From patchwork Mon Aug 1 18:25:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 5807 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4LxRPf1C5jz3x7M for ; Mon, 1 Aug 2022 18:25:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4LxRPc3wGPz47P; Mon, 1 Aug 2022 18:25:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4LxRPc2qL0z2yTY; Mon, 1 Aug 2022 18:25:24 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4LxRPZ3DySz2yTY for ; Mon, 1 Aug 2022 18:25:22 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4LxRPY3c0Mz1G2 for ; Mon, 1 Aug 2022 18:25:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1659378321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ou1I3paDa+nc6YDLJUxLsJlRH4KF8FKxj9L8i6iLyo4=; b=RVTJVknimLL0c0G0by30ZZEvmCnakXFSyQPjQWyTO/mVAaZMx0LCa1OszeHzBavgOBAFIp gRnj8u45Sug6SLCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1659378321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ou1I3paDa+nc6YDLJUxLsJlRH4KF8FKxj9L8i6iLyo4=; b=ScbrI3KESo2+cF1/0wj+Z6UgdgzTa9V4jyMixHHuUn39xYA+3oYXlGOsaohnW6DS3U8dQS d7AL+j1+2uefO17M18RZnbUJC55pajCMdxV+drDCvdzKC8xaJKt7af8NVaK8umuU7EwtPo zje6qwy+C5Bu5UMz3Wai3vtTaPu+b8rV1pS7L63RuDKGCEsNHiBdQ4j7Lwx6X9YA6Vx+S+ 7wcCAnd//MgmRfIYOQNd+9Z33+1PmU9AeIKmnCW/8OmP2Q4JTpJYeEqZZimsaIhI0C5D9g VgtAxZb4TVYa0PKM+s7hbmas5RxwquhkIVXeQSF4irkmvl46CFoHCNrSPSkGQw== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] unbound: Update to 1.16.2 Date: Mon, 1 Aug 2022 20:25:16 +0200 Message-Id: <20220801182516.1810-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-2 "Features Merge #718: Introduce infra-cache-max-rtt option to config max retransmit timeout. Bug Fixes Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for one loop pass'. Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets. Fix verbose EDE error printout. Fix dname count in sldns parse type descriptor for SVCB and HTTPS. For windows crosscompile, fix setting the IPV6_MTU socket option equivalent (IPV6_USER_MTU); allows cross compiling with latest cross-compiler versions. Merge PR 714: Avoid treat normal hosts as unresponsive servers. And fixup the lock code. iana portlist update. Update documentation for 'outbound-msg-retry:'. Tests for ghost domain fixes." Signed-off-by: Matthias Fischer Reviewed-by: Peter Müller --- config/rootfiles/common/unbound | 2 +- lfs/unbound | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 20fe72a57..7fc4f191a 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.17 +usr/lib/libunbound.so.8.1.18 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/lfs/unbound b/lfs/unbound index 539ea5005..5a3c70caf 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -24,7 +24,7 @@ include Config -VER = 1.16.1 +VER = 1.16.2 THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 722e2d88f66f35459b71cd339f451bf803c836827f9f74540c4ae500b7f682f0e8c89bda34915fb8df289cc524486fab2a04018717e1ae7ad62006be68af1cad +$(DL_FILE)_BLAKE2 = 2f7f119d12807ff5c000fd500be72a0825614da3e1f079f9b8d15a651bda2fa0b41599a55c6f76b17ff56120aa61e48042469063f08dd199333520172ca16750 install : $(TARGET)