A vulnerability was discovered in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however, happen in Unbound 1.6.7 and earlier versions.
(see https://unbound.net/downloads/CVE-2017-15105.txt)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
-PKG_VERSION:=1.6.5
+PKG_VERSION:=1.6.8
PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unbound.net/downloads
-PKG_HASH:=e297aa1229015f25bf24e4923cb1dadf1f29b84f82a353205006421f82cc104e
+PKG_HASH:=e3b428e33f56a45417107448418865fe08d58e0e7fea199b855515f60884dd49
-PKG_BUILD_DEPENDS:=libexpat
PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
diff --git a/doc/example.conf.in b/doc/example.conf.in
-index 83e7c5c..3ea2b28 100644
+index 5396029..cbb51ec 100644
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -1,9 +1,10 @@
-#
-# Example configuration file.
-#
--# See unbound.conf(5) man page, version 1.6.5.
+-# See unbound.conf(5) man page, version 1.6.8.
-#
-# this is a comment.
+##############################################################################