Rebase to 4.0.6 / CVE-2018-10851
This commit is contained in:
parent
7f366c2f25
commit
167077d8f8
|
@ -23,3 +23,4 @@ pdns-2.9.22.tar.gz
|
|||
/pdns-3.4.8.tar.bz2
|
||||
/pdns-3.4.10.tar.bz2
|
||||
/pdns-3.4.11.tar.bz2
|
||||
/pdns-4.0.6.tar.bz2
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
diff -ru pdns-3.4.11.orig/pdns/ws-auth.cc pdns-3.4.11/pdns/ws-auth.cc
|
||||
--- pdns-3.4.11.orig/pdns/ws-auth.cc 2017-01-13 09:13:16.000000000 +0100
|
||||
+++ pdns-3.4.11/pdns/ws-auth.cc 2017-11-02 18:03:50.635753956 +0100
|
||||
@@ -895,7 +895,7 @@
|
||||
static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
|
||||
string zonename = apiZoneIdToName(req->parameters["id"]);
|
||||
|
||||
- if(req->method != "PUT")
|
||||
+ if(req->method != "PUT" || ::arg().mustDo("experimental-api-readonly"))
|
||||
throw HttpMethodNotAllowedException();
|
||||
|
||||
UeberBackend B;
|
||||
@@ -914,7 +914,7 @@
|
||||
static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
|
||||
string zonename = apiZoneIdToName(req->parameters["id"]);
|
||||
|
||||
- if(req->method != "PUT")
|
||||
+ if(req->method != "PUT" || ::arg().mustDo("experimental-api-readonly"))
|
||||
throw HttpMethodNotAllowedException();
|
||||
|
||||
UeberBackend B;
|
||||
@@ -1195,7 +1195,7 @@
|
||||
}
|
||||
|
||||
void apiServerFlushCache(HttpRequest* req, HttpResponse* resp) {
|
||||
- if(req->method != "PUT")
|
||||
+ if(req->method != "PUT" || ::arg().mustDo("experimental-api-readonly"))
|
||||
throw HttpMethodNotAllowedException();
|
||||
|
||||
extern PacketCache PC;
|
|
@ -1,9 +0,0 @@
|
|||
--- pdns-3.4.0-rc1/pdns/pdns.conf-dist.orig 2014-07-31 21:42:05.000000000 +0200
|
||||
+++ pdns-3.4.0-rc1/pdns/pdns.conf-dist 2014-08-01 14:02:00.238999673 +0200
|
||||
@@ -1,3 +1,6 @@
|
||||
+setuid=pdns
|
||||
+setgid=pdns
|
||||
+launch=bind
|
||||
# Autogenerated configuration file template
|
||||
#################################
|
||||
# allow-axfr-ips Allow zonetransfers only to these subnets
|
|
@ -1,11 +1,11 @@
|
|||
--- pdns-3.4.10/pdns/common_startup.cc.orig 2016-09-01 11:11:55.000000000 +0200
|
||||
+++ pdns-3.4.10/pdns/common_startup.cc 2016-09-09 17:36:16.156258298 +0200
|
||||
@@ -169,7 +169,7 @@ void declareArguments()
|
||||
--- pdns-4.0.0-rc1/pdns/common_startup.cc.orig 2016-06-29 11:43:23.000000000 +0200
|
||||
+++ pdns-4.0.0-rc1/pdns/common_startup.cc 2016-06-29 14:50:11.915033803 +0200
|
||||
@@ -183,7 +183,7 @@ void declareArguments()
|
||||
::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3
|
||||
|
||||
::arg().set("include-dir","Include *.conf files from this directory");
|
||||
- ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
|
||||
+ ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="";
|
||||
|
||||
::arg().set("xfr-max-received-mbytes", "Maximum number of megabytes received from an incoming AXFR")="100";
|
||||
}
|
||||
::arg().setSwitch("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR")="no";
|
||||
::arg().setSwitch("8bit-dns", "Allow 8bit dns queries")="no";
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
--- pdns-3.4.0/contrib/systemd-pdns.service.orig 2014-09-02 10:02:05.000000000 +0200
|
||||
+++ pdns-3.4.0/contrib/systemd-pdns.service 2014-09-30 13:10:07.441999290 +0200
|
||||
@@ -1,7 +1,7 @@
|
||||
[Unit]
|
||||
Description=PowerDNS Authoritative Server
|
||||
Wants=network-online.target
|
||||
-After=network-online.target mysqld.service postgresql.service slapd.service
|
||||
+After=network-online.target mariadb.service postgresql.service slapd.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
136
pdns.spec
136
pdns.spec
|
@ -2,29 +2,31 @@
|
|||
%global backends %{nil}
|
||||
|
||||
Name: pdns
|
||||
Version: 3.4.11
|
||||
Release: 4%{?dist}
|
||||
Version: 4.0.6
|
||||
Release: 1%{?dist}
|
||||
Summary: A modern, advanced and high performance authoritative-only nameserver
|
||||
Group: System Environment/Daemons
|
||||
License: GPLv2
|
||||
URL: http://powerdns.com
|
||||
Source0: http://downloads.powerdns.com/releases/%{name}-%{version}.tar.bz2
|
||||
Patch0: pdns-default-config.patch
|
||||
Patch1: pdns-systemd.patch
|
||||
Patch2: pdns-disable-secpoll.patch
|
||||
Patch3: CVE-2017-15091-3.4.11.patch
|
||||
Patch0: pdns-disable-secpoll.patch
|
||||
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): systemd-sysv
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
|
||||
BuildRequires: systemd-units
|
||||
BuildRequires: boost-devel
|
||||
BuildRequires: lua-devel
|
||||
BuildRequires: cryptopp-devel
|
||||
BuildRequires: bison
|
||||
BuildRequires: boost-devel
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libsodium-devel
|
||||
BuildRequires: lua-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: protobuf-compiler
|
||||
BuildRequires: protobuf-devel
|
||||
BuildRequires: python2-virtualenv
|
||||
BuildRequires: systemd-devel
|
||||
BuildRequires: systemd-units
|
||||
BuildRequires: zeromq-devel
|
||||
Provides: powerdns = %{version}-%{release}
|
||||
%global backends %{backends} bind
|
||||
|
@ -80,17 +82,6 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
|||
%description backend-remote
|
||||
This package contains the remote backend for %{name}
|
||||
|
||||
%package backend-geo
|
||||
Summary: Geo backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
%global backends %{backends} geo
|
||||
|
||||
%description backend-geo
|
||||
This package contains the geo backend for %{name}
|
||||
It allows different answers to DNS queries coming from different
|
||||
IP address ranges or based on the geographic location
|
||||
|
||||
%package backend-ldap
|
||||
Summary: LDAP backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
|
@ -160,22 +151,9 @@ BuildRequires: tinycdb-devel
|
|||
%description backend-tinydns
|
||||
This package contains the TinyDNS backend for %{name}
|
||||
|
||||
%package backend-lmdb
|
||||
Summary: LMDB backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
BuildRequires: lmdb-devel
|
||||
%global backends %{backends} lmdb
|
||||
|
||||
%description backend-lmdb
|
||||
This package contains the LMDB backend for %{name}
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .default-config-patch
|
||||
%patch1 -p1 -b .systemd-patch
|
||||
%patch2 -p1 -b .disable-secpoll
|
||||
%patch3 -p1 -b .CVE-2017-15091
|
||||
%patch0 -p1 -b .disable-secpoll
|
||||
|
||||
%build
|
||||
export CPPFLAGS="-DLDAP_DEPRECATED"
|
||||
|
@ -188,15 +166,17 @@ export CPPFLAGS="-DLDAP_DEPRECATED"
|
|||
--with-modules='' \
|
||||
--with-lua \
|
||||
--with-dynmodules='%{backends}' \
|
||||
--enable-cryptopp \
|
||||
--enable-tools \
|
||||
--enable-libsodium \
|
||||
--enable-remotebackend-zeromq \
|
||||
--enable-unit-tests
|
||||
--enable-unit-tests \
|
||||
--enable-reproducible \
|
||||
--enable-systemd
|
||||
|
||||
make %{?_smp_mflags}
|
||||
%make_build
|
||||
|
||||
%install
|
||||
make install DESTDIR=%{buildroot}
|
||||
%make_install
|
||||
|
||||
%{__rm} -f %{buildroot}%{_libdir}/%{name}/*.la
|
||||
%{__rm} -rf %{buildroot}%{_docdir}
|
||||
|
@ -205,11 +185,18 @@ make install DESTDIR=%{buildroot}
|
|||
chmod 600 %{buildroot}%{_sysconfdir}/%{name}/pdns.conf
|
||||
|
||||
# rename zone2ldap to pdns-zone2ldap (#1193116)
|
||||
%{__mv} %{buildroot}/%{_bindir}/zone2ldap %{buildroot}/%{_bindir}/pdns-zone2ldap
|
||||
%{__mv} %{buildroot}/%{_mandir}/man1/zone2ldap.1 %{buildroot}/%{_mandir}/man1/pdns-zone2ldap.1
|
||||
%{__mv} %{buildroot}/%{_bindir}/zone2ldap %{buildroot}/%{_bindir}/pdns_zone2ldap
|
||||
%{__mv} %{buildroot}/%{_mandir}/man1/zone2ldap.1 %{buildroot}/%{_mandir}/man1/pdns_zone2ldap.1
|
||||
|
||||
# install systemd unit file
|
||||
%{__install} -D -p -m 644 contrib/systemd-pdns.service %{buildroot}%{_unitdir}/%{name}.service
|
||||
# change user/group to pdns
|
||||
# change default backend to bind
|
||||
sed -i \
|
||||
-e 's/# setuid=/setuid=pdns/' \
|
||||
-e 's/# setgid=/setgid=pdns/' \
|
||||
-e 's/# launch=/launch=bind/' \
|
||||
%{buildroot}%{_sysconfdir}/%{name}/pdns.conf
|
||||
|
||||
%{__rm} %{buildroot}/%{_bindir}/stubquery
|
||||
|
||||
%check
|
||||
make %{?_smp_mflags} -C pdns check
|
||||
|
@ -230,50 +217,61 @@ exit 0
|
|||
%postun
|
||||
%systemd_postun_with_restart pdns.service
|
||||
|
||||
%triggerun -- pdns < 3.0-rc3
|
||||
# Save the current service runlevel info
|
||||
# User must manually run systemd-sysv-convert --apply pdns
|
||||
# to migrate them to systemd targets
|
||||
%{_bindir}/systemd-sysv-convert --save pdns &>/dev/null ||:
|
||||
|
||||
# Run these because the SysV package being removed won't do them
|
||||
/sbin/chkconfig --del pdns &>/dev/null || :
|
||||
/bin/systemctl try-restart pdns.service &>/dev/null || :
|
||||
|
||||
%files
|
||||
%doc COPYING README
|
||||
%doc README
|
||||
%license COPYING
|
||||
%{_bindir}/pdns_control
|
||||
%{_bindir}/pdnssec
|
||||
%{_bindir}/pdns-zone2ldap
|
||||
%{_bindir}/pdnsutil
|
||||
%{_bindir}/pdns_zone2ldap
|
||||
%{_bindir}/zone2sql
|
||||
%{_bindir}/zone2json
|
||||
%{_bindir}/zone2lmdb
|
||||
%{_sbindir}/pdns_server
|
||||
%{_libdir}/%{name}/libbindbackend.so
|
||||
%{_mandir}/man1/pdns_control.1.gz
|
||||
%{_mandir}/man1/pdns_server.1.gz
|
||||
%{_mandir}/man1/zone2sql.1.gz
|
||||
%{_mandir}/man1/pdns-zone2ldap.1.gz
|
||||
%{_mandir}/man1/pdnssec.1.gz
|
||||
%{_mandir}/man1/zone2json.1.gz
|
||||
%{_mandir}/man1/pdns_zone2ldap.1.gz
|
||||
%{_mandir}/man1/pdnsutil.1.gz
|
||||
%{_unitdir}/pdns.service
|
||||
%{_unitdir}/pdns@.service
|
||||
%{_libdir}/%{name}/libbindbackend.so
|
||||
%dir %{_libdir}/%{name}/
|
||||
%dir %{_sysconfdir}/%{name}/
|
||||
%config(noreplace) %{_sysconfdir}/%{name}/pdns.conf
|
||||
|
||||
%files tools
|
||||
%{_bindir}/calidns
|
||||
%{_bindir}/dnsbulktest
|
||||
%{_bindir}/dnsgram
|
||||
%{_bindir}/dnspcap2protobuf
|
||||
%{_bindir}/dnsreplay
|
||||
%{_bindir}/dnsscan
|
||||
%{_bindir}/dnsscope
|
||||
%{_bindir}/dnstcpbench
|
||||
%{_bindir}/dnswasher
|
||||
%{_bindir}/dumresp
|
||||
%{_bindir}/ixplore
|
||||
%{_bindir}/pdns_notify
|
||||
%{_bindir}/nproxy
|
||||
%{_bindir}/nsec3dig
|
||||
%{_bindir}/saxfr
|
||||
%{_bindir}/sdig
|
||||
%{_mandir}/man1/calidns.1.gz
|
||||
%{_mandir}/man1/dnsbulktest.1.gz
|
||||
%{_mandir}/man1/dnsgram.1.gz
|
||||
%{_mandir}/man1/dnspcap2protobuf.1.gz
|
||||
%{_mandir}/man1/dnsreplay.1.gz
|
||||
%{_mandir}/man1/dnsscan.1.gz
|
||||
%{_mandir}/man1/dnsscope.1.gz
|
||||
%{_mandir}/man1/dnswasher.1.gz
|
||||
%{_mandir}/man1/dnstcpbench.1.gz
|
||||
%{_mandir}/man1/dnswasher.1.gz
|
||||
%{_mandir}/man1/dumresp.1.gz
|
||||
%{_mandir}/man1/ixplore.1.gz
|
||||
%{_mandir}/man1/pdns_notify.1.gz
|
||||
%{_mandir}/man1/nproxy.1.gz
|
||||
%{_mandir}/man1/nsec3dig.1.gz
|
||||
%{_mandir}/man1/saxfr.1.gz
|
||||
%{_mandir}/man1/sdig.1.gz
|
||||
|
||||
%files backend-mysql
|
||||
%doc modules/gmysqlbackend/schema.mysql.sql
|
||||
|
@ -293,12 +291,10 @@ exit 0
|
|||
%files backend-remote
|
||||
%{_libdir}/%{name}/libremotebackend.so
|
||||
|
||||
%files backend-geo
|
||||
%doc modules/geobackend/README
|
||||
%{_libdir}/%{name}/libgeobackend.so
|
||||
|
||||
%files backend-ldap
|
||||
%{_libdir}/%{name}/libldapbackend.so
|
||||
%doc modules/ldapbackend/dnsdomain2.schema
|
||||
%doc modules/ldapbackend/pdns-domaininfo.schema
|
||||
|
||||
%files backend-lua
|
||||
%{_libdir}/%{name}/libluabackend.so
|
||||
|
@ -321,10 +317,12 @@ exit 0
|
|||
%files backend-tinydns
|
||||
%{_libdir}/%{name}/libtinydnsbackend.so
|
||||
|
||||
%files backend-lmdb
|
||||
%{_libdir}/%{name}/liblmdbbackend.so
|
||||
|
||||
%changelog
|
||||
* Fri Nov 09 2018 Morten Stevens <mstevens@fedoraproject.org> - 4.0.6-1
|
||||
- Rebase to 4.0.6
|
||||
- Backend geo and lmdb has been deprecated
|
||||
- PowerDNS Security Advisory 2018-03 (CVE-2018-10851)
|
||||
|
||||
* Thu Feb 01 2018 Morten Stevens <mstevens@fedoraproject.org> - 3.4.11-4
|
||||
- CVE-2017-15091
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (pdns-3.4.11.tar.bz2) = 6259b107d41e27209e524beb6396cf89b5334c6003b89dbc766a741e7ecfc39bcd5561a4fc189aac3e134907600c78882fa4abc348a93846e3228f45602f22b8
|
||||
SHA512 (pdns-4.0.6.tar.bz2) = 4a4f4db14809b96b763d223fe812cc552f62c96132226640eacdbdcebaa1ba7d8884498d685b81eb747668d42709698c46254f4fafe069306085f0bc19f18858
|
||||
|
|
Loading…
Reference in New Issue