Bug 251530 - dns/nsd: Update to 4.3.4
Summary: dns/nsd: Update to 4.3.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Bernard Spil
URL: https://nlnetlabs.nl/news/2020/Dec/01...
Keywords: buildisok
Depends on:
Blocks:
 
Reported: 2020-12-02 13:42 UTC by Jaap Akkerhuis
Modified: 2020-12-21 14:00 UTC (History)
4 users (show)

See Also:
fernape: merge-quarterly?


Attachments
Patch to upgrade nsd (798 bytes, patch)
2020-12-02 13:42 UTC, Jaap Akkerhuis
jaap: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2020-12-02 13:42:00 UTC
Created attachment 220168 [details]
Patch to upgrade nsd

This release fixes CVE-2020-28935, this solves a problem where the
pidfile is altered by a symlink, and fails if a symlink is encountered.
See https://nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt for more
information.

Also there are bug fixes and the syntax of the RR type ZONEMD can be
used in zonefiles.

4.3.4
================
FEATURES:
- Merge PR #141: ZONEMD RR type.

BUG FIXES:
- Fix #129: ambiguous use of errno, in log message if sendmmsg fails.
- Fix #128: Fix that the invalid port number is logged for sendmmsg
  failed: Invalid argument.
- Fix #127: two minor `-Wcast-qual` cleanups
- Fix #126: minor header hygiene
- Fix #125: include config.h in compat/setproctitle.c and fix
  prototype of `setproctitle`
- Fix #133: fix 0-init of local ( stack ) buffer.
- Fix missing parenthesis on size of fix to init buffer.
- Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.
- Fix to add missing closest encloser NSEC3 for wildcard nodata type
  DS answer.
- Remove unused init_cfg_parse routine from configlexer.
- Fix #138: NSD returns non-EDNS answer when QUESTION is empty.
- Fix #142: NODATA answers missin SOA in authority section after
  CNAME chain.
- Fix for CVE-2020-28935 : Fix that symlink does not interfere
  with chown of pidfile.
Comment 1 Automation User 2020-12-02 13:57:39 UTC
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/224268829
Comment 2 Fernando Apesteguía freebsd_committer 2020-12-03 09:09:17 UTC
^Triage MFH: "+" should only be used when the merge has taken place but nothing has been committed yet.

TODO: This needs an entry in vuxml
Comment 3 commit-hook freebsd_committer 2020-12-12 17:03:59 UTC
A commit references this bug:

Author: brnrd
Date: Sat Dec 12 17:03:02 UTC 2020
New revision: 557838
URL: https://svnweb.freebsd.org/changeset/ports/557838

Log:
  dns/nsd: Security update to 4.3.4

  PR:		251530
  Submitted by:	Jaap Akkerhuis <jaap nlnetlabs nl> (maintainer)
  Approved by:	maintainer (implicit)
  MFH:		2020Q4
  Security:	388ebb5b-3c95-11eb-929d-d4c9ef517024

Changes:
  head/dns/nsd/Makefile
  head/dns/nsd/distinfo
Comment 4 commit-hook freebsd_committer 2020-12-12 17:10:03 UTC
A commit references this bug:

Author: brnrd
Date: Sat Dec 12 17:09:24 UTC 2020
New revision: 557841
URL: https://svnweb.freebsd.org/changeset/ports/557841

Log:
  MFH: r557838

  dns/nsd: Security update to 4.3.4

  PR:		251530
  Submitted by:	Jaap Akkerhuis <jaap nlnetlabs nl> (maintainer)
  Approved by:	maintainer (implicit)
  Security:	388ebb5b-3c95-11eb-929d-d4c9ef517024

Changes:
_U  branches/2020Q4/
  branches/2020Q4/dns/nsd/Makefile
  branches/2020Q4/dns/nsd/distinfo