Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-dns/pdns-recursor/files
diff options
context:
space:
mode:
Diffstat (limited to 'net-dns/pdns-recursor/files')
-rw-r--r--net-dns/pdns-recursor/files/pdns-recursor-3.1.7.2-error-message.patch11
-rw-r--r--net-dns/pdns-recursor/files/pdns-recursor-3.5.3-fdlimit.patch67
-rw-r--r--net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch52
-rw-r--r--net-dns/pdns-recursor/files/precursor28
-rw-r--r--net-dns/pdns-recursor/files/recursor.conf21
5 files changed, 179 insertions, 0 deletions
diff --git a/net-dns/pdns-recursor/files/pdns-recursor-3.1.7.2-error-message.patch b/net-dns/pdns-recursor/files/pdns-recursor-3.1.7.2-error-message.patch
new file mode 100644
index 000000000000..7fdf208037cd
--- /dev/null
+++ b/net-dns/pdns-recursor/files/pdns-recursor-3.1.7.2-error-message.patch
@@ -0,0 +1,11 @@
+--- pdns-recursor-3.1.7.2/rec_channel.cc
++++ pdns-recursor-3.1.7.2/rec_channel.cc
+@@ -100,7 +100,7 @@
+ strcpy(remote.sun_path,(path+"/"+fname).c_str());
+ if(::connect(d_fd, (sockaddr*)&remote, sizeof(remote)) < 0) {
+ unlink(d_local.sun_path);
+- throw AhuException("Unable to connect to remote '"+path+fname+"': "+string(strerror(errno)));
++ throw AhuException("Unable to connect to remote '"+path+"/"+fname+"': "+string(strerror(errno)));
+ }
+ }
+
diff --git a/net-dns/pdns-recursor/files/pdns-recursor-3.5.3-fdlimit.patch b/net-dns/pdns-recursor/files/pdns-recursor-3.5.3-fdlimit.patch
new file mode 100644
index 000000000000..3b6e8e25d972
--- /dev/null
+++ b/net-dns/pdns-recursor/files/pdns-recursor-3.5.3-fdlimit.patch
@@ -0,0 +1,67 @@
+--- pdns-recursor-3.5.3/misc.cc
++++ pdns-recursor-3.5.3/misc.cc
+@@ -22,6 +22,7 @@
+ #include <netdb.h>
+ #include <sys/time.h>
+ #include <time.h>
++#include <sys/resource.h>
+ #include <netinet/in.h>
+ #include <unistd.h>
+ #endif // WIN32
+@@ -697,3 +698,22 @@
+ } while(!strchr(buffer, '\n'));
+ return true;
+ }
++
++unsigned int getFilenumLimit(bool hardOrSoft)
++{
++ struct rlimit rlim;
++ if(getrlimit(RLIMIT_NOFILE, &rlim) < 0)
++ unixDie("Requesting number of available file descriptors");
++ return hardOrSoft ? rlim.rlim_max : rlim.rlim_cur;
++}
++
++void setFilenumLimit(unsigned int lim)
++{
++ struct rlimit rlim;
++
++ if(getrlimit(RLIMIT_NOFILE, &rlim) < 0)
++ unixDie("Requesting number of available file descriptors");
++ rlim.rlim_cur=lim;
++ if(setrlimit(RLIMIT_NOFILE, &rlim) < 0)
++ unixDie("Setting number of available file descriptors");
++}
+--- pdns-recursor-3.5.3/misc.hh
++++ pdns-recursor-3.5.3/misc.hh
+@@ -445,4 +445,6 @@
+ regex_t d_preg;
+ };
+
++unsigned int getFilenumLimit(bool hardOrSoft=0);
++void setFilenumLimit(unsigned int lim);
+ #endif
+--- pdns-recursor-3.5.3/pdns_recursor.cc
++++ pdns-recursor-3.5.3/pdns_recursor.cc
+@@ -1740,7 +1740,21 @@
+
+ g_tcpTimeout=::arg().asNum("client-tcp-timeout");
+ g_maxTCPPerClient=::arg().asNum("max-tcp-per-client");
+- g_maxMThreads=::arg().asNum("max-mthreads");
++ g_maxMThreads=::arg().asNum("max-mthreads");
++ unsigned int availFDs=getFilenumLimit();
++ if(g_maxMThreads * g_numThreads > availFDs) {
++ if(getFilenumLimit(true) >= g_maxMThreads * g_numThreads) {
++ setFilenumLimit(g_maxMThreads * g_numThreads);
++ L<<Logger::Warning<<"Raised soft limit on number of filedescriptors to "<<g_maxMThreads * g_numThreads<<" to match max-mthreads and threads settings"<<endl;
++ }
++ else {
++ int newval = getFilenumLimit(true) / g_numThreads;
++ L<<Logger::Warning<<"Insufficient number of filedescriptors available for max-mthreads*threads setting! ("<<availFDs<<" < "<<g_maxMThreads*g_numThreads<<"), reducing max-mthreads to "<<newval<<endl;
++ g_maxMThreads = newval;
++ }
++
++
++ }
+
+ if(g_numThreads == 1) {
+ L<<Logger::Warning<<"Operating unthreaded"<<endl;
diff --git a/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch b/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch
new file mode 100644
index 000000000000..44ccc2803848
--- /dev/null
+++ b/net-dns/pdns-recursor/files/pdns-recursor-3.6.1-CVE-2014-8601.patch
@@ -0,0 +1,52 @@
+https://downloads.powerdns.com/patches/2014-02/3.6.1.patch
+
+diff --git a/pdns_recursor.cc b/pdns_recursor.cc
+index f1ef93c..8e43d6e 100644
+--- a/pdns_recursor.cc
++++ b/pdns_recursor.cc
+@@ -550,7 +550,14 @@ void startDoResolve(void *p)
+
+ // if there is a RecursorLua active, and it 'took' the query in preResolve, we don't launch beginResolve
+ if(!t_pdl->get() || !(*t_pdl)->preresolve(dc->d_remote, g_listenSocketsAddresses[dc->d_socket], dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), ret, res, &variableAnswer)) {
+- res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret);
++ try {
++ res = sr.beginResolve(dc->d_mdp.d_qname, QType(dc->d_mdp.d_qtype), dc->d_mdp.d_qclass, ret);
++ }
++ catch(ImmediateServFailException &e) {
++ L<<Logger::Error<<"Sending SERVFAIL during resolve of '"<<dc->d_mdp.d_qname<<"' because: "<<e.reason<<endl;
++
++ res = RCode::ServFail;
++ }
+
+ if(t_pdl->get()) {
+ if(res == RCode::NoError) {
+diff --git a/syncres.cc b/syncres.cc
+index 4dc78b4..d09e44b 100644
+--- a/syncres.cc
++++ b/syncres.cc
+@@ -923,6 +923,7 @@ int SyncRes::doResolveAt(set<string, CIStringCompare> nameservers, string auth,
+ }
+ else {
+ s_outqueries++; d_outqueries++;
++ if(d_outqueries > 50) throw ImmediateServFailException("more than 50 queries sent while resolving "+qname);
+ TryTCP:
+ if(doTCP) {
+ LOG(prefix<<qname<<": using TCP with "<< remoteIP->toStringWithPort() <<endl);
+diff --git a/syncres.hh b/syncres.hh
+index 5182527..b22de89 100644
+--- a/syncres.hh
++++ b/syncres.hh
+@@ -593,6 +593,13 @@ private:
+ static AtomicCounter s_currentConnections; //!< total number of current TCP connections
+ };
+
++class ImmediateServFailException
++{
++public:
++ ImmediateServFailException(string r){reason=r;};
++
++ string reason; //! Print this to tell the user what went wrong
++};
+
+ struct RemoteKeeper
+ {
diff --git a/net-dns/pdns-recursor/files/precursor b/net-dns/pdns-recursor/files/precursor
new file mode 100644
index 000000000000..aea84531e5ee
--- /dev/null
+++ b/net-dns/pdns-recursor/files/precursor
@@ -0,0 +1,28 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_started_commands="ping"
+
+depend() {
+ need net
+}
+
+start() {
+ ebegin "Starting PowerDNS Recursor"
+ /usr/sbin/pdns_recursor --daemon=yes &>/dev/null
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping PowerDNS Recursor"
+ /usr/sbin/rec_control quit &>/dev/null
+ eend $?
+}
+
+ping() {
+ ebegin "Pinging PowerDNS Recursor"
+ /usr/sbin/rec_control ping &>/dev/null
+ eend $?
+}
diff --git a/net-dns/pdns-recursor/files/recursor.conf b/net-dns/pdns-recursor/files/recursor.conf
new file mode 100644
index 000000000000..e231b9fc6f10
--- /dev/null
+++ b/net-dns/pdns-recursor/files/recursor.conf
@@ -0,0 +1,21 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Drop uid
+setuid=nobody
+
+# Drop gid
+setgid=nobody
+
+# Don't log queries
+quiet=on
+
+# Local IP address to bind to
+local-address=127.0.0.1
+
+# Local port to bind to
+local-port=53
+
+# Change root for safety
+chroot=/var/lib/powerdns