From b6cf69bca6d3f080ad748d1df848f93aa4e5dad1 Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Fri, 19 Jan 2018 21:24:54 -0500 Subject: [PATCH] unbound: update to 1.6.8 for CVE-2017-15105 A vulnerability was discovered in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This does, however, happen in Unbound 1.6.7 and earlier versions. (see https://unbound.net/downloads/CVE-2017-15105.txt) Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 5 ++--- net/unbound/patches/001-conf.patch | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index aec9dc4c1..5adcd867e 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.6.5 +PKG_VERSION:=1.6.8 PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause @@ -17,9 +17,8 @@ PKG_MAINTAINER:=Eric Luehrsen PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads -PKG_HASH:=e297aa1229015f25bf24e4923cb1dadf1f29b84f82a353205006421f82cc104e +PKG_HASH:=e3b428e33f56a45417107448418865fe08d58e0e7fea199b855515f60884dd49 -PKG_BUILD_DEPENDS:=libexpat PKG_BUILD_PARALLEL:=1 PKG_FIXUP:=autoreconf PKG_INSTALL:=1 diff --git a/net/unbound/patches/001-conf.patch b/net/unbound/patches/001-conf.patch index fdbdd5694..4fd77d6d9 100644 --- a/net/unbound/patches/001-conf.patch +++ b/net/unbound/patches/001-conf.patch @@ -1,12 +1,12 @@ diff --git a/doc/example.conf.in b/doc/example.conf.in -index 83e7c5c..3ea2b28 100644 +index 5396029..cbb51ec 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,9 +1,10 @@ -# -# Example configuration file. -# --# See unbound.conf(5) man page, version 1.6.5. +-# See unbound.conf(5) man page, version 1.6.8. -# -# this is a comment. +##############################################################################