freebsd-ports

mirror of https://git.FreeBSD.org/ports.git synced 2024-12-04 01:48:54 +00:00

Mirror of the FreeBSD ports git repo https://git.FreeBSD.org/ports.git .

Go to file

Matthias Andree 8f4df0f8e6 MFH: r562154 dns/dnsmasq: security update to 2.83 CHANGELOG of version 2.83: Use the values of --min-port and --max-port in outgoing TCP connections to upstream DNS servers. Fix a remote buffer overflow problem in the DNSSEC code. Any dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 CVE-2020-25687. Be sure to only accept UDP DNS query replies at the address from which the query was originated. This keeps as much entropy in the {query-ID, random-port} tuple as possible, to help defeat cache poisoning attacks. Refer: CVE-2020-25684. Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CVE-2020-25685. Handle multiple identical near simultaneous DNS queries better. Previously, such queries would all be forwarded independently. This is, in theory, inefficent but in practise not a problem, _except_ that is means that an answer for any of the forwarded queries will be accepted and cached. An attacker can send a query multiple times, and for each repeat, another {port, ID} becomes capable of accepting the answer he is sending in the blind, to random IDs and ports. The chance of a succesful attack is therefore multiplied by the number of repeats of the query. The new behaviour detects repeated queries and merely stores the clients sending repeats so that when the first query completes, the answer can be sent to all the clients who asked. Refer: CVE-2020-25686. Security: 5b5cf6e5-5b51-11eb-95ac-7f9491278677 Security: CVE-2020-25684 Security: CVE-2020-25685 Security: CVE-2020-25686 Security: CVE-2020-25681 Security: CVE-2020-25682 Security: CVE-2020-25683 Security: CVE-2020-25687		2021-01-20 19:21:04 +00:00
accessibility
arabic
archivers	MFH: r561428	2021-01-13 02:52:45 +00:00
astro
audio	MFH: r561757	2021-01-16 20:16:30 +00:00
base
benchmarks
biology
cad
chinese
comms	MFH: r561670	2021-01-15 20:47:43 +00:00
converters
databases	MFH: r561356	2021-01-12 17:46:06 +00:00
deskutils	MFH: r561948	2021-01-18 17:13:20 +00:00
devel	MFH: r562141	2021-01-20 15:11:01 +00:00
dns	MFH: r562154	2021-01-20 19:21:04 +00:00
editors	MFH: r561090 r561095	2021-01-10 17:57:33 +00:00
emulators	MFH: r561713	2021-01-16 08:11:17 +00:00
finance	MFH: r559767 r560752	2021-01-09 15:07:18 +00:00
french
ftp
games	MFH: r561873	2021-01-17 21:50:05 +00:00
german
graphics	MFH: r561992	2021-01-19 00:25:58 +00:00
hebrew
hungarian
irc
japanese
java
Keywords
korean
lang	MFH: r562104	2021-01-20 00:40:19 +00:00
mail	MFH: r560774	2021-01-11 17:12:47 +00:00
math	MFH: r561823	2021-01-17 13:47:11 +00:00
misc	MFH: r561792	2021-01-17 03:54:31 +00:00
Mk
multimedia	MFH: r562095 r562120	2021-01-20 08:51:39 +00:00
net	MFH: r562147	2021-01-20 17:05:42 +00:00
net-im	MFH: r562128	2021-01-20 11:34:06 +00:00
net-mgmt
net-p2p
news	MFH: r561666	2021-01-15 20:31:02 +00:00
polish
ports-mgmt
portuguese
print
russian
science	MFH: r561531	2021-01-14 03:05:49 +00:00
security	MFH: r561718	2021-01-16 12:08:06 +00:00
shells
sysutils	MFH: r561871	2021-01-17 21:34:05 +00:00
Templates
textproc	MFH: r562141	2021-01-20 15:11:01 +00:00
Tools
ukrainian
vietnamese
www	MFH: r561809	2021-01-18 22:10:26 +00:00
x11	MFH: r562141	2021-01-20 15:11:01 +00:00
x11-clocks
x11-drivers
x11-fm	MFH: r561446	2021-01-13 09:28:05 +00:00
x11-fonts	MFH: r561436	2021-01-13 03:31:32 +00:00
x11-servers
x11-themes
x11-toolkits	MFH: r561094	2021-01-10 17:58:29 +00:00
x11-wm	MFH: r561316	2021-01-12 11:55:08 +00:00
.arcconfig
.gitattributes
.gitauthors
.gitignore
.gitmessage
CHANGES
CONTRIBUTING.md
COPYRIGHT
GIDs
LEGAL
Makefile
MOVED
README
UIDs
UPDATING

README

This is the FreeBSD Ports Collection.  For an easy to use
WEB-based interface to it, please see:

	https://www.FreeBSD.org/ports

For general information on the Ports Collection, please see the
FreeBSD Handbook ports section which is available from:

	https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/ports.html
		for the latest official version
	or:
	The ports(7) manual page (man ports).

These will explain how to use ports and packages.

If you would like to search for a port, you can do so easily by
saying (in /usr/ports):

	make search name="<name>"
	or:
	make search key="<keyword>"

which will generate a list of all ports matching <name> or <keyword>.
make search also supports wildcards, such as:

	make search name="gtk*"

For information about contributing to FreeBSD ports, please see the Porter's
Handbook, available at:

	https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/porters-handbook/

NOTE:  This tree will GROW significantly in size during normal usage!
The distribution tar files can and do accumulate in /usr/ports/distfiles,
and the individual ports will also use up lots of space in their work
subdirectories unless you remember to "make clean" after you're done
building a given port.  /usr/ports/distfiles can also be periodically
cleaned without ill-effect.