From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] dnsdist: Update to 1.9.4
Date: Tue, 14 May 2024 10:04:12 +0000
Message-ID: <20240514100412.1673481-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0910532779873684599=="
List-Id: <development.lists.ipfire.org>

--===============0910532779873684599==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This release fixes CVE-2024-25581, a denial of service security issue affecti=
ng versions 1.9.0, 1.9.1, 1.9.2 and 1.9.3 only. Earlier versions are not affe=
cted.

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, a=
nd queries are routed to a tcp-only or DNS over TLS backend, an attacker can =
trigger an assertion failure in DNSdist by sending a request for a zone trans=
fer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus =
leading to a Denial of Service.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 lfs/dnsdist | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/dnsdist b/lfs/dnsdist
index d1b23b75b..5a8c0ac70 100644
--- a/lfs/dnsdist
+++ b/lfs/dnsdist
@@ -26,7 +26,7 @@ include Config
=20
 SUMMARY    =3D A highly DNS-, DoS- and abuse-aware loadbalancer
=20
-VER        =3D 1.9.3
+VER        =3D 1.9.4
=20
 THISAPP    =3D dnsdist-$(VER)
 DL_FILE    =3D $(THISAPP).tar.bz2
@@ -34,7 +34,7 @@ DL_FROM    =3D $(URL_IPFIRE)
 DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 PROG       =3D dnsdist
-PAK_VER    =3D 21
+PAK_VER    =3D 23
=20
 SUP_ARCH   =3D x86_64 aarch64
=20
@@ -52,7 +52,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D 663b8a2161c5a7b94541cd775f135a99997024648c5bb57fd2ec18=
c7ede29aebda142452f97332300c45af32b5131e4dd5f9c1f904a1d68962398fa9a28c474e
+$(DL_FILE)_BLAKE2 =3D a8cfc5c2da135ed96b857f9f1b6c3caa796b27f66ff7ead6e976b8=
71a5e5db208ef3ce275c23085318bd7ff2f0fa2ec19e28ad36234991d84b8d13e74acb2f34
=20
 install : $(TARGET)
=20
--=20
2.39.2


--===============0910532779873684599==--