Bug 251530 - dns/nsd: Update to 4.3.4
Summary: dns/nsd: Update to 4.3.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Bernard Spil
URL: https://nlnetlabs.nl/news/2020/Dec/01...
Keywords: buildisok
Depends on:
Blocks:
 
Reported: 2020-12-02 13:42 UTC by Jaap Akkerhuis
Modified: 2020-12-21 14:00 UTC (History)
4 users (show)

See Also:
fernape: merge-quarterly?

Attachments
Patch to upgrade nsd (798 bytes, patch)
2020-12-02 13:42 UTC, Jaap Akkerhuis 		jaap: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2020-12-02 13:42:00 UTC 
Created attachment 220168 [details]
Patch to upgrade nsd

This release fixes CVE-2020-28935, this solves a problem where the
pidfile is altered by a symlink, and fails if a symlink is encountered.
See https://nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt for more
information.

Also there are bug fixes and the syntax of the RR type ZONEMD can be
used in zonefiles.

4.3.4
================
FEATURES:
- Merge PR #141: ZONEMD RR type.

BUG FIXES:
- Fix #129: ambiguous use of errno, in log message if sendmmsg fails.
- Fix #128: Fix that the invalid port number is logged for sendmmsg
  failed: Invalid argument.
- Fix #127: two minor `-Wcast-qual` cleanups
- Fix #126: minor header hygiene
- Fix #125: include config.h in compat/setproctitle.c and fix
  prototype of `setproctitle`
- Fix #133: fix 0-init of local ( stack ) buffer.
- Fix missing parenthesis on size of fix to init buffer.
- Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.
- Fix to add missing closest encloser NSEC3 for wildcard nodata type
  DS answer.
- Remove unused init_cfg_parse routine from configlexer.
- Fix #138: NSD returns non-EDNS answer when QUESTION is empty.
- Fix #142: NODATA answers missin SOA in authority section after
  CNAME chain.
- Fix for CVE-2020-28935 : Fix that symlink does not interfere
  with chown of pidfile.
Comment 1 Automation User 2020-12-02 13:57:39 UTC 
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/224268829
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2020-12-03 09:09:17 UTC 
^Triage MFH: "+" should only be used when the merge has taken place but nothing has been committed yet.

TODO: This needs an entry in vuxml
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-12-12 17:03:59 UTC 
A commit references this bug:

Author: brnrd
Date: Sat Dec 12 17:03:02 UTC 2020
New revision: 557838
URL: https://svnweb.freebsd.org/changeset/ports/557838

Log:
  dns/nsd: Security update to 4.3.4

  PR:		251530
  Submitted by:	Jaap Akkerhuis <jaap nlnetlabs nl> (maintainer)
  Approved by:	maintainer (implicit)
  MFH:		2020Q4
  Security:	388ebb5b-3c95-11eb-929d-d4c9ef517024

Changes:
  head/dns/nsd/Makefile
  head/dns/nsd/distinfo
Comment 4 commit-hook freebsd_committer freebsd_triage 2020-12-12 17:10:03 UTC 
A commit references this bug:

Author: brnrd
Date: Sat Dec 12 17:09:24 UTC 2020
New revision: 557841
URL: https://svnweb.freebsd.org/changeset/ports/557841

Log:
  MFH: r557838

  dns/nsd: Security update to 4.3.4

  PR:		251530
  Submitted by:	Jaap Akkerhuis <jaap nlnetlabs nl> (maintainer)
  Approved by:	maintainer (implicit)
  Security:	388ebb5b-3c95-11eb-929d-d4c9ef517024

Changes:
_U  branches/2020Q4/
  branches/2020Q4/dns/nsd/Makefile
  branches/2020Q4/dns/nsd/distinfo