From: Stephen Walker Date: Thu, 19 Jan 2012 05:06:37 +0000 (+0000) Subject: [packages] unbound: update to 1.4.14 (#10249, CVE-2011-4528, thanks Cybjit), refresh... X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;h=fd202b3ef647d1b44b1b962b2102e0248c645fa7 [packages] unbound: update to 1.4.14 (#10249, CVE-2011-4528, thanks Cybjit), refresh patches SVN-Revision: 29796 --- diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 8b8eeefc68..20ddd11ec7 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2010-2011 OpenWrt.org +# Copyright (C) 2010-2012 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,18 +8,17 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.4.12 +PKG_VERSION:=1.4.14 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads -PKG_MD5SUM:=673a224c76345003fd168448ca12fbb2 +PKG_MD5SUM:=cd69fdaaa6af01ea0b6fbc59802f74ba PKG_BUILD_DEPENDS:=libexpat PKG_BUILD_PARALLEL:=1 PKG_FIXUP:=libtool PKG_INSTALL:=1 -PKG_LIBTOOL_PATHS:= ./libtool ./ldns-src/libtool include $(INCLUDE_DIR)/package.mk diff --git a/net/unbound/patches/001-conf.patch b/net/unbound/patches/001-conf.patch index 2365111165..be12a0611b 100644 --- a/net/unbound/patches/001-conf.patch +++ b/net/unbound/patches/001-conf.patch @@ -66,23 +66,19 @@ # the time to live (TTL) value lower bound, in seconds. Default 0. # If more than an hour could easily give trouble due to stale data. -@@ -134,12 +145,15 @@ server: +@@ -131,9 +142,11 @@ server: # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # infra-cache-slabs: 4 + infra-cache-slabs: 1 - # the maximum number of hosts that are cached (roundtrip times, EDNS). + # the maximum number of hosts that are cached (roundtrip, EDNS, lame). # infra-cache-numhosts: 10000 + infra-cache-numhosts: 200 - # the maximum size of the lame zones cached per host. in bytes. - # infra-cache-lame-size: 10k -+ infra-cache-lame-size: 1k - # Enable IPv4, "yes" or "no". # do-ip4: yes -@@ -166,6 +180,8 @@ server: +@@ -164,6 +177,8 @@ server: # access-control: ::0/0 refuse # access-control: ::1 allow # access-control: ::ffff:127.0.0.1 allow @@ -91,7 +87,7 @@ # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, -@@ -196,6 +212,7 @@ server: +@@ -194,6 +209,7 @@ server: # and the given username is assumed. Default is user "unbound". # If you give "" no privileges are dropped. # username: "@UNBOUND_USERNAME@" @@ -99,7 +95,7 @@ # the working directory. The relative files in this config are # relative to this directory. If you give "" the working directory -@@ -218,10 +235,12 @@ server: +@@ -216,10 +232,12 @@ server: # the pid file. Can be an absolute path outside of chroot/work dir. # pidfile: "@UNBOUND_PIDFILE@" @@ -112,7 +108,7 @@ # enable to not answer id.server and hostname.bind queries. # hide-identity: no -@@ -244,12 +263,15 @@ server: +@@ -242,12 +260,15 @@ server: # positive value: fetch that many targets opportunistically. # Enclose the list of numbers between quotes (""). # target-fetch-policy: "3 2 1 0 0" @@ -128,7 +124,7 @@ # Harden against out of zone rrsets, to avoid spoofing attempts. # harden-glue: yes -@@ -323,7 +345,7 @@ server: +@@ -321,7 +342,7 @@ server: # you start unbound (i.e. in the system boot scripts). And enable: # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). @@ -137,7 +133,7 @@ # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. -@@ -409,15 +431,18 @@ server: +@@ -407,15 +428,18 @@ server: # the amount of memory to use for the key cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m