pool/unbound
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1144618 from home:seife:branches:server:dns

Browse Source 
disable outgoing-port-permit and outgoing-port-avoid in config file to
suppress the related unbound-checkconf warnings on every start

OBS-URL: https://build.opensuse.org/request/show/1144618
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=172
This commit is contained in:
Jorik Cronenberg 2024-03-05 15:13:11 +00:00 committed by Git OBS Bridge
parent 2fa50e9f92
commit afb03e5f7f
4 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libunbound-devel-mini.changes
View File

@ -7,6 +7,13 @@ Wed Feb 28 13:35:31 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
exploited to exhaust CPU resources and stall DNS resolvers. exploited to exhaust CPU resources and stall DNS resolvers.
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
-------------------------------------------------------------------
Tue Feb 6 13:27:06 UTC 2024 - Stefan Seyfried <seife+obs@b1-systems.com>
- as we use --disable-explicit-port-randomisation, also disable
outgoing-port-permit and outgoing-port-avoid in config file to
suppress the related unbound-checkconf warnings on every start
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Nov 17 09:50:18 UTC 2023 - Pedro Monreal <pmonreal@suse.com> Fri Nov 17 09:50:18 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

7
unbound.changes
View File

@ -7,6 +7,13 @@ Wed Feb 28 13:35:31 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
exploited to exhaust CPU resources and stall DNS resolvers. exploited to exhaust CPU resources and stall DNS resolvers.
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
-------------------------------------------------------------------
Tue Feb 6 13:27:06 UTC 2024 - Stefan Seyfried <seife+obs@b1-systems.com>
- as we use --disable-explicit-port-randomisation, also disable
outgoing-port-permit and outgoing-port-avoid in config file to
suppress the related unbound-checkconf warnings on every start
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 09:32:21 UTC 2024 - Jakob Lorenz <onlyjak0b@mailbox.org> Tue Jan 23 09:32:21 UTC 2024 - Jakob Lorenz <onlyjak0b@mailbox.org>

13
unbound.conf
View File

@ -70,19 +70,6 @@ server:
# port range that can be open simultaneously. # port range that can be open simultaneously.
# outgoing-range: 4096 # outgoing-range: 4096
# permit unbound to use this port number or port range for
# making outgoing queries, using an outgoing interface.
# Only ephemeral ports are allowed by SElinux
outgoing-port-permit: 32768-65535
# deny unbound the use this of port number or port range for
# making outgoing queries, using an outgoing interface.
# Use this to make sure unbound does not grab a UDP port that some
# other server on this computer needs. The default is to avoid
# IANA-assigned port numbers.
# Our SElinux policy does not allow non-ephemeral ports to be used
outgoing-port-avoid: 0-32767
# number of outgoing simultaneous tcp buffers to hold per thread. # number of outgoing simultaneous tcp buffers to hold per thread.
# outgoing-num-tcp: 10 # outgoing-num-tcp: 10

1
unbound.spec
View File

@ -174,6 +174,7 @@ This package holds the Python modules and extensions for unbound.
%build %build
%sysusers_generate_pre %{SOURCE19} anchor unbound.conf %sysusers_generate_pre %{SOURCE19} anchor unbound.conf
export CFLAGS="%{optflags}" export CFLAGS="%{optflags}"
export CXXFLAGS="%{optflags}" export CXXFLAGS="%{optflags}"