python-dns/backport-002-CVE-2023-29483.patch

From 5a441b9854425c4e23abb8f91973361fe8401e33 Mon Sep 17 00:00:00 2001
From: Bob Halley <halley@dnspython.org>
Date: Fri, 16 Feb 2024 05:47:35 -0800
Subject: [PATCH] For the Tudoor fix, we also need the UDP nameserver to
 ignore_unexpected.

Conflict: change filename and function because of refactoring
Reference:https://github.com/rthalley/dnspython/commit/5a441b9854425c4e23abb8f91973361fe8401e33
---
 dns/asyncresolver.py | 3 ++-
 dns/resolver.py      | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/dns/asyncresolver.py b/dns/asyncresolver.py
index 5c8fa8a..1e66e08 100644
--- a/dns/asyncresolver.py
+++ b/dns/asyncresolver.py
@@ -86,7 +86,8 @@ class Resolver(dns.resolver.BaseResolver):
                                                   source, source_port,
                                                   raise_on_truncation=True,
                                                   backend=backend,
-                                                  ignore_errors=True)
+                                                  ignore_errors=True,
+                                                  ignore_unexpected=True)
                     else:
                         response = await dns.asyncquery.https(request,
                                                               nameserver,
diff --git a/dns/resolver.py b/dns/resolver.py
index d3769a0..9c50361 100644
--- a/dns/resolver.py
+++ b/dns/resolver.py
@@ -1081,7 +1081,8 @@ class Resolver(BaseResolver):
                                                      source=source,
                                                      source_port=source_port,
                                                      raise_on_truncation=True,
-                                                     ignore_errors=True)
+                                                     ignore_errors=True,
+                                                     ignore_unexpected=True)
                     else:
                         response = dns.query.https(request, nameserver,
                                                    timeout=timeout)
-- 
2.33.0
fix CVE-2023-29483 2024-07-24 08:05:43 +00:00			`From 5a441b9854425c4e23abb8f91973361fe8401e33 Mon Sep 17 00:00:00 2001`
			`From: Bob Halley <halley@dnspython.org>`
			`Date: Fri, 16 Feb 2024 05:47:35 -0800`
			`Subject: [PATCH] For the Tudoor fix, we also need the UDP nameserver to`
			`ignore_unexpected.`

			`Conflict: change filename and function because of refactoring`
			`Reference:https://github.com/rthalley/dnspython/commit/5a441b9854425c4e23abb8f91973361fe8401e33`
			`---`
			`dns/asyncresolver.py \| 3 ++-`
			`dns/resolver.py \| 3 ++-`
			`2 files changed, 4 insertions(+), 2 deletions(-)`

			`diff --git a/dns/asyncresolver.py b/dns/asyncresolver.py`
			`index 5c8fa8a..1e66e08 100644`
			`--- a/dns/asyncresolver.py`
			`+++ b/dns/asyncresolver.py`
			`@@ -86,7 +86,8 @@ class Resolver(dns.resolver.BaseResolver):`
			`source, source_port,`
			`raise_on_truncation=True,`
			`backend=backend,`
			`- ignore_errors=True)`
			`+ ignore_errors=True,`
			`+ ignore_unexpected=True)`
			`else:`
			`response = await dns.asyncquery.https(request,`
			`nameserver,`
			`diff --git a/dns/resolver.py b/dns/resolver.py`
			`index d3769a0..9c50361 100644`
			`--- a/dns/resolver.py`
			`+++ b/dns/resolver.py`
			`@@ -1081,7 +1081,8 @@ class Resolver(BaseResolver):`
			`source=source,`
			`source_port=source_port,`
			`raise_on_truncation=True,`
			`- ignore_errors=True)`
			`+ ignore_errors=True,`
			`+ ignore_unexpected=True)`
			`else:`
			`response = dns.query.https(request, nameserver,`
			`timeout=timeout)`
			`--`
			`2.33.0`