Compare commits
14 Commits
Author | SHA1 | Date |
---|---|---|
Ruben Kerkhof | 8fe85afbc6 | |
Morten Stevens | 03fab67ac8 | |
Morten Stevens | 492c5c7d42 | |
Morten Stevens | 20ffbcb715 | |
Morten Stevens | 3c6c69ffa2 | |
Morten Stevens | 40680d8027 | |
Morten Stevens | 15f988f43f | |
Morten Stevens | 7006d966b0 | |
Ruben | fb51eda67a | |
Ruben | 038b2aa8e7 | |
Ruben | cfd24cb6cb | |
Fedora Release Engineering | 9c32a28f6a | |
Dennis Gilmore | ca1d95f8a8 | |
Bill Nottingham | f5e67696a8 |
|
@ -1 +1,14 @@
|
|||
pdns-2.9.22.tar.gz
|
||||
/pdns-3.0-pre.20110327.2103.tar.gz
|
||||
/pdns-3.0-rc2.tar.gz
|
||||
/pdns-3.0-rc3.tar.gz
|
||||
/pdns-3.0.tar.gz
|
||||
/pdns-3.0.1.tar.gz
|
||||
/pdns-3.1.tar.gz
|
||||
/pdns-3.2.tar.gz
|
||||
/pdns-3.3-rc1.tar.gz
|
||||
/pdns-3.3-rc2.tar.gz
|
||||
/pdns-3.3.tar.gz
|
||||
/pdns-3.3.1.tar.gz
|
||||
/pdns-3.3.2.tar.gz
|
||||
/pdns-3.3.3.tar.gz
|
||||
|
|
|
@ -0,0 +1,167 @@
|
|||
From 0086c2b1374072d2b0609407f8e60fade192ae88 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Gacogne <remi.gacogne@powerdns.com>
|
||||
Date: Fri, 1 Jul 2016 15:30:20 +0200
|
||||
Subject: [PATCH 1/2] Reject qname's wirelength > 255, `chopOff()` handle dot
|
||||
inside labels
|
||||
|
||||
(cherry picked from commit 881b5b03a590198d03008e4200dd00cc537712f3)
|
||||
---
|
||||
pdns/dnsparser.cc | 17 +++++++++++----
|
||||
pdns/dnsparser.hh | 2 +-
|
||||
pdns/misc.cc | 65 +++++++++++++++++++++++++++++++++++++------------------
|
||||
3 files changed, 58 insertions(+), 26 deletions(-)
|
||||
|
||||
diff --git a/pdns/dnsparser.cc b/pdns/dnsparser.cc
|
||||
index e54b678..f3e3d87 100644
|
||||
--- a/pdns/dnsparser.cc
|
||||
+++ b/pdns/dnsparser.cc
|
||||
@@ -380,8 +380,9 @@ uint8_t PacketReader::get8BitInt()
|
||||
string PacketReader::getLabel(unsigned int recurs)
|
||||
{
|
||||
string ret;
|
||||
+ size_t wirelength = 0;
|
||||
ret.reserve(40);
|
||||
- getLabelFromContent(d_content, d_pos, ret, recurs++);
|
||||
+ getLabelFromContent(d_content, d_pos, ret, recurs++, wirelength);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -431,7 +432,7 @@ string PacketReader::getText(bool multi)
|
||||
}
|
||||
|
||||
|
||||
-void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t& frompos, string& ret, int recurs)
|
||||
+void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t& frompos, string& ret, int recurs, size_t& wirelength)
|
||||
{
|
||||
if(recurs > 100) // the forward reference-check below should make this test 100% obsolete
|
||||
throw MOADNSException("Loop");
|
||||
@@ -440,6 +441,10 @@ void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t&
|
||||
// it is tempting to call reserve on ret, but it turns out it creates a malloc/free storm in the loop
|
||||
for(;;) {
|
||||
unsigned char labellen=content.at(frompos++);
|
||||
+ wirelength++;
|
||||
+ if (wirelength > 255) {
|
||||
+ throw MOADNSException("Overly long DNS name ("+lexical_cast<string>(wirelength)+")");
|
||||
+ }
|
||||
|
||||
if(!labellen) {
|
||||
if(ret.empty())
|
||||
@@ -452,11 +457,15 @@ void PacketReader::getLabelFromContent(const vector<uint8_t>& content, uint16_t&
|
||||
|
||||
if(offset >= pos)
|
||||
throw MOADNSException("forward reference during label decompression");
|
||||
- return getLabelFromContent(content, offset, ret, ++recurs);
|
||||
+ /* the compression pointer does not count into the wire length */
|
||||
+ return getLabelFromContent(content, offset, ret, ++recurs, --wirelength);
|
||||
}
|
||||
else {
|
||||
+ if (wirelength + labellen > 255) {
|
||||
+ throw MOADNSException("Overly long DNS name ("+lexical_cast<string>(wirelength)+")");
|
||||
+ }
|
||||
+ wirelength += labellen;
|
||||
// XXX FIXME THIS MIGHT BE VERY SLOW!
|
||||
-
|
||||
for(string::size_type n = 0 ; n < labellen; ++n, frompos++) {
|
||||
if(content.at(frompos)=='.' || content.at(frompos)=='\\') {
|
||||
ret.append(1, '\\');
|
||||
diff --git a/pdns/dnsparser.hh b/pdns/dnsparser.hh
|
||||
index 414c73e..cc0cf44 100644
|
||||
--- a/pdns/dnsparser.hh
|
||||
+++ b/pdns/dnsparser.hh
|
||||
@@ -128,7 +128,7 @@ public:
|
||||
void xfrHexBlob(string& blob, bool keepReading=false);
|
||||
|
||||
static uint16_t get16BitInt(const vector<unsigned char>&content, uint16_t& pos);
|
||||
- static void getLabelFromContent(const vector<uint8_t>& content, uint16_t& frompos, string& ret, int recurs);
|
||||
+ static void getLabelFromContent(const vector<uint8_t>& content, uint16_t& frompos, string& ret, int recurs, size_t& wirelength);
|
||||
|
||||
void getDnsrecordheader(struct dnsrecordheader &ah);
|
||||
void copyRecord(vector<unsigned char>& dest, uint16_t len);
|
||||
diff --git a/pdns/misc.cc b/pdns/misc.cc
|
||||
index 2d5dc21..73a8433 100644
|
||||
--- a/pdns/misc.cc
|
||||
+++ b/pdns/misc.cc
|
||||
@@ -125,16 +125,27 @@ bool chopOff(string &domain)
|
||||
if(domain.empty())
|
||||
return false;
|
||||
|
||||
- string::size_type fdot=domain.find('.');
|
||||
-
|
||||
- if(fdot==string::npos)
|
||||
- domain="";
|
||||
- else {
|
||||
- string::size_type remain = domain.length() - (fdot + 1);
|
||||
- char tmp[remain];
|
||||
- memcpy(tmp, domain.c_str()+fdot+1, remain);
|
||||
- domain.assign(tmp, remain); // don't dare to do this w/o tmp holder :-)
|
||||
+ bool escaped = false;
|
||||
+ const string::size_type domainLen = domain.length();
|
||||
+ for (size_t fdot = 0; fdot < domainLen; fdot++)
|
||||
+ {
|
||||
+ if (domain[fdot] == '.' && !escaped) {
|
||||
+ string::size_type remain = domainLen - (fdot + 1);
|
||||
+ char tmp[remain];
|
||||
+ memcpy(tmp, domain.c_str()+fdot+1, remain);
|
||||
+ domain.assign(tmp, remain); // don't dare to do this w/o tmp holder :-)
|
||||
+
|
||||
+ return true;
|
||||
+ }
|
||||
+ else if (domain[fdot] == '\\' && !escaped) {
|
||||
+ escaped = true;
|
||||
+ }
|
||||
+ else {
|
||||
+ escaped = false;
|
||||
+ }
|
||||
}
|
||||
+
|
||||
+ domain = "";
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -144,19 +155,31 @@ bool chopOffDotted(string &domain)
|
||||
if(domain.empty() || (domain.size()==1 && domain[0]=='.'))
|
||||
return false;
|
||||
|
||||
- string::size_type fdot=domain.find('.');
|
||||
- if(fdot == string::npos)
|
||||
- return false;
|
||||
-
|
||||
- if(fdot==domain.size()-1)
|
||||
- domain=".";
|
||||
- else {
|
||||
- string::size_type remain = domain.length() - (fdot + 1);
|
||||
- char tmp[remain];
|
||||
- memcpy(tmp, domain.c_str()+fdot+1, remain);
|
||||
- domain.assign(tmp, remain);
|
||||
+ bool escaped = false;
|
||||
+ const string::size_type domainLen = domain.length();
|
||||
+ for (size_t fdot = 0; fdot < domainLen; fdot++)
|
||||
+ {
|
||||
+ if (domain[fdot] == '.' && !escaped) {
|
||||
+ if (fdot==domain.size()-1) {
|
||||
+ domain=".";
|
||||
+ }
|
||||
+ else {
|
||||
+ string::size_type remain = domainLen - (fdot + 1);
|
||||
+ char tmp[remain];
|
||||
+ memcpy(tmp, domain.c_str()+fdot+1, remain);
|
||||
+ domain.assign(tmp, remain); // don't dare to do this w/o tmp holder :-)
|
||||
+ }
|
||||
+ return true;
|
||||
+ }
|
||||
+ else if (domain[fdot] == '\\' && !escaped) {
|
||||
+ escaped = true;
|
||||
+ }
|
||||
+ else {
|
||||
+ escaped = false;
|
||||
+ }
|
||||
}
|
||||
- return true;
|
||||
+
|
||||
+ return false;
|
||||
}
|
||||
|
||||
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -0,0 +1,116 @@
|
|||
From 2886c5826dd9af891cbaa3ac9fd928838ef75387 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Gacogne <remi.gacogne@powerdns.com>
|
||||
Date: Thu, 7 Jul 2016 16:17:22 +0200
|
||||
Subject: [PATCH 2/2] Add limits to the size of received AXFR, in megabytes
|
||||
|
||||
This prevents resource exhaustion in case the master is sending a
|
||||
very large amount of data in an update.
|
||||
|
||||
(cherry picked from commit a014f4c224a7b21f1c648257d1fd1128413129aa)
|
||||
---
|
||||
pdns/common_startup.cc | 2 ++
|
||||
pdns/docs/pdns.xml | 11 +++++++++++
|
||||
pdns/pdns.conf-dist | 4 ++++
|
||||
pdns/resolver.cc | 15 +++++++++++----
|
||||
pdns/resolver.hh | 5 ++++-
|
||||
pdns/slavecommunicator.cc | 2 +-
|
||||
6 files changed, 33 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
|
||||
index 41ca348..adc50e2 100644
|
||||
--- a/pdns/common_startup.cc
|
||||
+++ b/pdns/common_startup.cc
|
||||
@@ -150,6 +150,8 @@ void declareArguments()
|
||||
|
||||
::arg().set("include-dir","Include *.conf files from this directory");
|
||||
::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
|
||||
+
|
||||
+ ::arg().set("xfr-max-received-mbytes", "Maximum number of megabytes received from an incoming AXFR")="100";
|
||||
}
|
||||
|
||||
void declareStats(void)
|
||||
diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
|
||||
index ccb03f9..146f89f 100644
|
||||
--- a/pdns/pdns.conf-dist
|
||||
+++ b/pdns/pdns.conf-dist
|
||||
@@ -464,4 +464,8 @@
|
||||
#
|
||||
# wildcard-url=no
|
||||
|
||||
+#################################
|
||||
+# xfr-max-received-mbytes Maximum number of megabytes received from an incoming AXFR
|
||||
+#
|
||||
+# xfr-max-received-mbytes=100
|
||||
|
||||
diff --git a/pdns/resolver.cc b/pdns/resolver.cc
|
||||
index 792c8fb..9dd9182 100644
|
||||
--- a/pdns/resolver.cc
|
||||
+++ b/pdns/resolver.cc
|
||||
@@ -305,8 +305,9 @@ AXFRRetriever::AXFRRetriever(const ComboAddress& remote,
|
||||
const string& tsigkeyname,
|
||||
const string& tsigalgorithm,
|
||||
const string& tsigsecret,
|
||||
- const ComboAddress* laddr)
|
||||
-: d_tsigkeyname(tsigkeyname), d_tsigsecret(tsigsecret), d_tsigPos(0), d_nonSignedMessages(0)
|
||||
+ const ComboAddress* laddr,
|
||||
+ size_t maxReceivedBytes)
|
||||
+: d_tsigkeyname(tsigkeyname), d_tsigsecret(tsigsecret), d_receivedBytes(0), d_maxReceivedBytes(maxReceivedBytes), d_tsigPos(0), d_nonSignedMessages(0)
|
||||
{
|
||||
ComboAddress local;
|
||||
if (laddr != NULL) {
|
||||
@@ -384,8 +385,14 @@ int AXFRRetriever::getChunk(Resolver::res_t &res) // Implementation is making su
|
||||
int len=getLength();
|
||||
if(len<0)
|
||||
throw ResolverException("EOF trying to read axfr chunk from remote TCP client");
|
||||
-
|
||||
- timeoutReadn(len);
|
||||
+
|
||||
+ if (d_maxReceivedBytes > 0 && (d_maxReceivedBytes - d_receivedBytes) < (size_t) len)
|
||||
+ throw ResolverException("Reached the maximum number of received bytes during AXFR");
|
||||
+
|
||||
+ timeoutReadn(len);
|
||||
+
|
||||
+ d_receivedBytes += (uint16_t) len;
|
||||
+
|
||||
MOADNSParser mdp(d_buf.get(), len);
|
||||
|
||||
int err = parseResult(mdp, "", 0, 0, &res);
|
||||
diff --git a/pdns/resolver.hh b/pdns/resolver.hh
|
||||
index 3633bf2..a783b84 100644
|
||||
--- a/pdns/resolver.hh
|
||||
+++ b/pdns/resolver.hh
|
||||
@@ -86,7 +86,8 @@ class AXFRRetriever : public boost::noncopyable
|
||||
const string& tsigkeyname=string(),
|
||||
const string& tsigalgorithm=string(),
|
||||
const string& tsigsecret=string(),
|
||||
- const ComboAddress* laddr = NULL);
|
||||
+ const ComboAddress* laddr = NULL,
|
||||
+ size_t maxReceivedBytes=0);
|
||||
~AXFRRetriever();
|
||||
int getChunk(Resolver::res_t &res);
|
||||
|
||||
@@ -105,6 +106,8 @@ class AXFRRetriever : public boost::noncopyable
|
||||
string d_tsigsecret;
|
||||
string d_prevMac; // RFC2845 4.4
|
||||
string d_signData;
|
||||
+ size_t d_receivedBytes;
|
||||
+ size_t d_maxReceivedBytes;
|
||||
uint32_t d_tsigPos;
|
||||
uint d_nonSignedMessages; // RFC2845 4.4
|
||||
TSIGRecordContent d_trc;
|
||||
diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
|
||||
index 492ac41..12c2316 100644
|
||||
--- a/pdns/slavecommunicator.cc
|
||||
+++ b/pdns/slavecommunicator.cc
|
||||
@@ -153,7 +153,7 @@ void CommunicatorClass::suck(const string &domain,const string &remote)
|
||||
vector<DNSResourceRecord> rrs;
|
||||
|
||||
ComboAddress raddr(remote, 53);
|
||||
- AXFRRetriever retriever(raddr, domain.c_str(), tsigkeyname, tsigalgorithm, tsigsecret, (laddr.sin4.sin_family == 0) ? NULL : &laddr);
|
||||
+ AXFRRetriever retriever(raddr, domain.c_str(), tsigkeyname, tsigalgorithm, tsigsecret, (laddr.sin4.sin_family == 0) ? NULL : &laddr, ((size_t) ::arg().asNum("xfr-max-received-mbytes")) * 1024 * 1024);
|
||||
Resolver::res_t recs;
|
||||
while(retriever.getChunk(recs)) {
|
||||
if(first) {
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
From 2bdeeb685e70105826739e774e93427e1bc69053 Mon Sep 17 00:00:00 2001
|
||||
From: Ruben Kerkhof <ruben@rubenkerkhof.com>
|
||||
Date: Mon, 31 Oct 2016 22:17:30 +0100
|
||||
Subject: [PATCH 3/3] Disable secpoll
|
||||
|
||||
---
|
||||
pdns/common_startup.cc | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
|
||||
index adc50e2..a5ff792 100644
|
||||
--- a/pdns/common_startup.cc
|
||||
+++ b/pdns/common_startup.cc
|
||||
@@ -149,7 +149,7 @@ void declareArguments()
|
||||
::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3
|
||||
|
||||
::arg().set("include-dir","Include *.conf files from this directory");
|
||||
- ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
|
||||
+ ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="";
|
||||
|
||||
::arg().set("xfr-max-received-mbytes", "Maximum number of megabytes received from an incoming AXFR")="100";
|
||||
}
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
--- pdns-3.3-rc2/pdns/pdns.conf-dist.orig 2013-06-14 11:51:22.000000000 +0200
|
||||
+++ pdns-3.3-rc2/pdns/pdns.conf-dist 2013-06-28 13:45:37.307992960 +0200
|
||||
@@ -1,3 +1,6 @@
|
||||
+setuid=pdns
|
||||
+setgid=pdns
|
||||
+launch=bind
|
||||
# Autogenerated configuration file template
|
||||
#################################
|
||||
# add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record to positive wildcard response
|
|
@ -1,16 +0,0 @@
|
|||
diff -ur pdns-2.9.22.orig/pdns/unix_semaphore.cc pdns-2.9.22/pdns/unix_semaphore.cc
|
||||
--- pdns-2.9.22.orig/pdns/unix_semaphore.cc 2010-12-14 17:18:02.667000233 +0100
|
||||
+++ pdns-2.9.22/pdns/unix_semaphore.cc 2010-12-14 17:18:08.138000485 +0100
|
||||
@@ -156,7 +156,11 @@
|
||||
|
||||
int Semaphore::wait()
|
||||
{
|
||||
- return sem_wait(m_pSemaphore);
|
||||
+ int ret;
|
||||
+ do
|
||||
+ ret = sem_wait(m_pSemaphore);
|
||||
+ while (ret == -1 && errno == EINTR);
|
||||
+ return ret;
|
||||
}
|
||||
int Semaphore::tryWait()
|
||||
{
|
|
@ -1,22 +0,0 @@
|
|||
diff -up pdns-2.9.22/configure.orig pdns-2.9.22/configure
|
||||
--- pdns-2.9.22/configure.orig 2010-01-14 20:40:16.000000000 +0100
|
||||
+++ pdns-2.9.22/configure 2010-01-14 20:41:13.000000000 +0100
|
||||
@@ -23298,7 +23298,7 @@ if test "${with_pgsql+set}" = set; then
|
||||
withval=$with_pgsql; PGSQL_lib_check="$withval/lib/pgsql $with_pgsql/lib"
|
||||
PGSQL_inc_check="$withval/include/pgsql"
|
||||
else
|
||||
- PGSQL_lib_check="/usr/local/pgsql/lib/pgsql /usr/local/lib/pgsql /opt/pgsql/lib/pgsql /usr/lib/pgsql /usr/local/pgsql/lib /usr/local/lib /opt/pgsql/lib /usr/lib"
|
||||
+ PGSQL_lib_check="/usr/local/pgsql/lib/pgsql /usr/local/lib/pgsql /opt/pgsql/lib/pgsql /usr/lib/pgsql /usr/local/pgsql/lib /usr/local/lib /opt/pgsql/lib /usr/lib /usr/lib64"
|
||||
PGSQL_inc_check="/usr/local/pgsql/include/pgsql /usr/include /usr/local/include/postgresql/ /usr/local/include /opt/pgsql/include/pgsql /opt/pgsql/include /usr/include/pgsql/ /usr/include/postgresql"
|
||||
fi
|
||||
|
||||
@@ -23318,8 +23318,7 @@ fi
|
||||
echo $ECHO_N "checking for PgSQL library directory... $ECHO_C" >&6; }
|
||||
PGSQL_libdir=
|
||||
for m in $PGSQL_lib_check; do
|
||||
- if test -d "$m" && \
|
||||
- (test -f "$m/libpq.a" || test -f "$m/libpq++.a")
|
||||
+ if test -d "$m" && test -f "$m/libpq.so"
|
||||
then
|
||||
PGSQL_libdir=$m
|
||||
break
|
|
@ -1,7 +1,15 @@
|
|||
diff -up pdns-2.9.22-rc2/pdns/pdns.in.fixinit pdns-2.9.22-rc2/pdns/pdns.in
|
||||
--- pdns-2.9.22-rc2/pdns/pdns.in.fixinit 2008-02-03 13:14:00.000000000 +0100
|
||||
+++ pdns-2.9.22-rc2/pdns/pdns.in 2008-12-03 04:07:26.000000000 +0100
|
||||
@@ -47,6 +47,7 @@ case "$1" in
|
||||
--- pdns-3.3/pdns/pdns.in.orig 2013-06-10 09:02:40.000000000 +0200
|
||||
+++ pdns-3.3/pdns/pdns.in 2013-07-08 22:36:59.277997994 +0200
|
||||
@@ -8,7 +8,7 @@
|
||||
# Required-Stop: $remote_fs $network $syslog
|
||||
# Should-Start:
|
||||
# Should-Stop:
|
||||
-# Default-Start: 2 3 4 5
|
||||
+# Default-Start:
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: PowerDNS authoritative server
|
||||
# Description: PowerDNS authoritative server
|
||||
@@ -63,6 +63,7 @@ case "$1" in
|
||||
if test "$NOTRUNNING" = "0"
|
||||
then
|
||||
doPC quit
|
||||
|
@ -9,7 +17,7 @@ diff -up pdns-2.9.22-rc2/pdns/pdns.in.fixinit pdns-2.9.22-rc2/pdns/pdns.in
|
|||
echo $ret
|
||||
else
|
||||
echo "not running"
|
||||
@@ -57,6 +58,7 @@ case "$1" in
|
||||
@@ -73,6 +74,7 @@ case "$1" in
|
||||
force-stop)
|
||||
echo -n "Stopping PowerDNS authoritative nameserver: "
|
||||
killall -v -9 pdns_server
|
||||
|
@ -17,11 +25,37 @@ diff -up pdns-2.9.22-rc2/pdns/pdns.in.fixinit pdns-2.9.22-rc2/pdns/pdns.in
|
|||
echo "killed"
|
||||
;;
|
||||
|
||||
@@ -69,6 +71,7 @@ case "$1" in
|
||||
$pdns_server --daemon --guardian=yes
|
||||
if test "$?" = "0"
|
||||
@@ -84,6 +86,7 @@ case "$1" in
|
||||
else
|
||||
if $pdns_server --daemon --guardian=yes
|
||||
then
|
||||
+ touch /var/lock/subsys/pdns
|
||||
echo "started"
|
||||
fi
|
||||
else
|
||||
echo "starting failed"
|
||||
@@ -92,6 +95,16 @@ case "$1" in
|
||||
fi
|
||||
;;
|
||||
|
||||
+ condrestart)
|
||||
+ if [ -f /var/lock/subsys/pdns ];
|
||||
+ then
|
||||
+ echo "running, restarting"
|
||||
+ $0 restart
|
||||
+ else
|
||||
+ echo "not running"
|
||||
+ fi
|
||||
+ ;;
|
||||
+
|
||||
force-reload | restart)
|
||||
echo -n "Restarting PowerDNS authoritative nameserver: "
|
||||
if test "$NOTRUNNING" = "1"
|
||||
@@ -194,7 +207,7 @@ case "$1" in
|
||||
|
||||
|
||||
*)
|
||||
- echo pdns [start\|stop\|force-reload\|reload\|restart\|status\|dump\|show\|mrtg\|cricket\|monitor]
|
||||
+ echo pdns [start\|stop\|condrestart\|force-reload\|reload\|restart\|status\|dump\|show\|mrtg\|cricket\|monitor]
|
||||
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
diff -up pdns-2.9.22/pdns/misc.hh.orig pdns-2.9.22/pdns/misc.hh
|
||||
--- pdns-2.9.22/pdns/misc.hh.orig 2009-02-26 17:09:41.000000000 +0100
|
||||
+++ pdns-2.9.22/pdns/misc.hh 2009-02-26 17:09:54.000000000 +0100
|
||||
@@ -20,6 +20,7 @@
|
||||
#define MISC_HH
|
||||
#include <stdint.h>
|
||||
#include <cstring>
|
||||
+#include <cstdio>
|
||||
|
||||
#if 0
|
||||
#include <iostream>
|
315
pdns.spec
315
pdns.spec
|
@ -1,23 +1,29 @@
|
|||
Summary: A modern, advanced and high performance authoritative-only nameserver
|
||||
Name: pdns
|
||||
Version: 2.9.22
|
||||
Release: 10%{?dist}
|
||||
%global backends %{nil}
|
||||
|
||||
Group: System Environment/Daemons
|
||||
License: GPLv2
|
||||
URL: http://powerdns.com
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Source0: http://downloads.powerdns.com/releases/%{name}-%{version}.tar.gz
|
||||
Patch0: %{name}-fixinit.patch
|
||||
Patch1: %{name}-gcc44.patch
|
||||
Patch2: pdns-fix-postgres-detection.patch
|
||||
Patch3: pdns-fix-crash-on-sigstop.patch
|
||||
Name: pdns
|
||||
Version: 3.3.3
|
||||
Release: 2%{?dist}
|
||||
Summary: A modern, advanced and high performance authoritative-only nameserver
|
||||
Group: System Environment/Daemons
|
||||
License: GPLv2
|
||||
URL: http://powerdns.com
|
||||
Source0: http://downloads.powerdns.com/releases/%{name}-%{version}.tar.gz
|
||||
Patch0: pdns-default-config.patch
|
||||
Patch1: pdns-fixinit.patch
|
||||
Patch2: 0001-Reject-qname-s-wirelength-255-chopOff-handle-dot-ins.patch
|
||||
Patch3: 0002-Add-limits-to-the-size-of-received-AXFR-in-megabytes.patch
|
||||
Patch4: 0003-Disable-secpoll.patch
|
||||
|
||||
Requires(post): %{_sbindir}/useradd, /sbin/chkconfig
|
||||
Requires(preun): /sbin/service, /sbin/chkconfig
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): /sbin/chkconfig
|
||||
Requires(preun): /sbin/service, /sbin/chkconfig
|
||||
Requires(postun): /sbin/service
|
||||
|
||||
BuildRequires: boost-devel, chrpath
|
||||
Provides: powerdns = %{version}-%{release}
|
||||
BuildRequires: boost-devel
|
||||
BuildRequires: lua-devel
|
||||
BuildRequires: cryptopp-devel
|
||||
BuildRequires: bison
|
||||
Provides: powerdns = %{version}-%{release}
|
||||
|
||||
%description
|
||||
The PowerDNS Nameserver is a modern, advanced and high performance
|
||||
|
@ -25,165 +31,267 @@ authoritative-only nameserver. It is written from scratch and conforms
|
|||
to all relevant DNS standards documents.
|
||||
Furthermore, PowerDNS interfaces with almost any database.
|
||||
|
||||
%package backend-mysql
|
||||
Summary: MySQL backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
BuildRequires: mysql-devel
|
||||
%package tools
|
||||
Summary: Extra tools for %{name}
|
||||
Group: System Environment/Daemons
|
||||
|
||||
%package backend-postgresql
|
||||
Summary: PostgreSQL backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
BuildRequires: postgresql-devel
|
||||
%description tools
|
||||
This package contains the extra tools for %{name}
|
||||
|
||||
%package backend-pipe
|
||||
Summary: Pipe backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
%package backend-mysql
|
||||
Summary: MySQL backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
BuildRequires: mysql-devel
|
||||
%global backends %{backends} gmysql
|
||||
|
||||
%package backend-geo
|
||||
Summary: Geo backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
%package backend-ldap
|
||||
Summary: LDAP backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
BuildRequires: openldap-devel
|
||||
|
||||
%package backend-sqlite
|
||||
Summary: SQLite backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
BuildRequires: sqlite-devel
|
||||
|
||||
%description backend-mysql
|
||||
%description backend-mysql
|
||||
This package contains the gmysql backend for %{name}
|
||||
|
||||
%description backend-postgresql
|
||||
%package backend-postgresql
|
||||
Summary: PostgreSQL backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
BuildRequires: postgresql-devel
|
||||
%global backends %{backends} gpgsql
|
||||
|
||||
%description backend-postgresql
|
||||
This package contains the gpgsql backend for %{name}
|
||||
|
||||
%description backend-pipe
|
||||
%package backend-pipe
|
||||
Summary: Pipe backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
%global backends %{backends} pipe
|
||||
|
||||
%description backend-pipe
|
||||
This package contains the pipe backend for %{name}
|
||||
|
||||
%description backend-geo
|
||||
%package backend-remote
|
||||
Summary: Remote backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
BuildRequires: libcurl-devel
|
||||
%global backends %{backends} remote
|
||||
|
||||
%description backend-remote
|
||||
This package contains the remote backend for %{name}
|
||||
|
||||
%package backend-geo
|
||||
Summary: Geo backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
%global backends %{backends} geo
|
||||
|
||||
%description backend-geo
|
||||
This package contains the geo backend for %{name}
|
||||
It allows different answers to DNS queries coming from different
|
||||
IP address ranges or based on the geographic location
|
||||
|
||||
%description backend-ldap
|
||||
%package backend-ldap
|
||||
Summary: LDAP backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
BuildRequires: openldap-devel
|
||||
%global backends %{backends} ldap
|
||||
|
||||
%description backend-ldap
|
||||
This package contains the ldap backend for %{name}
|
||||
|
||||
%description backend-sqlite
|
||||
This package contains the SQLite backend for %{name}
|
||||
%package backend-lua
|
||||
Summary: LUA backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
%global backends %{backends} lua
|
||||
|
||||
%description backend-lua
|
||||
This package contains the lua backend for %{name}
|
||||
|
||||
%package backend-sqlite
|
||||
Summary: SQLite backend for %{name}
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
BuildRequires: sqlite-devel
|
||||
%global backends %{backends} gsqlite3
|
||||
|
||||
%description backend-sqlite
|
||||
This package contains the SQLite backend for %{name}
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .fixinit
|
||||
%patch1 -p1 -b .gcc44
|
||||
%patch2 -p1 -b .postgres
|
||||
%patch3 -p1 -b .sigstop
|
||||
%patch0 -p1 -b .default-config-patch
|
||||
%patch1 -p1 -b .fixinit
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
export CPPFLAGS="-DLDAP_DEPRECATED %{optflags}"
|
||||
export CPPFLAGS="-DLDAP_DEPRECATED"
|
||||
|
||||
%configure \
|
||||
--sysconfdir=%{_sysconfdir}/%{name} \
|
||||
--libdir=%{_libdir}/%{name} \
|
||||
--disable-static \
|
||||
--disable-dependency-tracking \
|
||||
--disable-silent-rules \
|
||||
--with-modules='' \
|
||||
--with-dynmodules='pipe gmysql gpgsql geo ldap gsqlite3' \
|
||||
--with-mysql-lib=%{_libdir}/mysql \
|
||||
--with-sqlite3-lib=%{_libdir}
|
||||
--with-lua \
|
||||
--with-dynmodules='%{backends}' \
|
||||
--enable-cryptopp \
|
||||
--enable-tools \
|
||||
--enable-remotebackend-http \
|
||||
--enable-unit-tests
|
||||
|
||||
|
||||
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
|
||||
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
||||
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%{__rm} -rf %{buildroot}
|
||||
make install DESTDIR=%{buildroot}
|
||||
|
||||
%{__rm} -f %{buildroot}%{_libdir}/%{name}/*.la
|
||||
%{__install} -p -D -m 0755 pdns/pdns %{buildroot}%{_initrddir}/pdns
|
||||
%{__mv} %{buildroot}%{_sysconfdir}/%{name}/pdns.conf{-dist,}
|
||||
|
||||
# add the pdns user to the config file
|
||||
sed -i '1i\setuid=pdns' %{buildroot}%{_sysconfdir}/%{name}/pdns.conf
|
||||
sed -i '2i\setgid=pdns' %{buildroot}%{_sysconfdir}/%{name}/pdns.conf
|
||||
chmod 600 %{buildroot}%{_sysconfdir}/%{name}/pdns.conf
|
||||
|
||||
# strip the static rpath from the binaries
|
||||
chrpath --delete %{buildroot}%{_bindir}/pdns_control
|
||||
chrpath --delete %{buildroot}%{_bindir}/zone2ldap
|
||||
chrpath --delete %{buildroot}%{_bindir}/zone2sql
|
||||
chrpath --delete %{buildroot}%{_sbindir}/pdns_server
|
||||
chrpath --delete %{buildroot}%{_libdir}/%{name}/*.so
|
||||
%check
|
||||
make %{?_smp_mflags} -C pdns check
|
||||
|
||||
%pre
|
||||
getent group pdns >/dev/null || groupadd -r pdns
|
||||
getent passwd pdns >/dev/null || \
|
||||
useradd -r -g pdns -d / -s /sbin/nologin \
|
||||
-c "PowerDNS user" pdns
|
||||
exit 0
|
||||
|
||||
%post
|
||||
if [ $1 -eq 1 ]; then
|
||||
/sbin/chkconfig --add pdns
|
||||
userid=`id -u pdns 2>/dev/null`
|
||||
if [ x"$userid" = x ]; then
|
||||
%{_sbindir}/useradd -c "PowerDNS user" -s /sbin/nologin -r -d / pdns > /dev/null || :
|
||||
fi
|
||||
fi
|
||||
/sbin/chkconfig --add pdns
|
||||
|
||||
%preun
|
||||
if [ $1 -eq 0 ]; then
|
||||
/sbin/service pdns stop >/dev/null 2>&1 || :
|
||||
/sbin/chkconfig --del pdns
|
||||
fi
|
||||
|
||||
%clean
|
||||
%{__rm} -rf %{buildroot}
|
||||
%postun
|
||||
if [ $1 -ge 1 ]; then
|
||||
/sbin/service pdns condrestart >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc ChangeLog TODO pdns/COPYING
|
||||
%doc COPYING README
|
||||
%{_bindir}/pdns_control
|
||||
%{_bindir}/pdnssec
|
||||
%{_bindir}/zone2ldap
|
||||
%{_bindir}/zone2sql
|
||||
%{_bindir}/zone2json
|
||||
%{_sbindir}/pdns_server
|
||||
%{_mandir}/man8/pdns_control.8.gz
|
||||
%{_mandir}/man8/pdns_server.8.gz
|
||||
%{_mandir}/man8/zone2sql.8.gz
|
||||
%{_mandir}/man8/zone2ldap.8.gz
|
||||
%{_mandir}/man8/pdnssec.8.gz
|
||||
%{_initrddir}/pdns
|
||||
%dir %{_libdir}/%{name}/
|
||||
%dir %{_sysconfdir}/%{name}/
|
||||
%config(noreplace) %{_sysconfdir}/%{name}/pdns.conf
|
||||
|
||||
%files tools
|
||||
%{_bindir}/dnsbulktest
|
||||
%{_bindir}/dnsreplay
|
||||
%{_bindir}/dnsscan
|
||||
%{_bindir}/dnsscope
|
||||
%{_bindir}/dnstcpbench
|
||||
%{_bindir}/dnswasher
|
||||
%{_bindir}/nproxy
|
||||
%{_bindir}/nsec3dig
|
||||
%{_mandir}/man8/dnsreplay.8.gz
|
||||
%{_mandir}/man8/dnsscope.8.gz
|
||||
%{_mandir}/man8/dnswasher.8.gz
|
||||
%{_mandir}/man1/dnstcpbench.1.gz
|
||||
|
||||
%files backend-mysql
|
||||
%defattr(-,root,root,-)
|
||||
%doc pdns/COPYING
|
||||
%doc pdns/dnssec.schema.mysql.sql
|
||||
%doc pdns/no-dnssec.schema.mysql.sql
|
||||
%{_libdir}/%{name}/libgmysqlbackend.so
|
||||
|
||||
%files backend-postgresql
|
||||
%defattr(-,root,root,-)
|
||||
%doc pdns/COPYING
|
||||
%doc pdns/dnssec.schema.pgsql.sql
|
||||
%doc pdns/no-dnssec.schema.pgsql.sql
|
||||
%{_libdir}/%{name}/libgpgsqlbackend.so
|
||||
|
||||
%files backend-pipe
|
||||
%defattr(-,root,root,-)
|
||||
%doc pdns/COPYING
|
||||
%{_libdir}/%{name}/libpipebackend.so
|
||||
|
||||
%files backend-remote
|
||||
%{_libdir}/%{name}/libremotebackend.so
|
||||
|
||||
%files backend-geo
|
||||
%defattr(-,root,root,-)
|
||||
%doc pdns/COPYING modules/geobackend/README
|
||||
%doc modules/geobackend/README
|
||||
%{_libdir}/%{name}/libgeobackend.so
|
||||
|
||||
%files backend-ldap
|
||||
%defattr(-,root,root,-)
|
||||
%doc pdns/COPYING
|
||||
%{_libdir}/%{name}/libldapbackend.so
|
||||
|
||||
%files backend-lua
|
||||
%{_libdir}/%{name}/libluabackend.so
|
||||
|
||||
%files backend-sqlite
|
||||
%defattr(-,root,root,-)
|
||||
%doc pdns/COPYING
|
||||
%doc pdns/dnssec.schema.sqlite3.sql
|
||||
%doc pdns/no-dnssec.schema.sqlite3.sql
|
||||
%doc pdns/bind-dnssec.schema.sqlite3.sql
|
||||
%{_libdir}/%{name}/libgsqlite3backend.so
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Oct 31 2016 Ruben Kerkhof <ruben@rubenkerkhof.com> - 3.3.3-2
|
||||
- CVE-2016-5426, CVE-2016-5427, CVE-2016-6172
|
||||
|
||||
* Wed Jun 10 2015 Morten Stevens <mstevens@imt-systems.com> - 3.3.3-1
|
||||
- Update to 3.3.3
|
||||
- Disable security status polling by default
|
||||
|
||||
* Fri May 01 2015 Morten Stevens <mstevens@imt-systems.com> - 3.3.2-1
|
||||
- Update to latest upstream release 3.3.2
|
||||
|
||||
* Mon Apr 27 2015 Morten Stevens <mstevens@imt-systems.com> - 3.3.1-2
|
||||
- CVE-2015-1868
|
||||
- Run the unit tests during check
|
||||
- Remove polarssl-devel as build dependency
|
||||
|
||||
* Tue Dec 17 2013 Morten Stevens <mstevens@imt-systems.com> - 3.3.1-1
|
||||
- Update to latest upstream release 3.3.1
|
||||
- Some more DNSSEC improvements
|
||||
- Several bugs fixed since 3.1
|
||||
- Add extra tools package for pdns
|
||||
- Add Remote backend
|
||||
- Add LUA backend
|
||||
- Enable remotebackend-http
|
||||
- Add extra tools package for pdns
|
||||
- Add polarssl-devel as build dependency
|
||||
- Fix bogus date in changelog
|
||||
|
||||
* Sun Oct 28 2012 Morten Stevens <mstevens@imt-systems.com> - 3.1-2
|
||||
- Spec improvements
|
||||
|
||||
* Fri Oct 26 2012 Morten Stevens <mstevens@imt-systems.com> - 3.1-1
|
||||
- Update to latest upstream release 3.1
|
||||
- DNSSEC improvements
|
||||
- several bugs fixed since 2.9.22
|
||||
- Added condrestart option
|
||||
|
||||
* Sat Oct 20 2012 Morten Stevens <mstevens@imt-systems.com> - 2.9.22.6-2
|
||||
- Fixed permissions of pdns.conf file (rhbz#646510)
|
||||
- Set bind as default backend
|
||||
|
||||
* Wed Feb 01 2012 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.9.22.6-1
|
||||
- Upstream released new version. Fixes crash introduced in 2.9.22.5
|
||||
|
||||
* Mon Jan 09 2012 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.9.22.5-1
|
||||
- CVE-2012-0206
|
||||
|
||||
* Tue Dec 14 2010 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.9.22-10
|
||||
- Fix crash on SIGSTOP and SIGCONT, thanks to Anders Kaseorg (#652841)
|
||||
|
||||
|
@ -236,30 +344,39 @@ fi
|
|||
* Tue Sep 11 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.9.21-2
|
||||
- Fix license tag
|
||||
- Add README for geo backend to docs
|
||||
|
||||
* Tue Apr 24 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.9.21-1
|
||||
- Upstream released 2.9.21
|
||||
- Enabled new SQLite backend
|
||||
* Thu Apr 10 2007 <ruben@rubenkerkhof.com> 2.9.20-9
|
||||
|
||||
* Tue Apr 10 2007 <ruben@rubenkerkhof.com> 2.9.20-9
|
||||
- Add Requires for chkconfig, service and useradd (#235582)
|
||||
|
||||
* Mon Jan 1 2007 <ruben@rubenkerkhof.com> 2.9.20-8
|
||||
- Add the pdns user and group to the config file
|
||||
- Don't restart pdns on an upgrade
|
||||
- Minor cleanups in scriptlets
|
||||
|
||||
* Mon Jan 1 2007 <ruben@rubenkerkhof.com> 2.9.20-7
|
||||
- Fixed typo in scriptlet
|
||||
|
||||
* Mon Jan 1 2007 <ruben@rubenkerkhof.com> 2.9.20-6
|
||||
- Check if user pdns exists before adding it
|
||||
|
||||
* Sat Dec 30 2006 <ruben@rubenkerkhof.com> 2.9.20-5
|
||||
- Strip rpath from the backends as well
|
||||
|
||||
* Fri Dec 29 2006 <ruben@rubenkerkhof.com> 2.9.20-4
|
||||
- Disable rpath
|
||||
|
||||
* Thu Dec 28 2006 <ruben@rubenkerkhof.com> 2.9.20-3
|
||||
- More fixes as per review #219973
|
||||
|
||||
* Wed Dec 27 2006 <ruben@rubenkerkhof.com> 2.9.20-2
|
||||
- A few changes for FE review (bz #219973):
|
||||
- Renamed package to pdns, since that's how upstream calls it
|
||||
- Removed calls to ldconfig
|
||||
- Subpackages now require %%{version}-%%{release}
|
||||
|
||||
* Sat Dec 16 2006 <ruben@rubenkerkhof.com> 2.9.20-1
|
||||
- Initial import
|
||||
|
||||
|
|
Loading…
Reference in New Issue