pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2024Q4] pkgsrc/net/bind918
Module Name: pkgsrc
Committed By: maya
Date: Thu Feb 6 15:06:02 UTC 2025
Modified Files:
pkgsrc/net/bind918 [pkgsrc-2024Q4]: Makefile distinfo
Log Message:
Pullup ticket #6938 - requested by taca
net/bind918: Security fix
Revisions pulled up:
- net/bind918/Makefile 1.44-1.45
- net/bind918/distinfo 1.25
---
Module Name: pkgsrc
Committed By: adam
Date: Thu Dec 26 23:57:23 UTC 2024
Modified Files:
pkgsrc/audio/forked-daapd: Makefile
pkgsrc/audio/mixxx: Makefile
pkgsrc/audio/strawberry: Makefile
pkgsrc/audio/termusic: Makefile
pkgsrc/biology/plinkseq: Makefile
pkgsrc/chat/ekg: Makefile
pkgsrc/chat/libgadu: Makefile buildlink3.mk
pkgsrc/chat/mumble: Makefile
pkgsrc/databases/mysql80-cluster: Makefile
pkgsrc/databases/mysql80-server: Makefile
pkgsrc/databases/postgresql-postgis2: Makefile
pkgsrc/devel/compizconfig-backend-gconf: Makefile buildlink3.mk
pkgsrc/devel/libcompizconfig: Makefile buildlink3.mk
pkgsrc/devel/protobuf: buildlink3.mk
pkgsrc/devel/protobuf-c: Makefile buildlink3.mk
pkgsrc/devel/py-compizconfig: Makefile buildlink3.mk
pkgsrc/finance/bitcoin: Makefile
pkgsrc/geography/mapserver: Makefile
pkgsrc/geography/merkaartor: Makefile
pkgsrc/geography/qgis: Makefile
pkgsrc/graphics/digikam: Makefile
pkgsrc/graphics/opencv: Makefile buildlink3.mk
pkgsrc/graphics/opencv-contrib-face: Makefile buildlink3.mk
pkgsrc/graphics/py-Willow: Makefile
pkgsrc/misc/marble: Makefile
pkgsrc/multimedia/vlc: Makefile
pkgsrc/net/bind916: Makefile
pkgsrc/net/bind918: Makefile
pkgsrc/net/frr: Makefile
pkgsrc/net/kopete: Makefile
pkgsrc/net/mosh: Makefile
pkgsrc/net/ratman: Makefile
pkgsrc/net/unbound: Makefile
pkgsrc/sysutils/collectd-grpc: Makefile
pkgsrc/sysutils/collectd-pinba: Makefile
pkgsrc/sysutils/collectd-riemann: Makefile
pkgsrc/sysutils/collectd-write_prometheus: Makefile
pkgsrc/sysutils/riemann-client: Makefile
pkgsrc/wm/ccsm: Makefile
Log Message:
revbump after devel/protobuf update
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jan 29 15:13:54 UTC 2025
Modified Files:
pkgsrc/net/bind918: Makefile distinfo
Log Message:
net/bind918: update to 9.18.33
BIND 9.18.33 (2025-01-29)
Security Fixes
* DNS-over-HTTPS flooding fixes. (CVE-2024-12705)
Fix DNS-over-HTTPS implementation issues that arise under heavy query=
load. Optimize resource usage for named instances that accept querie=
s
over DNS-over-HTTPS.
Previously, named processed all incoming HTTP/2 data at once, which c=
ould
overwhelm the server, especially when dealing with clients that sent
requests but did not wait for responses. That has been fixed. Now, =
named
handles HTTP/2 data in smaller chunks and throttles reading until the=
remote side reads the response data. It also throttles clients that =
send
too many requests at once.
In addition, named now evaluates excessive streams opened by clients =
that
include no DNS data, which is considered "flooding." It logs these
clients and drops connections from them. [GL #4795]
In some cases, named could leave DNS-over-HTTPS connections in the
CLOSE_WAIT state indefinitely. That has also been fixed. [GL #5083]=
ISC would like to thank Jean-Fran=E7ois Billaud for his assistance wi=
th
investigating this issue.
* Limit additional section processing for large RDATA sets. (CVE-2024-1=
1187)
When answering queries, don't add data to the additional section if t=
he
answer has more than 13 names in the RDATA. This limits the number o=
f
lookups into the database(s) during a single client query, reducing t=
he
query-processing load. [GL #5034]
ISC would like to thank Toshifumi Sakaguchi for bringing this
vulnerability to our attention.
New Features
* Add a new option to configure the maximum number of outgoing queries =
per
client request.
The configuration option max-query-count sets how many outgoing queri=
es
per client request are allowed. The existing max-recursion-queries v=
alue
is the number of permissible queries for a single name and is reset o=
n
every CNAME redirection. This new option is a global limit on the cl=
ient
request. The default is 200.
The default for max-recursion-queries is changed from 32 to 50. This=
allows named to send a few more queries while looking up a single nam=
e.
[GL #4980] [GL #4921]
Bug Fixes
* Fix nsupdate hang when processing a large update.
To mitigate DNS flood attacks over a single TCP connection, throttle =
the
connection when the other side does not read the data. Throttling sh=
ould
only occur on server-side sockets, but erroneously also happened for
nsupdate, which acts as a client. When nsupdate started throttling t=
he
connection, it never attempted to read again. This has been fixed. =
[GL
#4910]
* Fix possible assertion failure when reloading server while processing=
update policy rules. [GL #5006]
* Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys.
dnssec-signzone was using revoked keys for signing RRsets other than
DNSKEY. This has been corrected. [GL #5070]
* Fix improper handling of unknown directives in resolv.conf.
The line after an unknown directive in resolv.conf could accidentally=
be
skipped, potentially affecting dig, host, nslookup, nsupdate, or delv=
.=
This has been fixed. [GL #5084].
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.43.2.1 pkgsrc/net/bind918/Makefile
cvs rdiff -u -r1.24 -r1.24.2.1 pkgsrc/net/bind918/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/bind918/Makefile
diff -u pkgsrc/net/bind918/Makefile:1.43 pkgsrc/net/bind918/Makefile:1.43.2.1
--- pkgsrc/net/bind918/Makefile:1.43 Fri Dec 13 17:29:56 2024
+++ pkgsrc/net/bind918/Makefile Thu Feb 6 15:06:02 2025
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.43 2024/12/13 17:29:56 taca Exp $
+# $NetBSD: Makefile,v 1.43.2.1 2025/02/06 15:06:02 maya Exp $
DISTNAME= bind-${BIND_VERSION}
PKGNAME= ${DISTNAME:S/-P/pl/}
@@ -15,7 +15,7 @@ CONFLICTS+= host-[0-9]*
MAKE_JOBS_SAFE= no
-BIND_VERSION= 9.18.32
+BIND_VERSION= 9.18.33
BUILD_DEFS+= BIND_DIR VARBASE
Index: pkgsrc/net/bind918/distinfo
diff -u pkgsrc/net/bind918/distinfo:1.24 pkgsrc/net/bind918/distinfo:1.24.2.1
--- pkgsrc/net/bind918/distinfo:1.24 Fri Dec 13 17:29:56 2024
+++ pkgsrc/net/bind918/distinfo Thu Feb 6 15:06:02 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.24 2024/12/13 17:29:56 taca Exp $
+$NetBSD: distinfo,v 1.24.2.1 2025/02/06 15:06:02 maya Exp $
-BLAKE2s (bind-9.18.32.tar.xz) = bade94bc1d29146ef54d0558e6a1aaea968d7f3e6b2e3e24ef91caab54e4861e
-SHA512 (bind-9.18.32.tar.xz) = fa01978ca44cb5d559d8675dda4272b1327aebc0dca68b2e7b948e8c1bbd82da74f6258d40896ddccf86711d554b7ed4c0df93143e78b663724466738ac1320d
-Size (bind-9.18.32.tar.xz) = 5332480 bytes
+BLAKE2s (bind-9.18.33.tar.xz) = cd4ab12e52222038a5f7302fc7dcce111d057b250197ed185c10afb7d3f7c910
+SHA512 (bind-9.18.33.tar.xz) = 874465ccc7af92561dccf2bd596e13513048c4f1da730a6f38103eeb1d5b67178c1e2e2a56612946eba6edb9dad34851b9826055bcb7c0dad7ec64f7df9c10b9
+Size (bind-9.18.33.tar.xz) = 5341616 bytes
SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1
SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b
SHA1 (patch-bin_named_server.c) = 52190897c4c4b141d98ca5bca7cc3eb4c83ac584
Home |
Main Index |
Thread Index |
Old Index