2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958) |
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962) |
Log message:
net: Remove SHA1 hashes for distfiles
|
2021-02-11 12:25:51 by Nia Alarie | Files touched by this commit (3) |
Log message:
adns: Update to 1.6.0
adns (1.6.0) UPSTREAM; urgency=medium
Bugfixes:
* adnshost: Support --reverse in -f mode input stream
* timeout robustness against clock skew: track query start time and
duration. Clock instability may now only cause spurious timeouts
rather than indefinite hangs or even assertion failures.
New features:
* adnshost: Offer ability to set adns checkc flags
* adnslogres: Honour --checkc-freq (if it comes first)
* adnsresfilter: Honour --checkc-freq and --checkc-entex
* time handling: Support use of CLOCK_MONOTONIC via an init flag.
* adns_str* etc.: Improve robustness; more allowable inputs values.
Build system improvements:
* clean targets: Delete $(TARGETS) too!
* Remove all m4 output files from the distributed source tree.
* Support DESTDIR=/some/absolute/path on `make install'.
* Provide autogen.sh.
* Rerun autoheader and autoconf (2.69).
Internal changes:
* adnshost: adh-opts.c: Whitespace adjustments to option table
Tests:
* New tests for fixes in 1.5.3.
* Fixes to test harness to avoid false positives during fuzzing.
* Other changes to support use with AFL.
* Many supporting improvements and refactorings.
* Fix skipped tests ($$ reference in Makefile)
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 \
15:49:39 +0100
adns (1.5.2) UPSTREAM; urgency=medium
* Important security fixes:
CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
Vulnerable applications: all adns callers.
Exploitable by: the local recursive resolver.
Likely worst case: Remote code execution.
CVE-2017-9106:
Vulnerable applications: those that make SOA queries.
Exploitable by: upstream DNS data sources.
Likely worst case: DoS (crash of the adns-using application)
CVE-2017-9107:
Vulnerable applications: those that use adns_qf_quoteok_query.
Exploitable by: sources of query domain names.
Likely worst case: DoS (crash of the adns-using application)
CVE-2017-9108:
Vulnerable applications: adnshost.
Exploitable by: code responsible for framing the input.
Likely worst case: DoS (adnshost crashes at EOF).
All found by AFL 2.35b. Thanks to the University of Cambridge
Department of Applied Mathematics for computing facilities.
Bugfixes:
* Do not include spurious external symbol `data' (fixes GCC10 build).
* If server sends TC flag over TCP, bail rather than retrying.
* Do not crash on certain strange resolv.conf contents.
* Fix various crashes if a global system failure occurs, or
adns_finish is called with outstanding queries.
* Correct a parsing error message very slightly.
* DNS packet parsing: Slight fix when packet is truncated.
* Fix ABI compatibility in string conversion of certain RR types.
* internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
Portability fix:
* common.make.in: add -Wno-unused-value. Fixes build with GCC9.
Internal changes:
* Additional comments describing some internal code restrions.
* Robustness assert() against malfunctioning write() system call.
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 \
15:48:12 +0100
|
2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981) |
Log message:
all: migrate homepages from http to https
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
|
2016-08-16 15:34:52 by Makoto Fujiwara | Files touched by this commit (2) |
Log message:
Updated net/adns to 1.5.1
-------------------------
adns (1.5.1) UPSTREAM; urgency=medium
* Portability fix for systems where socklen_t is bigger than int.
* Fix for malicious optimisation of memcpy in test suite, which
causes failure with gcc-4.1.9 -O3. See Debian bug #772718.
* Fix TCP async connect handling. The bug is hidden on Linux and on most
systems where the nameserver is on localhost. If it is not hidden,
adns's TCP support is broken unless adns_if_noautosys is used.
* Fix addr queries (including subqueries, ie including deferencing MX
lookups etc.) not to crash when one of the address queries returns
tempfail. Also, do not return a spurious pointer to the application
when one of the address queries returns a permanent error (although,
the application almost certainly won't use this pointer because the
associated count is zero).
* adnsresfilter: Fix addrtextbuf buffer size. This is not actually a
problem in real compiled code but should be corrected.
* Properly include harness.h in adnstest.c in regress/. Suppresses
a couple of compiler warnings (implicit declaration of Texit, etc.)
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 12 Aug 2016 \
22:53:59 +0100
|
2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748) |
Log message:
Add SHA512 digests for distfiles for net category
Problems found with existing digests:
Package haproxy distfile haproxy-1.5.14.tar.gz
159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package bsddip: missing distfile bsddip-1.02.tar.Z
Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
Package djbdns: missing distfile djbdns-cachestats.patch
Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
Package gated: missing distfile gated-3-5-11.tar.gz
Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
Package poink: missing distfile poink-1.6.tar.gz
Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
Package waste: missing distfile waste-source.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
2015-01-29 10:53:29 by Makoto Fujiwara | Files touched by this commit (5) | |
Log message:
recursive revbump due to net/adns update 1.4 to 1.5.0
|
2015-01-29 10:47:04 by Makoto Fujiwara | Files touched by this commit (8) | |
Log message:
(pkgsrc)
- Add comments on patches from cvs log
(upsteam)
- update 1.4 to 1.5.0
-------------------
Changes in adns 1.5.0, since adns 1.4, are:
New features:
* This release provides full IPv6 support. Applications can request
AAAA records (containing IPv6 addresses) as well as, or instead of,
A records (containing IPv4 addresses). adns 1.5 can speak to
nameservers over IPv6.
* adns_addr2text and adns_text2addr: Convenient C functions for
converting between addresses and address literals. These carry
less baggage than getaddrinfo and getnameinfo.
Bugfixes:
* We fix a crashing bug in adnslogres. (Debian#392102.)
* Previously, parsing of some adns_specific options in resolv.conf
would go awry if multiple options were specified on the same line.
(Fixed since 1.5.0~rc0.)
* adns now knows to ignore more things in resolv.conf, rather than
warn about them, and there's also an option to disable all of these
warnings. (Debian#411263.) (Fixed since 1.5.0~rc0.)
* Previously, some harmless but wrong owner names for checked ptr
queries would be accepted; now they are rejected with `Domain
invalid for particular DNS query type'.
Other:
* There are some minor API/ABI changes and improvements, for future
proofing.
* There are also some build system, test suite and coding style
improvements.
* Licence is now GPLv3.
Compatibility:
adns 1.5 is fully forwards API- and ABI-compatible with 1.4.
adns 1.5 is not backwards ABI-compatible, in the sense that
applications built against adns 1.5 but run with adns 1.4 may
experience `Function not implemented' errors, or `symbol lookup
error' due to undefined symbols. But applications built against 1.4
will not experience data corruption due to ABI mismatches.
adns_r_addr queries (general `address' queries where the application
does not specify the kind of address) used to only return AF_INET
(IPv4) addresses. To avoid surprising existing applications,
AF_INET6 (IPv6) addresses will be returned only if the application
explicitly states its support for handling a mixture of address
families in the results from adns_r_addr. In a future version of
adns this will become the default.
adnshost and the other command-line utilities are fully forward- and
backward-compatible, except that in adns 1.5, adnshost will return
IPv6 as well as IPv4 information if simply asked for `addresses'.
Calling programs which did not ask for a specific address type ought
to cope with this.
The API in 1.5.0 also fixes a technical nonconformance to the C
specification. On platforms where an `enum' type might be an
integer type whose size is bits is not a power of two, there could
be an incompatible ABI change between 1.4 and 1.5 - but we don't
think there are many (if any) such platforms which are sufficiently
POSIX-like for adns. (Changed since 1.5.0~rc0.)
|
2013-04-07 22:49:45 by Blue Rats | Files touched by this commit (91) |
Log message:
Edited DESCR in the case of:
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
|
2012-10-23 19:19:22 by Aleksej Saushev | Files touched by this commit (671) |
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
|