From nobody Wed May 15 02:02:54 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VfGhZ5mGJz5LNhD;
	Wed, 15 May 2024 02:02:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VfGhZ4pgMz3y5K;
	Wed, 15 May 2024 02:02:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1715738574;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mNm1x1H5dGR9wht7wVKcyM5VwucQZIruRjc5pK71Guw=;
	b=nnVdEPJxo40w5aN9PgHoO257bvT/ursDUWVwwM8sjRjo+OCSLRXQJrM/n++/WYE+q/PUyD
	xANdAL1Mh4UbxLvyGtwZ70I0U0KDaV7GGx1SwMjhq0IVXol56eWlbVVe47VAACWDyiKRKS
	7NLQv4ZJ7pBa0IoZ6xuJi53Vl9gFCuHyBPovklKPlH+TyHPML8L3f8SCzHOm6rX+f/uos6
	T3h1/s/cZ4iX/BGakY99ceOZwAX5aASkz/qst33Oa9CSnFDO+70FarTE96vV5HxxPPEq7F
	vAwXwT0dTW9Gayp5IEHLQbHHURC5mzIZBjpBH8dJmG3sDGvOpTXIv/9zN1uqgA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715738574; a=rsa-sha256; cv=none;
	b=YmFELLwRAjy/tsm6Vr8kx68u1nCeKAiDaU6sGd5MMufI3TNLCohfQd6PKNT9aVrcb8yayJ
	m+9viOISvSybaeflxibkSVw0cTyrB6kVlHf2mOLkDw8ymScPIWfXeWfmvaqRNa6i9KLbCP
	R8i8Bbpj7X7/dL1tw+Tn4QoC6SZDbbbMrnu6FqntEkwXx2d/MixbZU6HUKPgTIHOC/tMjA
	zzmlCLt/Khg9xCJHwIVFkpIWSedka+Nz6tk7Yll5z/4O5ogJhF6czG322J2HHBjHKSlcBq
	wnENpCH/CSF9UgGFRd5yHjmkt/5sczTIqsKiYEMK9EbUnbIF8mZE7xJdilnMZw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1715738574;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mNm1x1H5dGR9wht7wVKcyM5VwucQZIruRjc5pK71Guw=;
	b=khBPUYeNxp26jiOFsEquW9qO9Xz6ePJ1Dki+LGocfxvAGQmxQGoe7TFhqG/64i7lpdbSG3
	fBH/x3qQuvMLjN5cceJ21D+4qyab4B1efVJZrGE27b6vmyh1Bitr/9PEIoz1DhfBd715Dq
	4v6w16utxpKbhi91KHNeJN40fntPoft8dUlwK1CE768O9vc6Rr11qwFvrC3o/5gj4w/ipa
	F/291q6Y1wPzUnxgY6t/529CrFHk57zjQm11yxBmc+1uTzjgx6DgQp7oguoTNVQbSX0ZqD
	ELlMhVb78M0kXDr4Ok9wFTeN83zJDdpgqvt/xFweK/g0MBa8Iqah7ERy++yH1g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VfGhZ46dzzwFH;
	Wed, 15 May 2024 02:02:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 44F22sxx050886;
	Wed, 15 May 2024 02:02:54 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 44F22swA050883;
	Wed, 15 May 2024 02:02:54 GMT
	(envelope-from git)
Date: Wed, 15 May 2024 02:02:54 GMT
Message-Id: <202405150202.44F22swA050883@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Neel Chauhan <nc@FreeBSD.org>
Subject: git: 9422b76b11fe - main - dns/dnsdist: update to 1.9.4
  (fixes CVE-2024-25581)
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: nc
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 9422b76b11fe118a3473845ee88bd920f418c14c
Auto-Submitted: auto-generated

The branch main has been updated by nc:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9422b76b11fe118a3473845ee88bd920f418c14c

commit 9422b76b11fe118a3473845ee88bd920f418c14c
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2024-05-13 11:39:22 +0000
Commit:     Neel Chauhan <nc@FreeBSD.org>
CommitDate: 2024-05-15 02:02:40 +0000

    dns/dnsdist: update to 1.9.4 (fixes CVE-2024-25581)
    
    PR: 278954
    Approved by: submitter is maintainer
---
 dns/dnsdist/Makefile         |  2 +-
 dns/dnsdist/distinfo         |  6 +++---
 security/vuxml/vuln/2024.xml | 34 +++++++++++++++++++++++++++++++++-
 3 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/dns/dnsdist/Makefile b/dns/dnsdist/Makefile
index 1c3dee8e4206..c1ddecd5e4d2 100644
--- a/dns/dnsdist/Makefile
+++ b/dns/dnsdist/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	dnsdist
-DISTVERSION=	1.9.3
+DISTVERSION=	1.9.4
 CATEGORIES=	dns net
 MASTER_SITES=	https://downloads.powerdns.com/releases/
 
diff --git a/dns/dnsdist/distinfo b/dns/dnsdist/distinfo
index 656cd642f775..724d6806d1a7 100644
--- a/dns/dnsdist/distinfo
+++ b/dns/dnsdist/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1712317299
-SHA256 (dnsdist-1.9.3.tar.bz2) = f05b68806dc6c4d207b1fadb7ec715c3e0d28d893a8b3b92d58297c4ceb56c3f
-SIZE (dnsdist-1.9.3.tar.bz2) = 1577027
+TIMESTAMP = 1715595818
+SHA256 (dnsdist-1.9.4.tar.bz2) = 297d3a3751af4650665c9d3890a1d5a7a0467175f2c8607d0d5980e3fd67ef14
+SIZE (dnsdist-1.9.4.tar.bz2) = 1591994
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index f0d80972c94b..a7adfc16dd50 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,4 +1,36 @@
-  <vuln vid="5afd64ae-122a-11ef-8eed-1c697a616631">
+  <vuln vid="f2d8342f-1134-11ef-8791-6805ca2fa271">
+    <topic>dnsdist -- Transfer requests received over DoH can lead to a denial of service</topic>
+    <affects>
+      <package>
+	<name>dnsdist</name>
+	<range><lt>1.9.4</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>PowerDNS Security Advisory reports:</p>
+	<blockquote cite="https://dnsdist.org/security-advisories/index.html">
+	  <p>When incoming DNS over HTTPS support is enabled using the nghttp2 provider,
+	    and queries are routed to a tcp-only or DNS over TLS backend, an attacker can
+	    trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR
+	    or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a
+	    Denial of Service. DNS over HTTPS is not enabled by default, and backends are using
+	    plain DNS (Do53) by default.
+	  </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2024-25581</cvename>
+      <url>https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html</url>
+    </references>
+    <dates>
+      <discovery>2024-05-13</discovery>
+      <entry>2024-05-13</entry>
+    </dates>
+  </vuln>
+
+<vuln vid="5afd64ae-122a-11ef-8eed-1c697a616631">
     <topic>Intel CPUs -- multiple vulnerabilities</topic>
     <affects>
       <package>