Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pdns-recursor for openSUSE:Factory checked in at 2022-08-24 15:11:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pdns-recursor (Old) and /work/SRC/openSUSE:Factory/.pdns-recursor.new.2083 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pdns-recursor" Wed Aug 24 15:11:39 2022 rev:56 rq:998985 version:4.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/pdns-recursor/pdns-recursor.changes 2022-07-09 17:05:37.824933258 +0200 +++ /work/SRC/openSUSE:Factory/.pdns-recursor.new.2083/pdns-recursor.changes 2022-08-24 15:12:01.960554860 +0200 @@ -1,0 +2,7 @@ +Tue Aug 23 14:11:52 UTC 2022 - Michael Str??der <mich...@stroeder.com> + +- update to 4.7.2 + * incomplete exception handling related to protobuf message generation. + (CVE-2022-37428, bsc#1202664) + +------------------------------------------------------------------- Old: ---- pdns-recursor-4.7.1.tar.bz2 pdns-recursor-4.7.1.tar.bz2.sig New: ---- pdns-recursor-4.7.2.tar.bz2 pdns-recursor-4.7.2.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pdns-recursor.spec ++++++ --- /var/tmp/diff_new_pack.qgdZNn/_old 2022-08-24 15:12:02.532555413 +0200 +++ /var/tmp/diff_new_pack.qgdZNn/_new 2022-08-24 15:12:02.536555416 +0200 @@ -25,7 +25,7 @@ %endif Name: pdns-recursor -Version: 4.7.1 +Version: 4.7.2 Release: 0 BuildRequires: autoconf BuildRequires: automake ++++++ pdns-recursor-4.7.1.tar.bz2 -> pdns-recursor-4.7.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/configure new/pdns-recursor-4.7.2/configure --- old/pdns-recursor-4.7.1/configure 2022-07-07 09:03:04.000000000 +0200 +++ new/pdns-recursor-4.7.2/configure 2022-08-10 16:08:03.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for pdns-recursor 4.7.1. +# Generated by GNU Autoconf 2.69 for pdns-recursor 4.7.2. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='pdns-recursor' PACKAGE_TARNAME='pdns-recursor' -PACKAGE_VERSION='4.7.1' -PACKAGE_STRING='pdns-recursor 4.7.1' +PACKAGE_VERSION='4.7.2' +PACKAGE_STRING='pdns-recursor 4.7.2' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1552,7 +1552,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pdns-recursor 4.7.1 to adapt to many kinds of systems. +\`configure' configures pdns-recursor 4.7.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1623,7 +1623,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pdns-recursor 4.7.1:";; + short | recursive ) echo "Configuration of pdns-recursor 4.7.2:";; esac cat <<\_ACEOF @@ -1810,7 +1810,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pdns-recursor configure 4.7.1 +pdns-recursor configure 4.7.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2569,7 +2569,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pdns-recursor $as_me 4.7.1, which was +It was created by pdns-recursor $as_me 4.7.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3437,7 +3437,7 @@ # Define the identity of the package. PACKAGE='pdns-recursor' - VERSION='4.7.1' + VERSION='4.7.2' cat >>confdefs.h <<_ACEOF @@ -28230,7 +28230,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pdns-recursor $as_me 4.7.1, which was +This file was extended by pdns-recursor $as_me 4.7.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -28296,7 +28296,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -pdns-recursor config.status 4.7.1 +pdns-recursor config.status 4.7.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/configure.ac new/pdns-recursor-4.7.2/configure.ac --- old/pdns-recursor-4.7.1/configure.ac 2022-07-07 09:02:53.000000000 +0200 +++ new/pdns-recursor-4.7.2/configure.ac 2022-08-10 16:07:49.000000000 +0200 @@ -1,6 +1,6 @@ AC_PREREQ([2.69]) -AC_INIT([pdns-recursor], [4.7.1]) +AC_INIT([pdns-recursor], [4.7.2]) AC_CONFIG_AUX_DIR([build-aux]) AM_INIT_AUTOMAKE([foreign dist-bzip2 no-dist-gzip tar-ustar -Wno-portability subdir-objects parallel-tests 1.11]) AM_SILENT_RULES([yes]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/effective_tld_names.dat new/pdns-recursor-4.7.2/effective_tld_names.dat --- old/pdns-recursor-4.7.1/effective_tld_names.dat 2022-07-07 09:04:37.000000000 +0200 +++ new/pdns-recursor-4.7.2/effective_tld_names.dat 2022-08-10 16:09:39.000000000 +0200 @@ -1344,18 +1344,47 @@ // Please note, that nic.in is not an official eTLD, but used by most // government institutions. in +5g.in +6g.in +ac.in +ai.in +am.in +bihar.in +biz.in +business.in +ca.in +cn.in co.in +com.in +coop.in +cs.in +delhi.in +dr.in +edu.in +er.in firm.in -net.in -org.in gen.in +gov.in +gujarat.in ind.in +info.in +int.in +internet.in +io.in +me.in +mil.in +net.in nic.in -ac.in -edu.in +org.in +pg.in +post.in +pro.in res.in -gov.in -mil.in +travel.in +tv.in +uk.in +up.in +us.in // info : https://en.wikipedia.org/wiki/.info info @@ -7130,7 +7159,7 @@ // newGTLDs -// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2022-07-03T15:13:53Z +// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2022-07-28T15:14:54Z // This list is auto-generated, don't edit it manually. // aaa : 2015-02-26 American Automobile Association, Inc. aaa @@ -8779,7 +8808,7 @@ // lasalle : 2015-04-02 Jones Lang LaSalle Incorporated lasalle -// lat : 2014-10-16 ECOM-LAC Federaci??n de Latinoam??rica y el Caribe para Internet y el Comercio Electr??nico +// lat : 2014-10-16 XYZ.COM LLC lat // latino : 2015-07-30 Dish DBS Corporation diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/pdns_recursor.1 new/pdns-recursor-4.7.2/pdns_recursor.1 --- old/pdns-recursor-4.7.1/pdns_recursor.1 2022-07-07 09:04:36.000000000 +0200 +++ new/pdns-recursor-4.7.2/pdns_recursor.1 2022-08-10 16:09:39.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "PDNS_RECURSOR" "1" "Jul 07, 2022" "" "PowerDNS Recursor" +.TH "PDNS_RECURSOR" "1" "Aug 10, 2022" "" "PowerDNS Recursor" .SH NAME pdns_recursor \- The PowerDNS Recursor binary .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/pdns_recursor.cc new/pdns-recursor-4.7.2/pdns_recursor.cc --- old/pdns-recursor-4.7.1/pdns_recursor.cc 2022-07-07 09:02:07.000000000 +0200 +++ new/pdns-recursor-4.7.2/pdns_recursor.cc 2022-08-10 14:28:26.000000000 +0200 @@ -1315,7 +1315,12 @@ #endif /* NOD ENABLED */ if (t_protobufServers) { - pbMessage.addRR(*i, luaconfsLocal->protobufExportConfig.exportTypes, udr); + // Max size is 64k, but we're conservative here, as other fields are added after the answers have been added + // If a single answer causes a too big protobuf message, it wil be dropped by queueData() + // But note addRR has code to prevent that + if (pbMessage.size() < std::numeric_limits<uint16_t>::max() / 2) { + pbMessage.addRR(*i, luaconfsLocal->protobufExportConfig.exportTypes, udr); + } } } if (needCommit) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/pubsuffix.cc new/pdns-recursor-4.7.2/pubsuffix.cc --- old/pdns-recursor-4.7.1/pubsuffix.cc 2022-07-07 09:04:37.000000000 +0200 +++ new/pdns-recursor-4.7.2/pubsuffix.cc 2022-08-10 16:09:39.000000000 +0200 @@ -900,18 +900,47 @@ "plc.co.im", "tt.im", "tv.im", +"5g.in", +"6g.in", +"ac.in", +"ai.in", +"am.in", +"bihar.in", +"biz.in", +"business.in", +"ca.in", +"cn.in", "co.in", +"com.in", +"coop.in", +"cs.in", +"delhi.in", +"dr.in", +"edu.in", +"er.in", "firm.in", -"net.in", -"org.in", "gen.in", +"gov.in", +"gujarat.in", "ind.in", +"info.in", +"int.in", +"internet.in", +"io.in", +"me.in", +"mil.in", +"net.in", "nic.in", -"ac.in", -"edu.in", +"org.in", +"pg.in", +"post.in", +"pro.in", "res.in", -"gov.in", -"mil.in", +"travel.in", +"tv.in", +"uk.in", +"up.in", +"us.in", "eu.int", "com.io", "gov.iq", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/rec-protozero.cc new/pdns-recursor-4.7.2/rec-protozero.cc --- old/pdns-recursor-4.7.1/rec-protozero.cc 2022-06-17 21:20:39.000000000 +0200 +++ new/pdns-recursor-4.7.2/rec-protozero.cc 2022-08-10 14:29:01.000000000 +0200 @@ -41,6 +41,12 @@ pbf_rr.add_uint32(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::class_), record.d_class); pbf_rr.add_uint32(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::ttl), record.d_ttl); + auto add = [&](const std::string& str) { + if (size() + str.length() < std::numeric_limits<uint16_t>::max() / 2) { + pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata), str); + } + }; + switch (record.d_type) { case QType::A: { const auto& content = dynamic_cast<const ARecordContent&>(*(record.d_content)); @@ -56,37 +62,37 @@ } case QType::CNAME: { const auto& content = dynamic_cast<const CNAMERecordContent&>(*(record.d_content)); - pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata), content.getTarget().toString()); + add(content.getTarget().toString()); break; } case QType::TXT: { const auto& content = dynamic_cast<const TXTRecordContent&>(*(record.d_content)); - pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata), content.d_text); + add(content.d_text); break; } case QType::NS: { const auto& content = dynamic_cast<const NSRecordContent&>(*(record.d_content)); - pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata), content.getNS().toString()); + add(content.getNS().toString()); break; } case QType::PTR: { const auto& content = dynamic_cast<const PTRRecordContent&>(*(record.d_content)); - pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata), content.getContent().toString()); + add(content.getContent().toString()); break; } case QType::MX: { const auto& content = dynamic_cast<const MXRecordContent&>(*(record.d_content)); - pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata), content.d_mxname.toString()); + add(content.d_mxname.toString()); break; } case QType::SPF: { const auto& content = dynamic_cast<const SPFRecordContent&>(*(record.d_content)); - pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata), content.getText()); + add(content.getText()); break; } case QType::SRV: { const auto& content = dynamic_cast<const SRVRecordContent&>(*(record.d_content)); - pbf_rr.add_string(static_cast<protozero::pbf_tag_type>(pdns::ProtoZero::Message::RRField::rdata), content.d_target.toString()); + add(content.d_target.toString()); break; } default: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/rec-protozero.hh new/pdns-recursor-4.7.2/rec-protozero.hh --- old/pdns-recursor-4.7.1/rec-protozero.hh 2022-06-17 21:20:39.000000000 +0200 +++ new/pdns-recursor-4.7.2/rec-protozero.hh 2022-08-10 14:29:09.000000000 +0200 @@ -92,6 +92,10 @@ return d_rspbuf; } + [[nodiscard]] size_t size() const + { + return d_msgbuf.size() + d_rspbuf.size(); + } std::string&& finishAndMoveBuf() { if (!d_rspbuf.empty()) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/rec_control.1 new/pdns-recursor-4.7.2/rec_control.1 --- old/pdns-recursor-4.7.1/rec_control.1 2022-07-07 09:04:36.000000000 +0200 +++ new/pdns-recursor-4.7.2/rec_control.1 2022-08-10 16:09:39.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "REC_CONTROL" "1" "Jul 07, 2022" "" "PowerDNS Recursor" +.TH "REC_CONTROL" "1" "Aug 10, 2022" "" "PowerDNS Recursor" .SH NAME rec_control \- Command line tool to control a running Recursor .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-recursor-4.7.1/remote_logger.cc new/pdns-recursor-4.7.2/remote_logger.cc --- old/pdns-recursor-4.7.1/remote_logger.cc 2022-07-07 09:02:07.000000000 +0200 +++ new/pdns-recursor-4.7.2/remote_logger.cc 2022-08-10 14:29:09.000000000 +0200 @@ -132,7 +132,13 @@ void RemoteLogger::queueData(const std::string& data) { if (data.size() > std::numeric_limits<uint16_t>::max()) { - throw std::runtime_error("Got a request to write an object of size " + std::to_string(data.size())); + const auto msg = "Not sending too large protobuf message"; +#ifdef WE_ARE_RECURSOR + g_log<<Logger::Info<<msg<<endl; +#else + warnlog(msg); +#endif + return; } auto runtime = d_runtime.lock();