microsoft
diff --git a/‎SPECS/coredns/CVE-2024-53259.patch‎
Lines changed: 28 additions & 0 deletions b/‎SPECS/coredns/CVE-2024-53259.patch‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎SPECS/coredns/coredns.spec‎
Lines changed: 5 additions & 1 deletion b/‎SPECS/coredns/coredns.spec‎
Lines changed: 5 additions & 1 deletion
@@ -0,0 +1,28 @@
+From 9b14032d7df3bf7ff702748cdaed1bfcc01e7c0e Mon Sep 17 00:00:00 2001
+From: Mayank Singh <mayansingh@microsoft.com>
+Date: Wed, 19 Mar 2025 07:38:43 +0000
+Subject: [PATCH] Address CVE-2024-53259
+Upstream Reference Link: https://github.com/quic-go/quic-go/pull/4729
+
+---
+ vendor/github.com/quic-go/quic-go/sys_conn_df_linux.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/vendor/github.com/quic-go/quic-go/sys_conn_df_linux.go b/vendor/github.com/quic-go/quic-go/sys_conn_df_linux.go
+index 199f634..0899360 100644
+--- a/vendor/github.com/quic-go/quic-go/sys_conn_df_linux.go
++++ b/vendor/github.com/quic-go/quic-go/sys_conn_df_linux.go
+@@ -20,8 +20,8 @@ func setDF(rawConn syscall.RawConn) (bool, error) {
+ 	// and the datagram will not be fragmented
+ 	var errDFIPv4, errDFIPv6 error
+ 	if err := rawConn.Control(func(fd uintptr) {
+-		errDFIPv4 = unix.SetsockoptInt(int(fd), unix.IPPROTO_IP, unix.IP_MTU_DISCOVER, unix.IP_PMTUDISC_DO)
+-		errDFIPv6 = unix.SetsockoptInt(int(fd), unix.IPPROTO_IPV6, unix.IPV6_MTU_DISCOVER, unix.IPV6_PMTUDISC_DO)
++		errDFIPv4 = unix.SetsockoptInt(int(fd), unix.IPPROTO_IP, unix.IP_MTU_DISCOVER, unix.IP_PMTUDISC_PROBE)
++		errDFIPv6 = unix.SetsockoptInt(int(fd), unix.IPPROTO_IPV6, unix.IPV6_MTU_DISCOVER, unix.IPV6_PMTUDISC_PROBE)
+ 	}); err != nil {
+ 		return false, err
+ 	}
+-- 
+2.45.3
+
@@ -3,7 +3,7 @@
 Summary:        Fast and flexible DNS server
 Name:           coredns
 Version:        1.11.1
-Release:        14%{?dist}
+Release:        15%{?dist}
 License:        Apache License 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -41,6 +41,7 @@ Patch7:         CVE-2025-22868.patch
 # Patch to fix the package test suite due to external akamai update
 # https://github.com/coredns/coredns/commit/d8ecde1080e7cbbeb98257ba4e03a271f16b4cd9
 Patch8:         coredns-example-net-test.patch
+Patch9:         CVE-2024-53259.patch
 
 BuildRequires:  msft-golang
 
@@ -79,6 +80,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} %{name}
 %{_bindir}/%{name}
 
 %changelog
+* Wed Mar 19 2025 Mayank Singh <mayansingh@microsoft.com> - 1.11.1-15
+- Fix CVE-2024-53259 with an upstream patch
+
 * Mon Mar 03 2025 Sam Meluch <sammeluch@microsoft.com> - 1.11.1-14
 - Fix package test with upstream patch