Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.20.0
@ 2024-07-21 15:01 Fabrice Fontaine
  2024-07-21 16:36 ` Thomas Petazzoni via buildroot
  2024-08-29 16:09 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2024-07-21 15:01 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine, Stefan Ott

This release has a fix for the DNSBomb issue CVE-2024-33655. This has a
low severity for Unbound, since it makes Unbound complicit in targeting
others, but does not affect Unbound so much.
This security release also fixes CVE-2024-1931.

https://nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released
https://nlnetlabs.nl/news/2024/Mar/14/unbound-1.19.3-released
https://nlnetlabs.nl/news/2024/Mar/07/unbound-1.19.2-released

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/unbound/unbound.hash | 4 ++--
 package/unbound/unbound.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/unbound/unbound.hash b/package/unbound/unbound.hash
index 843026abc7..96ee80b0ec 100644
--- a/package/unbound/unbound.hash
+++ b/package/unbound/unbound.hash
@@ -1,5 +1,5 @@
-# From https://nlnetlabs.nl/downloads/unbound/unbound-1.19.1.tar.gz.sha256
-sha256  bc1d576f3dd846a0739adc41ffaa702404c6767d2b6082deb9f2f97cbb24a3a9  unbound-1.19.1.tar.gz
+# From https://nlnetlabs.nl/downloads/unbound/unbound-1.20.0.tar.gz.sha256
+sha256  56b4ceed33639522000fd96775576ddf8782bb3617610715d7f1e777c5ec1dbf  unbound-1.20.0.tar.gz
 
 # Locally calculated
 sha256  8eb9a16cbfb8703090bbfa3a2028fd46bb351509a2f90dc1001e51fbe6fd45db  LICENSE
diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk
index 5128d0e420..ff0262bef1 100644
--- a/package/unbound/unbound.mk
+++ b/package/unbound/unbound.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-UNBOUND_VERSION = 1.19.1
+UNBOUND_VERSION = 1.20.0
 UNBOUND_SITE = https://www.unbound.net/downloads
 UNBOUND_INSTALL_STAGING = YES
 UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.20.0
  2024-07-21 15:01 [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.20.0 Fabrice Fontaine
@ 2024-07-21 16:36 ` Thomas Petazzoni via buildroot
  2024-08-29 16:09 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2024-07-21 16:36 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Stefan Ott, buildroot

On Sun, 21 Jul 2024 17:01:16 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> This release has a fix for the DNSBomb issue CVE-2024-33655. This has a
> low severity for Unbound, since it makes Unbound complicit in targeting
> others, but does not affect Unbound so much.
> This security release also fixes CVE-2024-1931.
> 
> https://nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released
> https://nlnetlabs.nl/news/2024/Mar/14/unbound-1.19.3-released
> https://nlnetlabs.nl/news/2024/Mar/07/unbound-1.19.2-released
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/unbound/unbound.hash | 4 ++--
>  package/unbound/unbound.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.20.0
  2024-07-21 15:01 [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.20.0 Fabrice Fontaine
  2024-07-21 16:36 ` Thomas Petazzoni via buildroot
@ 2024-08-29 16:09 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2024-08-29 16:09 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Stefan Ott, buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > This release has a fix for the DNSBomb issue CVE-2024-33655. This has a
 > low severity for Unbound, since it makes Unbound complicit in targeting
 > others, but does not affect Unbound so much.
 > This security release also fixes CVE-2024-1931.

 > https://nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released
 > https://nlnetlabs.nl/news/2024/Mar/14/unbound-1.19.3-released
 > https://nlnetlabs.nl/news/2024/Mar/07/unbound-1.19.2-released

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2024.02.x and 2024.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-08-29 16:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-21 15:01 [Buildroot] [PATCH 1/1] package/unbound: security bump to version 1.20.0 Fabrice Fontaine
2024-07-21 16:36 ` Thomas Petazzoni via buildroot
2024-08-29 16:09 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox