From d12d2e31d34b71c0db1033b63c5bdc5202f9c2ab Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Fri, 19 Jan 2018 20:06:59 -0500 Subject: [PATCH] unbound: update to 1.6.8 for CVE-2017-15105 A vulnerability was discovered in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This does, however, happen in Unbound 1.6.7 and earlier versions. (see https://unbound.net/downloads/CVE-2017-15105.txt) Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 6 +++--- net/unbound/patches/001-conf.patch | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index e414b038b..5adcd867e 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.6.7 -PKG_RELEASE:=3 +PKG_VERSION:=1.6.8 +PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads -PKG_HASH:=4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f +PKG_HASH:=e3b428e33f56a45417107448418865fe08d58e0e7fea199b855515f60884dd49 PKG_BUILD_PARALLEL:=1 PKG_FIXUP:=autoreconf diff --git a/net/unbound/patches/001-conf.patch b/net/unbound/patches/001-conf.patch index 01d6bb839..4fd77d6d9 100644 --- a/net/unbound/patches/001-conf.patch +++ b/net/unbound/patches/001-conf.patch @@ -6,7 +6,7 @@ index 5396029..cbb51ec 100644 -# -# Example configuration file. -# --# See unbound.conf(5) man page, version 1.6.7. +-# See unbound.conf(5) man page, version 1.6.8. -# -# this is a comment. +##############################################################################