From nobody Fri Mar 15 12:37:50 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tx3gM2M9lz5DLp6; Fri, 15 Mar 2024 12:37:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Tx3gM12xTz4HSR; Fri, 15 Mar 2024 12:37:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710506271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iVeJqz7riiSo9XYMpFiHwReyh5wWZYUsU1+RdLJS6o8=; b=o6uSWLNvUG9Z2UI0pSfgPW9LFTW9gjDQ2QtqtI50mluDD07z22Zxg7o7lXD1G/YaZCC3kj nOF5NuXGsE095Kbiex2A7y8/q3WZACYMT3ihKRWnVpzPL0ro8fMI9t6Q5VxREVtiGEyIcB jby7Y0ycAcJEOEwdrPmgNs9A5NSOs6aM906w5vg+hRY6xADDBSW8wIWmJv4lagSfmt/PBw IaIfB2rUZHb6EIlTlbX5l9maSc66K/Y4qL8j1qlLa2umKAgwOjWXGCse8fcFuzIOhLYpfZ alHrQshgLOqZHDOqRI1KCPfapdIuxSVPX6kqUo9Fd8AsOOPdg8+wybB6rhlWqg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1710506271; a=rsa-sha256; cv=none; b=Be/lkZIpb+MlirDwNgK97nYS4ixcom7y9ZcD6snLDCwIi760HsxCse5SyjJFWM4f+O0LMf 8RdUMEFndu5h9puyIp94XpUPpUtKB0CM6J6zT+hC6fbfn/i1pyIaaBaOu3Iy9hRVLOkBse 0ORt35oWQBJxJYuB2+1LMeNcios93GAowhRTd/1Y/pnSxSqz1lLQVUDqkcorSYCwasc9jd 6ZMxWAF1Fd/1p7QF1i8UMSl6Ga+g+9qzcYG6WBi/qLrLKPz65EdDP0UYZoa/EDHFomyqvB amJs/wgkHSG5SU+rpIUf+ACSMWzy4gQ5wg5OclvHIejYa9oBJ0kOh58Jah2YMA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710506271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iVeJqz7riiSo9XYMpFiHwReyh5wWZYUsU1+RdLJS6o8=; b=YJeZI7OLi+MMRXfMZkirZu/j9m64QThio5affdO6KpCRLY4G3a4sHUwfi0YFqJAy1MTwlB imGZB5pp6vJQL/dZ+v2kBpKQDKo9qoMngfEFsqpXz70CHRMnDRgMtSEzCn7tFNnZOxqv94 PpVe8lJNPbW+bSC2KAnhzFUKboO+aL02vaG7Jz9IOZ/VKA+mSQhJWNrk+Tck9owYjmh6IC xnEslzLcI32gQAmQkB6a0sHB4UDyhNRVmQ/GCRC8LWvnc64pXgkJV6DPDuSdd2mkX6YKng PBPistOlMuYxaUyY++aGKQK6yRKrRHK6/2gWZ/8Ry63urhj5yTzdn0oPco8pdg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Tx3gM0fKNz19nl; Fri, 15 Mar 2024 12:37:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 42FCboOm060312; Fri, 15 Mar 2024 12:37:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 42FCboPI060309; Fri, 15 Mar 2024 12:37:50 GMT (envelope-from git) Date: Fri, 15 Mar 2024 12:37:50 GMT Message-Id: <202403151237.42FCboPI060309@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Dan Langille Subject: git: cad815552953 - main - dns/unbound: Update to unbound 1.19.3 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dvl X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cad815552953aeb16257949d564a663705d2ce67 Auto-Submitted: auto-generated The branch main has been updated by dvl: URL: https://cgit.FreeBSD.org/ports/commit/?id=cad815552953aeb16257949d564a663705d2ce67 commit cad815552953aeb16257949d564a663705d2ce67 Author: Jaap Akkerhuis AuthorDate: 2024-03-14 13:00:53 +0000 Commit: Dan Langille CommitDate: 2024-03-15 12:29:31 +0000 dns/unbound: Update to unbound 1.19.3 This release has a number of bug fixes. The CNAME synthesized for a DNAME record uses the original TTL, of the DNAME record, and that means it can be cached for the TTL, instead of 0. There is a fix that when a message was stored in cache, but one of the RRsets was not updated due to cache policy, it now restricts the message TTL if the cache version of the RRset has a shorter TTL. It avoids a bug where the message is not expired, but its contents is expired. For dnstap, it logs type DoH and DoT correctly, if that is used for the message. The b.root-servers.net address is updated in the default root hints. When performing retries for failed sends, a retry at a smaller UDP size is now not performed when that attempt is not actually smaller, and at defaults, since the flag day changes, it is the same size. This makes it skip the step, it is useless because there is no reduction in size. Clients with a valid DNS Cookie will bypass the ratelimit, if one is set. The value from ip-ratelimit-cookie is used for these queries. Furthermore there is a fix to make correct EDE Prohibited answers for access control denials, and a fix for EDNS client subnet scope zero answers. For more details, see https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.3 PR: 277686 Security: c2ad8700-de25-11ee-9190-84a93843eb75 --- dns/unbound/Makefile | 2 +- dns/unbound/distinfo | 6 +++--- dns/unbound/pkg-plist | 2 +- security/vuxml/vuln/2024.xml | 26 ++++++++++++++++++++++++++ 4 files changed, 31 insertions(+), 5 deletions(-) diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile index 4ae9d9af2629..d44f32a56335 100644 --- a/dns/unbound/Makefile +++ b/dns/unbound/Makefile @@ -1,5 +1,5 @@ PORTNAME= unbound -DISTVERSION= 1.19.1 +DISTVERSION= 1.19.3 CATEGORIES= dns MASTER_SITES= https://www.nlnetlabs.nl/downloads/unbound/ diff --git a/dns/unbound/distinfo b/dns/unbound/distinfo index 885164c792f0..e562c6066e68 100644 --- a/dns/unbound/distinfo +++ b/dns/unbound/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1707886312 -SHA256 (unbound-1.19.1.tar.gz) = bc1d576f3dd846a0739adc41ffaa702404c6767d2b6082deb9f2f97cbb24a3a9 -SIZE (unbound-1.19.1.tar.gz) = 6340435 +TIMESTAMP = 1710413556 +SHA256 (unbound-1.19.3.tar.gz) = 3ae322be7dc2f831603e4b0391435533ad5861c2322e34a76006a9fb65eb56b9 +SIZE (unbound-1.19.3.tar.gz) = 6338685 diff --git a/dns/unbound/pkg-plist b/dns/unbound/pkg-plist index fc24817f9c01..d4ba63f60c07 100644 --- a/dns/unbound/pkg-plist +++ b/dns/unbound/pkg-plist @@ -5,7 +5,7 @@ libdata/pkgconfig/libunbound.pc lib/libunbound.a lib/libunbound.so lib/libunbound.so.8 -lib/libunbound.so.8.1.24 +lib/libunbound.so.8.1.26 %%PYTHON%%%%PYTHON_SITELIBDIR%%/_unbound.so %%PYTHON%%%%PYTHON_SITELIBDIR%%/unbound.py %%PYTHON%%%%PYTHON_SITELIBDIR%%/unboundmodule.py diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 24fdf446ac91..d999fbe79bf7 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,29 @@ + + unbound--Denial of service when trimming EDE text on positive replies + + + unbound + + + + + +

SO-AND-SO reports:

+
+

.

+
+ +
+ + CVE-2024-1931 + https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt + + + 2024-03-07 + 2024-03-14 + +
+ electron{27,28} -- Out of bounds memory access in V8