| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
- Refreshed one patch
- Removed deprecated AUTORELEASE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Changelog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-3
- Fixes: CVE-2022-3204
Refreshed one patch
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Maintainer: @EricLuehrsen
Compile tested: x86/64
Run tested: x86/64
Description: Update to 1.16.2, fix CVE-2022-30698 and CVE-2022-30699.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
|
| |
|
|
|
|
|
|
|
| |
Maintainer: @EricLuehrsen
Compile tested: realtek/rtl838x, x86/64
Run tested: realtek/rtl838x, x86/64
Description: Update to 1.16.1
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
|
| |
|
|
| |
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
| |
|
|
|
|
| |
Refresh patch
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
| |
Currently there is a problem with log spam when ipv6 network
is dropped. Fix this by backporting a patch to silence these errors
when verbose logging is not enabled.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
| |
Override places that call uname to detect target features
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Changes:
-remove old dns64 patch
-refresh openssl deprecated patch
-add DoT error log patch https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
| |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
| |
This will become pointless once OpenSSL 1.1.1 enters the tree.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
| |
bug fixes for memory leaks
bug fixes for DNS over TLS
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
| |
- adjust a few UCI translations to coordinate with upstream defaults
- remove OpenSSL < 1.1.0 API log error patch which is included upstream
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do
host cert verification. DNS over TLS connects, but hosts are unverified. A
patch for log err is added with a noitce in README.md.
(see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658)
Also, squash some minor robustness and TLS usability fixes.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
| |
A few bug fixes but importantly fix a deadlock on
AXFR configuration when notify occurs (auth-zone:)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
A vulnerability was discovered in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however, happen in Unbound 1.6.7 and earlier versions.
(see https://unbound.net/downloads/CVE-2017-15105.txt)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
| |
This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
| |
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Unbound 1.6.1 has a few bug fixes for resource leaks,
configuration robustness, compile environment interaction,
and maintaining the trust anchor. The 2017 trust anchor
(DS) is built into unbound and unbound-anchor.
File /etc/unbound/root.key holds 2010/2017 DS record until 2018
https://www.icann.org/resources/pages/ksk-rollover
https://www.iana.org/domains/root
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- future opportunity: added "views:" clause
-- consider won't need UCI for security instances
-- consider access lists, forwards, views, and tags
-- consider query denial for DNS amplification defense
- future opportunity: thrifted "local-zone:" memory bloat
-- consider adblock package to feed thru unbound-control
-- consider access lists, forwards, views, and tags
-- consider offering LuCI parental controls or other
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
-Patch for /etc/unbound/unbound.conf
--All work done in /var/lib/unbound/
--chroot or jail to /var/lib/unbound/
-Init script points to /usr/lib/unbound.sh
-Makefile to install new scripts in the package
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-Remove interlaced configuration changes
--Less sensitive to upstream example.conf changes
--Easier to read patch-of-patch work for maintenance
-Use MEMORY CONTROL EXAMPLE from http://unbound.net/
--Review and rework with respect to previous pacakge
--Effectively the same configuration as previous package
-Disable DNSSEC by default due to real-time chicken-n-egg
--Many OpenWrt target devices have no power-off clock (reboot)
--User choice of work around should be conscious
--Initial install should not fail reboot with DNSSEC default
-Add some defaults explicitly to prevent surprises
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
|
| |
|
|
|
|
|
| |
* Fix upstream whitespace change in the patch.
* Minor cleanup to the header.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
|
|
| |
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
|
| |
|
|
|
|
|
| |
Until now unbound was always running as root by default. A DNS resolver can
easily run under a non-privileged user.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
|
| |
The custom list of DNS root servers provided with the package is not necessary.
Unbound ships with a built-in list.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
| |
Bump unbound to version 1.5.7 released on December 10, 2015.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
|
|
| |
unbound 1.5.3 was released on March 10, 2015.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|
| |
|
|
| |
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
|
|
|
This is an import of the net/unbound package from Subversion
revision 40658 (May 2, 2014). The only change is the addition of
PKG_LICENSE, PKG_LICENSE_FILE and PKG_MAINTAINER to Makefile.
Unbound 1.4.22 is the current upstream release.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
|