Update to dnscrypt-proxy 1.6.1

- Security: malformed packets could cause the OpenDNS deviceid, OpenDNS set-client-ip, blocking and AAAA blocking plugins to use uninitialized pointers, leading to a denial of service or possibly code execution. The vulnerable code is present since dnscrypt-proxy 1.1.0. OpenDNS users and people using dnscrypt-proxy in order to block domain names and IP addresses should upgrade as soon as possible.
2016-02-04 00:20:09 +00:00 · 2016-02-04 00:20:09 +00:00 · 7f8b70082e
commit 7f8b70082e
parent 6e9ec480f0
4 changed files with 7 additions and 31 deletions
--- a/net/dnscrypt-proxy/Makefile
+++ b/net/dnscrypt-proxy/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.17 2015/09/18 18:26:18 sthen Exp $
+# $OpenBSD: Makefile,v 1.18 2016/02/04 00:20:09 sthen Exp $

 COMMENT-main=		secure communications between a DNS client and resolver
 COMMENT-plugins=	example plugins for dnscrypt-proxy

-V=			1.6.0
+V=			1.6.1

 DISTNAME=		dnscrypt-proxy-${V}
 CATEGORIES=		net
@ -50,7 +50,7 @@ USE_GMAKE=		yes

 DOCS=			README-PLUGINS.markdown \
 			README.markdown \
-			TECHNOTES
+			DNSCRYPT-V2-PROTOCOL.txt

 post-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/dnscrypt-proxy
--- a/net/dnscrypt-proxy/distinfo
+++ b/net/dnscrypt-proxy/distinfo
@ -1,2 +1,2 @@
-SHA256 (dnscrypt-proxy-1.6.0.tar.gz) = dwOkGhBA/DCxn9+7q6NrQR5m2ZhYSw4vpQiPc09Phr4=
-SIZE (dnscrypt-proxy-1.6.0.tar.gz) = 1579293
+SHA256 (dnscrypt-proxy-1.6.1.tar.gz) = xRkBKmbz7jC+AhE9HgE5vgjM0uxFykEC6sNb5zGmU0A=
+SIZE (dnscrypt-proxy-1.6.1.tar.gz) = 1721006
--- a/net/dnscrypt-proxy/patches/patch-src_libevent-modified_evutil_rand_c
+++ b/net/dnscrypt-proxy/patches/patch-src_libevent-modified_evutil_rand_c
@ -1,24 +0,0 @@
-$OpenBSD: patch-src_libevent-modified_evutil_rand_c,v 1.5 2015/09/18 18:26:18 sthen Exp $
-
-From 7c922518fb0bdf2deeb9c0acc45df45c62cb1e1f Mon Sep 17 00:00:00 2001
-From: Frank Denis <github@pureftpd.org>
-Date: Fri, 18 Sep 2015 19:14:29 +0200
-Subject: [PATCH] Do not reference arc4random_addrandom() if it is not defined.
- It can either be defined by the C library, or via arc4random.c. Either way,
- it's useless for dnscrypt-proxy.
-
--- src/libevent-modified/evutil_rand.c.orig	Thu Jun 11 15:09:08 2015
-+++ src/libevent-modified/evutil_rand.c	Thu Jun 11 15:11:28 2015
-@@ -176,7 +176,12 @@ evutil_secure_rng_get_bytes(void *buf, size_t n)
- void
- evutil_secure_rng_add_bytes(const char *buf, size_t n)
- {
-+#if !defined(_EVENT_HAVE_ARC4RANDOM) || defined(_EVENT_HAVE_ARC4RANDOM_ADDRANDOM)
- 	arc4random_addrandom((unsigned char*)buf,
- 	    n>(size_t)INT_MAX ? INT_MAX : (int)n);
-+#else
-+	(void) buf;
-+	(void) n;
-+#endif
- }
- 
--- a/net/dnscrypt-proxy/pkg/PLIST-main
+++ b/net/dnscrypt-proxy/pkg/PLIST-main
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST-main,v 1.4 2015/09/18 18:26:18 sthen Exp $
+@comment $OpenBSD: PLIST-main,v 1.5 2016/02/04 00:20:09 sthen Exp $
@newgroup _dnscrypt-proxy:688
@newuser _dnscrypt-proxy:688:_dnscrypt-proxy:daemon:dnscrypt-proxy user:/var/empty:/sbin/nologin
@bin bin/hostip
@ -14,8 +14,8 @@ share/dnscrypt-proxy/
 share/dnscrypt-proxy/dnscrypt-resolvers.csv
 share/dnscrypt-proxy/minisign.pub
 share/doc/dnscrypt-proxy/
+share/doc/dnscrypt-proxy/DNSCRYPT-V2-PROTOCOL.txt
 share/doc/dnscrypt-proxy/README-PLUGINS.markdown
 share/doc/dnscrypt-proxy/README.markdown
-share/doc/dnscrypt-proxy/TECHNOTES
 share/doc/pkg-readmes/${FULLPKGNAME}
@rcscript ${RCDIR}/dnscrypt_proxy