Created attachment 187608 [details] knot-resolver 1.4.0 Already a month ago Knot-resolver had a new release. This is the patch that upgrades to 1.4.0
I'm testing the build on all supported FreeBSD releases and on all of them I get this error message: gmake -C modules/policy/lua-aho-corasick/ ahocorasick.so CFLAGS="-I/usr/local/include/luajit-2.0 -O2 -O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing -std=c99" gmake[2]: Entering directory '/wrkdirs/usr/ports/dns/knot-resolver/work/knot-resolver-1.4.0/modules/policy/lua-aho-corasick' mkdir build_so c++ ac_fast.cxx -c -fvisibility=hidden -Wall -I/usr/local/include/luajit-2.0 -O2 -O2 -pipe -fstack-protector -isystem /usr/local/include -fno-strict-aliasing -std=c99 -fPIC -I/usr/local/include/lua5.1 -MMD -o build_so/ac_fast.o error: invalid argument '-std=c99' not allowed with 'C++/ObjC++' gmake[2]: *** [Makefile:84: build_so/ac_fast.o] Error 1 gmake[2]: Leaving directory '/wrkdirs/usr/ports/dns/knot-resolver/work/knot-resolver-1.4.0/modules/policy/lua-aho-corasick' gmake[1]: *** [modules/policy/policy.mk:10: modules/policy/lua-aho-corasick/ahocorasick.so] Error 2 gmake[1]: Leaving directory '/wrkdirs/usr/ports/dns/knot-resolver/work/knot-resolver-1.4.0' *** Error code 1
- a part is c++ now. Port's `USE_CSTD= c99` probably makes mess somewhere. The upstream Makefile passes -std=c99 where suitable, so I can't see why bother. - The current version in ports is vulnerable. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000002 - Feel free to ask upstream (me) with further problems, e.g. on https://gitter.im/CZ-NIC/knot-resolver or https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-users (no BSD expert there, but I assume you would bring those parts of knowledge)
Created attachment 191155 [details] upgrade to 1.5.3 > Port's `USE_CSTD= c99` probably makes mess somewhere > Can't be; that's what was removed in initial patch. Myself I didn't get any build errors. I already tried a couple of times to upgrade to 2.x.x but so far wasn't successful each attempt. I'd like to contact you during next week. Until then, this new patch will upgrade to 1.5.3, so should solve CVE-2018-1000002 So far I was only able to manually test on 10.3/amd64, Monday I can do all supported releases.
A commit references this bug: Author: pizzamig Date: Mon Mar 5 16:38:34 UTC 2018 New revision: 463651 URL: https://svnweb.freebsd.org/changeset/ports/463651 Log: dns/knot-resolver: Update to 1.5.3 PR: 223339 Submitted by: Leo Vandewoestijne <freebsd@dns-lab.com> (maintainer Changes: head/dns/knot-resolver/Makefile head/dns/knot-resolver/distinfo head/dns/knot-resolver/pkg-plist
I've committed the submitted patch to 1.5.3, so I can close this PR. Thanks for your efforts!