[Bug 270998] net/minidlna: update to avoid bug introduced <= 1.3.2
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 22 Apr 2023 11:44:13 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270998 Bug ID: 270998 Summary: net/minidlna: update to avoid bug introduced <= 1.3.2 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: glebius@FreeBSD.org Reporter: t.m.guymer@thomasguymer.co.uk Assignee: glebius@FreeBSD.org Flags: maintainer-feedback?(glebius@FreeBSD.org) Hi, The web interface no longer works if connecting via example.com:8200 due to an overzealous DNS rebinding attack check recently introduced in MiniDLNA. Connecting via 1.2.3.4:8200 still works fine though. There is a good discussion of the issue over on the Debian bug system: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011629 This bug is also reported upstream over on SourceForge: https://sourceforge.net/p/minidlna/bugs/346/ I can confirm that on my FreeBSD system my /var/log/minidlna.log file contains a: [2023/04/22 12:28:23] upnphttp.c:938: error: DNS rebinding attack suspected (Host: example.com:8200) ... line when I try to connect via a web browser using the hostname, but it works fine if I cheat and explicitly connect using the server's IPv4 address. The Debian bug indicates that the issue is fixed, however, the SourceForge ticket is still open, so I don't know the status of the upstream patch. Thanks, Tom -- You are receiving this mail because: You are the assignee for the bug.