From patchwork Fri Sep 23 07:09:38 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Matthias Fischer <matthias.fischer@ipfire.org>
X-Patchwork-Id: 6010
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4MYjvZ15K6z3wcL
	for <patchwork@web04.haj.ipfire.org>; Fri, 23 Sep 2022 07:09:46 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4MYjvX0nLdzwd;
	Fri, 23 Sep 2022 07:09:44 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4MYjvW6rP8z2yWs;
	Fri, 23 Sep 2022 07:09:43 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4MYjvW3Kn2z2xKs
 for <development@lists.ipfire.org>; Fri, 23 Sep 2022 07:09:43 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4MYjvV4MVjzLs
 for <development@lists.ipfire.org>; Fri, 23 Sep 2022 07:09:42 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1663916982;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=HY4qwg7+EBLASQ7xwCWyoY+3OMTQODuvq6MHcGRrEdw=;
 b=sGQ3y9/DVsEH/KIPmEsN/IvgIqzPTAIVwwZYQJHE/ff2+qo8mg43pcffXEtWtxILSkeoZN
 qoof4YEFfC+E/jCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1663916982;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=HY4qwg7+EBLASQ7xwCWyoY+3OMTQODuvq6MHcGRrEdw=;
 b=KxZMIGMItNQe66ATDexagSFsgfmFLHLAr9fUMlTNX2b4lfEOEAarYeM5ZwY1HzrK3qq0bl
 6MueTK1odwV1ZWYJHkYOQWv6SgeePRhg9/x/tPJhSG4mQv60ei3xl2NOztlxXFViXBk3Bj
 ZWeYY0j4ObXOKxPBmRbYTwYOKSVRCrf5xAD4Iz+cGGHWb2ZVNCaP3yYWVX0wtSbGbK00QQ
 BNMTCbAikATnKsSnmIrVlZ9vzf8xWlwnEjOxs93uUxz8rc9hqDj4fAS0UiB8dn3IN29R1t
 IR1s34abxVt8MmOIBOiFVz04Ydyzw4wDymcBcudP8qDIAt6nbl7wBd1NJFasfg==
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] unbound: Update to 1.16.3
Date: Fri, 23 Sep 2022 09:09:38 +0200
Message-Id: <20220923070938.4103974-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

For details see:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2022-September/007885.html

"This release fixes CVE-2022-3204 Non-Responsive Delegation
Attack. It was reported by Yehuda Afek from Tel-Aviv
University and Anat Bremler-Barr and Shani Stajnrod from
Reichman University.

This fixes for better performance when under load, by cutting
promiscuous queries for nameserver discovery and limiting the
number of times a delegation point can look in the cache for
missing records.

Bug Fixes
- Patch for CVE-2022-3204 Non-Responsive Delegation Attack."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/rootfiles/common/unbound | 2 +-
 lfs/unbound                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index 7fc4f191a..7af787f29 100644
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
 #usr/lib/libunbound.la
 #usr/lib/libunbound.so
 usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.18
+usr/lib/libunbound.so.8.1.19
 #usr/lib/pkgconfig/libunbound.pc
 usr/sbin/unbound
 usr/sbin/unbound-anchor
diff --git a/lfs/unbound b/lfs/unbound
index 5a3c70caf..636fe8bf9 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.16.2
+VER        = 1.16.3
 
 THISAPP    = unbound-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 2f7f119d12807ff5c000fd500be72a0825614da3e1f079f9b8d15a651bda2fa0b41599a55c6f76b17ff56120aa61e48042469063f08dd199333520172ca16750
+$(DL_FILE)_BLAKE2 = b97deade78ab903363e06ff9d71b9895c754378ec276bb17556de62c48a88af5fbabd26f97fb47313d1e631fe75dee245aa38fbf42a865ac3e764882a1124a51
 
 install : $(TARGET)