Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 15 Mar 2024 12:37:50 GMT
From:      Dan Langille <dvl@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: cad815552953 - main - dns/unbound: Update to unbound 1.19.3
Message-ID:  <202403151237.42FCboPI060309@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by dvl:

URL: https://cgit.FreeBSD.org/ports/commit/?id=cad815552953aeb16257949d564a663705d2ce67

commit cad815552953aeb16257949d564a663705d2ce67
Author:     Jaap Akkerhuis <jaap@NLnetLabs.nl>
AuthorDate: 2024-03-14 13:00:53 +0000
Commit:     Dan Langille <dvl@FreeBSD.org>
CommitDate: 2024-03-15 12:29:31 +0000

    dns/unbound: Update to unbound 1.19.3
    
    This release has a number of bug fixes. The CNAME synthesized for a
    DNAME record uses the original TTL, of the DNAME record, and that means
    it can be cached for the TTL, instead of 0.
    
    There is a fix that when a message was stored in cache, but one of the
    RRsets was not updated due to cache policy, it now restricts the message
    TTL if the cache version of the RRset has a shorter TTL. It avoids a
    bug where the message is not expired, but its contents is expired.
    
    For dnstap, it logs type DoH and DoT correctly, if that is used for
    the message.
    
    The b.root-servers.net address is updated in the default root hints.
    
    When performing retries for failed sends, a retry at a smaller UDP size
    is now not performed when that attempt is not actually smaller, and at
    defaults, since the flag day changes, it is the same size. This makes
    it skip the step, it is useless because there is no reduction in size.
    
    Clients with a valid DNS Cookie will bypass the ratelimit, if one is
    set. The value from ip-ratelimit-cookie is used for these queries.
    
    Furthermore there is a fix to make correct EDE Prohibited answers for
    access control denials, and a fix for EDNS client subnet scope zero
    answers.
    
    For more details, see
    https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.3
    PR:             277686
    Security:       c2ad8700-de25-11ee-9190-84a93843eb75
---
 dns/unbound/Makefile         |  2 +-
 dns/unbound/distinfo         |  6 +++---
 dns/unbound/pkg-plist        |  2 +-
 security/vuxml/vuln/2024.xml | 26 ++++++++++++++++++++++++++
 4 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile
index 4ae9d9af2629..d44f32a56335 100644
--- a/dns/unbound/Makefile
+++ b/dns/unbound/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	unbound
-DISTVERSION=	1.19.1
+DISTVERSION=	1.19.3
 CATEGORIES=	dns
 MASTER_SITES=	https://www.nlnetlabs.nl/downloads/unbound/
 
diff --git a/dns/unbound/distinfo b/dns/unbound/distinfo
index 885164c792f0..e562c6066e68 100644
--- a/dns/unbound/distinfo
+++ b/dns/unbound/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1707886312
-SHA256 (unbound-1.19.1.tar.gz) = bc1d576f3dd846a0739adc41ffaa702404c6767d2b6082deb9f2f97cbb24a3a9
-SIZE (unbound-1.19.1.tar.gz) = 6340435
+TIMESTAMP = 1710413556
+SHA256 (unbound-1.19.3.tar.gz) = 3ae322be7dc2f831603e4b0391435533ad5861c2322e34a76006a9fb65eb56b9
+SIZE (unbound-1.19.3.tar.gz) = 6338685
diff --git a/dns/unbound/pkg-plist b/dns/unbound/pkg-plist
index fc24817f9c01..d4ba63f60c07 100644
--- a/dns/unbound/pkg-plist
+++ b/dns/unbound/pkg-plist
@@ -5,7 +5,7 @@ libdata/pkgconfig/libunbound.pc
 lib/libunbound.a
 lib/libunbound.so
 lib/libunbound.so.8
-lib/libunbound.so.8.1.24
+lib/libunbound.so.8.1.26
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/_unbound.so
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/unbound.py
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/unboundmodule.py
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 24fdf446ac91..d999fbe79bf7 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,29 @@
+  <vuln vid="6ef4043e-2912-4d79-ba1c-cfb8da63764d">
+    <topic>unbound--Denial of service when trimming EDE text on positive replies</topic>
+    <affects>
+      <package>
+	<name>unbound</name>
+	<range><lt></lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>SO-AND-SO reports:</p>
+	<blockquote cite="INSERT URL HERE">
+	  <p>.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2024-1931</cvename>
+      <url>https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt</url>;
+    </references>
+    <dates>
+      <discovery>2024-03-07</discovery>
+      <entry>2024-03-14</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="49dd9362-4473-48ae-8fac-e1b69db2dedf">
     <topic>electron{27,28} -- Out of bounds memory access in V8</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202403151237.42FCboPI060309>