Compare commits
8 Commits
Author | SHA1 | Date |
---|---|---|
Sander Hoentjen | 64dcd7e6d6 | |
Ruben Kerkhof | 6e6e862ec4 | |
Ruben Kerkhof | 855119dc2b | |
Ruben Kerkhof | b8abae8660 | |
Ruben Kerkhof | 3a28e64dd3 | |
Ruben Kerkhof | 9625c84ddb | |
Ruben Kerkhof | 818e8b424d | |
Sander Hoentjen | a81e8576d8 |
|
@ -3,5 +3,5 @@
|
||||||
/dnsdist-1.0.0.tar.bz2
|
/dnsdist-1.0.0.tar.bz2
|
||||||
/dnsdist-1.1.0.tar.bz2
|
/dnsdist-1.1.0.tar.bz2
|
||||||
/dnsdist-1.2.0.tar.bz2
|
/dnsdist-1.2.0.tar.bz2
|
||||||
/dnsdist-1.2.1.tar.bz2
|
|
||||||
/dnsdist-1.3.0.tar.bz2
|
/dnsdist-1.3.0.tar.bz2
|
||||||
|
/dnsdist-1.3.3.tar.bz2
|
||||||
|
|
66
dnsdist.spec
66
dnsdist.spec
|
@ -3,7 +3,7 @@
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: dnsdist
|
Name: dnsdist
|
||||||
Version: 1.3.0
|
Version: 1.3.3
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Highly DNS-, DoS- and abuse-aware loadbalancer
|
Summary: Highly DNS-, DoS- and abuse-aware loadbalancer
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
@ -19,7 +19,7 @@ BuildRequires: libatomic
|
||||||
BuildRequires: libedit-devel
|
BuildRequires: libedit-devel
|
||||||
BuildRequires: libsodium-devel
|
BuildRequires: libsodium-devel
|
||||||
BuildRequires: lua-devel
|
BuildRequires: lua-devel
|
||||||
%ifarch %{arm} %{ix86} x86_64 %{mips} aarch64
|
%ifnarch aarch64 ppc64 ppc64le
|
||||||
BuildRequires: luajit-devel
|
BuildRequires: luajit-devel
|
||||||
%else
|
%else
|
||||||
BuildRequires: lua-devel
|
BuildRequires: lua-devel
|
||||||
|
@ -45,7 +45,7 @@ legitimate users while shunting or blocking abusive traffic.
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{version}
|
%autosetup
|
||||||
|
|
||||||
# run as dnsdist user
|
# run as dnsdist user
|
||||||
sed -i '/^ExecStart/ s/dnsdist/dnsdist -u dnsdist -g dnsdist/' dnsdist.service.in
|
sed -i '/^ExecStart/ s/dnsdist/dnsdist -u dnsdist -g dnsdist/' dnsdist.service.in
|
||||||
|
@ -60,7 +60,8 @@ sed -i '/^ExecStart/ s/dnsdist/dnsdist -u dnsdist -g dnsdist/' dnsdist.service.i
|
||||||
--enable-dns-over-tls \
|
--enable-dns-over-tls \
|
||||||
--enable-libsodium \
|
--enable-libsodium \
|
||||||
--enable-libssl \
|
--enable-libssl \
|
||||||
%ifarch %{arm} %{ix86} x86_64 %{mips} aarch64
|
--with-ebpf=no \
|
||||||
|
%ifnarch aarch64 ppc64 ppc64le
|
||||||
--with-luajit \
|
--with-luajit \
|
||||||
%else
|
%else
|
||||||
--with-lua \
|
--with-lua \
|
||||||
|
@ -111,65 +112,22 @@ exit 0
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Nov 18 2018 Sander Hoentjen <sander@hoentjen.eu> - 1.3.3-1
|
||||||
|
- Update to 1.3.3
|
||||||
|
- Fixes CVE-2018-14663
|
||||||
|
|
||||||
|
* Wed Jun 06 2018 Ruben Kerkhof <ruben@rubenkerkhof.com> - 1.3.0-2
|
||||||
|
- Fix sigabrt on TCP query (https://github.com/PowerDNS/pdns/issues/6712)
|
||||||
|
|
||||||
* Thu May 31 2018 Ruben Kerkhof <ruben@rubenkerkhof.com> - 1.3.0-1
|
* Thu May 31 2018 Ruben Kerkhof <ruben@rubenkerkhof.com> - 1.3.0-1
|
||||||
- Upstream released new version
|
- Upstream released new version
|
||||||
- Enable DNS over TLS
|
- Enable DNS over TLS
|
||||||
|
|
||||||
* Mon Feb 19 2018 Ruben Kerkhof <ruben@rubenkerkhof.com> - 1.2.1-1
|
|
||||||
- Upstream released new version
|
|
||||||
- BuildRequires gcc-c++ (https://fedoraproject.org/wiki/Packaging:C_and_C%2B%2B#BuildRequire)
|
|
||||||
- Fix mixed indentation in spec file
|
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-5
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Nov 29 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.2.0-4
|
|
||||||
- Rebuild for protobuf 3.5
|
|
||||||
|
|
||||||
* Mon Nov 13 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.2.0-3
|
|
||||||
- Rebuild for protobuf 3.4
|
|
||||||
|
|
||||||
* Mon Oct 02 2017 Remi Collet <remi@fedoraproject.org> - 1.2.0-2
|
|
||||||
- rebuild for libsodium
|
|
||||||
|
|
||||||
* Tue Aug 22 2017 Sander Hoentjen <sander@hoentjen.eu> - 1.2.0-1
|
* Tue Aug 22 2017 Sander Hoentjen <sander@hoentjen.eu> - 1.2.0-1
|
||||||
- Update to 1.2.0
|
- Update to 1.2.0
|
||||||
- Fixes CVE-2017-7557
|
- Fixes CVE-2017-7557
|
||||||
- Fixes CVE-2016-7069
|
- Fixes CVE-2016-7069
|
||||||
|
|
||||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-8
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-7
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jun 13 2017 Orion Poplawski <orion@cora.nwra.com> - 1.1.0-6
|
|
||||||
- Rebuild for protobuf 3.3.1
|
|
||||||
|
|
||||||
* Mon May 15 2017 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-5
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-4
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jan 23 2017 Orion Poplawski <orion@cora.nwra.com> - 1.1.0-3
|
|
||||||
- Rebuild for protobuf 3.2.0
|
|
||||||
|
|
||||||
* Fri Dec 30 2016 Sander Hoentjen <sander@hoentjen.eu> - 1.1.0-2
|
|
||||||
- ppc64 buildroot doesn't have libatomic, so require it
|
|
||||||
|
|
||||||
* Fri Dec 30 2016 Sander Hoentjen <sander@hoentjen.eu> - 1.1.0-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Sat Nov 19 2016 Orion Poplawski <orion@cora.nwra.com> - 1.0.0-4
|
|
||||||
- Rebuild for protobuf 3.1.0
|
|
||||||
|
|
||||||
* Tue Aug 30 2016 Sander Hoentjen <sander@hoentjen.eu> - 1.0.0-3
|
|
||||||
- luajit is now also available for aarch64 and MIPS
|
|
||||||
|
|
||||||
* Mon Aug 29 2016 Igor Gnatenko <ignatenko@redhat.com> - 1.0.0-2
|
|
||||||
- Rebuild for LuaJIT 2.1.0
|
|
||||||
|
|
||||||
* Thu Apr 21 2016 Sander Hoentjen <sander@hoentjen.eu> - 1.0.0-1
|
* Thu Apr 21 2016 Sander Hoentjen <sander@hoentjen.eu> - 1.0.0-1
|
||||||
- Upstream released new version
|
- Upstream released new version
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
From 60a518c8c246f43c53694160ebb7ca8b8b5c6346 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Remi Gacogne <remi.gacogne@powerdns.com>
|
||||||
|
Date: Wed, 6 Jun 2018 00:10:13 +0200
|
||||||
|
Subject: [PATCH] dnsdist: Don't access the TCP buffer vector past its size
|
||||||
|
|
||||||
|
The required memory has been reserve()'d, but we are not allowed to
|
||||||
|
access it directly, and it breaks when compiled with the following
|
||||||
|
flag, checking any access to containers as if .at() were used:
|
||||||
|
|
||||||
|
-D_GLIBCXX_ASSERTIONS
|
||||||
|
---
|
||||||
|
pdns/dnsdist-tcp.cc | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
|
||||||
|
index 0eb7ea1396..ab2bda916c 100644
|
||||||
|
--- a/pdns/dnsdist-tcp.cc
|
||||||
|
+++ b/pdns/dnsdist-tcp.cc
|
||||||
|
@@ -315,7 +315,7 @@ void* tcpClientThread(int pipefd)
|
||||||
|
bool ecsAdded = false;
|
||||||
|
/* allocate a bit more memory to be able to spoof the content,
|
||||||
|
or to add ECS without allocating a new buffer */
|
||||||
|
- queryBuffer.reserve(qlen + 512);
|
||||||
|
+ queryBuffer.resize(qlen + 512);
|
||||||
|
|
||||||
|
char* query = &queryBuffer[0];
|
||||||
|
handler.read(query, qlen, g_tcpRecvTimeout, remainingTime);
|
||||||
|
@@ -358,7 +358,7 @@ void* tcpClientThread(int pipefd)
|
||||||
|
uint16_t qtype, qclass;
|
||||||
|
unsigned int consumed = 0;
|
||||||
|
DNSName qname(query, qlen, sizeof(dnsheader), false, &qtype, &qclass, &consumed);
|
||||||
|
- DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.capacity(), qlen, true, &queryRealTime);
|
||||||
|
+ DNSQuestion dq(&qname, qtype, qclass, &dest, &ci.remote, dh, queryBuffer.size(), qlen, true, &queryRealTime);
|
||||||
|
|
||||||
|
if (!processQuery(holders, dq, poolname, &delayMsec, now)) {
|
||||||
|
goto drop;
|
2
sources
2
sources
|
@ -1 +1 @@
|
||||||
SHA512 (dnsdist-1.3.0.tar.bz2) = 35c5dd1f5104ed7f043ce04cbaac14e2eebb2b61ed827e838f5ac0ee1fd4afd4310853df8a193abc37654d2438b10297c611d4b05d8d1bd5e50424d1409851dc
|
SHA512 (dnsdist-1.3.3.tar.bz2) = c0e3435eafc1f7bcdf41346cecf7b089cc142716f94058f9ec262d0c6ad16467e0b8bed5abc648829c597120c94f998602849ded574e75bfc1a1fb70c1b719ad
|
||||||
|
|
Loading…
Reference in New Issue