rpms
/
pdns
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CVE-2017-15091

This commit is contained in:
Morten Stevens 2018-02-01 17:26:47 +01:00
parent cef7f55849
commit 7f366c2f25
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2017-15091-3.4.11.patch Normal file
View File

@ -0,0 +1,30 @@
diff -ru pdns-3.4.11.orig/pdns/ws-auth.cc pdns-3.4.11/pdns/ws-auth.cc
--- pdns-3.4.11.orig/pdns/ws-auth.cc 2017-01-13 09:13:16.000000000 +0100
+++ pdns-3.4.11/pdns/ws-auth.cc 2017-11-02 18:03:50.635753956 +0100
@@ -895,7 +895,7 @@
static void apiServerZoneAxfrRetrieve(HttpRequest* req, HttpResponse* resp) {
string zonename = apiZoneIdToName(req->parameters["id"]);
- if(req->method != "PUT")
+ if(req->method != "PUT" || ::arg().mustDo("experimental-api-readonly"))
throw HttpMethodNotAllowedException();
UeberBackend B;
@@ -914,7 +914,7 @@
static void apiServerZoneNotify(HttpRequest* req, HttpResponse* resp) {
string zonename = apiZoneIdToName(req->parameters["id"]);
- if(req->method != "PUT")
+ if(req->method != "PUT" || ::arg().mustDo("experimental-api-readonly"))
throw HttpMethodNotAllowedException();
UeberBackend B;
@@ -1195,7 +1195,7 @@
}
void apiServerFlushCache(HttpRequest* req, HttpResponse* resp) {
- if(req->method != "PUT")
+ if(req->method != "PUT" || ::arg().mustDo("experimental-api-readonly"))
throw HttpMethodNotAllowedException();
extern PacketCache PC;

7
pdns.spec
View File

@ -3,7 +3,7 @@
Name: pdns
Version: 3.4.11
Release: 3%{?dist}
Release: 4%{?dist}
Summary: A modern, advanced and high performance authoritative-only nameserver
Group: System Environment/Daemons
License: GPLv2
@ -12,6 +12,7 @@ Source0: http://downloads.powerdns.com/releases/%{name}-%{version}.tar.bz2
Patch0: pdns-default-config.patch
Patch1: pdns-systemd.patch
Patch2: pdns-disable-secpoll.patch
Patch3: CVE-2017-15091-3.4.11.patch
Requires(pre): shadow-utils
Requires(post): systemd-sysv
@ -174,6 +175,7 @@ This package contains the LMDB backend for %{name}
%patch0 -p1 -b .default-config-patch
%patch1 -p1 -b .systemd-patch
%patch2 -p1 -b .disable-secpoll
%patch3 -p1 -b .CVE-2017-15091
%build
export CPPFLAGS="-DLDAP_DEPRECATED"
@ -323,6 +325,9 @@ exit 0
%{_libdir}/%{name}/liblmdbbackend.so
%changelog
* Thu Feb 01 2018 Morten Stevens <mstevens@fedoraproject.org> - 3.4.11-4
- CVE-2017-15091
* Mon Jan 29 2018 Richard Shaw <hobbes1069@gmail.com> - 3.4.11-3
- Rebuild for reverting yaml-cpp back to 0.5.1.