From a9c4ec01313fa7715124f3dff395182850a03905 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Sun, 4 Mar 2012 20:07:16 -0500 Subject: [PATCH] Reset 'files' dir to current portage. --- ...-merge-similar-outgoing-queries-ipv6.patch | 337 ++++++++++++++++++ ...0002-dnscache-cache-soa-records-ipv6.patch | 68 ++++ net-dns/djbdns/files/dnsroots.patch | 18 + net-dns/djbdns/files/makefile-parallel.patch | 80 +++++ 4 files changed, 503 insertions(+) create mode 100644 net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch create mode 100644 net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch create mode 100644 net-dns/djbdns/files/dnsroots.patch create mode 100644 net-dns/djbdns/files/makefile-parallel.patch diff --git a/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch new file mode 100644 index 0000000..86baac8 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0001-dnscache-merge-similar-outgoing-queries-ipv6.patch @@ -0,0 +1,337 @@ +diff -urNp a/Makefile b/Makefile +--- a/Makefile 2009-03-19 11:01:40.782348427 -0700 ++++ b/Makefile 2009-03-19 11:05:27.659346849 -0700 +@@ -342,11 +342,11 @@ stralloc.h iopause.h taia.h tai.h uint64 + ./compile dns_txt.c + + dnscache: \ +-load dnscache.o droproot.o okclient.o log.o cache.o query.o \ ++load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \ + response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \ + libtai.a unix.a byte.a socket.lib + ./load dnscache droproot.o okclient.o log.o cache.o \ +- query.o response.o dd.o roots.o iopause.o prot.o dns.a \ ++ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \ + env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \ + socket.lib` + +@@ -367,7 +367,7 @@ compile dnscache.c env.h exit.h scan.h s + uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \ + iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \ + iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \ +-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h ++uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h + ./compile dnscache.c + + dnsfilter: \ +@@ -745,11 +745,16 @@ qlog.o: \ + compile qlog.c buffer.h qlog.h uint16.h + ./compile qlog.c + ++qmerge.o: \ ++compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \ ++taia.h tai.h uint64.h log.h maxclient.h ++ ./compile qmerge.c ++ + query.o: \ + compile query.c error.h roots.h log.h uint64.h case.h cache.h \ + uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \ + taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \ +-response.h uint32.h query.h dns.h uint32.h ++response.h uint32.h query.h dns.h uint32.h qmerge.h + ./compile query.c + + random-ip: \ +diff -urNp a/dnscache.c b/dnscache.c +--- a/dnscache.c 2009-03-19 11:01:40.786597556 -0700 ++++ b/dnscache.c 2009-03-19 11:05:27.675225701 -0700 +@@ -23,6 +23,7 @@ + #include "log.h" + #include "okclient.h" + #include "droproot.h" ++#include "maxclient.h" + + long interface; + +@@ -59,7 +60,6 @@ uint64 numqueries = 0; + + static int udp53; + +-#define MAXUDP 200 + static struct udpclient { + struct query q; + struct taia start; +@@ -136,7 +136,6 @@ void u_new(void) + + static int tcp53; + +-#define MAXTCP 20 + struct tcpclient { + struct query q; + struct taia start; +diff -urNp a/log.c b/log.c +--- a/log.c 2009-03-19 11:01:40.791597427 -0700 ++++ b/log.c 2009-03-19 11:05:27.676224153 -0700 +@@ -149,6 +149,13 @@ void log_tx(const char *q,const char qty + line(); + } + ++void log_tx_piggyback(const char *q, const char qtype[2], const char *control) ++{ ++ string("txpb "); ++ logtype(qtype); space(); name(q); space(); name(control); ++ line(); ++} ++ + void log_cachedanswer(const char *q,const char type[2]) + { + string("cached "); logtype(type); space(); +diff -urNp a/log.h b/log.h +--- a/log.h 2001-02-11 13:11:45.000000000 -0800 ++++ b/log.h 2009-03-19 11:05:27.676224153 -0700 +@@ -18,6 +18,7 @@ extern void log_cachednxdomain(const cha + extern void log_cachedns(const char *,const char *); + + extern void log_tx(const char *,const char *,const char *,const char *,unsigned int); ++extern void log_tx_piggyback(const char *,const char *,const char *); + + extern void log_nxdomain(const char *,const char *,unsigned int); + extern void log_nodata(const char *,const char *,const char *,unsigned int); +diff -urNp a/maxclient.h b/maxclient.h +--- a/maxclient.h 1969-12-31 16:00:00.000000000 -0800 ++++ b/maxclient.h 2009-03-19 11:05:27.676224153 -0700 +@@ -0,0 +1,7 @@ ++#ifndef MAXCLIENT_H ++#define MAXCLIENT_H ++ ++#define MAXUDP 200 ++#define MAXTCP 20 ++ ++#endif /* MAXCLIENT_H */ +diff -urNp a/qmerge.c b/qmerge.c +--- a/qmerge.c 1969-12-31 16:00:00.000000000 -0800 ++++ b/qmerge.c 2009-03-19 11:05:27.677221627 -0700 +@@ -0,0 +1,115 @@ ++#include "qmerge.h" ++#include "byte.h" ++#include "log.h" ++#include "maxclient.h" ++ ++#define QMERGE_MAX (MAXUDP+MAXTCP) ++struct qmerge inprogress[QMERGE_MAX]; ++ ++static ++int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2], ++ const char *control) ++{ ++ if (!dns_domain_copy(&qmk->q, q)) return 0; ++ byte_copy(qmk->qtype, 2, qtype); ++ if (!dns_domain_copy(&qmk->control, control)) return 0; ++ return 1; ++} ++ ++static ++int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b) ++{ ++ return ++ byte_equal(a->qtype, 2, b->qtype) && ++ dns_domain_equal(a->q, b->q) && ++ dns_domain_equal(a->control, b->control); ++} ++ ++static ++void qmerge_key_free(struct qmerge_key *qmk) ++{ ++ dns_domain_free(&qmk->q); ++ dns_domain_free(&qmk->control); ++} ++ ++void qmerge_free(struct qmerge **x) ++{ ++ struct qmerge *qm; ++ ++ qm = *x; ++ *x = 0; ++ if (!qm || !qm->active) return; ++ ++ qm->active--; ++ if (!qm->active) { ++ qmerge_key_free(&qm->key); ++ dns_transmit_free(&qm->dt); ++ } ++} ++ ++int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive, ++ const char *q, const char qtype[2], const char localip[4], ++ const char *control) ++{ ++ struct qmerge_key k; ++ int i; ++ int r; ++ ++ qmerge_free(qm); ++ ++ byte_zero(&k, sizeof k); ++ if (!qmerge_key_init(&k, q, qtype, control)) return -1; ++ for (i = 0; i < QMERGE_MAX; i++) { ++ if (!inprogress[i].active) continue; ++ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue; ++ log_tx_piggyback(q, qtype, control); ++ inprogress[i].active++; ++ *qm = &inprogress[i]; ++ qmerge_key_free(&k); ++ return 0; ++ } ++ ++ for (i = 0; i < QMERGE_MAX; i++) ++ if (!inprogress[i].active) ++ break; ++ if (i == QMERGE_MAX) return -1; ++ ++ log_tx(q, qtype, control, servers, 0); ++ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip); ++ if (r == -1) { qmerge_key_free(&k); return -1; } ++ inprogress[i].active++; ++ inprogress[i].state = 0; ++ qmerge_key_free(&inprogress[i].key); ++ byte_copy(&inprogress[i].key, sizeof k, &k); ++ *qm = &inprogress[i]; ++ return 0; ++} ++ ++void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline) ++{ ++ if (qm->state == 0) { ++ dns_transmit_io(&qm->dt, io, deadline); ++ qm->state = 1; ++ } ++ else { ++ io->fd = -1; ++ io->events = 0; ++ } ++} ++ ++int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when) ++{ ++ int r; ++ struct qmerge *qm; ++ ++ qm = *x; ++ if (qm->state == -1) return -1; /* previous error */ ++ if (qm->state == 0) return 0; /* no packet */ ++ if (qm->state == 2) return 1; /* already got packet */ ++ ++ r = dns_transmit_get(&qm->dt, io, when); ++ if (r == -1) { qm->state = -1; return -1; } /* error */ ++ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */ ++ if (r == 1) { qm->state = 2; return 1; } /* got packet */ ++ return -1; /* bug */ ++} +diff -urNp a/qmerge.h b/qmerge.h +--- a/qmerge.h 1969-12-31 16:00:00.000000000 -0800 ++++ b/qmerge.h 2009-03-19 11:05:27.678227481 -0700 +@@ -0,0 +1,24 @@ ++#ifndef QMERGE_H ++#define QMERGE_H ++ ++#include "dns.h" ++ ++struct qmerge_key { ++ char *q; ++ char qtype[2]; ++ char *control; ++}; ++ ++struct qmerge { ++ int active; ++ struct qmerge_key key; ++ struct dns_transmit dt; ++ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */ ++}; ++ ++extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *); ++extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *); ++extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *); ++extern void qmerge_free(struct qmerge **); ++ ++#endif /* QMERGE_H */ +diff -urNp a/query.c b/query.c +--- a/query.c 2009-03-19 11:01:40.792597346 -0700 ++++ b/query.c 2009-03-19 11:24:43.152221609 -0700 +@@ -84,7 +84,7 @@ static void cleanup(struct query *z) + int j; + int k; + +- dns_transmit_free(&z->dt); ++ qmerge_free(&z->qm); + for (j = 0;j < QUERY_MAXALIAS;++j) + dns_domain_free(&z->alias[j]); + for (j = 0;j < QUERY_MAXLEVEL;++j) { +@@ -619,14 +619,8 @@ static int doit(struct query *z,int stat + if (j == 256) goto SERVFAIL; + + dns_sortip6(z->servers[z->level],256); +- if (z->level) { +- log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level); +- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE; +- } +- else { +- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0); +- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE; +- } ++ dtype = z->level ? DNS_T_A : z->type; ++ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE; + return 0; + + +@@ -640,10 +634,10 @@ static int doit(struct query *z,int stat + + HAVEPACKET: + if (++z->loop == 100) goto DIE; +- buf = z->dt.packet; +- len = z->dt.packetlen; ++ buf = z->qm->dt.packet; ++ len = z->qm->dt.packetlen; + +- whichserver = z->dt.servers + 16 * z->dt.curserver; ++ whichserver = z->qm->dt.servers + 16 * z->qm->dt.curserver; + control = z->control[z->level]; + d = z->name[z->level]; + dtype = z->level ? DNS_T_A : z->type; +@@ -1050,7 +1044,7 @@ int query_start(struct query *z,char *dn + + int query_get(struct query *z,iopause_fd *x,struct taia *stamp) + { +- switch(dns_transmit_get(&z->dt,x,stamp)) { ++ switch(qmerge_get(&z->qm,x,stamp)) { + case 1: + return doit(z,1); + case -1: +@@ -1061,5 +1055,5 @@ int query_get(struct query *z,iopause_fd + + void query_io(struct query *z,iopause_fd *x,struct taia *deadline) + { +- dns_transmit_io(&z->dt,x,deadline); ++ qmerge_io(z->qm,x,deadline); + } +diff -urNp a/query.h b/query.h +--- a/query.h 2009-03-19 11:01:40.793597403 -0700 ++++ b/query.h 2009-03-19 11:05:27.681222487 -0700 +@@ -1,7 +1,7 @@ + #ifndef QUERY_H + #define QUERY_H + +-#include "dns.h" ++#include "qmerge.h" + #include "uint32.h" + + #define QUERY_MAXLEVEL 5 +@@ -21,7 +21,7 @@ struct query { + uint32 scope_id; + char type[2]; + char class[2]; +- struct dns_transmit dt; ++ struct qmerge *qm; + } ; + + extern int query_start(struct query *,char *,char *,char *,char *,unsigned int); diff --git a/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch new file mode 100644 index 0000000..d5b9c10 --- /dev/null +++ b/net-dns/djbdns/files/CVE2008-4392_0002-dnscache-cache-soa-records-ipv6.patch @@ -0,0 +1,68 @@ +diff -urNp a/query.c b/query.c +--- a/query.c 2009-03-19 11:35:28.452472164 -0700 ++++ b/query.c 2009-03-19 11:59:19.798221593 -0700 +@@ -476,6 +476,29 @@ static int doit(struct query *z,int stat + } + } + ++ if (typematch(DNS_T_SOA,dtype)) { ++ byte_copy(key,2,DNS_T_SOA); ++ cached = cache_get(key,dlen + 2,&cachedlen,&ttl); ++ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { ++ log_cachedanswer(d,DNS_T_SOA); ++ if (!rqa(z)) goto DIE; ++ pos = 0; ++ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) { ++ pos = dns_packet_getname(cached,cachedlen,pos,&t2); ++ if (!pos) break; ++ pos = dns_packet_getname(cached,cachedlen,pos,&t3); ++ if (!pos) break; ++ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE; ++ if (!response_addname(t2)) goto DIE; ++ if (!response_addname(t3)) goto DIE; ++ if (!response_addbytes(misc,20)) goto DIE; ++ response_rfinish(RESPONSE_ANSWER); ++ } ++ cleanup(z); ++ return 1; ++ } ++ } ++ + if (typematch(DNS_T_A,dtype)) { + byte_copy(key,2,DNS_T_A); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); +@@ -541,7 +564,7 @@ static int doit(struct query *z,int stat + } + } + +- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_AAAA,dtype)) { ++ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype) && !typematch(DNS_T_AAAA,dtype)) { + byte_copy(key,2,dtype); + cached = cache_get(key,dlen + 2,&cachedlen,&ttl); + if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) { +@@ -769,15 +792,24 @@ static int doit(struct query *z,int stat + else if (byte_equal(type,2,DNS_T_AXFR)) + ; + else if (byte_equal(type,2,DNS_T_SOA)) { ++ int non_authority = 0; ++ save_start(); + while (i < j) { + pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE; + pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE; + pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE; +- if (records[i] < posauthority) ++ if (records[i] < posauthority) { + log_rrsoa(whichserver,t1,t2,t3,misc,ttl); ++ save_data(misc,20); ++ save_data(t2,dns_domain_length(t2)); ++ save_data(t3,dns_domain_length(t3)); ++ non_authority++; ++ } + ++i; + } ++ if (non_authority) ++ save_finish(DNS_T_SOA,t1,ttl); + } + else if (byte_equal(type,2,DNS_T_CNAME)) { + pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE; diff --git a/net-dns/djbdns/files/dnsroots.patch b/net-dns/djbdns/files/dnsroots.patch new file mode 100644 index 0000000..5db44ec --- /dev/null +++ b/net-dns/djbdns/files/dnsroots.patch @@ -0,0 +1,18 @@ +--- djbdns-1.05.old/dnsroots.global.old Fri May 31 19:42:37 2002 ++++ djbdns-1.05/dnsroots.global Thu Jan 29 21:41:56 2004 +@@ -1,5 +1,5 @@ + 198.41.0.4 +-128.9.0.107 ++192.228.79.201 + 192.33.4.12 + 128.8.10.90 + 192.203.230.10 +@@ -7,7 +7,7 @@ + 192.112.36.4 + 128.63.2.53 + 192.36.148.17 +-198.41.0.10 ++192.58.128.30 + 193.0.14.129 + 198.32.64.12 + 202.12.27.33 diff --git a/net-dns/djbdns/files/makefile-parallel.patch b/net-dns/djbdns/files/makefile-parallel.patch new file mode 100644 index 0000000..51c0317 --- /dev/null +++ b/net-dns/djbdns/files/makefile-parallel.patch @@ -0,0 +1,80 @@ +--- a/Makefile 2011-04-07 21:49:48.140645070 -0400 ++++ b/Makefile 2011-04-07 22:24:06.595746444 -0400 +@@ -332,7 +332,7 @@ + + dns_transmit.o: \ + compile dns_transmit.c socket.h uint16.h alloc.h error.h byte.h \ +-uint16.h dns.h stralloc.h gen_alloc.h iopause.h taia.h tai.h uint64.h \ ++uint32.h dns.h stralloc.h gen_alloc.h iopause.h taia.h tai.h uint64.h \ + taia.h + ./compile dns_transmit.c + +@@ -860,15 +860,15 @@ + rm -f trylsock.o trylsock + + socket_accept.o: \ +-compile socket_accept.c byte.h socket.h uint16.h ++compile socket_accept.c byte.h socket.h uint16.h uint32.h + ./compile socket_accept.c + + socket_accept6.o: \ +-compile socket_accept6.c byte.h socket.h uint16.h ++compile socket_accept6.c byte.h socket.h uint16.h uint32.h + ./compile socket_accept6.c + + socket_bind.o: \ +-compile socket_bind.c byte.h socket.h uint16.h ++compile socket_bind.c byte.h socket.h uint16.h uint32.h + ./compile socket_bind.c + + socket_bind6.o: \ +@@ -876,7 +876,7 @@ + ./compile socket_bind6.c + + socket_conn.o: \ +-compile socket_conn.c byte.h socket.h uint16.h ++compile socket_conn.c byte.h socket.h uint16.h uint32.h + ./compile socket_conn.c + + socket_connect6.o: \ +@@ -884,11 +884,11 @@ + ./compile socket_connect6.c + + socket_listen.o: \ +-compile socket_listen.c socket.h uint16.h ++compile socket_listen.c socket.h uint16.h uint32.h + ./compile socket_listen.c + + socket_recv.o: \ +-compile socket_recv.c byte.h socket.h uint16.h ++compile socket_recv.c byte.h socket.h uint16.h uint32.h + ./compile socket_recv.c + + socket_recv6.o: \ +@@ -896,7 +896,7 @@ + ./compile socket_recv6.c + + socket_send.o: \ +-compile socket_send.c byte.h socket.h uint16.h ++compile socket_send.c byte.h socket.h uint16.h uint32.h + ./compile socket_send.c + + socket_send6.o: \ +@@ -904,7 +904,7 @@ + ./compile socket_send6.c + + socket_tcp.o: \ +-compile socket_tcp.c ndelay.h socket.h uint16.h ++compile socket_tcp.c ndelay.h socket.h uint16.h uint32.h + ./compile socket_tcp.c + + socket_tcp6.o: \ +@@ -912,7 +912,7 @@ + ./compile socket_tcp6.c + + socket_udp.o: \ +-compile socket_udp.c ndelay.h socket.h uint16.h ++compile socket_udp.c ndelay.h socket.h uint16.h uint32.h + ./compile socket_udp.c + + socket_udp6.o: \ -- 2.44.2