Bug 269116

Summary: dns/powerdns-recursor: update to 4.8.1 (fixes CVE-2023-22617)
Product: Ports & Packages Reporter: Ralf van der Enden <tremere>
Component: Individual Port(s)Assignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Many People CC: fernape, ports-secteam
Priority: --- Keywords: security
Version: LatestFlags: fernape: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://docs.powerdns.com/recursor/changelog/4.8.html#change-4.8.1
Attachments:
Description Flags
Update to PowerDNS Recursor 4.8.1
tremere: maintainer-approval+
Add entry to VuXML for PowerDNS Recursor tremere: maintainer-approval?

Description Ralf van der Enden 2023-01-23 14:26:49 UTC 
Created attachment 239658 [details]
Update to PowerDNS Recursor 4.8.1

This release fixes CVE-2023-22617 (see URL) and only that.

Q&A:
poudriere: testport ok (13.1-RELEASE;amd64;)
Makefile portclippy/portmft processed
Comment 1 Ralf van der Enden 2023-01-23 14:27:35 UTC 
Created attachment 239659 [details]
Add entry to VuXML for PowerDNS Recursor
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2023-01-23 17:17:53 UTC 
Thank you very much for the VuXML entry!
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-01-24 06:49:12 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2c4784a7609ff0ef908af4e533c178ca3fa026d1

commit 2c4784a7609ff0ef908af4e533c178ca3fa026d1
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2023-01-23 17:07:40 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-24 06:43:57 +0000

    dns/powerdns-recursor: update to 4.8.1 (fixes CVE-2023-22617)

    ChangeLog: https://docs.powerdns.com/recursor/changelog/4.8.html#change-4.8.1

    Avoid unbounded recursion when retrieving DS records from some misconfigured
    domains.

    PR:             269116
    Reported by:    tremere@cainites.net (maintainer)
    MFH:            2023Q1 (security fix)
    Security:       CVE-2023-22617

 dns/powerdns-recursor/Makefile | 3 +--
 dns/powerdns-recursor/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-01-24 06:50:13 UTC 
A commit in branch 2023Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=08389f09e4b24c0ee05de9eabffa3eb9e45e392e

commit 08389f09e4b24c0ee05de9eabffa3eb9e45e392e
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2023-01-23 17:07:40 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-24 06:45:55 +0000

    dns/powerdns-recursor: update to 4.8.1 (fixes CVE-2023-22617)

    ChangeLog: https://docs.powerdns.com/recursor/changelog/4.8.html#change-4.8.1

    Avoid unbounded recursion when retrieving DS records from some misconfigured
    domains.

    PR:             269116
    Reported by:    tremere@cainites.net (maintainer)
    MFH:            2023Q1 (security fix)
    Security:       CVE-2023-22617

    (cherry picked from commit 2c4784a7609ff0ef908af4e533c178ca3fa026d1)

 dns/powerdns-recursor/Makefile | 2 +-
 dns/powerdns-recursor/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2023-01-24 06:51:14 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6ce46aad1724ae98a6aad1a9789389893eab4252

commit 6ce46aad1724ae98a6aad1a9789389893eab4252
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2023-01-23 17:12:27 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-01-24 06:46:41 +0000

    security/vuxml: register dns/powerdns-recursor vulnerability

    CVE-2023-22617

    PR:     269116

 security/vuxml/vuln/2023.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
Comment 6 Fernando Apesteguía freebsd_committer freebsd_triage 2023-01-24 06:51:32 UTC 
Committed and merged to 2023Q1,

Thanks!