git: 72a8ce928320 - main - dns/dnsdist: update to 2.0.1 (fixes CVE-2025-8671)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 24 Sep 2025 18:34:40 UTC
The branch main has been updated by flo:
URL: https://cgit.FreeBSD.org/ports/commit/?id=72a8ce92832053f971cbb3bef89063172621fc49
commit 72a8ce92832053f971cbb3bef89063172621fc49
Author: Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2025-09-24 11:04:11 +0000
Commit: Florian Smeets <flo@FreeBSD.org>
CommitDate: 2025-09-24 18:31:51 +0000
dns/dnsdist: update to 2.0.1 (fixes CVE-2025-8671)
PR: 289811
Security: c2253bff-9952-11f0-b6e2-6805ca2fa271
MFH: 2025Q3
---
dns/dnsdist/Makefile | 3 +-
dns/dnsdist/distinfo | 6 +--
.../files/patch-dnsdist_configuration_yaml_cc | 49 ----------------------
dns/dnsdist/files/patch-meson_lua_meson.build | 12 ++++++
4 files changed, 16 insertions(+), 54 deletions(-)
diff --git a/dns/dnsdist/Makefile b/dns/dnsdist/Makefile
index 26813f808047..b43102daf688 100644
--- a/dns/dnsdist/Makefile
+++ b/dns/dnsdist/Makefile
@@ -1,6 +1,5 @@
PORTNAME= dnsdist
-DISTVERSION= 2.0.0
-PORTREVISION= 1
+DISTVERSION= 2.0.1
CATEGORIES= dns net
MASTER_SITES= https://downloads.powerdns.com/releases/
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
diff --git a/dns/dnsdist/distinfo b/dns/dnsdist/distinfo
index 733c232e6f24..8456bd938620 100644
--- a/dns/dnsdist/distinfo
+++ b/dns/dnsdist/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1753107989
-SHA256 (dnsdist-2.0.0.tar.xz) = da30742f51aac8be7e116677cb07bc49fbea979fc5443e7e1fa8fa7bd0a63fe5
-SIZE (dnsdist-2.0.0.tar.xz) = 2275260
+TIMESTAMP = 1758417851
+SHA256 (dnsdist-2.0.1.tar.xz) = 144e2356d07d6577a570782a6f79f426125344221dbdc4ddaaa7f9d468d51900
+SIZE (dnsdist-2.0.1.tar.xz) = 2279512
SHA256 (rust/crates/anstyle-1.0.10.crate) = 55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9
SIZE (rust/crates/anstyle-1.0.10.crate) = 15725
SHA256 (rust/crates/cc-1.2.25.crate) = d0fc897dc1e865cc67c0e05a836d9d3f1df3cbe442aa4a9473b18e12624a4951
diff --git a/dns/dnsdist/files/patch-dnsdist_configuration_yaml_cc b/dns/dnsdist/files/patch-dnsdist_configuration_yaml_cc
deleted file mode 100644
index 910d1807cd26..000000000000
--- a/dns/dnsdist/files/patch-dnsdist_configuration_yaml_cc
+++ /dev/null
@@ -1,49 +0,0 @@
-From eb01c11a5418da08d5e11acdd519e2816e937835 Mon Sep 17 00:00:00 2001
-From: Remi Gacogne <remi.gacogne@powerdns.com>
-Date: Thu, 24 Jul 2025 10:57:28 +0200
-Subject: [PATCH] dnsdist: Fix QType rate dynamic block with YAML
-
-The YAML configuration for the the "QType rate" dynamic block was
-totally broken, trying to configure a rcode rate rule instead of a
-qtype rate one.
-Thanks to HellSpawn for reporting this the issue!
-
-Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
----
- .../dnsdistdist/dnsdist-configuration-yaml.cc | 14 +++++-
- .../dnsdistDynBlockTests.py | 42 ++++++++++++++++
- .../test_DynBlocksGroup.py | 49 +++++++++++++++++++
- 3 files changed, 104 insertions(+), 1 deletion(-)
-
-diff --git a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
-index 1d0f534b4326..70731bc42537 100644
---- dnsdist-configuration-yaml.cc
-+++ dnsdist-configuration-yaml.cc
-@@ -143,6 +143,18 @@ static uint8_t strToRCode(const std::string& context, const std::string& paramet
- return *rcode;
- }
-
-+static uint16_t strToQType(const std::string& context, const std::string& parameterName, const ::rust::String& qtype_rust_string)
-+{
-+ auto qtype_str = std::string(qtype_rust_string);
-+ boost::to_lower(qtype_str);
-+ QType qtype;
-+ qtype = std::string(qtype_str);
-+ if (qtype.getCode() == 0) {
-+ return checkedConversionFromStr<uint8_t>(context, parameterName, qtype_rust_string);
-+ }
-+ return qtype;
-+}
-+
- static std::optional<std::string> loadContentFromConfigurationFile(const std::string& fileName)
- {
- /* no check on the file size, don't do this with just any file! */
-@@ -647,7 +659,7 @@ static void loadDynamicBlockConfiguration(const dnsdist::rust::settings::Dynamic
- ruleParams.d_tagSettings->d_name = std::string(rule.tag_name);
- ruleParams.d_tagSettings->d_value = std::string(rule.tag_value);
- }
-- dbrgObj->setRCodeRate(checkedConversionFromStr<int>("dynamic-rules.rules.qtype_rate", "qtype", rule.qtype), std::move(ruleParams));
-+ dbrgObj->setQTypeRate(strToQType("dynamic-rules.rules.qtype_rate", "qtype", rule.qtype), std::move(ruleParams));
- }
- else if (rule.rule_type == "cache-miss-ratio") {
- DynBlockRulesGroup::DynBlockCacheMissRatioRule ruleParams(std::string(rule.comment), rule.action_duration, rule.ratio, rule.warning_ratio, rule.seconds, rule.action.empty() ? DNSAction::Action::None : DNSAction::typeFromString(std::string(rule.action)), rule.minimum_number_of_responses, rule.minimum_global_cache_hit_ratio);
diff --git a/dns/dnsdist/files/patch-meson_lua_meson.build b/dns/dnsdist/files/patch-meson_lua_meson.build
new file mode 100644
index 000000000000..dd5d0793b6f6
--- /dev/null
+++ b/dns/dnsdist/files/patch-meson_lua_meson.build
@@ -0,0 +1,12 @@
+--- meson/lua/meson.build.orig 2025-07-21 09:54:44 UTC
++++ meson/lua/meson.build
+@@ -12,6 +12,9 @@ if not dep_lua.found() and (opt_lua == 'auto' or opt_l
+
+ if not dep_lua.found() and (opt_lua == 'auto' or opt_lua == 'lua')
+ variants = [
++ 'lua5.4',
++ 'lua-5.4',
++ 'lua54',
+ 'lua5.3',
+ 'lua-5.3',
+ 'lua53',