Commit Graph

75 Commits

Author SHA1 Message Date
cy
51112a15b9 MFV r361322:
Update unbound 1.9.6 --> 1.10.1.

Bug Fixes:
 - CVE-2020-12662 Unbound can be tricked into amplifying an incoming
   query into a large number of queries directed to a target.
 - CVE-2020-12663 Malformed answers from upstream name servers can be
   used to make Unbound unresponsive.

Reported by:	emaste
MFC after:	3 days
Relnotes:	yes
Security:	CVE-2020-12662, CVE-2020-12663
2020-05-21 21:00:46 +00:00
cy
6a71b7809e Unbound's config.h is manually maintained, using a ./configure produced
config.h as a guide. In practice contributed software maintains a copy
of config.h within its build directory tree containing its Makefile.
usr.sbin/unbound is the home for its config.h.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D22983
2020-01-13 06:55:31 +00:00
cy
3087a96bc4 MFV r356143:
Update unbound 1.9.2 --> 1.9.6.

MFC after:	3 days
Security:	CVE-2019-18934 (fixed by 1.9.5)
2019-12-31 15:50:41 +00:00
des
a26dd17d56 Upgrade Unbound to 1.9.2. 2019-07-04 08:40:10 +00:00
des
27f0539ab9 Merge upstream r4932: turn so-reuseport option off by default.
MFC after:	3 days
2018-11-01 23:42:35 +00:00
des
7419258c5c Try harder to sanitize the environment before running configure.
Remove a workaround for older Unbound versions that used sbrk.

Approved by:	re (gjb)
2018-10-10 22:29:06 +00:00
des
0b62c2b8b2 Upgrade to 1.8.1.
Approved by:	re (kib)
2018-10-10 08:53:47 +00:00
des
eb21be2606 Upgrade Unbound to 1.8.0. More to follow.
Approved by:	re (kib)
2018-10-10 07:55:06 +00:00
jkim
b13e04a27e Make unbound buildable. 2018-09-19 07:03:28 +00:00
jkim
192af730df Revert r338774. Unrelated changes were committed with Apache Serf. 2018-09-19 06:56:37 +00:00
jkim
7cc69f42ae Update Apache Serf to 1.3.9 to make it buildable with OpenSSL 1.1.1. 2018-09-19 06:49:55 +00:00
des
3526ab7018 Upgrade Unbound to 1.7.3. More to follow.
Approved by:	re (kib@)
2018-09-10 17:37:34 +00:00
des
d80a9d8e56 Upgrade Unbound to 1.7.2. More to follow.
Approved by:	re (kib@)
2018-09-10 16:56:44 +00:00
des
bb2118ef40 Rename all Unbound binaries and man pages from unbound* to local-unbound*.
PR:		222902
2018-05-12 17:10:36 +00:00
des
6c94117e62 Upgrade Unbound to 1.7.1. 2018-05-12 15:20:39 +00:00
des
62789ed6aa Upgrade Unbound to 1.7.0. More to follow. 2018-05-12 15:04:05 +00:00
des
142fac78a4 Upgrade Unbound to 1.6.8. More to follow. 2018-05-12 14:57:42 +00:00
des
9d601fb636 No reason to keep this around. 2018-05-12 14:51:53 +00:00
des
cdf1d61589 Upgrade Unbound to 1.6.7. More to follow. 2018-05-12 14:51:18 +00:00
des
48dec7a67f Upgrade Unbound to 1.6.6. More to follow. 2018-05-12 14:48:38 +00:00
des
cd725d1e75 Upgrade Unbound to 1.6.5. More to follow. 2018-05-12 14:39:41 +00:00
des
c7bc6bcc6a Upgrade Unbound to 1.6.4. More to follow. 2018-05-12 14:36:58 +00:00
des
d9872a36e6 Upgrade Unbound to 1.6.3. More to follow. 2018-05-12 14:19:14 +00:00
des
bf48865e7d Upgrade Unbound to 1.6.2. More to follow. 2018-05-12 14:15:39 +00:00
des
8b73549d44 Upgrade Unbound to 1.6.1. More to follow. 2018-05-12 14:04:48 +00:00
des
033739542f Upgrade Unbound to 1.6.0. More to follow. 2018-05-12 12:57:34 +00:00
des
f6a79c1703 Merge upstream r4302 to support multiple concurrently valid anchors.
If an unpatched unbound-anchor is run without a preexisting root anchor
between 2017-09-11 and 2017-10-11, it will fail and Unbound will not be
able to start unless the validator is disabled.  An EN will be issued
with patches for existing systems and information on how to work around
the issue on new installations.
2017-08-31 12:02:14 +00:00
des
8443fee657 Upgrade to Unbound 1.5.10. 2016-09-29 18:24:29 +00:00
des
b8710acf41 Upgrade to Unbound 1.5.9. 2016-09-04 12:17:57 +00:00
des
2a21f7140f Apply upstream r3651: the IPv6 address of the L root has changed. 2016-03-11 14:57:40 +00:00
des
333413e33d Upgrade to Unbound 1.5.8. 2016-03-05 19:29:18 +00:00
des
a94c4c08ce Use the new insecure-lan-zones option instead of listing each AS112 zone
separately.

MFC after:	3 days
2016-02-11 17:37:02 +00:00
sobomax
fbaeae6294 Root out files that don't really belong here and could in fact screw
you over if you happen to use git for FreeBSD development, as it is
the case with the unbound/.gitignore, which lits files that are
actually required for the buildworld.

MFC after:	1 day
2016-02-02 19:04:40 +00:00
des
f2bca8d61d Upgrade to Unbound 1.5.7. 2015-12-14 13:01:51 +00:00
des
1bf9dc7fc4 Ask make(1) which compiler to use rather than rely on whatever is in $PATH. 2015-12-12 22:54:12 +00:00
des
a320991678 Apply r3505 (s/SIGQUIT/SIGTERM/ in man page)
PR:		203580
2015-10-14 18:08:38 +00:00
des
4350483166 Upgrade to Unbound 1.5.5. 2015-10-09 11:46:27 +00:00
des
870d2cd235 When chrooted, we need to strip the chroot directory from the front of
included paths.  Don't forget to do it for globs as well.
2015-09-17 16:19:36 +00:00
des
c5050a3b9f Upgrade to Unbound 1.5.4. 2015-09-17 16:10:11 +00:00
des
08fe3b61a6 Upgrade Unbound to 1.5.3. 2015-04-27 12:06:13 +00:00
des
84a33eb82c MFV (r277045): merge upstream version of the local socket patch. 2015-01-12 09:46:49 +00:00
des
266f3b9335 mfv (r276698): support for remote control over local sockets. 2015-01-05 14:59:18 +00:00
des
db2be144cc Add generated files. 2015-01-03 11:52:43 +00:00
des
7e4640559c Upgrade to Unbound 1.5.1. Almost all our local changes to date have been
adopted upstream, greatly reducing the diff.
2015-01-03 02:40:51 +00:00
des
5606bb1e5a Recognize the lexer and parser sources. 2015-01-03 00:31:52 +00:00
delphij
a526ff1d89 MFV r275844:
Fix unbound remote denial of service vulnerability.

Security:	FreeBSD-SA-14:30.unbound
Security:	CVE-2014-8602
2014-12-17 06:55:44 +00:00
des
d3e404ac25 Clean up the libunbound build to avoid accidentally regenerating the
configuration lexer and parser during buildworld.  Instead of being
included in the source as it is in the upstream distribution, the code is
now always generated (in ${.OBJDIR}) at build time.

PR:		190739
MFC after:	1 week
2014-07-19 18:38:48 +00:00
des
d96c67cabd Import unblock-lan-zones feature backported from upstream svn trunk.
This is a partial fix for reverse lookups in RFC 1918 networks.  With
this option enabled, unbound no longer ignores these queries; however,
it will still reject the answer it gets from the forwarder, because
the RFC 1918 reverse zones are signed.

Submitted by:	"W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
2014-07-18 11:32:44 +00:00
des
702c9d2a00 Move libworker_event_done_cb() from libworker.h to worker.h. 2014-05-27 23:39:28 +00:00
des
710d2272e0 regenerate 2014-05-15 19:48:52 +00:00