Received: by mail.netbsd.org (Postfix, from userid 605)
	id 012E684DD0; Wed, 20 Feb 2019 12:19:46 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 7CDEB84DA0
	for <pkgsrc-changes@NetBSD.org>; Wed, 20 Feb 2019 12:19:45 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id 2_xrwV5icqas for <pkgsrc-changes@netbsd.org>;
	Wed, 20 Feb 2019 12:19:44 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id A90D884D3A
	for <pkgsrc-changes@NetBSD.org>; Wed, 20 Feb 2019 12:19:44 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id A2956FB16; Wed, 20 Feb 2019 12:19:44 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_155066518430180"
MIME-Version: 1.0
Date: Wed, 20 Feb 2019 12:19:44 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/net/powerdns-recursor
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
X-Mailer: log_accum
Message-Id: <20190220121944.A2956FB16@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_155066518430180
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Module Name:	pkgsrc
Committed By:	adam
Date:		Wed Feb 20 12:19:44 UTC 2019

Modified Files:
	pkgsrc/net/powerdns-recursor: Makefile distinfo
Added Files:
	pkgsrc/net/powerdns-recursor/patches: patch-iputils.cc

Log Message:
powerdns-recursor: updated to 4.1.11

4.1.11
Since Spectre/Meltdown, system calls have become more expensive. This made exporting a very high number of protobuf messages costly, which is addressed in this release by reducing the number of sycalls per message.

Improvements
Add an option to export only responses over protobuf to the Lua protobufServer() directive.
Reduce systemcall usage in protobuf logging.

4.1.10
This release fixes a bug when trying to build PowerDNS Recursor with protobuf support disabled, thus this release is only relevant to people building PowerDNS Recursor from source and not if you’re installing it as a package from our repositories.

Bug Fixes
PowerDNS Recursor release 4.1.9 introduced a call to the Lua ipfilter() hook that required access to the DNS header, but the corresponding variable was only declared when protobuf support had been enabled.

4.1.9
This release fixes Security Advisory 2019-01 and Security Advisory 2019-02 that were recently discovered, affecting PowerDNS Recursor:
CVE-2019-3806, 2019-01: from 4.1.4 up to and including 4.1.8 ;
CVE-2019-3807, 2019-02: from 4.1.0 up to and including 4.1.8.

The issues are:
CVE-2019-3806, 2019-01: Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua ;
CVE-2019-3807, 2019-02: records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.

Improvements
Try another worker before failing if the first pipe was full


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 pkgsrc/net/powerdns-recursor/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/net/powerdns-recursor/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/net/powerdns-recursor/patches/patch-iputils.cc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_155066518430180
Content-Disposition: inline
Content-Length: 3497
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/powerdns-recursor/Makefile
diff -u pkgsrc/net/powerdns-recursor/Makefile:1.31 pkgsrc/net/powerdns-recursor/Makefile:1.32
--- pkgsrc/net/powerdns-recursor/Makefile:1.31	Fri Nov 30 12:57:41 2018
+++ pkgsrc/net/powerdns-recursor/Makefile	Wed Feb 20 12:19:44 2019
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.31 2018/11/30 12:57:41 adam Exp $
+# $NetBSD: Makefile,v 1.32 2019/02/20 12:19:44 adam Exp $
 
-DISTNAME=	pdns-recursor-4.1.8
+DISTNAME=	pdns-recursor-4.1.11
+PKGNAME=	${DISTNAME:S/pdns/powerdns/}
 CATEGORIES=	net
 MASTER_SITES=	http://downloads.powerdns.com/releases/
 EXTRACT_SUFX=	.tar.bz2
@@ -14,6 +15,8 @@ USE_LANGUAGES=		c c++11
 USE_TOOLS+=		gmake pkg-config
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--without-net-snmp
+# currently not portable
+CONFIGURE_ENV.NetBSD+=	ac_cv_search_pthread_setaffinity_np=no
 
 RCD_SCRIPTS+=		pdns_recursor
 

Index: pkgsrc/net/powerdns-recursor/distinfo
diff -u pkgsrc/net/powerdns-recursor/distinfo:1.27 pkgsrc/net/powerdns-recursor/distinfo:1.28
--- pkgsrc/net/powerdns-recursor/distinfo:1.27	Fri Nov 30 12:57:42 2018
+++ pkgsrc/net/powerdns-recursor/distinfo	Wed Feb 20 12:19:44 2019
@@ -1,12 +1,13 @@
-$NetBSD: distinfo,v 1.27 2018/11/30 12:57:42 adam Exp $
+$NetBSD: distinfo,v 1.28 2019/02/20 12:19:44 adam Exp $
 
-SHA1 (pdns-recursor-4.1.8.tar.bz2) = a78c1a7966cab9e2b9032080a7e28227a32a1b3b
-RMD160 (pdns-recursor-4.1.8.tar.bz2) = d98b6881a76fe2caecb8c997996b580779a470af
-SHA512 (pdns-recursor-4.1.8.tar.bz2) = 5c09b8ce3f2f3ed6bb350cbd20e6cad4b66f9db85677605d57eca67187c05ddde5071af246a7398e2821c9ed2e5ff101d2b4928366b3ddf12013020fa9b74e61
-Size (pdns-recursor-4.1.8.tar.bz2) = 1237750 bytes
+SHA1 (pdns-recursor-4.1.11.tar.bz2) = c6fc345f2f1db854b08fac5a218652f37066e53d
+RMD160 (pdns-recursor-4.1.11.tar.bz2) = 15f7a6a82fba8b0e5f3fe0b55a44b2887489f925
+SHA512 (pdns-recursor-4.1.11.tar.bz2) = 6041d31f0a517786f44a7fa22c7bfa94d5d4bdc3a7f349d2b47bc66be87404fe8eaf76f45ca18ef8ab96a45c0271f46fdba93a51fbda2542a3ad96e10f51c1d1
+Size (pdns-recursor-4.1.11.tar.bz2) = 1239986 bytes
 SHA1 (patch-configure) = 5c91dcbc43a51bf30af200e234f18eb9b7458e6f
 SHA1 (patch-dns.hh) = 7e9c1b10a066a605b74ebdbee2d894aed50f6c68
 SHA1 (patch-ext_json11_json11.cpp) = 2de8ea8b51556bd3e3c1a88f681697eff239ab1a
+SHA1 (patch-iputils.cc) = af5fa3942b34ac5e83326aa454ce14793130a4ad
 SHA1 (patch-iputils.hh) = 9de7c58db7468da9fd2a175464becdbe339fac9d
 SHA1 (patch-kqueuemplexer.cc) = ff1685111c98c085e74bd64f27dfaae6fbe1e8b3
 SHA1 (patch-m4_pdns__check__os.m4) = 0e23d942944ad752fbbc0029745789ce47744628

Added files:

Index: pkgsrc/net/powerdns-recursor/patches/patch-iputils.cc
diff -u /dev/null pkgsrc/net/powerdns-recursor/patches/patch-iputils.cc:1.1
--- /dev/null	Wed Feb 20 12:19:44 2019
+++ pkgsrc/net/powerdns-recursor/patches/patch-iputils.cc	Wed Feb 20 12:19:44 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-iputils.cc,v 1.1 2019/02/20 12:19:44 adam Exp $
+
+Fix buildling.
+
+--- iputils.cc.orig	2019-02-20 10:50:10.609217278 +0000
++++ iputils.cc
+@@ -146,7 +146,7 @@ bool HarvestTimestamp(struct msghdr* msg
+ bool HarvestDestinationAddress(const struct msghdr* msgh, ComboAddress* destination)
+ {
+   destination->reset();
+-  const struct cmsghdr* cmsg;
++  struct cmsghdr* cmsg;
+   for (cmsg = CMSG_FIRSTHDR(msgh); cmsg != NULL; cmsg = CMSG_NXTHDR(const_cast<struct msghdr*>(msgh), const_cast<struct cmsghdr*>(cmsg))) {
+ #if defined(IP_PKTINFO)
+      if ((cmsg->cmsg_level == IPPROTO_IP) && (cmsg->cmsg_type == IP_PKTINFO)) {


--_----------=_155066518430180--