40030e1c6f
Fixes the following security issue: - CVE-2024-43167: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault See announcement: https://nlnetlabs.nl/news/2024/Aug/15/unbound-1.21.0-released/ See also change log: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-21-0 This commit also updates the _SITE url from [1] to [2], to follow the HTTP redirect, and the url published on the download page [3]. Finally, this commit adds a comment in the hash file that the PGP signature was checked. [1] https://www.unbound.net/downloads [2] https://nlnetlabs.nl/downloads/unbound [3] https://nlnetlabs.nl/projects/unbound/download Signed-off-by: Julien Olivain <ju.o@free.fr> [Peter: Mark as security bump, add CVE info] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit ed34c4c77b8b2a830c7a9ffb1d75c7bf1e35a7c4) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
62 lines
1.6 KiB
Makefile
62 lines
1.6 KiB
Makefile
################################################################################
|
|
#
|
|
# unbound
|
|
#
|
|
################################################################################
|
|
|
|
UNBOUND_VERSION = 1.21.0
|
|
UNBOUND_SITE = https://nlnetlabs.nl/downloads/unbound
|
|
UNBOUND_INSTALL_STAGING = YES
|
|
UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl
|
|
UNBOUND_LICENSE = BSD-3-Clause
|
|
UNBOUND_LICENSE_FILES = LICENSE
|
|
UNBOUND_CPE_ID_VENDOR = nlnetlabs
|
|
UNBOUND_CONF_OPTS = \
|
|
--disable-rpath \
|
|
--disable-debug \
|
|
--with-conf-file=/etc/unbound/unbound.conf \
|
|
--with-pidfile=/var/run/unbound.pid \
|
|
--with-rootkey-file=/etc/unbound/root.key \
|
|
--enable-tfo-server \
|
|
--with-libevent=$(STAGING_DIR)/usr \
|
|
--with-libexpat=$(STAGING_DIR)/usr \
|
|
--with-ssl=$(STAGING_DIR)/usr
|
|
|
|
# uClibc-ng does not have MSG_FASTOPEN
|
|
# so TCP Fast Open client mode disabled for it
|
|
ifeq ($(BR2_TOOLCHAIN_USES_UCLIBC),y)
|
|
UNBOUND_CONF_OPTS += --disable-tfo-client
|
|
else
|
|
UNBOUND_CONF_OPTS += --enable-tfo-client
|
|
endif
|
|
|
|
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS_NPTL),y)
|
|
UNBOUND_CONF_OPTS += --with-pthreads
|
|
else
|
|
UNBOUND_CONF_OPTS += --without-pthreads
|
|
endif
|
|
|
|
ifeq ($(BR2_ENABLE_LTO),y)
|
|
UNBOUND_CONF_OPTS += --enable-flto
|
|
else
|
|
UNBOUND_CONF_OPTS += --disable-flto
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_UNBOUND_DNSCRYPT),y)
|
|
UNBOUND_CONF_OPTS += --enable-dnscrypt
|
|
UNBOUND_DEPENDENCIES += libsodium
|
|
else
|
|
UNBOUND_CONF_OPTS += --disable-dnscrypt
|
|
endif
|
|
|
|
define UNBOUND_INSTALL_INIT_SYSV
|
|
$(INSTALL) -D -m 755 package/unbound/S70unbound \
|
|
$(TARGET_DIR)/etc/init.d/S70unbound
|
|
endef
|
|
|
|
define UNBOUND_USERS
|
|
unbound -1 unbound -1 * /etc/unbound - - unbound daemon
|
|
endef
|
|
|
|
$(eval $(autotools-package))
|