pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2026Q2] pkgsrc/net/dnsdist



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Tue Jun 30 16:03:59 UTC 2026

Modified Files:
        pkgsrc/net/dnsdist [pkgsrc-2026Q2]: Makefile distinfo

Log Message:
Pullup ticket #7152 - requested by taca
net/dnsdist: security fix

Revisions pulled up:
- net/dnsdist/Makefile                                          1.52
- net/dnsdist/distinfo                                          1.28

---
   Module Name: pkgsrc
   Committed By:        drixter
   Date:                Thu Jun 25 15:56:28 UTC 2026

   Modified Files:
        pkgsrc/net/dnsdist: Makefile distinfo

   Log Message:
   dnsdist: Update to 2.0.7

   Released: 25th of June 2026
   Bug Fixes
   CVE-2026-42005: An attacker can send a web request that causes unlimited memory allocation in the internal web server,
   leading to a denial of service. The internal web server is disabled by default.

   CVE-2026-40210: An out-of-bounds read might happen when SetMacAddrAction is used,
   potentially resulting in uninitialized memory being sent over the network or a crash.

   CVE-2026-40209: An attacker might be able to cause outgoing TCP connections to backend to be
   stuck until a timeout occurs instead of being released immediately by sending IXFR queries.
   This could be used to cause a denial of service if there is a limit to the number of
   concurrent connections to this backend, or if the process runs out of file descriptors.

   CVE-2026-42004: An attacker can send a crafted EDNS OPT record that will be ignored by
   DNSdist痴 filtering rules, but will be rewritten as a valid OPT record when EDNS Client
   Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

   CVE-2026-40211: An attacker can send crafted DNS over HTTP/3 queries, triggering an exception
   that prevents some buffer from being freed right away. The buffer will be freed at the end of
   the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3
   streams to trigger an out-of-memory condition, resulting in a denial of service.

   CVE-2026-40208: An attacker might be able to delay the processing of DoH3 queries by sending
   DoH3 GET queries with an invalid DATA frame.

   CVE-2026-40011: An attacker sending a large number of crafted DNS queries might be able to trigger
   a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint.
   The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.50.2.1 pkgsrc/net/dnsdist/Makefile
cvs rdiff -u -r1.27 -r1.27.2.1 pkgsrc/net/dnsdist/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/dnsdist/Makefile
diff -u pkgsrc/net/dnsdist/Makefile:1.50 pkgsrc/net/dnsdist/Makefile:1.50.2.1
--- pkgsrc/net/dnsdist/Makefile:1.50    Mon May 25 14:06:08 2026
+++ pkgsrc/net/dnsdist/Makefile Tue Jun 30 16:03:59 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.50 2026/05/25 14:06:08 wiz Exp $
+# $NetBSD: Makefile,v 1.50.2.1 2026/06/30 16:03:59 bsiegert Exp $
 
-DISTNAME=      dnsdist-2.0.6
+DISTNAME=      dnsdist-2.0.7
 CATEGORIES=    net
 MASTER_SITES=  https://downloads.powerdns.com/releases/
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/net/dnsdist/distinfo
diff -u pkgsrc/net/dnsdist/distinfo:1.27 pkgsrc/net/dnsdist/distinfo:1.27.2.1
--- pkgsrc/net/dnsdist/distinfo:1.27    Mon May 25 14:06:09 2026
+++ pkgsrc/net/dnsdist/distinfo Tue Jun 30 16:03:59 2026
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.27 2026/05/25 14:06:09 wiz Exp $
+$NetBSD: distinfo,v 1.27.2.1 2026/06/30 16:03:59 bsiegert Exp $
 
-BLAKE2s (dnsdist-2.0.6.tar.xz) = 7108a3f60452ac445e22d3d5f1aad98e4d7248499051a156739cff9a45118e4b
-SHA512 (dnsdist-2.0.6.tar.xz) = fe8ebb819d73eea8344c56108264f00f1d185a2ffed2a64c5f13997a159bb93b0384fba7c49ee562b3d42f6d091dd34a0e792402e1bec0b47f5988a5dd30c2bd
-Size (dnsdist-2.0.6.tar.xz) = 2293488 bytes
+BLAKE2s (dnsdist-2.0.7.tar.xz) = 11c5a80b392c0463deef2cfb69dcdb19186113fc1f3e4e54de34affbab675cb6
+SHA512 (dnsdist-2.0.7.tar.xz) = 709f8fde8a5e7d40ed7588cd95aa7ae0f65b4b71f964a6c0bd8b3836ca37ee9b4cd4a94d2ed7fdb7368c1337421693050475c0ece13f4efd4158954c3f0e6c60
+Size (dnsdist-2.0.7.tar.xz) = 2294560 bytes
 SHA1 (patch-configure) = d9ec9f3416862f471a3029168681b9512ced68b9



Home | Main Index | Thread Index | Old Index