Created attachment 187608 [details]
Already a month ago Knot-resolver had a new release.
This is the patch that upgrades to 1.4.0
I'm testing the build on all supported FreeBSD releases and on all of them I get this error message:
gmake -C modules/policy/lua-aho-corasick/ ahocorasick.so CFLAGS="-I/usr/local/include/luajit-2.0 -O2 -O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing -std=c99"
gmake: Entering directory '/wrkdirs/usr/ports/dns/knot-resolver/work/knot-resolver-1.4.0/modules/policy/lua-aho-corasick'
c++ ac_fast.cxx -c -fvisibility=hidden -Wall -I/usr/local/include/luajit-2.0 -O2 -O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing -std=c99 -fPIC -I/usr/local/include/lua5.1 -MMD -o build_so/ac_fast.o
error: invalid argument '-std=c99' not allowed with 'C++/ObjC++'
gmake: *** [Makefile:84: build_so/ac_fast.o] Error 1
gmake: Leaving directory '/wrkdirs/usr/ports/dns/knot-resolver/work/knot-resolver-1.4.0/modules/policy/lua-aho-corasick'
gmake: *** [modules/policy/policy.mk:10: modules/policy/lua-aho-corasick/ahocorasick.so] Error 2
gmake: Leaving directory '/wrkdirs/usr/ports/dns/knot-resolver/work/knot-resolver-1.4.0'
*** Error code 1
- a part is c++ now. Port's `USE_CSTD= c99` probably makes mess somewhere. The upstream Makefile passes -std=c99 where suitable, so I can't see why bother.
- The current version in ports is vulnerable. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000002
- Feel free to ask upstream (me) with further problems, e.g. on https://gitter.im/CZ-NIC/knot-resolver or https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-users (no BSD expert there, but I assume you would bring those parts of knowledge)
Created attachment 191155 [details]
upgrade to 1.5.3
> Port's `USE_CSTD= c99` probably makes mess somewhere
Can't be; that's what was removed in initial patch.
Myself I didn't get any build errors.
I already tried a couple of times to upgrade to 2.x.x but so far wasn't successful each attempt.
I'd like to contact you during next week.
Until then, this new patch will upgrade to 1.5.3, so should solve CVE-2018-1000002
So far I was only able to manually test on 10.3/amd64, Monday I can do all supported releases.
A commit references this bug:
Date: Mon Mar 5 16:38:34 UTC 2018
New revision: 463651
dns/knot-resolver: Update to 1.5.3
Submitted by: Leo Vandewoestijne <email@example.com> (maintainer
I've committed the submitted patch to 1.5.3, so I can close this PR.
Thanks for your efforts!