From be394fbcd84f33fb7ad0fa8aa54def6f99b76f93 Mon Sep 17 00:00:00 2001
From: Kyle Harding <kyle@balena.io>
Date: Wed, 21 Sep 2022 17:47:54 -0400
Subject: [PATCH] package/unbound: security bump version to 1.16.3

Fixes the following security issue:

CVE-2022-3204: The NRDelegation Attack can exploit resolvers by having a
malicious delegation with a considerable number of non responsive
nameservers.  It can trigger high CPU usage in some resolver implementations
that continually look in the cache for resolved NS records in that
delegation.  This can lead to degraded performance and eventually denial of
service in orchestrated attacks.

Unbound does not suffer from high CPU usage, but resources are still needed
for resolving the malicious delegation.  Unbound 1.16.3 includes fixes for
better performance when under load.

https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt

Signed-off-by: Kyle Harding <kyle@balena.io>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5560bc6c161b7e15d37b1beaa57014bb2a987e53)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/unbound/unbound.hash | 4 ++--
 package/unbound/unbound.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/unbound/unbound.hash b/package/unbound/unbound.hash
index 8bfe48df9f..cef8edc4a2 100644
--- a/package/unbound/unbound.hash
+++ b/package/unbound/unbound.hash
@@ -1,5 +1,5 @@
-# From https://nlnetlabs.nl/downloads/unbound/unbound-1.16.2.tar.gz.sha256
-sha256  2e32f283820c24c51ca1dd8afecfdb747c7385a137abe865c99db4b257403581  unbound-1.16.2.tar.gz
+# From https://nlnetlabs.nl/downloads/unbound/unbound-1.16.3.tar.gz.sha256
+sha256  ea0c6665e2c3325b769eac1dfccd60fe1828d5fcf662650039eccb3f67edb28e  unbound-1.16.3.tar.gz
 
 # Locally calculated
 sha256  8eb9a16cbfb8703090bbfa3a2028fd46bb351509a2f90dc1001e51fbe6fd45db  LICENSE
diff --git a/package/unbound/unbound.mk b/package/unbound/unbound.mk
index a3c3ddc8e3..73a460d103 100644
--- a/package/unbound/unbound.mk
+++ b/package/unbound/unbound.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-UNBOUND_VERSION = 1.16.2
+UNBOUND_VERSION = 1.16.3
 UNBOUND_SITE = https://www.unbound.net/downloads
 UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl
 UNBOUND_LICENSE = BSD-3-Clause