From nobody Fri Mar 15 13:31:27 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tx4sg3NH6z5DQZP; Fri, 15 Mar 2024 13:31:51 +0000 (UTC) (envelope-from dan@langille.org) Received: from wfout6-smtp.messagingengine.com (wfout6-smtp.messagingengine.com [64.147.123.149]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Tx4sf6WBbz4MWY; Fri, 15 Mar 2024 13:31:50 +0000 (UTC) (envelope-from dan@langille.org) Authentication-Results: mx1.freebsd.org; none Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfout.west.internal (Postfix) with ESMTP id 82FCF1C000BB; Fri, 15 Mar 2024 09:31:48 -0400 (EDT) Received: from imap42 ([10.202.2.92]) by compute7.internal (MEProxy); Fri, 15 Mar 2024 09:31:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1710509508; x=1710595908; bh=L8pQhIxIx5 V5AKQQhfYFy8aM9nYIkAZAiHN7VBzzkV0=; b=yvz/NyIWd/lj9MCi0KL5qHcrp/ PHq82EsXITe2bohVc2Bs/FevtNDVB257gC3QLbYKGHYBIAfvGBTVkrnLCB9QtXL1 XtlsA6Bsii/iGT/rynpcQ9OcwIrGI5CyROwKs1vcj6sLwmK4rXZODlNLOD1GhNm6 7HOb5NGG6eGd+R4b32HYISYNTwv2hSK+/eekzHb0G2UJnL4yAFBslqsTOIhjiTP+ 0s1Xcx9FiZhgcl9pN8UNxSqKfUI8koVrJtWqI3/NL6U0An5cb8AtFlTLSCP/kBZm cR28TQCNIh326BK7s85nRxPRhDukebzrnwRGN4t30UnGvG8WH34Q6s81ql9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1710509508; x=1710595908; bh=L8pQhIxIx5V5AKQQhfYFy8aM9nYI kAZAiHN7VBzzkV0=; b=WZSAfKJv7DGEYodE9zhXqgeZL80qSGfhOqM2OSYJouE9 tyq2JRtDpAoEvl1DhMsaGKr14+/lqSeqTAfGCmg+VktaI5fkVfp5UCNlE0KPpjM8 y44wEQtvq5iYEaQ9eXWoPvy8tA1oONM2TteAIVYq/Qehg32wbIU/AgByBMacAQcF DqPPA0LArxScUEodSnJX9SKmbzReHoMgqmsqalnGNl8FvKZlwUI2iNpAp77JOQWT IkEXXf4GaOuLfP7o+6SnVwh73uw5OzPqBg0d3/cBnEhKr7U4CHZw8bKKzay1Sm9b ak+k/CPxVOK+xW5WWgtlNRxngVQjdbo8B53W0ww2KQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrjeelgdehvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdffrghnucfnrghnghhilhhlvgdfuceouggrnheslhgrnhhg ihhllhgvrdhorhhgqeenucggtffrrghtthgvrhhnpeevtddvudekudeiledtffehvdehff etfffggfelheejhfetfeekiefhteeuuedtieenucffohhmrghinhepfhhrvggvsghsugdr ohhrghdprhhoohhtqdhsvghrvhgvrhhsrdhnvghtpdhgihhthhhusgdrtghomhdpnhhlnh gvthhlrggsshdrnhhlpdiffedrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgr rhgrmhepmhgrihhlfhhrohhmpegurghnsehlrghnghhilhhlvgdrohhrgh X-ME-Proxy: Feedback-ID: ifbf9424e:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id D1BAEBC007D; Fri, 15 Mar 2024 09:31:47 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-300-gdee1775a43-fm-20240315.001-gdee1775a List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Message-Id: In-Reply-To: <202403151237.42FCboPI060309@gitrepo.freebsd.org> References: <202403151237.42FCboPI060309@gitrepo.freebsd.org> Date: Fri, 15 Mar 2024 09:31:27 -0400 From: "Dan Langille" To: dvl , ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: cad815552953 - main - dns/unbound: Update to unbound 1.19.3 Content-Type: text/plain X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US] X-Rspamd-Queue-Id: 4Tx4sf6WBbz4MWY On Fri, Mar 15, 2024, at 8:37 AM, Dan Langille wrote: > The branch main has been updated by dvl: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=cad815552953aeb16257949d564a663705d2ce67 > > commit cad815552953aeb16257949d564a663705d2ce67 > Author: Jaap Akkerhuis > AuthorDate: 2024-03-14 13:00:53 +0000 > Commit: Dan Langille > CommitDate: 2024-03-15 12:29:31 +0000 > > dns/unbound: Update to unbound 1.19.3 > > This release has a number of bug fixes. The CNAME synthesized for a > DNAME record uses the original TTL, of the DNAME record, and that means > it can be cached for the TTL, instead of 0. > > There is a fix that when a message was stored in cache, but one of the > RRsets was not updated due to cache policy, it now restricts the message > TTL if the cache version of the RRset has a shorter TTL. It avoids a > bug where the message is not expired, but its contents is expired. > > For dnstap, it logs type DoH and DoT correctly, if that is used for > the message. > > The b.root-servers.net address is updated in the default root hints. > > When performing retries for failed sends, a retry at a smaller UDP size > is now not performed when that attempt is not actually smaller, and at > defaults, since the flag day changes, it is the same size. This makes > it skip the step, it is useless because there is no reduction in size. > > Clients with a valid DNS Cookie will bypass the ratelimit, if one is > set. The value from ip-ratelimit-cookie is used for these queries. > > Furthermore there is a fix to make correct EDE Prohibited answers for > access control denials, and a fix for EDNS client subnet scope zero > answers. > > For more details, see > https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.3 > PR: 277686 > Security: c2ad8700-de25-11ee-9190-84a93843eb75 > --- > dns/unbound/Makefile | 2 +- > dns/unbound/distinfo | 6 +++--- > dns/unbound/pkg-plist | 2 +- > security/vuxml/vuln/2024.xml | 26 ++++++++++++++++++++++++++ > 4 files changed, 31 insertions(+), 5 deletions(-) > > diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile > index 4ae9d9af2629..d44f32a56335 100644 > --- a/dns/unbound/Makefile > +++ b/dns/unbound/Makefile > @@ -1,5 +1,5 @@ > PORTNAME= unbound > -DISTVERSION= 1.19.1 > +DISTVERSION= 1.19.3 > CATEGORIES= dns > MASTER_SITES= https://www.nlnetlabs.nl/downloads/unbound/ > > diff --git a/dns/unbound/distinfo b/dns/unbound/distinfo > index 885164c792f0..e562c6066e68 100644 > --- a/dns/unbound/distinfo > +++ b/dns/unbound/distinfo > @@ -1,3 +1,3 @@ > -TIMESTAMP = 1707886312 > -SHA256 (unbound-1.19.1.tar.gz) = > bc1d576f3dd846a0739adc41ffaa702404c6767d2b6082deb9f2f97cbb24a3a9 > -SIZE (unbound-1.19.1.tar.gz) = 6340435 > +TIMESTAMP = 1710413556 > +SHA256 (unbound-1.19.3.tar.gz) = > 3ae322be7dc2f831603e4b0391435533ad5861c2322e34a76006a9fb65eb56b9 > +SIZE (unbound-1.19.3.tar.gz) = 6338685 > diff --git a/dns/unbound/pkg-plist b/dns/unbound/pkg-plist > index fc24817f9c01..d4ba63f60c07 100644 > --- a/dns/unbound/pkg-plist > +++ b/dns/unbound/pkg-plist > @@ -5,7 +5,7 @@ libdata/pkgconfig/libunbound.pc > lib/libunbound.a > lib/libunbound.so > lib/libunbound.so.8 > -lib/libunbound.so.8.1.24 > +lib/libunbound.so.8.1.26 > %%PYTHON%%%%PYTHON_SITELIBDIR%%/_unbound.so > %%PYTHON%%%%PYTHON_SITELIBDIR%%/unbound.py > %%PYTHON%%%%PYTHON_SITELIBDIR%%/unboundmodule.py > diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml > index 24fdf446ac91..d999fbe79bf7 100644 > --- a/security/vuxml/vuln/2024.xml > +++ b/security/vuxml/vuln/2024.xml > @@ -1,3 +1,29 @@ > + > + unbound--Denial of service when trimming EDE text on > positive replies > + > + > + unbound > + > + > + > + > + > +

SO-AND-SO reports:

> +
I'll be fixing this. I didn't realize it was coming through. Sorry. > +

.

> +
> + > +
> + > + CVE-2024-1931 > + > https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt > + > + > + 2024-03-07 > + 2024-03-14 > + > +
> + > > electron{27,28} -- Out of bounds memory access in V8 > -- Dan Langille dan@langille.org