From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4b3pqP1tgSz332Y for ; Fri, 23 May 2025 15:24:33 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4b3pqP1f40z30Hh for ; Fri, 23 May 2025 15:24:33 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "people01.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4b3pqN5RxxztZ for ; Fri, 23 May 2025 15:24:32 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1748013872; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=lSg+0hyxySdTf91jXRp565WarOctC87YPZkwVF1L19A=; b=hnKJ62EfM7qrfBDOXEXRG5lEgqbh7hnmgAtfuWo0cr9dv65kRegRuIWDXYiE+7f9TndT+E YX/3ZKk1LZ5HQWCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1748013872; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=lSg+0hyxySdTf91jXRp565WarOctC87YPZkwVF1L19A=; b=uU0FMUJ6znDS4AYyaFNuA2QoIZ6bHTUltREJ4ye23prkUXmpOuzvBUAyrljIomTc3Er3rn 88FZTYYaBJseyKo32LQZv3yzVv/hZnqlEt4lLmm/Z7GRzHvnChPTfMrHOQEcwqItH0XYVc Cs6bbvyjNgGcfYLEbDjab8Zc6N1bmn+8+/y6xBjp3SrV5YI8a9dSYvUIqrQ7+233Id3CAF +/V2ZEubuDJgrJfkvIt4j0H+qCT+Fxx9dGhtFfq/EbUVdEnjIhWpMRlxjWdqycOxp+zZb/ /vavwXuux4nN8iFDIvoZq4kfar8f1/lM9EWtyDlQGssyYXy+5IithnGRVZQXtg== Received: by people01.haj.ipfire.org (Postfix, from userid 1000) id 4b3pqN4Gzkz2xkD; Fri, 23 May 2025 15:24:32 +0000 (UTC) To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. d58f2de9efd78285b82940ab516dfbbe3d152e3b X-Git-Refname: refs/heads/next X-Git-Reftype: branch X-Git-Oldrev: e6791a9e4a3210201188daa981d3b2d2c092846e X-Git-Newrev: d58f2de9efd78285b82940ab516dfbbe3d152e3b Message-Id: <4b3pqN4Gzkz2xkD@people01.haj.ipfire.org> Date: Fri, 23 May 2025 15:24:32 +0000 (UTC) From: Michael Tremer Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via d58f2de9efd78285b82940ab516dfbbe3d152e3b (commit) from e6791a9e4a3210201188daa981d3b2d2c092846e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d58f2de9efd78285b82940ab516dfbbe3d152e3b Author: Michael Tremer Date: Fri May 23 15:23:25 2025 +0000 dnsdist: Update to 1.9.10 We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including a security issue tracked as CVE-2025-30193 where a remote, unauthenticated attacker can cause a denial of service via a crafted TCP connection. The issue was reported to us via our public IRC channel so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible. While we advise upgrading to a fixed version, a work-around is to temporarily restrict the number of queries that DNSdist is willing to accept over a single incoming TCP connection, via the setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe choice that does not impact performance in our tests. https://www.dnsdist.org/changelog.html#change-1.9.10 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: lfs/dnsdist | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Difference in files: diff --git a/lfs/dnsdist b/lfs/dnsdist index 6ce6359fa..994707e7b 100644 --- a/lfs/dnsdist +++ b/lfs/dnsdist @@ -26,7 +26,7 @@ include Config SUMMARY = A highly DNS-, DoS- and abuse-aware loadbalancer -VER = 1.9.9 +VER = 1.9.10 THISAPP = dnsdist-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dnsdist -PAK_VER = 27 +PAK_VER = 28 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 54517c396d8b5b546e9bcc5890f6df0cfa8470b65d9c7dcece0c7d503fff3fc0d4e2898a7bda8e16f9935279849128293967b38865345fa4c963705b9c9b8cad +$(DL_FILE)_BLAKE2 = ea66ca17ef66ecc64fd3a7379b22c2b0448c2a41f325e574a4edb20dfe408315be84a407b78f30a441479fbbcba31a28da2e310c275877739918ad3f9870acd1 install : $(TARGET) hooks/post-receive -- IPFire 2.x development tree