From osvaldsson@icelandic.net  Tue May 19 04:32:59 2009
Return-Path: <osvaldsson@icelandic.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C0B19106566C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 19 May 2009 04:32:59 +0000 (UTC)
	(envelope-from osvaldsson@icelandic.net)
Received: from home.icelandic.net (home.icelandic.net [213.181.99.32])
	by mx1.freebsd.org (Postfix) with ESMTP id 7CB188FC1A
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 19 May 2009 04:32:59 +0000 (UTC)
	(envelope-from osvaldsson@icelandic.net)
Received: from portbuild.icelandic.net (alftaholar.icelandic.net [81.15.120.54])
	by home.icelandic.net (Postfix) with ESMTP id 005BC15EC72
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 19 May 2009 04:31:53 +0000 (GMT)
Received: from portbuild.icelandic.net (localhost [127.0.0.1])
	by portbuild.icelandic.net (8.14.3/8.14.3) with ESMTP id n4J3gs3b049214
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 19 May 2009 03:42:54 GMT
	(envelope-from osvaldsson@portbuild.icelandic.net)
Received: (from root@localhost)
	by portbuild.icelandic.net (8.14.3/8.14.3/Submit) id n4J3gsgd049209;
	Tue, 19 May 2009 03:42:54 GMT
	(envelope-from osvaldsson)
Message-Id: <200905190342.n4J3gsgd049209@portbuild.icelandic.net>
Date: Tue, 19 May 2009 03:42:54 GMT
From: Olafur Osvaldsson <osvaldsson@icelandic.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [MAINTAINER] dns/nsd2: vulnerability fix
X-Send-Pr-Version: 3.113
X-GNATS-Notify: oli@isnic.is

>Number:         134700
>Category:       ports
>Synopsis:       [MAINTAINER] dns/nsd2: vulnerability fix
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    wxs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 19 04:40:00 UTC 2009
>Closed-Date:    Tue May 19 17:16:27 UTC 2009
>Last-Modified:  Tue May 19 17:20:02 UTC 2009
>Originator:     Olafur Osvaldsson
>Release:        FreeBSD 7.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD portbuild.icelandic.net 7.1-STABLE FreeBSD 7.1-STABLE #2: Fri Jan  9 01:33:17 GMT
>Description:
[DESCRIBE CHANGES]
- Fixing a vulnerability
- Using the update to fix my email address since I quit ISNIC a long time ago (see dns/nsd history)

We have released version 3.2.2. of NSD. This is *critical* bugfix
release. One of the bugs is a one-byte buffer overflow that allows a
carefully crafted exploit to take down your name-server. It is highly
unlikely that the one-byte-off issue can lead to other (system) exploits.

The bug affects all version of NSD 2.0.0 to 3.2.1. Whether the bug can
be exploited to depends on various aspects of the OS and is therefore
distribution and compiler dependent.

For more information:
http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html

We strongly recommend you to update your systems to the latest version.
If you have reasons for not running the latest version of NSD, we
strongly advise you to at least apply the patch that resolves the
critical bug.

Added file(s):
- files/patch-vuln

>How-To-Repeat:
>Fix:

--- nsd-2.3.7_1.patch begins here ---
diff -ruN nsd2.orig/Makefile nsd2/Makefile
--- nsd2.orig/Makefile	2009-05-19 01:29:27.000000000 +0000
+++ nsd2/Makefile	2009-05-19 01:34:49.000000000 +0000
@@ -7,11 +7,12 @@
 
 PORTNAME=	nsd
 PORTVERSION=	2.3.7
+PORTREVISION=	1
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://www.nlnetlabs.nl/downloads/nsd/	\
 		ftp://ftp.rhnet.is/pub/nsd/
 
-MAINTAINER=	oli@isnic.is
+MAINTAINER=	osvaldsson@icelandic.net
 COMMENT=	An authoritative only non-recursive name server
 
 CONFLICTS=	nsd-[3-9]*
diff -ruN nsd2.orig/files/patch-vuln nsd2/files/patch-vuln
--- nsd2.orig/files/patch-vuln	1970-01-01 00:00:00.000000000 +0000
+++ nsd2/files/patch-vuln	2009-05-18 13:02:50.000000000 +0000
@@ -0,0 +1,13 @@
+--- query.c
++++ query.c
+@@ -239,8 +239,8 @@
+ 		 * MAXDOMAINLEN ...
+ 		 */
+ 		if ((*src & 0xc0) ||
+-		    (src + *src + 1 > buffer_end(query->packet)) || 
+-		    (src + *src + 1 > query_name + MAXDOMAINLEN))
++		    (src + *src + 2 > buffer_end(query->packet)) || 
++		    (src + *src + 2 > query_name + MAXDOMAINLEN))
+ 		{
+ 			return 0;
+ 		}
--- nsd-2.3.7_1.patch ends here ---

>Release-Note:
>Audit-Trail:
Class-Changed-From-To: maintainer-update->change-request 
Class-Changed-By: edwin 
Class-Changed-When: Tue May 19 04:40:11 UTC 2009 
Class-Changed-Why:  
Fix category (submitter is not maintainer) (via the GNATS Auto Assign 
Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134700 
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Tue May 19 04:40:16 UTC 2009 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134700 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: oli@isnic.is
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/134700: [MAINTAINER] dns/nsd2: vulnerability fix
Date: Tue, 19 May 2009 04:40:14 UT

 Maintainer of dns/nsd2,
 
 Please note that PR ports/134700 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134700
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org
Responsible-Changed-From-To: freebsd-ports-bugs->wxs 
Responsible-Changed-By: wxs 
Responsible-Changed-When: Tue May 19 16:39:14 UTC 2009 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134700 
State-Changed-From-To: feedback->closed 
State-Changed-By: wxs 
State-Changed-When: Tue May 19 17:16:25 UTC 2009 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134700 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/134700: commit references a PR
Date: Tue, 19 May 2009 17:16:23 +0000 (UTC)

 wxs         2009-05-19 17:16:14 UTC
 
   FreeBSD ports repository
 
   Modified files:
     dns/nsd2             Makefile 
   Added files:
     dns/nsd2/files       patch-vuln 
   Log:
   - Fix a one-byte buffer overflow (vuxml entry coming shortly).
   - Update maintainers address.
   
   PR:             ports/134700
   Submitted by:   Olafur Osvaldsson <osvaldsson@icelandic.net> (maintainer)
   
   Revision  Changes    Path
   1.6       +2 -1      ports/dns/nsd2/Makefile
   1.1       +13 -0     ports/dns/nsd2/files/patch-vuln (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
