From nobody Fri Mar 15 13:31:27 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tx4sg3NH6z5DQZP;
	Fri, 15 Mar 2024 13:31:51 +0000 (UTC)
	(envelope-from dan@langille.org)
Received: from wfout6-smtp.messagingengine.com (wfout6-smtp.messagingengine.com [64.147.123.149])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Tx4sf6WBbz4MWY;
	Fri, 15 Mar 2024 13:31:50 +0000 (UTC)
	(envelope-from dan@langille.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: from compute7.internal (compute7.nyi.internal [10.202.2.48])
	by mailfout.west.internal (Postfix) with ESMTP id 82FCF1C000BB;
	Fri, 15 Mar 2024 09:31:48 -0400 (EDT)
Received: from imap42 ([10.202.2.92])
  by compute7.internal (MEProxy); Fri, 15 Mar 2024 09:31:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h=
	cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm1; t=1710509508; x=1710595908; bh=L8pQhIxIx5
	V5AKQQhfYFy8aM9nYIkAZAiHN7VBzzkV0=; b=yvz/NyIWd/lj9MCi0KL5qHcrp/
	PHq82EsXITe2bohVc2Bs/FevtNDVB257gC3QLbYKGHYBIAfvGBTVkrnLCB9QtXL1
	XtlsA6Bsii/iGT/rynpcQ9OcwIrGI5CyROwKs1vcj6sLwmK4rXZODlNLOD1GhNm6
	7HOb5NGG6eGd+R4b32HYISYNTwv2hSK+/eekzHb0G2UJnL4yAFBslqsTOIhjiTP+
	0s1Xcx9FiZhgcl9pN8UNxSqKfUI8koVrJtWqI3/NL6U0An5cb8AtFlTLSCP/kBZm
	cR28TQCNIh326BK7s85nRxPRhDukebzrnwRGN4t30UnGvG8WH34Q6s81ql9Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; t=1710509508; x=1710595908; bh=L8pQhIxIx5V5AKQQhfYFy8aM9nYI
	kAZAiHN7VBzzkV0=; b=WZSAfKJv7DGEYodE9zhXqgeZL80qSGfhOqM2OSYJouE9
	tyq2JRtDpAoEvl1DhMsaGKr14+/lqSeqTAfGCmg+VktaI5fkVfp5UCNlE0KPpjM8
	y44wEQtvq5iYEaQ9eXWoPvy8tA1oONM2TteAIVYq/Qehg32wbIU/AgByBMacAQcF
	DqPPA0LArxScUEodSnJX9SKmbzReHoMgqmsqalnGNl8FvKZlwUI2iNpAp77JOQWT
	IkEXXf4GaOuLfP7o+6SnVwh73uw5OzPqBg0d3/cBnEhKr7U4CHZw8bKKzay1Sm9b
	ak+k/CPxVOK+xW5WWgtlNRxngVQjdbo8B53W0ww2KQ==
X-ME-Sender: <xms:w030ZXLpalX1bGKPgcECmbDGChb1x1Mqfu6ab9mXZIVDchHLODC3OQ>
    <xme:w030ZbLtT8WBrNdiCRMX7q93Vk4N6Uh7c5nVQWTjj-Z4_iVs9clbng9-HXlJKmB0c
    gky66kNykZO1hQHKA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrjeelgdehvdcutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre
    dtreertdenucfhrhhomhepfdffrghnucfnrghnghhilhhlvgdfuceouggrnheslhgrnhhg
    ihhllhgvrdhorhhgqeenucggtffrrghtthgvrhhnpeevtddvudekudeiledtffehvdehff
    etfffggfelheejhfetfeekiefhteeuuedtieenucffohhmrghinhepfhhrvggvsghsugdr
    ohhrghdprhhoohhtqdhsvghrvhgvrhhsrdhnvghtpdhgihhthhhusgdrtghomhdpnhhlnh
    gvthhlrggsshdrnhhlpdiffedrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgr
    rhgrmhepmhgrihhlfhhrohhmpegurghnsehlrghnghhilhhlvgdrohhrgh
X-ME-Proxy: <xmx:w030Zft4DkYF9u-LddHAHYLNvZrSdVBWjXAXRtD3bO18PsMZf8qCbQ>
    <xmx:w030ZQZxIksCv94sl6-1fsysQ6l1ocqR7FI13BoUKIo4FrjlGR41Bg>
    <xmx:w030ZeZHAZFhfe0EszAmbMqwmBiqqhoh4fIKoRiNxbfg5IkbCgzdGg>
    <xmx:w030ZUDdEiGLbkoMLE7pxaxKMkG94pSfnpsvsf-BHaPjNeOhX3K2cA>
    <xmx:xE30ZUOWCRBxNfdFoQMDaIvZeujvhuWBjQdVNwyzbXTM8caMwIuMAxYtZyM>
Feedback-ID: ifbf9424e:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id D1BAEBC007D; Fri, 15 Mar 2024 09:31:47 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-300-gdee1775a43-fm-20240315.001-gdee1775a
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Message-Id: <cd5241b8-239d-4a23-8eaa-d1e5b03aa54d@app.fastmail.com>
In-Reply-To: <202403151237.42FCboPI060309@gitrepo.freebsd.org>
References: <202403151237.42FCboPI060309@gitrepo.freebsd.org>
Date: Fri, 15 Mar 2024 09:31:27 -0400
From: "Dan Langille" <dan@langille.org>
To: dvl <dvl@FreeBSD.org>, ports-committers@FreeBSD.org,
 dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject: Re: git: cad815552953 - main - dns/unbound: Update to unbound  1.19.3
Content-Type: text/plain
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US]
X-Rspamd-Queue-Id: 4Tx4sf6WBbz4MWY

On Fri, Mar 15, 2024, at 8:37 AM, Dan Langille wrote:
> The branch main has been updated by dvl:
>
> URL: 
> https://cgit.FreeBSD.org/ports/commit/?id=cad815552953aeb16257949d564a663705d2ce67
>
> commit cad815552953aeb16257949d564a663705d2ce67
> Author:     Jaap Akkerhuis <jaap@NLnetLabs.nl>
> AuthorDate: 2024-03-14 13:00:53 +0000
> Commit:     Dan Langille <dvl@FreeBSD.org>
> CommitDate: 2024-03-15 12:29:31 +0000
>
>     dns/unbound: Update to unbound 1.19.3
>    
>     This release has a number of bug fixes. The CNAME synthesized for a
>     DNAME record uses the original TTL, of the DNAME record, and that means
>     it can be cached for the TTL, instead of 0.
>    
>     There is a fix that when a message was stored in cache, but one of the
>     RRsets was not updated due to cache policy, it now restricts the message
>     TTL if the cache version of the RRset has a shorter TTL. It avoids a
>     bug where the message is not expired, but its contents is expired.
>    
>     For dnstap, it logs type DoH and DoT correctly, if that is used for
>     the message.
>    
>     The b.root-servers.net address is updated in the default root hints.
>    
>     When performing retries for failed sends, a retry at a smaller UDP size
>     is now not performed when that attempt is not actually smaller, and at
>     defaults, since the flag day changes, it is the same size. This makes
>     it skip the step, it is useless because there is no reduction in size.
>    
>     Clients with a valid DNS Cookie will bypass the ratelimit, if one is
>     set. The value from ip-ratelimit-cookie is used for these queries.
>    
>     Furthermore there is a fix to make correct EDE Prohibited answers for
>     access control denials, and a fix for EDNS client subnet scope zero
>     answers.
>    
>     For more details, see
>     https://github.com/NLnetLabs/unbound/releases/tag/release-1.19.3
>     PR:             277686
>     Security:       c2ad8700-de25-11ee-9190-84a93843eb75
> ---
>  dns/unbound/Makefile         |  2 +-
>  dns/unbound/distinfo         |  6 +++---
>  dns/unbound/pkg-plist        |  2 +-
>  security/vuxml/vuln/2024.xml | 26 ++++++++++++++++++++++++++
>  4 files changed, 31 insertions(+), 5 deletions(-)
>
> diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile
> index 4ae9d9af2629..d44f32a56335 100644
> --- a/dns/unbound/Makefile
> +++ b/dns/unbound/Makefile
> @@ -1,5 +1,5 @@
>  PORTNAME=	unbound
> -DISTVERSION=	1.19.1
> +DISTVERSION=	1.19.3
>  CATEGORIES=	dns
>  MASTER_SITES=	https://www.nlnetlabs.nl/downloads/unbound/
> 
> diff --git a/dns/unbound/distinfo b/dns/unbound/distinfo
> index 885164c792f0..e562c6066e68 100644
> --- a/dns/unbound/distinfo
> +++ b/dns/unbound/distinfo
> @@ -1,3 +1,3 @@
> -TIMESTAMP = 1707886312
> -SHA256 (unbound-1.19.1.tar.gz) = 
> bc1d576f3dd846a0739adc41ffaa702404c6767d2b6082deb9f2f97cbb24a3a9
> -SIZE (unbound-1.19.1.tar.gz) = 6340435
> +TIMESTAMP = 1710413556
> +SHA256 (unbound-1.19.3.tar.gz) = 
> 3ae322be7dc2f831603e4b0391435533ad5861c2322e34a76006a9fb65eb56b9
> +SIZE (unbound-1.19.3.tar.gz) = 6338685
> diff --git a/dns/unbound/pkg-plist b/dns/unbound/pkg-plist
> index fc24817f9c01..d4ba63f60c07 100644
> --- a/dns/unbound/pkg-plist
> +++ b/dns/unbound/pkg-plist
> @@ -5,7 +5,7 @@ libdata/pkgconfig/libunbound.pc
>  lib/libunbound.a
>  lib/libunbound.so
>  lib/libunbound.so.8
> -lib/libunbound.so.8.1.24
> +lib/libunbound.so.8.1.26
>  %%PYTHON%%%%PYTHON_SITELIBDIR%%/_unbound.so
>  %%PYTHON%%%%PYTHON_SITELIBDIR%%/unbound.py
>  %%PYTHON%%%%PYTHON_SITELIBDIR%%/unboundmodule.py
> diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
> index 24fdf446ac91..d999fbe79bf7 100644
> --- a/security/vuxml/vuln/2024.xml
> +++ b/security/vuxml/vuln/2024.xml
> @@ -1,3 +1,29 @@
> +  <vuln vid="6ef4043e-2912-4d79-ba1c-cfb8da63764d">
> +    <topic>unbound--Denial of service when trimming EDE text on 
> positive replies</topic>
> +    <affects>
> +      <package>
> +	<name>unbound</name>
> +	<range><lt></lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +	<body xmlns="http://www.w3.org/1999/xhtml">
> +	<p>SO-AND-SO reports:</p>
> +	<blockquote cite="INSERT URL HERE">

I'll be fixing this.  I didn't realize it was coming through. Sorry.

> +	  <p>.</p>
> +	</blockquote>
> +	</body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2024-1931</cvename>
> +      
> <url>https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt</url>
> +    </references>
> +    <dates>
> +      <discovery>2024-03-07</discovery>
> +      <entry>2024-03-14</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="49dd9362-4473-48ae-8fac-e1b69db2dedf">
>      <topic>electron{27,28} -- Out of bounds memory access in V8</topic>
>      <affects>

-- 
  Dan Langille
  dan@langille.org