[Bug 265645] dns/unbound: Update to 1.16.2

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 265645] dns/unbound: Update to 1.16.2"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 05 Aug 2022 12:01:32 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265645

            Bug ID: 265645
           Summary: dns/unbound: Update to 1.16.2
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://www.nlnetlabs.nl/news/2022/Aug/01/unbound-1.16
                    .2-released/
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: jaap@NLnetLabs.nl
 Attachment #235691 maintainer-approval+
             Flags:

Created attachment 235691
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=235691&action=edit
patch to update

This release fixes the novel ghost domain issues CVE-2022-30698 and
CVE-2022-30699. They were reported by Xiang Li from the Network and
Information Security Lab of Tsinghua University.

Other than that there are some bug fixes, and an option to configure the
max retransmit timeout, infra-cache-max-rtt. If left at default it does
not make any change.

Because it is a security fix point release, there is no RC1 release
candidate.

Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
   retransmit timeout.

Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
   one loop pass'.
- Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
   outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
   equivalent (IPV6_USER_MTU); allows cross compiling with latest
   cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
   And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.

-- 
You are receiving this mail because:
You are the assignee for the bug.