Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package pdns-recursor for openSUSE:Factory
checked in at 2022-08-24 15:11:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pdns-recursor (Old)
and /work/SRC/openSUSE:Factory/.pdns-recursor.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pdns-recursor"
Wed Aug 24 15:11:39 2022 rev:56 rq:998985 version:4.7.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/pdns-recursor/pdns-recursor.changes
2022-07-09 17:05:37.824933258 +0200
+++ /work/SRC/openSUSE:Factory/.pdns-recursor.new.2083/pdns-recursor.changes
2022-08-24 15:12:01.960554860 +0200
@@ -1,0 +2,7 @@
+Tue Aug 23 14:11:52 UTC 2022 - Michael Str??der <mich...@stroeder.com>
+
+- update to 4.7.2
+ * incomplete exception handling related to protobuf message generation.
+ (CVE-2022-37428, bsc#1202664)
+
+-------------------------------------------------------------------
Old:
----
pdns-recursor-4.7.1.tar.bz2
pdns-recursor-4.7.1.tar.bz2.sig
New:
----
pdns-recursor-4.7.2.tar.bz2
pdns-recursor-4.7.2.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pdns-recursor.spec ++++++
--- /var/tmp/diff_new_pack.qgdZNn/_old 2022-08-24 15:12:02.532555413 +0200
+++ /var/tmp/diff_new_pack.qgdZNn/_new 2022-08-24 15:12:02.536555416 +0200
@@ -25,7 +25,7 @@
%endif
Name: pdns-recursor
-Version: 4.7.1
+Version: 4.7.2
Release: 0
BuildRequires: autoconf
BuildRequires: automake
++++++ pdns-recursor-4.7.1.tar.bz2 -> pdns-recursor-4.7.2.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/configure
new/pdns-recursor-4.7.2/configure
--- old/pdns-recursor-4.7.1/configure 2022-07-07 09:03:04.000000000 +0200
+++ new/pdns-recursor-4.7.2/configure 2022-08-10 16:08:03.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for pdns-recursor 4.7.1.
+# Generated by GNU Autoconf 2.69 for pdns-recursor 4.7.2.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='pdns-recursor'
PACKAGE_TARNAME='pdns-recursor'
-PACKAGE_VERSION='4.7.1'
-PACKAGE_STRING='pdns-recursor 4.7.1'
+PACKAGE_VERSION='4.7.2'
+PACKAGE_STRING='pdns-recursor 4.7.2'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1552,7 +1552,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pdns-recursor 4.7.1 to adapt to many kinds of systems.
+\`configure' configures pdns-recursor 4.7.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1623,7 +1623,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pdns-recursor 4.7.1:";;
+ short | recursive ) echo "Configuration of pdns-recursor 4.7.2:";;
esac
cat <<\_ACEOF
@@ -1810,7 +1810,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-pdns-recursor configure 4.7.1
+pdns-recursor configure 4.7.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2569,7 +2569,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pdns-recursor $as_me 4.7.1, which was
+It was created by pdns-recursor $as_me 4.7.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3437,7 +3437,7 @@
# Define the identity of the package.
PACKAGE='pdns-recursor'
- VERSION='4.7.1'
+ VERSION='4.7.2'
cat >>confdefs.h <<_ACEOF
@@ -28230,7 +28230,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by pdns-recursor $as_me 4.7.1, which was
+This file was extended by pdns-recursor $as_me 4.7.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -28296,7 +28296,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-pdns-recursor config.status 4.7.1
+pdns-recursor config.status 4.7.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/configure.ac
new/pdns-recursor-4.7.2/configure.ac
--- old/pdns-recursor-4.7.1/configure.ac 2022-07-07 09:02:53.000000000
+0200
+++ new/pdns-recursor-4.7.2/configure.ac 2022-08-10 16:07:49.000000000
+0200
@@ -1,6 +1,6 @@
AC_PREREQ([2.69])
-AC_INIT([pdns-recursor], [4.7.1])
+AC_INIT([pdns-recursor], [4.7.2])
AC_CONFIG_AUX_DIR([build-aux])
AM_INIT_AUTOMAKE([foreign dist-bzip2 no-dist-gzip tar-ustar -Wno-portability
subdir-objects parallel-tests 1.11])
AM_SILENT_RULES([yes])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/effective_tld_names.dat
new/pdns-recursor-4.7.2/effective_tld_names.dat
--- old/pdns-recursor-4.7.1/effective_tld_names.dat 2022-07-07
09:04:37.000000000 +0200
+++ new/pdns-recursor-4.7.2/effective_tld_names.dat 2022-08-10
16:09:39.000000000 +0200
@@ -1344,18 +1344,47 @@
// Please note, that nic.in is not an official eTLD, but used by most
// government institutions.
in
+5g.in
+6g.in
+ac.in
+ai.in
+am.in
+bihar.in
+biz.in
+business.in
+ca.in
+cn.in
co.in
+com.in
+coop.in
+cs.in
+delhi.in
+dr.in
+edu.in
+er.in
firm.in
-net.in
-org.in
gen.in
+gov.in
+gujarat.in
ind.in
+info.in
+int.in
+internet.in
+io.in
+me.in
+mil.in
+net.in
nic.in
-ac.in
-edu.in
+org.in
+pg.in
+post.in
+pro.in
res.in
-gov.in
-mil.in
+travel.in
+tv.in
+uk.in
+up.in
+us.in
// info : https://en.wikipedia.org/wiki/.info
info
@@ -7130,7 +7159,7 @@
// newGTLDs
-// List of new gTLDs imported from
https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on
2022-07-03T15:13:53Z
+// List of new gTLDs imported from
https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on
2022-07-28T15:14:54Z
// This list is auto-generated, don't edit it manually.
// aaa : 2015-02-26 American Automobile Association, Inc.
aaa
@@ -8779,7 +8808,7 @@
// lasalle : 2015-04-02 Jones Lang LaSalle Incorporated
lasalle
-// lat : 2014-10-16 ECOM-LAC Federaci??n de Latinoam??rica y el Caribe para
Internet y el Comercio Electr??nico
+// lat : 2014-10-16 XYZ.COM LLC
lat
// latino : 2015-07-30 Dish DBS Corporation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/pdns_recursor.1
new/pdns-recursor-4.7.2/pdns_recursor.1
--- old/pdns-recursor-4.7.1/pdns_recursor.1 2022-07-07 09:04:36.000000000
+0200
+++ new/pdns-recursor-4.7.2/pdns_recursor.1 2022-08-10 16:09:39.000000000
+0200
@@ -27,7 +27,7 @@
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
-.TH "PDNS_RECURSOR" "1" "Jul 07, 2022" "" "PowerDNS Recursor"
+.TH "PDNS_RECURSOR" "1" "Aug 10, 2022" "" "PowerDNS Recursor"
.SH NAME
pdns_recursor \- The PowerDNS Recursor binary
.SH SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/pdns_recursor.cc
new/pdns-recursor-4.7.2/pdns_recursor.cc
--- old/pdns-recursor-4.7.1/pdns_recursor.cc 2022-07-07 09:02:07.000000000
+0200
+++ new/pdns-recursor-4.7.2/pdns_recursor.cc 2022-08-10 14:28:26.000000000
+0200
@@ -1315,7 +1315,12 @@
#endif /* NOD ENABLED */
if (t_protobufServers) {
- pbMessage.addRR(*i, luaconfsLocal->protobufExportConfig.exportTypes,
udr);
+ // Max size is 64k, but we're conservative here, as other fields are
added after the answers have been added
+ // If a single answer causes a too big protobuf message, it wil be
dropped by queueData()
+ // But note addRR has code to prevent that
+ if (pbMessage.size() < std::numeric_limits<uint16_t>::max() / 2) {
+ pbMessage.addRR(*i,
luaconfsLocal->protobufExportConfig.exportTypes, udr);
+ }
}
}
if (needCommit)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/pubsuffix.cc
new/pdns-recursor-4.7.2/pubsuffix.cc
--- old/pdns-recursor-4.7.1/pubsuffix.cc 2022-07-07 09:04:37.000000000
+0200
+++ new/pdns-recursor-4.7.2/pubsuffix.cc 2022-08-10 16:09:39.000000000
+0200
@@ -900,18 +900,47 @@
"plc.co.im",
"tt.im",
"tv.im",
+"5g.in",
+"6g.in",
+"ac.in",
+"ai.in",
+"am.in",
+"bihar.in",
+"biz.in",
+"business.in",
+"ca.in",
+"cn.in",
"co.in",
+"com.in",
+"coop.in",
+"cs.in",
+"delhi.in",
+"dr.in",
+"edu.in",
+"er.in",
"firm.in",
-"net.in",
-"org.in",
"gen.in",
+"gov.in",
+"gujarat.in",
"ind.in",
+"info.in",
+"int.in",
+"internet.in",
+"io.in",
+"me.in",
+"mil.in",
+"net.in",
"nic.in",
-"ac.in",
-"edu.in",
+"org.in",
+"pg.in",
+"post.in",
+"pro.in",
"res.in",
-"gov.in",
-"mil.in",
+"travel.in",
+"tv.in",
+"uk.in",
+"up.in",
+"us.in",
"eu.int",
"com.io",
"gov.iq",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/rec-protozero.cc
new/pdns-recursor-4.7.2/rec-protozero.cc
--- old/pdns-recursor-4.7.1/rec-protozero.cc 2022-06-17 21:20:39.000000000
+0200
+++ new/pdns-recursor-4.7.2/rec-protozero.cc 2022-08-10 14:29:01.000000000
+0200
@@ -41,6 +41,12 @@
pbf_rr.add_uint32(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::class_),
record.d_class);
pbf_rr.add_uint32(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::ttl),
record.d_ttl);
+ auto add = [&](const std::string& str) {
+ if (size() + str.length() < std::numeric_limits<uint16_t>::max() / 2) {
+
pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata),
str);
+ }
+ };
+
switch (record.d_type) {
case QType::A: {
const auto& content = dynamic_cast<const
ARecordContent&>(*(record.d_content));
@@ -56,37 +62,37 @@
}
case QType::CNAME: {
const auto& content = dynamic_cast<const
CNAMERecordContent&>(*(record.d_content));
-
pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata),
content.getTarget().toString());
+ add(content.getTarget().toString());
break;
}
case QType::TXT: {
const auto& content = dynamic_cast<const
TXTRecordContent&>(*(record.d_content));
-
pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata),
content.d_text);
+ add(content.d_text);
break;
}
case QType::NS: {
const auto& content = dynamic_cast<const
NSRecordContent&>(*(record.d_content));
-
pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata),
content.getNS().toString());
+ add(content.getNS().toString());
break;
}
case QType::PTR: {
const auto& content = dynamic_cast<const
PTRRecordContent&>(*(record.d_content));
-
pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata),
content.getContent().toString());
+ add(content.getContent().toString());
break;
}
case QType::MX: {
const auto& content = dynamic_cast<const
MXRecordContent&>(*(record.d_content));
-
pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata),
content.d_mxname.toString());
+ add(content.d_mxname.toString());
break;
}
case QType::SPF: {
const auto& content = dynamic_cast<const
SPFRecordContent&>(*(record.d_content));
-
pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata),
content.getText());
+ add(content.getText());
break;
}
case QType::SRV: {
const auto& content = dynamic_cast<const
SRVRecordContent&>(*(record.d_content));
-
pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata),
content.d_target.toString());
+ add(content.d_target.toString());
break;
}
default:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/rec-protozero.hh
new/pdns-recursor-4.7.2/rec-protozero.hh
--- old/pdns-recursor-4.7.1/rec-protozero.hh 2022-06-17 21:20:39.000000000
+0200
+++ new/pdns-recursor-4.7.2/rec-protozero.hh 2022-08-10 14:29:09.000000000
+0200
@@ -92,6 +92,10 @@
return d_rspbuf;
}
+ [[nodiscard]] size_t size() const
+ {
+ return d_msgbuf.size() + d_rspbuf.size();
+ }
std::string&& finishAndMoveBuf()
{
if (!d_rspbuf.empty()) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/rec_control.1
new/pdns-recursor-4.7.2/rec_control.1
--- old/pdns-recursor-4.7.1/rec_control.1 2022-07-07 09:04:36.000000000
+0200
+++ new/pdns-recursor-4.7.2/rec_control.1 2022-08-10 16:09:39.000000000
+0200
@@ -27,7 +27,7 @@
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
-.TH "REC_CONTROL" "1" "Jul 07, 2022" "" "PowerDNS Recursor"
+.TH "REC_CONTROL" "1" "Aug 10, 2022" "" "PowerDNS Recursor"
.SH NAME
rec_control \- Command line tool to control a running Recursor
.SH SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.7.1/remote_logger.cc
new/pdns-recursor-4.7.2/remote_logger.cc
--- old/pdns-recursor-4.7.1/remote_logger.cc 2022-07-07 09:02:07.000000000
+0200
+++ new/pdns-recursor-4.7.2/remote_logger.cc 2022-08-10 14:29:09.000000000
+0200
@@ -132,7 +132,13 @@
void RemoteLogger::queueData(const std::string& data)
{
if (data.size() > std::numeric_limits<uint16_t>::max()) {
- throw std::runtime_error("Got a request to write an object of size " +
std::to_string(data.size()));
+ const auto msg = "Not sending too large protobuf message";
+#ifdef WE_ARE_RECURSOR
+ g_log<<Logger::Info<<msg<<endl;
+#else
+ warnlog(msg);
+#endif
+ return;
}
auto runtime = d_runtime.lock();
