Date: Sat, 22 Apr 2023 11:44:13 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 270998] net/minidlna: update to avoid bug introduced <= 1.3.2 Message-ID: <bug-270998-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D270998 Bug ID: 270998 Summary: net/minidlna: update to avoid bug introduced <=3D 1.3.2 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: glebius@FreeBSD.org Reporter: t.m.guymer@thomasguymer.co.uk Assignee: glebius@FreeBSD.org Flags: maintainer-feedback?(glebius@FreeBSD.org) Hi, The web interface no longer works if connecting via example.com:8200 due to= an overzealous DNS rebinding attack check recently introduced in MiniDLNA. Connecting via 1.2.3.4:8200 still works fine though. There is a good discus= sion of the issue over on the Debian bug system: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D1011629 This bug is also reported upstream over on SourceForge: https://sourceforge.net/p/minidlna/bugs/346/ I can confirm that on my FreeB= SD system my /var/log/minidlna.log file contains a: [2023/04/22 12:28:23] upnphttp.c:938: error: DNS rebinding attack suspected (Host: example.com:8200) ... line when I try to connect via a web browser using the hostname, but it works fine if I cheat and explicitly connect using the server's IPv4 addres= s. The Debian bug indicates that the issue is fixed, however, the SourceForge ticket is still open, so I don't know the status of the upstream patch. Thanks, Tom --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-270998-7788>