From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4b6JNl5Vnbz2yyF for ; Tue, 27 May 2025 16:43:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4b6JNl5NS2z2xw9 for ; Tue, 27 May 2025 16:43:35 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "people01.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4b6JNl2v3xzND for ; Tue, 27 May 2025 16:43:35 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1748364215; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=0lQ3v4AduTlA0/vPIk9WvU52gs4trqFT8wPUlyVMcPc=; b=rY2TlVkkVioPg6Ojcco18fh2WrHjl/yGKC16xxlsV+T+TTISmhBc879zOd0lq7Gs0wIB2f dOS/tigq9HaD9rCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1748364215; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=0lQ3v4AduTlA0/vPIk9WvU52gs4trqFT8wPUlyVMcPc=; b=AzjYI6ohorU08jBIxv7VQK6wg8gnkt9iwk3ZFE3Al+PB/akd0fwKkW7hbPrrrzV/dDnsDh oHUHQYoWz7kkwe0df+oMSDt5VpAZ0qgF0+9gB/jRD0Mo9nbyzw2F7eyw+PDLARR74h6SfV S7HpWsZMOmVBkyXoSSiRYs9MxjNT99QRqgonnGuennMnrAmjXD8cr8W7+XO6xQ676lR/ON NLTNbvqn6mQdQyquTiziW3YwHNbkL5hZD29DfKtJm7rkUmfe5YG2PyxzHaJERxbowTkfD1 Lk2ttalTjpH9xhUGhX9bOhM+lM0b28vQpwmWqQCiDYWKPdjhan0NY4zYA4zD9g== Received: by people01.haj.ipfire.org (Postfix, from userid 1000) id 4b6JNl2W1sz2yMd; Tue, 27 May 2025 16:43:35 +0000 (UTC) To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 8a31117c0cc6c07aaadfe63f99cfda4c7a6b6ec3 X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 333174d19fefb7262b0a8bd6359c9f14f767b392 X-Git-Newrev: 8a31117c0cc6c07aaadfe63f99cfda4c7a6b6ec3 Message-Id: <4b6JNl2W1sz2yMd@people01.haj.ipfire.org> Date: Tue, 27 May 2025 16:43:35 +0000 (UTC) From: Michael Tremer Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, master has been updated via 8a31117c0cc6c07aaadfe63f99cfda4c7a6b6ec3 (commit) from 333174d19fefb7262b0a8bd6359c9f14f767b392 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8a31117c0cc6c07aaadfe63f99cfda4c7a6b6ec3 Author: Michael Tremer Date: Fri May 23 15:23:25 2025 +0000 dnsdist: Update to 1.9.10 We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including a security issue tracked as CVE-2025-30193 where a remote, unauthenticated attacker can cause a denial of service via a crafted TCP connection. The issue was reported to us via our public IRC channel so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible. While we advise upgrading to a fixed version, a work-around is to temporarily restrict the number of queries that DNSdist is willing to accept over a single incoming TCP connection, via the setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe choice that does not impact performance in our tests. https://www.dnsdist.org/changelog.html#change-1.9.10 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: lfs/dnsdist | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Difference in files: diff --git a/lfs/dnsdist b/lfs/dnsdist index 6ce6359fa..994707e7b 100644 --- a/lfs/dnsdist +++ b/lfs/dnsdist @@ -26,7 +26,7 @@ include Config SUMMARY = A highly DNS-, DoS- and abuse-aware loadbalancer -VER = 1.9.9 +VER = 1.9.10 THISAPP = dnsdist-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dnsdist -PAK_VER = 27 +PAK_VER = 28 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 54517c396d8b5b546e9bcc5890f6df0cfa8470b65d9c7dcece0c7d503fff3fc0d4e2898a7bda8e16f9935279849128293967b38865345fa4c963705b9c9b8cad +$(DL_FILE)_BLAKE2 = ea66ca17ef66ecc64fd3a7379b22c2b0448c2a41f325e574a4edb20dfe408315be84a407b78f30a441479fbbcba31a28da2e310c275877739918ad3f9870acd1 install : $(TARGET) hooks/post-receive -- IPFire 2.x development tree