svn commit: r482439 - in head/dns/dnsmasq: . files

Matthias Andree mandree at FreeBSD.org
Fri Oct 19 17:47:57 UTC 2018 

Author: mandree
Date: Fri Oct 19 17:47:56 2018
New Revision: 482439
URL: https://svnweb.freebsd.org/changeset/ports/482439

Log:
  Upgrade dns/dnsmasq to v2.80.
  
  Security: the installed example configuration file shows a way of
  disabling WPAD hijacking, but leaves it commented out. Extend pkg-message.
  
  Changelog: 	<http://thekelleys.org.uk/dnsmasq/CHANGELOG>
  
  Since installing v2.80 isn't a fix against the vulnerability, and fixing
  it needs administrator intervention on upgrades, I am not marking this in
  vuxml for now, since we'd need to mark v2.80 vulnerable, too.
  
  MFH:		2018Q4
  Security:	CERT VU#598349

Modified:
  head/dns/dnsmasq/Makefile
  head/dns/dnsmasq/distinfo
  head/dns/dnsmasq/files/pkg-message.in

Modified: head/dns/dnsmasq/Makefile
==============================================================================
--- head/dns/dnsmasq/Makefile	Fri Oct 19 17:02:19 2018	(r482438)
+++ head/dns/dnsmasq/Makefile	Fri Oct 19 17:47:56 2018	(r482439)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	dnsmasq
-DISTVERSION=	2.79
+DISTVERSION=	2.80
 PORTREVISION=	0	# leave this in even if 0 to avoid PORTEPOCH bumps
 PORTEPOCH=	1
 CATEGORIES=	dns ipv6
@@ -32,7 +32,7 @@ OPTIONS_RADIO_INTL=	IDN NLS
 INTL_DESC=	Internationalization Support Level
 NLS_DESC=	IDN+NLS: Int'l Domain Names & National Language support
 IDN_DESC=	IDN: Int'l Domain Names WITHOUT full NLS
-IPSET_DESC=	Dynamic firewall managment of resolved names (needs PF)
+IPSET_DESC=	Dynamic firewall management of resolved names (needs PF)
 LUA_DESC=	Support lease-change scripts written in Lua
 DNSSEC_DESC=	Enable DNSSEC caching and validation
 USES=		cpe shebangfix tar:xz
@@ -92,7 +92,7 @@ USE_RC_SUBR=	dnsmasq
 LDFLAGS+=	-L${LOCALBASE}/lib ${_intllibs} ${ICONV_LIB}
 
 post-patch:
-	${REINPLACE_CMD} -e "s/lua5\.1/lua-${LUA_VER}/" ${WRKSRC}/Makefile
+	${REINPLACE_CMD} -e 's/lua5\.1/lua-${LUA_VER}/' ${WRKSRC}/Makefile
 
 pre-configure: pretty-print-config
 .if ${PORT_OPTIONS:MIDN}

Modified: head/dns/dnsmasq/distinfo
==============================================================================
--- head/dns/dnsmasq/distinfo	Fri Oct 19 17:02:19 2018	(r482438)
+++ head/dns/dnsmasq/distinfo	Fri Oct 19 17:47:56 2018	(r482439)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1521491408
-SHA256 (dnsmasq-2.79.tar.xz) = 78ad74f5ca14fd85a8bac93f764cd9d60b27579e90eabd3687ca7b030e67861f
-SIZE (dnsmasq-2.79.tar.xz) = 493036
+TIMESTAMP = 1539932660
+SHA256 (dnsmasq-2.80.tar.xz) = cdaba2785e92665cf090646cba6f94812760b9d7d8c8d0cfb07ac819377a63bb
+SIZE (dnsmasq-2.80.tar.xz) = 501072

Modified: head/dns/dnsmasq/files/pkg-message.in
==============================================================================
--- head/dns/dnsmasq/files/pkg-message.in	Fri Oct 19 17:02:19 2018	(r482438)
+++ head/dns/dnsmasq/files/pkg-message.in	Fri Oct 19 17:47:56 2018	(r482439)
@@ -5,3 +5,10 @@
 *** Further options and actions are documented inside
 *** %%PREFIX%%/etc/rc.d/dnsmasq
 
+*** SECURITY RECOMMENDATION
+*** ~~~~~~~~~~~~~~~~~~~~~~~
+*** It is recommended to enable the wpad-related options
+*** at the end of the configuration file (you may need to
+*** copy them from the example file to yours) to fix
+*** CERT Vulnerability VU#598349.
+

More information about the svn-ports-head mailing list