Bug 226860 - [UPDATE] dns/bird: update to 1.6.4 - security release
Summary: [UPDATE] dns/bird: update to 1.6.4 - security release
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Olivier Cochard
URL: http://trubka.network.cz/pipermail/bi...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-23 00:24 UTC by Leo Vandewoestijne
Modified: 2018-03-27 15:12 UTC (History)
1 user (show)

See Also:

Attachments
Bird 1.6.4 patch (29.64 KB, patch)
2018-03-26 21:40 UTC, Olivier Cochard 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Leo Vandewoestijne 2018-03-23 00:24:08 UTC 
JFYI; today Bird 1.6.5 released (and Bird 2.0.2 also);
a security release as birdc could DoS systems when it's in restrictive mode.


I'm still working on a patch, but the large firewall patch is making it difficult, but I do not wish to break it. But as I've never all that code it's a bit complicated at once.

However of the other patches than that one which were in the 1.6.4 port I clearly saw they all became absolete.


The additional entry in MASTER_SITES should be removed (as last version added was 1.5.0 in April 2015, and only will cause 404's on both ends).

https://dns.company/www/downloads/bird/ could anyway be added as additional.
Comment 1 Olivier Cochard freebsd_committer freebsd_triage 2018-03-23 09:42:21 UTC 
I plan to:
1. Upgrade net/bird to 1.6.4 and removing the firewall patch&option
2. renaming net/bird to net/bird-legacy
3. renaming net/bird-devel to net/bird, because using net/bird-devel for bird version 2 is not the purpose of a -devel 

What do you think?
Comment 2 Leo Vandewoestijne 2018-03-23 13:23:54 UTC 
Sounds like we have exact alike minds.

I don't know whether many are depending on the firewall patch, but I guess only few.
To avoid surprised users I made a post in the newsgroup about it:
http://trubka.network.cz/pipermail/bird-users/2018-March/012095.html
But I with having the 2.x.x branch it's for those user on the long term an unavoidable issue anyway.
Comment 3 Olivier Cochard freebsd_committer freebsd_triage 2018-03-26 21:40:25 UTC 
Created attachment 191854 [details]
Bird 1.6.4 patch

Here is my proposed patch about bird 1.6.4.
I need to check it on my lab before commit it, but more tests are welcome.
Comment 4 Leo Vandewoestijne 2018-03-27 14:15:41 UTC 
JFYI; I've tested that on 111amd64 and in poudriere against 103amd64, 103i386, 104amd64, 104i386, 111amd64, 111i386.
That all went flawless for me.
Comment 5 commit-hook freebsd_committer freebsd_triage 2018-03-27 15:09:48 UTC 
A commit references this bug:

Author: olivier
Date: Tue Mar 27 15:09:23 UTC 2018
New revision: 465713
URL: https://svnweb.freebsd.org/changeset/ports/465713

Log:
  Update to 1.6.4 and remove the FreeBSD's specific feature FIREWALL option
  to ease port maintenance.

  PR:		226860
  Reported by:	Leo Vandewoestijne <freebsd@dns.company>

Changes:
  head/net/bird/Makefile
  head/net/bird/distinfo
  head/net/bird/files/firewall_support.patch
  head/net/bird/files/patch-filter-filter.c
  head/net/bird/files/patch-sysdep-bsd-setkey.h
  head/net/bird/files/patch-sysdep-bsd-sysio.h
  head/net/bird/files/patch-tools_gendist
Comment 6 Olivier Cochard freebsd_committer freebsd_triage 2018-03-27 15:12:14 UTC 
Just committed: Thanks for the reminder.