From owner-svn-ports-all@freebsd.org  Tue Jan 23 15:45:27 2018
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89A1FED9FD3;
 Tue, 23 Jan 2018 15:45:27 +0000 (UTC)
 (envelope-from krion@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 64D1182CA5;
 Tue, 23 Jan 2018 15:45:27 +0000 (UTC)
 (envelope-from krion@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 99AE1108AD;
 Tue, 23 Jan 2018 15:45:26 +0000 (UTC)
 (envelope-from krion@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w0NFjQiN025246;
 Tue, 23 Jan 2018 15:45:26 GMT (envelope-from krion@FreeBSD.org)
Received: (from krion@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w0NFjQeM025244;
 Tue, 23 Jan 2018 15:45:26 GMT (envelope-from krion@FreeBSD.org)
Message-Id: <201801231545.w0NFjQeM025244@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: krion set sender to
 krion@FreeBSD.org using -f
From: Kirill Ponomarev <krion@FreeBSD.org>
Date: Tue, 23 Jan 2018 15:45:26 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r459779 - branches/2018Q1/dns/powerdns-recursor
X-SVN-Group: ports-branches
X-SVN-Commit-Author: krion
X-SVN-Commit-Paths: branches/2018Q1/dns/powerdns-recursor
X-SVN-Commit-Revision: 459779
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jan 2018 15:45:27 -0000

Author: krion
Date: Tue Jan 23 15:45:26 2018
New Revision: 459779
URL: https://svnweb.freebsd.org/changeset/ports/459779

Log:
  MFH: r459742
  
  Update to version 4.1.1
  
  - Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation
    of DNSSEC signatures". An issue has been found in the DNSSEC
    validation component of PowerDNS Recursor, allowing an ancestor
    delegation NSEC or NSEC3 record to be used to wrongfully prove the
    non-existence of a RR below the owner name of that record. This
    would allow an attacker in position of man-in-the-middle to send a
    NXDOMAIN answer for a name that does exist.
    The 4.0.x branch is not vulnerable.
  
  - Add support for algo16 and simplify Lua/LuaJIT engine choice.
  
  PR:		225397
  Submitted by:	maintainer
  Security:	CVE-2018-1000003
  
  Approved by:	ports-secteam

Modified:
  branches/2018Q1/dns/powerdns-recursor/Makefile
  branches/2018Q1/dns/powerdns-recursor/distinfo
Directory Properties:
  branches/2018Q1/   (props changed)

Modified: branches/2018Q1/dns/powerdns-recursor/Makefile
==============================================================================
--- branches/2018Q1/dns/powerdns-recursor/Makefile	Tue Jan 23 15:17:54 2018	(r459778)
+++ branches/2018Q1/dns/powerdns-recursor/Makefile	Tue Jan 23 15:45:26 2018	(r459779)
@@ -46,15 +46,17 @@ LUA_CONFIGURE_WITH=	lua
 LUA_USES=		lua
 
 LUAJIT_CONFIGURE_WITH=	luajit
+LUAJIT_DESC=		Use LuaJIT instead of Lua
 LUAJIT_LIB_DEPENDS=	libluajit-5.1.so.2:lang/luajit
-
+LUAJIT_USES_OFF=	lua
 OPTALGO_CONFIGURE_ON=	--enable-botan \
 			--enable-libsodium
+OPTALGO_DESC=		Enable optional algorithms (12, 15 & 16)
 OPTALGO_LIB_DEPENDS=	libbotan-2.so:security/botan2 \
 			libsodium.so:security/libsodium
-
-SETUID_VARS=	USERS=pdns_recursor GROUPS=pdns
+SETUID_DESC=		Run as pdns_recursor user
 SETUID_EXTRA_PATCHES=	${PATCHDIR}/extrapatch-setuid
+SETUID_VARS=		USERS=pdns_recursor GROUPS=pdns
 
 SUB_FILES=	pkg-message
 

Modified: branches/2018Q1/dns/powerdns-recursor/distinfo
==============================================================================
--- branches/2018Q1/dns/powerdns-recursor/distinfo	Tue Jan 23 15:17:54 2018	(r459778)
+++ branches/2018Q1/dns/powerdns-recursor/distinfo	Tue Jan 23 15:45:26 2018	(r459779)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1512394122
-SHA256 (pdns-recursor-4.1.0.tar.bz2) = 880b9d4cc57e2b11cae5bff9b20571fb3466f4385c010d06764296fef44f60a3
-SIZE (pdns-recursor-4.1.0.tar.bz2) = 1222751
+TIMESTAMP = 1516634099
+SHA256 (pdns-recursor-4.1.1.tar.bz2) = 8feb03c7141997775cb52c131579e8e34c9896ea8bb77276328f5f6cc4e1396b
+SIZE (pdns-recursor-4.1.1.tar.bz2) = 1224544