dnscrypt-proxy: Malformed packets could cause the OpenDNS deviceid, OpenDNS set-client-ip, blocking and AAAA blocking plugins to use uninitialized pointers, leading to a denial of service or possibly code execution.

[iamGavinJ (GΛVĪN)]

According to (​https://github.com/jedisct1/dnscrypt-proxy/releases/tag/1.6.1)

Malformed packets could cause the OpenDNS deviceid, OpenDNS set-client-ip, blocking and AAAA blocking plugins to use uninitialized pointers, leading to a denial of service or possibly code execution.

The vulnerable code is present since dnscrypt-proxy 1.1.0.

OpenDNS users and people using dnscrypt-proxy in order to block domain names and IP addresses should upgrade as soon as possible.

Please update the port when possible. Thanks.

[ryandesign (Ryan Carsten Schmidt)]

Thanks. In future, please remember to put the port name in the ticket summary; Cc the maintainer of the port so they're notified; attach a unified diff of your changes instead of a complete new portfile, and use the haspatch keyword to indicate that you've done so; respect the existing whitespace of the portfile (in this case, use spaces not tabs); and don't leave commented-out code.

I'm attaching a diff making these changes. Marius, does this look ok?

[Schamschula (Marius Schamschula)]

Ryan,

Sorry about that. I just opened a duplicate #50544 with the update to version 1.6.1. I tend to run livecheck before I read my email…

I was not aware of the change in the startupitem.executable options, but they do make sense to me.

[ryandesign (Ryan Carsten Schmidt)]

I do that too. Committed in r145404.