Bug 239964

Summary: dns/nsd: Update to 4.2.2
Product: Ports & Packages Reporter: Jaap Akkerhuis <jaap>
Component: Individual Port(s)Assignee: Jochen Neumeister <joneum>
Status: Closed FIXED    
Severity: Affects Many People CC: jaap, joneum, ports-secteam
Priority: Normal Keywords: needs-patch, needs-qa, security
Version: LatestFlags: koobs: maintainer-feedback? (jaap)
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch to upgrade jaap: maintainer-approval+

Description Jaap Akkerhuis 2019-08-19 10:21:10 UTC 
Created attachment 206695 [details]
patch to upgrade

This release fixes a number of, smaller, bugs.  Several failures are
fixed in the zone file parser, reported by fuzzing from Frederic Cambus.

NSD now warns when a zonefile is parsed with SSHFP records in it with
wrong lengths.  The record itself is still managed normally, eg. does
not cause the zone to stop loading.  They are output into log, but the
warnings are easily visible from the commandline using nsd-checkzone.

The release also fixes a segfault on exit, that originated from a fix
in 4.2.1.

4.2.2
================
BUG FIXES:
- Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
  dname_concatenate() function.  Reported by Frederic Cambus.
  It causes the zone parser to crash on a malformed zone file,
  with assertions enabled, an assertion catches it.
- Fix #19: Out-of-bounds read caused by improper validation of
  array index.  Reported by Frederic Cambus.  The zone parser
  fails on type SIG because of mismatched definition with RRSIG.
- PR #23: Fix typo in nsd.conf man-page.
- Fix that NSD warns for wrong length of the hash in SSHFP records.
- Fix #25: NSD doesn't refresh zones after extended downtime,
  it refreshes the old zones.
- Set no renegotiation on the SSL context to stop client
  session renegotiation.
- Fix #29: SSHFP check NULL pointer dereference.
- Fix #30: SSHFP check failure due to missing domain name.
- Fix to timeval_add in minievent for remaining second in microseconds.
- PR #31: nsd-control: Add missing stdio header.
- PR #32: tsig: Fix compilation without HAVE_SSL.
- Cleanup tls context on xfrd exit.
- Fix #33: Fix segfault in service of remaining streams on exit.
- Fix error message for out of zone data to have more information.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2019-08-19 10:22:19 UTC 
^Triage: Bugfix release, MFH
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2019-08-19 10:26:38 UTC 
@Jaap Can you please provide a separate patch adding a security/vuxml entry please
Comment 3 Jaap Akkerhuis 2019-08-19 12:31:22 UTC 
(In reply to Kubilay Kocak from comment #2)
I'm not sure how to provide such a patch, have you an example?
Anyway, below is the vuxml entry I created.

  <vuln vid="3b7e6d30-3122-478a-bb1d-fe7697bd0377">
    <topic>nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overfl
ow in the dname_concatenate() function in dname.c</topic>
    <affects>
      <package>
        <name>nsd</name>
        <range><lt>4.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>fcambus reports:</p>
        <blockquote cite="https://github.com/NLnetLabs/nsd/issues/20">
          <p>Stack-based Buffer Overflow in the
                dname_concatenate() function #20</p>
        </blockquote>
      </body>
    </description>
    <references>
        <freebsdpr>ports/239964</freebsdpr>
        <cvename>CVE-2019-13207</cvename>
    </references>
    <dates>
      <discovery>2019-07-03</discovery>
      <entry>2019-08-19</entry>
    </dates>
  </vuln>
Comment 4 commit-hook freebsd_committer freebsd_triage 2019-08-19 17:09:44 UTC 
A commit references this bug:

Author: joneum
Date: Mon Aug 19 17:08:52 UTC 2019
New revision: 509292
URL: https://svnweb.freebsd.org/changeset/ports/509292

Log:
  Add dns/nsd

  PR:		239964
  Reported by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
  Sponsored by:	Netzkommune GmbH

Changes:
  head/security/vuxml/vuln.xml
Comment 5 commit-hook freebsd_committer freebsd_triage 2019-08-19 17:56:49 UTC 
A commit references this bug:

Author: joneum
Date: Mon Aug 19 17:56:05 UTC 2019
New revision: 509298
URL: https://svnweb.freebsd.org/changeset/ports/509298

Log:
  Update to 4.2.2

  Changelog: https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_2_2_REL

  PR:		239964
  Reported by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
  MFH:		2019Q3
  Security:	56778a31-c2a1-11e9-9051-4c72b94353b5
  Sponsored by:	Netzkommune GmbH

Changes:
  head/dns/nsd/Makefile
  head/dns/nsd/distinfo
Comment 6 commit-hook freebsd_committer freebsd_triage 2019-08-19 17:59:50 UTC 
A commit references this bug:

Author: joneum
Date: Mon Aug 19 17:59:30 UTC 2019
New revision: 509299
URL: https://svnweb.freebsd.org/changeset/ports/509299

Log:
  MFH: r509298

  Update to 4.2.2

  Changelog: https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_2_2_REL

  PR:		239964
  Reported by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
  Security:	56778a31-c2a1-11e9-9051-4c72b94353b5
  Sponsored by:	Netzkommune GmbH

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2019Q3/
  branches/2019Q3/dns/nsd/Makefile
  branches/2019Q3/dns/nsd/distinfo