mirror of
https://github.com/openwrt/packages.git
synced 2025-12-24 06:18:21 +04:00
f62f2ecca8
Fixes CVEs: - CVE-2024-1975: remove sig 0 support - CVE-2024-4076: qctx-zversion was not being cleared when it should have been leading to an assertion failure if it needed to be reused. - CVE-2024-1737: An excessively large number of rrtypes per owner can slow down database query processing, so a limit has been placed on the number of rrtypes that can be stored per owner (node) in a cache or zone database. This is configured with the new "max-rrtypes-per-name" option, and defaults to 100. - CVE-2024-1737: Excessively large rdatasets can slow down database query processing, so a limit has been placed on the number of records that can be stored per rdataset in a cache or zone database. This is configured with the new "max-records-per-type" option, and defaults to 100. - CVE-2024-0760: Malicious DNS client that sends many queries over TCP but never reads responses can cause server to respond slowly or not respond at all for other clients. Signed-off-by: Noah Meyerhans <frodo@morgul.net>