pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2026Q2] pkgsrc/net/nsd



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sun Jun 28 11:58:39 UTC 2026

Modified Files:
        pkgsrc/net/nsd [pkgsrc-2026Q2]: Makefile distinfo

Log Message:
Pullup ticket #7143 - requested by taca
net/nsd: security fix

Revisions pulled up:
- net/nsd/Makefile                                              1.137
- net/nsd/distinfo                                              1.94

---
   Module Name: pkgsrc
   Committed By:        he
   Date:                Thu Jun 25 11:21:54 UTC 2026

   Modified Files:
        pkgsrc/net/nsd: Makefile distinfo

   Log Message:
   Update nsd to version 4.14.3.

   Pkgsrc changes:
    * Checksum changes.

   Upstream changes:

   4.14.3
   ================
   FEATURES:
   BUG FIXES:
           - Fix for CVE-2026-12244: A specially crafted SVCB RR can cause a heap
             overflow of up to 65509 attacker controlled bytes.
             Thanks to Qifan Zhang, Palo Alto Networks for the report
             https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt
           - Fix for CVE-2026-12245: If NSD is configured with DNS over TLS, a
             client that performs a TLS action, closing the connection early,
             causes a crash and restart of the server process. An attacker can
             keep all children in a crash-restart loop denying DoT service.
             Thanks to Qifan Zhang, Palo Alto Networks for the report.
             https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt
           - Fix for CVE-2026-12246: The RR type APL rdata address, if too large,
             causes out of bounds write on the stack, when the zonefile is written
             out. Thanks to Qifan Zhang from Palo Alto Networks, Haruki Oyama from
             Waseda University and zhangph for the report.
             https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt
           - Fix for CVE-2026-12490: Secondaries authenticated by a client
             certificate to transfer a zone over TLS, can bypass verification by
             transferring over TCP.
             Thanks to Qifan Zhang, Palo Alto Networks for the report.
             https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt


To generate a diff of this commit:
cvs rdiff -u -r1.136 -r1.136.2.1 pkgsrc/net/nsd/Makefile
cvs rdiff -u -r1.93 -r1.93.2.1 pkgsrc/net/nsd/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/nsd/Makefile
diff -u pkgsrc/net/nsd/Makefile:1.136 pkgsrc/net/nsd/Makefile:1.136.2.1
--- pkgsrc/net/nsd/Makefile:1.136       Fri May 15 14:32:08 2026
+++ pkgsrc/net/nsd/Makefile     Sun Jun 28 11:58:38 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.136 2026/05/15 14:32:08 he Exp $
+# $NetBSD: Makefile,v 1.136.2.1 2026/06/28 11:58:38 bsiegert Exp $
 
-DISTNAME=      nsd-4.14.2
+DISTNAME=      nsd-4.14.3
 CATEGORIES=    net
 MASTER_SITES=  http://www.nlnetlabs.nl/downloads/nsd/
 

Index: pkgsrc/net/nsd/distinfo
diff -u pkgsrc/net/nsd/distinfo:1.93 pkgsrc/net/nsd/distinfo:1.93.2.1
--- pkgsrc/net/nsd/distinfo:1.93        Fri May 15 14:32:08 2026
+++ pkgsrc/net/nsd/distinfo     Sun Jun 28 11:58:38 2026
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.93 2026/05/15 14:32:08 he Exp $
+$NetBSD: distinfo,v 1.93.2.1 2026/06/28 11:58:38 bsiegert Exp $
 
-BLAKE2s (nsd-4.14.2.tar.gz) = ef9183fed102b24e7afe90c8d23fb5c7f84663d61c383060447afc3f1c392009
-SHA512 (nsd-4.14.2.tar.gz) = deb7cae8ad5096d65aebdccf60165d44c0b33f6e4568f7f731c38c3d15fa6d4ea9e6edbadf9385784be0248ef8c60c972a0478560d366c11d1c8bf25db9b8002
-Size (nsd-4.14.2.tar.gz) = 1601116 bytes
+BLAKE2s (nsd-4.14.3.tar.gz) = 0b01e633a3c8d2eef875d683875375ca417160b9c78d0d096f33f601965db474
+SHA512 (nsd-4.14.3.tar.gz) = 7acabc0e54eb24ca85578f406009f20721da0137f310eb78b3e3c88f66a4369edc2d15c513aa4c11939e4d8caf0cfb29ea6801ee085f34d1845afbbc14a35cc0
+Size (nsd-4.14.3.tar.gz) = 1617135 bytes
 SHA1 (patch-Makefile.in) = 93f77704ee6730aef41955511807ce2f4b6cfc90



Home | Main Index | Thread Index | Old Index