deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/unbound/unbound.mk
Fabrice Fontaine 4eb3201120 package/unbound: security bump to version 1.13.0 
This version has fixes to connect for UDP sockets, slowing down
potential ICMP side channel leakage. The fix can be controlled with the
option udp-connect: yes, it is enabled by default.

Additionally CVE-2020-28935 is fixed, this solves a problem where the
pidfile is altered by a symlink, and fails if a symlink is encountered.
See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more
information.

https://github.com/NLnetLabs/unbound/releases/tag/release-1.13.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:47:43 +01:00

55 lines
1.4 KiB
Makefile
Raw Blame History

################################################################################
#
# unbound
#
################################################################################
UNBOUND_VERSION = 1.13.0
UNBOUND_SITE = https://www.unbound.net/downloads
UNBOUND_DEPENDENCIES = host-pkgconf expat libevent openssl
UNBOUND_LICENSE = BSD-3-Clause
UNBOUND_LICENSE_FILES = LICENSE
UNBOUND_CONF_OPTS = \
--disable-rpath \
--disable-debug \
--with-conf-file=/etc/unbound/unbound.conf \
--with-pidfile=/var/run/unbound.pid \
--with-rootkey-file=/etc/unbound/root.key \
--enable-tfo-server \
--with-libexpat=$(STAGING_DIR)/usr \
--with-ssl=$(STAGING_DIR)/usr
# uClibc-ng does not have MSG_FASTOPEN
# so TCP Fast Open client mode disabled for it
ifeq ($(BR2_TOOLCHAIN_USES_UCLIBC),y)
UNBOUND_CONF_OPTS += --disable-tfo-client
else
UNBOUND_CONF_OPTS += --enable-tfo-client
endif
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS_NPTL),y)
UNBOUND_CONF_OPTS += --with-pthreads
else
UNBOUND_CONF_OPTS += --without-pthreads
endif
ifeq ($(BR2_GCC_ENABLE_LTO),y)
UNBOUND_CONF_OPTS += --enable-flto
else
UNBOUND_CONF_OPTS += --disable-flto
endif
ifeq ($(BR2_PACKAGE_UNBOUND_DNSCRYPT),y)
UNBOUND_CONF_OPTS += --enable-dnscrypt
UNBOUND_DEPENDENCIES += libsodium
else
UNBOUND_CONF_OPTS += --disable-dnscrypt
endif
define UNBOUND_INSTALL_INIT_SYSV
$(INSTALL) -D -m 755 package/unbound/S70unbound \
$(TARGET_DIR)/etc/init.d/S70unbound
endef
$(eval $(autotools-package))
Reference in a new issue View git blame Copy permalink