All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.13.0
@ 2020-12-12 21:55 Fabrice Fontaine
  2020-12-14 14:48 ` Peter Korsgaard
  2020-12-21 13:43 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2020-12-12 21:55 UTC (permalink / raw)
  To: buildroot

This version has fixes to connect for UDP sockets, slowing down
potential ICMP side channel leakage. The fix can be controlled with the
option udp-connect: yes, it is enabled by default.

Additionally CVE-2020-28935 is fixed, this solves a problem where the
pidfile is altered by a symlink, and fails if a symlink is encountered.
See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more
information.

https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/unbound/unbound.hash | 6 ++++--
 package/unbound/unbound.mk   | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/package/unbound/unbound.hash b/package/unbound/unbound.hash
index c2c6ab7ff6..9ccea6eb88 100644
--- a/package/unbound/unbound.hash
+++ b/package/unbound/unbound.hash
@@ -1,3 +1,5 @@
+# From https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0.tar.gz.sha256
+sha256  a954043a95b0326ca4037e50dace1f3a207a0a19e9a4a22f4c6718fc623db2a1  unbound-1.13.0.tar.gz
+
 # Locally calculated
-sha256 5b9253a97812f24419bf2e6b3ad28c69287261cf8c8fa79e3e9f6d3bf7ef5835  unbound-1.12.0.tar.gz
-sha256 8eb9a16cbfb8703090bbfa3a2028fd46bb351509a2f90dc1001e51fbe6fd45db  LICENSE
+sha256  8eb9a16cbfb8703090bbfa3a2028fd46bb351509a2f90dc1001e51fbe6fd45db  LICENSE
diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk
index d60180b6ca..8b7d1e8e9f 100644
--- a/package/unbound/unbound.mk
+++ b/package/unbound/unbound.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-UNBOUND_VERSION = 1.12.0
+UNBOUND_VERSION = 1.13.0
 UNBOUND_SITE = https://www.unbound.net/downloads
 UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl
 UNBOUND_LICENSE = BSD-3-Clause
-- 
2.29.2

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.13.0
  2020-12-12 21:55 [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.13.0 Fabrice Fontaine
@ 2020-12-14 14:48 ` Peter Korsgaard
  2020-12-21 13:43 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-12-14 14:48 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > This version has fixes to connect for UDP sockets, slowing down
 > potential ICMP side channel leakage. The fix can be controlled with the
 > option udp-connect: yes, it is enabled by default.

 > Additionally CVE-2020-28935 is fixed, this solves a problem where the
 > pidfile is altered by a symlink, and fails if a symlink is encountered.
 > See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more
 > information.

 > https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.0

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.13.0
  2020-12-12 21:55 [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.13.0 Fabrice Fontaine
  2020-12-14 14:48 ` Peter Korsgaard
@ 2020-12-21 13:43 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-12-21 13:43 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > This version has fixes to connect for UDP sockets, slowing down
 > potential ICMP side channel leakage. The fix can be controlled with the
 > option udp-connect: yes, it is enabled by default.

 > Additionally CVE-2020-28935 is fixed, this solves a problem where the
 > pidfile is altered by a symlink, and fails if a symlink is encountered.
 > See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more
 > information.

 > https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.0

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2020.08.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-21 13:43 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-12 21:55 [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.13.0 Fabrice Fontaine
2020-12-14 14:48 ` Peter Korsgaard
2020-12-21 13:43 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.