0001-ghost-domain-attack.patch"
+ "${FILESDIR}/AR-and-RANLIB-support.patch"
+)
+
+src_prepare() {
+ if use ipv6; then
+ PATCHES=(${PATCHES[@]}
+ # The big ipv6 patch.
+ "${WORKDIR}/${P}-${IPV6_PATCH}.diff"
+ # Fix CVE2008-4392 (ipv6)
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test29.patch"
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6-test29.patch"
+ "${FILESDIR}/makefile-parallel-test25.patch"
+ )
+ else
+ PATCHES=(${PATCHES[@]}
+ # Fix CVE2008-4392 (no ipv6)
+ "${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch"
+ "${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
+ # Later versions of the ipv6 patch include this
+ "${FILESDIR}/${PV}-errno-r1.patch"
+ )
+ fi
+
+ default
+}
+
+src_compile() {
+ echo "$(tc-getCC) ${CFLAGS}" > conf-cc || die
+ echo "$(tc-getCC) ${LDFLAGS}" > conf-ld || die
+ echo "/usr" > conf-home || die
+ emake AR=$(tc-getAR) RANLIB=$(tc-getRANLIB)
+}
+
+src_install() {
+ insinto /etc
+ doins dnsroots.global
+
+ into /usr
+ dobin *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+ *-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+ dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort
+
+ if use ipv6; then
+ dobin dnsip6 dnsip6q
+ fi
+
+ dodoc CHANGES README
+
+ doman man/*.[158]
+
+ readme.gentoo_create_doc
+}
+
+DISABLE_AUTOFORMATTING=1
+DOC_CONTENTS='
+To configure djbdns, please follow the instructions at,
+
+ http://cr.yp.to/djbdns.html
+
+Of particular interest are,
+
+ axfrdns : http://cr.yp.to/djbdns/axfrdns-conf.html
+ dnscache: http://cr.yp.to/djbdns/run-cache-x-home.html
+ tinydns : http://cr.yp.to/djbdns/run-server.html
+
+Portage has created users for axfrdns, dnscache, and tinydns; the
+commands to configure these programs are,
+
+ 1. axfrdns-conf tinydns dnslog /var/axfrdns /var/tinydns $ip
+ 2. dnscache-conf dnscache dnslog /var/dnscache $ip
+ 3. tinydns-conf tinydns dnslog /var/tinydns $ip
+
+(replace $ip with the ip address on which the server will run).
+
+If you wish to configure rbldns or walldns, you will need to create
+those users yourself (although you should still use the "dnslog"
+user for the logs):
+
+ 4. rbldns-conf $username dnslog /var/rbldns $ip $base
+ 5. walldns-conf $username dnslog /var/walldns $ip
+'
diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test29.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test29.patch
new file mode 100644
index 000000000000..866b3cc51317
--- /dev/null
+++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6-test29.patch
@@ -0,0 +1,351 @@
+diff --git a/Makefile b/Makefile
+index b89243a..626a829 100644
+--- a/Makefile
++++ b/Makefile
+@@ -348,11 +348,11 @@ stralloc.h iopause.h taia.h tai.h uint64.h taia.h
+ ./compile dns_txt.c
+
+ dnscache: \
+-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
+ response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
+ libtai.a unix.a byte.a socket.lib
+ ./load dnscache droproot.o okclient.o log.o cache.o \
+- query.o response.o dd.o roots.o iopause.o prot.o dns.a \
++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
+ env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \
+ socket.lib`
+
+@@ -373,7 +373,7 @@ compile dnscache.c env.h exit.h scan.h strerr.h error.h ip4.h \
+ uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
+ iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
+ iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
+-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
+ ./compile dnscache.c
+
+ dnsfilter: \
+@@ -751,11 +751,16 @@ qlog.o: \
+ compile qlog.c buffer.h qlog.h uint16.h
+ ./compile qlog.c
+
++qmerge.o: \
++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
++taia.h tai.h uint64.h log.h maxclient.h
++ ./compile qmerge.c
++
+ query.o: \
+ compile query.c error.h roots.h log.h uint64.h case.h cache.h \
+ uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
+ taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
+-response.h uint32.h query.h dns.h uint32.h
++response.h uint32.h query.h dns.h uint32.h qmerge.h
+ ./compile query.c
+
+ random-ip: \
+diff --git a/dnscache.c b/dnscache.c
+index d45f932..0c48ec1 100644
+--- a/dnscache.c
++++ b/dnscache.c
+@@ -24,6 +24,7 @@
+ #include "okclient.h"
+ #include "droproot.h"
+ #include "openreadclose.h"
++#include "maxclient.h"
+
+ unsigned long interface;
+
+@@ -60,7 +61,6 @@ uint64 numqueries = 0;
+
+ static int udp53;
+
+-#define MAXUDP 200
+ static struct udpclient {
+ struct query q;
+ struct taia start;
+@@ -137,7 +137,6 @@ void u_new(void)
+
+ static int tcp53;
+
+-#define MAXTCP 20
+ struct tcpclient {
+ struct query q;
+ struct taia start;
+diff --git a/log.c b/log.c
+index e697f91..2ccc345 100644
+--- a/log.c
++++ b/log.c
+@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qtype[2],const char *control,const unsigned
+ line();
+ }
+
++void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
++{
++ string("txpb ");
++ logtype(qtype); space(); name(q); space(); name(control);
++ line();
++}
++
+ void log_cachedanswer(const char *q,const char type[2])
+ {
+ string("cached "); logtype(type); space();
+diff --git a/log.h b/log.h
+index 68d698f..c112785 100644
+--- a/log.h
++++ b/log.h
+@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const char *);
+ extern void log_cachedns(const char *,const char *);
+
+ extern void log_tx(const char *q,const char qtype[2],const char *control,const unsigned char servers[256],unsigned int gluelessness);
++extern void log_tx_piggyback(const char *,const char *,const char *);
+
+ extern void log_nxdomain(const unsigned char server[16],const char *q,unsigned int ttl);
+ extern void log_nodata(const unsigned char server[16],const char *q,const char qtype[2],unsigned int ttl);
+diff --git a/maxclient.h b/maxclient.h
+new file mode 100644
+index 0000000..e52fcd1
+--- /dev/null
++++ b/maxclient.h
+@@ -0,0 +1,7 @@
++#ifndef MAXCLIENT_H
++#define MAXCLIENT_H
++
++#define MAXUDP 200
++#define MAXTCP 20
++
++#endif /* MAXCLIENT_H */
+diff --git a/qmerge.c b/qmerge.c
+new file mode 100644
+index 0000000..7c92299
+--- /dev/null
++++ b/qmerge.c
+@@ -0,0 +1,115 @@
++#include "qmerge.h"
++#include "byte.h"
++#include "log.h"
++#include "maxclient.h"
++
++#define QMERGE_MAX (MAXUDP+MAXTCP)
++struct qmerge inprogress[QMERGE_MAX];
++
++static
++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
++ const char *control)
++{
++ if (!dns_domain_copy(&qmk->q, q)) return 0;
++ byte_copy(qmk->qtype, 2, qtype);
++ if (!dns_domain_copy(&qmk->control, control)) return 0;
++ return 1;
++}
++
++static
++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
++{
++ return
++ byte_equal(a->qtype, 2, b->qtype) &&
++ dns_domain_equal(a->q, b->q) &&
++ dns_domain_equal(a->control, b->control);
++}
++
++static
++void qmerge_key_free(struct qmerge_key *qmk)
++{
++ dns_domain_free(&qmk->q);
++ dns_domain_free(&qmk->control);
++}
++
++void qmerge_free(struct qmerge **x)
++{
++ struct qmerge *qm;
++
++ qm = *x;
++ *x = 0;
++ if (!qm || !qm->active) return;
++
++ qm->active--;
++ if (!qm->active) {
++ qmerge_key_free(&qm->key);
++ dns_transmit_free(&qm->dt);
++ }
++}
++
++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
++ const char *q, const char qtype[2], const char localip[4],
++ const char *control)
++{
++ struct qmerge_key k;
++ int i;
++ int r;
++
++ qmerge_free(qm);
++
++ byte_zero(&k, sizeof k);
++ if (!qmerge_key_init(&k, q, qtype, control)) return -1;
++ for (i = 0; i < QMERGE_MAX; i++) {
++ if (!inprogress[i].active) continue;
++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
++ log_tx_piggyback(q, qtype, control);
++ inprogress[i].active++;
++ *qm = &inprogress[i];
++ qmerge_key_free(&k);
++ return 0;
++ }
++
++ for (i = 0; i < QMERGE_MAX; i++)
++ if (!inprogress[i].active)
++ break;
++ if (i == QMERGE_MAX) return -1;
++
++ log_tx(q, qtype, control, servers, 0);
++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
++ if (r == -1) { qmerge_key_free(&k); return -1; }
++ inprogress[i].active++;
++ inprogress[i].state = 0;
++ qmerge_key_free(&inprogress[i].key);
++ byte_copy(&inprogress[i].key, sizeof k, &k);
++ *qm = &inprogress[i];
++ return 0;
++}
++
++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
++{
++ if (qm->state == 0) {
++ dns_transmit_io(&qm->dt, io, deadline);
++ qm->state = 1;
++ }
++ else {
++ io->fd = -1;
++ io->events = 0;
++ }
++}
++
++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
++{
++ int r;
++ struct qmerge *qm;
++
++ qm = *x;
++ if (qm->state == -1) return -1; /* previous error */
++ if (qm->state == 0) return 0; /* no packet */
++ if (qm->state == 2) return 1; /* already got packet */
++
++ r = dns_transmit_get(&qm->dt, io, when);
++ if (r == -1) { qm->state = -1; return -1; } /* error */
++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
++ if (r == 1) { qm->state = 2; return 1; } /* got packet */
++ return -1; /* bug */
++}
+diff --git a/qmerge.h b/qmerge.h
+new file mode 100644
+index 0000000..9a58157
+--- /dev/null
++++ b/qmerge.h
+@@ -0,0 +1,24 @@
++#ifndef QMERGE_H
++#define QMERGE_H
++
++#include "dns.h"
++
++struct qmerge_key {
++ char *q;
++ char qtype[2];
++ char *control;
++};
++
++struct qmerge {
++ int active;
++ struct qmerge_key key;
++ struct dns_transmit dt;
++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
++};
++
++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
++extern void qmerge_free(struct qmerge **);
++
++#endif /* QMERGE_H */
+diff --git a/query.c b/query.c
+index a340ffd..b85039c 100644
+--- a/query.c
++++ b/query.c
+@@ -84,7 +84,7 @@ static void cleanup(struct query *z)
+ int j;
+ int k;
+
+- dns_transmit_free(&z->dt);
++ qmerge_free(&z->qm);
+ for (j = 0;j < QUERY_MAXALIAS;++j)
+ dns_domain_free(&z->alias[j]);
+ for (j = 0;j < QUERY_MAXLEVEL;++j) {
+@@ -623,15 +623,9 @@ static int doit(struct query *z,int state)
+ if (j == 256) goto SERVFAIL;
+
+ dns_sortip6(z->servers[z->level],256);
+- if (z->level) {
+- dtype = z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A;
+- log_tx(z->name[z->level],dtype,z->control[z->level],z->servers[z->level],z->level);
+- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip) == -1) goto DIE;
+- }
+- else {
+- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
+- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
+- }
++ dtype = z->level ? (z->ipv6[z->level] ? DNS_T_AAAA : DNS_T_A) : z->type;
++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
++
+ return 0;
+
+
+@@ -645,10 +639,10 @@ static int doit(struct query *z,int state)
+
+ HAVEPACKET:
+ if (++z->loop == 200) goto DIE;
+- buf = z->dt.packet;
+- len = z->dt.packetlen;
++ buf = z->qm->dt.packet;
++ len = z->qm->dt.packetlen;
+
+- whichserver = z->dt.servers + 16 * z->dt.curserver;
++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver;
+ control = z->control[z->level];
+ d = z->name[z->level];
+ /* dtype = z->level ? DNS_T_A : z->type; */
+@@ -1075,7 +1069,7 @@ int query_start(struct query *z,char *dn,char type[2],char class[2],unsigned cha
+
+ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+ {
+- switch(dns_transmit_get(&z->dt,x,stamp)) {
++ switch(qmerge_get(&z->qm,x,stamp)) {
+ case 1:
+ return doit(z,1);
+ case -1:
+@@ -1086,5 +1080,5 @@ int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
+
+ void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
+ {
+- dns_transmit_io(&z->dt,x,deadline);
++ qmerge_io(z->qm,x,deadline);
+ }
+diff --git a/query.h b/query.h
+index 84f33c7..0cd4ece 100644
+--- a/query.h
++++ b/query.h
+@@ -1,7 +1,7 @@
+ #ifndef QUERY_H
+ #define QUERY_H
+
+-#include "dns.h"
++#include "qmerge.h"
+ #include "uint32.h"
+
+ #define QUERY_MAXLEVEL 5
+@@ -22,7 +22,7 @@ struct query {
+ uint32 scope_id;
+ char type[2];
+ char class[2];
+- struct dns_transmit dt;
++ struct qmerge *qm;
+ } ;
+
+ extern int query_start(struct query *z,char *dn,char type[2],char class[2],unsigned char localip[16],unsigned int scope_id);
diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6-test29.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6-test29.patch
new file mode 100644
index 000000000000..9073658cb6e2
--- /dev/null
+++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6-test29.patch
@@ -0,0 +1,69 @@
+diff --git a/query.c b/query.c
+index b85039c..df9622f 100644
+--- a/query.c
++++ b/query.c
+@@ -475,6 +475,29 @@ static int doit(struct query *z,int state)
+ }
+ }
+
++ if (typematch(DNS_T_SOA,dtype)) {
++ byte_copy(key,2,DNS_T_SOA);
++ cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
++ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
++ log_cachedanswer(d,DNS_T_SOA);
++ if (!rqa(z)) goto DIE;
++ pos = 0;
++ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
++ pos = dns_packet_getname(cached,cachedlen,pos,&t2);
++ if (!pos) break;
++ pos = dns_packet_getname(cached,cachedlen,pos,&t3);
++ if (!pos) break;
++ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
++ if (!response_addname(t2)) goto DIE;
++ if (!response_addname(t3)) goto DIE;
++ if (!response_addbytes(misc,20)) goto DIE;
++ response_rfinish(RESPONSE_ANSWER);
++ }
++ cleanup(z);
++ return 1;
++ }
++ }
++
+ if (typematch(DNS_T_A,dtype)) {
+ byte_copy(key,2,DNS_T_A);
+ cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+@@ -544,7 +567,7 @@ static int doit(struct query *z,int state)
+ }
+ }
+
+- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_AAAA,dtype)) {
++ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype) && !typematch(DNS_T_AAAA,dtype)) {
+ byte_copy(key,2,dtype);
+ cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
+@@ -779,15 +802,24 @@ static int doit(struct query *z,int state)
+ else if (byte_equal(type,2,DNS_T_AXFR))
+ ;
+ else if (byte_equal(type,2,DNS_T_SOA)) {
++ int non_authority = 0;
++ save_start();
+ while (i < j) {
+ pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
+ pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
+ pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
+ pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
+- if (records[i] < posauthority)
++ if (records[i] < posauthority) {
+ log_rrsoa(whichserver,t1,t2,t3,(const char*)misc,ttl);
++ save_data(misc,20);
++ save_data(t2,dns_domain_length(t2));
++ save_data(t3,dns_domain_length(t3));
++ non_authority++;
++ }
+ ++i;
+ }
++ if (non_authority)
++ save_finish(DNS_T_SOA,t1,ttl);
+ }
+ else if (byte_equal(type,2,DNS_T_CNAME)) {
+ pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-dns/djbdns/, net-dns/djbdns/files/
@ 2024-03-04 15:45 Michael Orlitzky
0 siblings, 0 replies; 4+ messages in thread
From: Michael Orlitzky @ 2024-03-04 15:45 UTC (permalink / raw
To: gentoo-commits
commit: 755301799f2c0fcfcebdb614f6e991ec8fedef38
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 4 15:37:19 2024 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Mon Mar 4 15:39:18 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75530179
net-dns/djbdns: fix build with -Werror=implicit-function-declaration
The ipv6 patch contains fixes for most of these, so this consists of:
1. Adding includes to a bunch of files when USE=ipv6 is not set.
2. Adding an include to our new configurable TRUNCATELEN patches.
Closes: https://bugs.gentoo.org/926050
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>
net-dns/djbdns/djbdns-1.05-r39.ebuild | 1 +
...-dnscache-configurable-truncate-size-nov6.patch | 47 ++++++-------
...ns-dnscache-configurable-truncate-size-v6.patch | 8 +++
.../djbdns/files/implicit-declarations-nov6.patch | 79 ++++++++++++++++++++++
4 files changed, 109 insertions(+), 26 deletions(-)
diff --git a/net-dns/djbdns/djbdns-1.05-r39.ebuild b/net-dns/djbdns/djbdns-1.05-r39.ebuild
index 2801d37b2612..77ba586d70d9 100644
--- a/net-dns/djbdns/djbdns-1.05-r39.ebuild
+++ b/net-dns/djbdns/djbdns-1.05-r39.ebuild
@@ -59,6 +59,7 @@ src_prepare() {
)
else
PATCHES=(${PATCHES[@]}
+ "${FILESDIR}/implicit-declarations-nov6.patch"
# Fix CVE2008-4392 (no ipv6)
"${FILESDIR}/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-r1.patch"
"${FILESDIR}/CVE2008-4392_0002-dnscache-cache-soa-records.patch"
diff --git a/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-nov6.patch b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-nov6.patch
index 9f16531a5441..d855c212d198 100644
--- a/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-nov6.patch
+++ b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-nov6.patch
@@ -1,22 +1,8 @@
-From: Jaco Kroon <jaco@uls.co.za>
-Date: Tue, 24 Oct 2023 06:36:10 +0200
-Subject: [PATCH] dnscache: Enable larger truncation
-
-This variation conflicts with the IPv6 patch.
-
-This is a workaround for https://forum.mikrotik.com/viewtopic.php?t=200627
-where Mikrotik doesn't fall back if the UDP response is truncated.
-
-This is done by enabling larger (configurable) than 512 byte responses on UDP
-such that Mikrotik doesn't have a need to revert to TCP. Since it's impossible
-to truly know the maximum size of a DNS response trivially this is made
-configurable and the upper limit is arbitrarily capped to 16KB.
-
-Signed-off-by: Jaco Kroon <jaco@uls.co.za>
-diff -bru djbdns-1.05.o/dnscache.c djbdns-1.05/dnscache.c
---- djbdns-1.05.o/dnscache.c 2024-02-23 08:05:00.037623680 +0200
-+++ djbdns-1.05/dnscache.c 2024-02-23 08:18:26.320580927 +0200
-@@ -52,6 +52,7 @@
+diff --git a/dnscache.c b/dnscache.c
+index 8c899a3..8b10571 100644
+--- a/dnscache.c
++++ b/dnscache.c
+@@ -51,6 +51,7 @@ static char myipincoming[4];
static char buf[1024];
uint64 numqueries = 0;
@@ -24,7 +10,7 @@ diff -bru djbdns-1.05.o/dnscache.c djbdns-1.05/dnscache.c
static int udp53;
-@@ -77,7 +78,7 @@
+@@ -77,7 +78,7 @@ void u_respond(int j)
{
if (!u[j].active) return;
response_id(u[j].id);
@@ -33,7 +19,7 @@ diff -bru djbdns-1.05.o/dnscache.c djbdns-1.05/dnscache.c
socket_send4(udp53,response,response_len,u[j].ip,u[j].port);
log_querydone(&u[j].active,response_len);
u[j].active = 0; --uactive;
-@@ -430,6 +431,15 @@
+@@ -431,6 +432,15 @@ int main()
if (!cache_init(cachesize))
strerr_die3x(111,FATAL,"not enough memory for cache of size ",x);
@@ -49,10 +35,19 @@ diff -bru djbdns-1.05.o/dnscache.c djbdns-1.05/dnscache.c
if (env_get("HIDETTL"))
response_hidettl();
if (env_get("FORWARDONLY"))
-diff -Nbrau djbdns-1.05.o/server.c djbdns-1.05/server.c
---- djbdns-1.05.o/server.c 2001-02-11 23:11:45.000000000 +0200
-+++ djbdns-1.05/server.c 2024-02-23 08:19:40.020855813 +0200
-@@ -83,6 +83,7 @@
+diff --git a/server.c b/server.c
+index e486fe1..63ad11c 100644
+--- a/server.c
++++ b/server.c
+@@ -2,6 +2,7 @@
+ #include "case.h"
+ #include "env.h"
+ #include "buffer.h"
++#include "scan.h"
+ #include "strerr.h"
+ #include "ip4.h"
+ #include "uint16.h"
+@@ -83,6 +84,7 @@ int main()
{
char *x;
int udp53;
@@ -60,7 +55,7 @@ diff -Nbrau djbdns-1.05.o/server.c djbdns-1.05/server.c
x = env_get("IP");
if (!x)
-@@ -105,11 +106,19 @@
+@@ -105,11 +107,19 @@ int main()
buffer_putsflush(buffer_2,starting);
diff --git a/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-v6.patch b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-v6.patch
index 291ebe4f5c44..cea01ebd30d1 100644
--- a/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-v6.patch
+++ b/net-dns/djbdns/files/djbdns-dnscache-configurable-truncate-size-v6.patch
@@ -53,6 +53,14 @@ Only in djbdns-1.05/: .dnscache.c.swp
diff -bru djbdns-1.05.o/server.c djbdns-1.05/server.c
--- djbdns-1.05.o/server.c 2023-10-20 00:34:15.778688116 +0200
+++ djbdns-1.05/server.c 2023-10-20 00:43:31.519954643 +0200
+@@ -2,6 +2,7 @@
+ #include "case.h"
+ #include "env.h"
+ #include "buffer.h"
++#include "scan.h"
+ #include "strerr.h"
+ #include "ip4.h"
+ #include "uint16.h"
@@ -94,6 +94,7 @@
int *udp53;
unsigned int off;
diff --git a/net-dns/djbdns/files/implicit-declarations-nov6.patch b/net-dns/djbdns/files/implicit-declarations-nov6.patch
new file mode 100644
index 000000000000..8c749b2cec7a
--- /dev/null
+++ b/net-dns/djbdns/files/implicit-declarations-nov6.patch
@@ -0,0 +1,79 @@
+Fix the build with -Werror=implicit-function-declarations
+
+diff --git a/chkshsgr.c b/chkshsgr.c
+index 2b942d8..2d4e5f4 100644
+--- a/chkshsgr.c
++++ b/chkshsgr.c
+@@ -1,3 +1,5 @@
++#include <grp.h>
++#include <unistd.h>
+ #include "exit.h"
+
+ int main()
+diff --git a/dnsq.c b/dnsq.c
+index 533e6af..fd9fe78 100644
+--- a/dnsq.c
++++ b/dnsq.c
+@@ -1,3 +1,5 @@
++#include <unistd.h>
++
+ #include "uint16.h"
+ #include "strerr.h"
+ #include "buffer.h"
+diff --git a/dnsqr.c b/dnsqr.c
+index ff8ea6e..01bfe65 100644
+--- a/dnsqr.c
++++ b/dnsqr.c
+@@ -1,3 +1,5 @@
++#include <unistd.h>
++
+ #include "uint16.h"
+ #include "strerr.h"
+ #include "buffer.h"
+diff --git a/hier.c b/hier.c
+index 4aef75b..c7c8766 100644
+--- a/hier.c
++++ b/hier.c
+@@ -1,5 +1,11 @@
+ #include "auto_home.h"
+
++/* implemented in install.c and/or instcheck.c */
++void c(char*, char*, char*, int, int, int);
++void h(char*, int, int, int);
++void d(char*, char*, int, int, int);
++
++
+ void hier()
+ {
+ c("/","etc","dnsroots.global",-1,-1,0644);
+diff --git a/prot.c b/prot.c
+index 0a8a373..1c56e9c 100644
+--- a/prot.c
++++ b/prot.c
+@@ -1,3 +1,5 @@
++#include <grp.h>
++#include <unistd.h>
+ #include "hasshsgr.h"
+ #include "prot.h"
+
+diff --git a/seek_set.c b/seek_set.c
+index d08d4f3..47c61e4 100644
+--- a/seek_set.c
++++ b/seek_set.c
+@@ -1,4 +1,5 @@
+ #include <sys/types.h>
++#include <unistd.h>
+ #include "seek.h"
+
+ #define SET 0 /* sigh */
+diff --git a/utime.c b/utime.c
+index 4b7984f..be6c936 100644
+--- a/utime.c
++++ b/utime.c
+@@ -1,5 +1,6 @@
+ #include <sys/types.h>
+ #include <sys/time.h>
++#include <utime.h>
+ #include "scan.h"
+ #include "exit.h"
+
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-04 15:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-11 13:28 [gentoo-commits] repo/gentoo:master commit in: net-dns/djbdns/, net-dns/djbdns/files/ Michael Orlitzky
-- strict thread matches above, loose matches on Subject: below --
2024-03-04 15:45 Michael Orlitzky
2022-11-15 23:37 Michael Orlitzky
2016-08-05 13:44 Michael Orlitzky
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox