Date: Fri, 15 Mar 2024 09:31:27 -0400 From: "Dan Langille" <dan@langille.org> To: dvl <dvl@FreeBSD.org>, ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: cad815552953 - main - dns/unbound: Update to unbound 1.19.3 Message-ID: <cd5241b8-239d-4a23-8eaa-d1e5b03aa54d@app.fastmail.com> In-Reply-To: <202403151237.42FCboPI060309@gitrepo.freebsd.org> References: <202403151237.42FCboPI060309@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 15, 2024, at 8:37 AM, Dan Langille wrote: > The branch main has been updated by dvl: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=cad815552953aeb16257949d564a663705d2ce67 > > commit cad815552953aeb16257949d564a663705d2ce67 > Author: Jaap Akkerhuis <jaap@NLnetLabs.nl> > AuthorDate: 2024-03-14 13:00:53 +0000 > Commit: Dan Langille <dvl@FreeBSD.org> > CommitDate: 2024-03-15 12:29:31 +0000 > > dns/unbound: Update to unbound 1.19.3 > > This release has a number of bug fixes. The CNAME synthesized for a > DNAME record uses the original TTL, of the DNAME record, and that means > it can be cached for the TTL, instead of 0. > > There is a fix that when a message was stored in cache, but one of the > RRsets was not updated due to cache policy, it now restricts the message > TTL if the cache version of the RRset has a shorter TTL. It avoids a > bug where the message is not expired, but its contents is expired. > > For dnstap, it logs type DoH and DoT correctly, if that is used for > the message. > > The b.root-servers.net address is updated in the default root hints. > > When performing retries for failed sends, a retry at a smaller UDP size > is now not performed when that attempt is not actually smaller, and at > defaults, since the flag day changes, it is the same size. This makes > it skip the step, it is useless because there is no reduction in size. > > Clients with a valid DNS Cookie will bypass the ratelimit, if one is > set. The value from ip-ratelimit-cookie is used for these queries. > > Furthermore there is a fix to make correct EDE Prohibited answers for > access control denials, and a fix for EDNS client subnet scope zero > answers. > > For more details, see > https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.3 > PR: 277686 > Security: c2ad8700-de25-11ee-9190-84a93843eb75 > --- > dns/unbound/Makefile | 2 +- > dns/unbound/distinfo | 6 +++--- > dns/unbound/pkg-plist | 2 +- > security/vuxml/vuln/2024.xml | 26 ++++++++++++++++++++++++++ > 4 files changed, 31 insertions(+), 5 deletions(-) > > diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile > index 4ae9d9af2629..d44f32a56335 100644 > --- a/dns/unbound/Makefile > +++ b/dns/unbound/Makefile > @@ -1,5 +1,5 @@ > PORTNAME= unbound > -DISTVERSION= 1.19.1 > +DISTVERSION= 1.19.3 > CATEGORIES= dns > MASTER_SITES= https://www.nlnetlabs.nl/downloads/unbound/ > > diff --git a/dns/unbound/distinfo b/dns/unbound/distinfo > index 885164c792f0..e562c6066e68 100644 > --- a/dns/unbound/distinfo > +++ b/dns/unbound/distinfo > @@ -1,3 +1,3 @@ > -TIMESTAMP = 1707886312 > -SHA256 (unbound-1.19.1.tar.gz) = > bc1d576f3dd846a0739adc41ffaa702404c6767d2b6082deb9f2f97cbb24a3a9 > -SIZE (unbound-1.19.1.tar.gz) = 6340435 > +TIMESTAMP = 1710413556 > +SHA256 (unbound-1.19.3.tar.gz) = > 3ae322be7dc2f831603e4b0391435533ad5861c2322e34a76006a9fb65eb56b9 > +SIZE (unbound-1.19.3.tar.gz) = 6338685 > diff --git a/dns/unbound/pkg-plist b/dns/unbound/pkg-plist > index fc24817f9c01..d4ba63f60c07 100644 > --- a/dns/unbound/pkg-plist > +++ b/dns/unbound/pkg-plist > @@ -5,7 +5,7 @@ libdata/pkgconfig/libunbound.pc > lib/libunbound.a > lib/libunbound.so > lib/libunbound.so.8 > -lib/libunbound.so.8.1.24 > +lib/libunbound.so.8.1.26 > %%PYTHON%%%%PYTHON_SITELIBDIR%%/_unbound.so > %%PYTHON%%%%PYTHON_SITELIBDIR%%/unbound.py > %%PYTHON%%%%PYTHON_SITELIBDIR%%/unboundmodule.py > diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml > index 24fdf446ac91..d999fbe79bf7 100644 > --- a/security/vuxml/vuln/2024.xml > +++ b/security/vuxml/vuln/2024.xml > @@ -1,3 +1,29 @@ > + <vuln vid="6ef4043e-2912-4d79-ba1c-cfb8da63764d"> > + <topic>unbound--Denial of service when trimming EDE text on > positive replies</topic> > + <affects> > + <package> > + <name>unbound</name> > + <range><lt></lt></range> > + </package> > + </affects> > + <description> > + <body xmlns="http://www.w3.org/1999/xhtml">; > + <p>SO-AND-SO reports:</p> > + <blockquote cite="INSERT URL HERE"> I'll be fixing this. I didn't realize it was coming through. Sorry. > + <p>.</p> > + </blockquote> > + </body> > + </description> > + <references> > + <cvename>CVE-2024-1931</cvename> > + > <url>https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt</url>; > + </references> > + <dates> > + <discovery>2024-03-07</discovery> > + <entry>2024-03-14</entry> > + </dates> > + </vuln> > + > <vuln vid="49dd9362-4473-48ae-8fac-e1b69db2dedf"> > <topic>electron{27,28} -- Out of bounds memory access in V8</topic> > <affects> -- Dan Langille dan@langille.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cd5241b8-239d-4a23-8eaa-d1e5b03aa54d>