From: W.C.A. Wijngaards Date: Tue, 13 Feb 2024 13:03:30 +0000 (+0100) Subject: - These fixes are part of the 1.19.1 release, that is a security X-Git-Tag: release-1.19.3rc1~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be27499d397e192bd43bff27bf0dcaa79020d024;p=thirdparty%2Funbound.git - These fixes are part of the 1.19.1 release, that is a security point release on 1.19.0, the code repository continues with these fixes, with version number 1.19.2. --- diff --git a/configure b/configure index 855b81fac..247b26d5b 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for unbound 1.19.1. +# Generated by GNU Autoconf 2.71 for unbound 1.19.2. # # Report bugs to . # @@ -622,8 +622,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.19.1' -PACKAGE_STRING='unbound 1.19.1' +PACKAGE_VERSION='1.19.2' +PACKAGE_STRING='unbound 1.19.2' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -1507,7 +1507,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.19.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.19.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1573,7 +1573,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.19.1:";; + short | recursive ) echo "Configuration of unbound 1.19.2:";; esac cat <<\_ACEOF @@ -1820,7 +1820,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.19.1 +unbound configure 1.19.2 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2477,7 +2477,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.19.1, which was +It was created by unbound $as_me 1.19.2, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3241,11 +3241,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=19 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=2 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=24 +LIBUNBOUND_REVISION=25 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -3337,6 +3337,7 @@ LIBUNBOUND_AGE=1 # 1.18.0 had 9:22:1 # 1.19.0 had 9:23:1 # 1.19.1 had 9:24:1 +# 1.19.2 had 9:25:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -24144,7 +24145,7 @@ printf "%s\n" "#define MAXSYSLOGMSGLEN 10240" >>confdefs.h -version=1.19.1 +version=1.19.2 date=`date +'%b %e, %Y'` @@ -24656,7 +24657,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.19.1, which was +This file was extended by unbound $as_me 1.19.2, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24724,7 +24725,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -unbound config.status 1.19.1 +unbound config.status 1.19.2 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 4edab4f4a..3b020a5a4 100644 --- a/configure.ac +++ b/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[19]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MICRO],[2]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=24 +LIBUNBOUND_REVISION=25 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -110,6 +110,7 @@ LIBUNBOUND_AGE=1 # 1.18.0 had 9:22:1 # 1.19.0 had 9:23:1 # 1.19.1 had 9:24:1 +# 1.19.2 had 9:25:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary diff --git a/doc/Changelog b/doc/Changelog index 0d290565b..2a6e98b10 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,11 @@ +13 February 2024: Wouter + - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited + to exhaust CPU resources and stall DNS resolvers. + - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. + - These fixes are part of the 1.19.1 release, that is a security + point release on 1.19.0, the code repository continues with these + fixes, with version number 1.19.2. + 8 February 2024: Wouter - Fix documentation for access-control in the unbound.conf man page.