* Wed Jan 19 2022 werner@suse.de
- Import changes from OBS for dlv.isc.org.key, root.anchor, and
root.key to fix bsc#1112033
* Wed Jan 19 2022 werner@suse.de
- Add patch bsc1179191_CVE-2020-28935_19f8f4d9.patch to really fix
bsc#1179191 CVE-2020-28935: unbound: symbolic link traversal when
writing PID file
* Mon Jan 17 2022 werner@suse.de
- Add patches
* bsc1185382_CVE-2019-25031_f8875527.patch
bsc#1185382 for CVE-2019-25031
configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack
* bsc1185383.4_CVE-2019-25032.3_226298bb.patch
bsc#1185383 for CVE-2019-25032
integer overflow in the regional allocator via regional_alloc
bsc#1185384 for CVE-2019-25033
integer overflow in the regional allocator via the ALIGN_UP macro
* bsc1185385_CVE-2019-25034_a3545867.patch
bsc#1185385 for CVE-2019-25034
integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write
* bsc1185386.7_CVE-2019-25035.6_fa23ee8f.patch
bsc#1185386 for CVE-2019-25035
out-of-bounds write in sldns_bget_token_par
bsc#1185387 for CVE-2019-25036
assertion failure and denial of service in synth_cname
* bsc1185391.2_CVE-2019-25040.1_2d444a50.patch
bsc#1185391 for CVE-2019-25040
infinite loop via a compressed name in dname_pkt_copy
bsc#1185392 for CVE-2019-25041
assertion failure via a compressed name in dname_pkt_copy
* bsc1185389.90_CVE-2019-25038.9_02080f6b.patch
bsc#1185389 for CVE-2019-25038
integer overflow in a size calculation in dnscrypt/dnscrypt.c
bsc#1185390 for CVE-2019-25039
integer overflow in a size calculation in respip/respip.c
* bsc1185388_CVE-2019-25037_d2eb78e8.patch
bsc#1185388 for CVE-2019-25037
assertion failure and denial of service in dname_pkt_copy via an invalid packet
* bsc1185393_CVE-2019-25042_6c3a0b54.patch
bsc#1185393 for CVE-2019-25042
out-of-bounds write via a compressed name in rdata_copy
- Correct indentation in patch unbound-1.6.8-amplifying-an-incoming-query.patch
to make it fit to above patches
* Tue Jun 23 2020 rtorreromarijnissen@suse.com
- Avoid shell code execution after receiving a specially crafted answer
Resolves CVE-2019-18934 (bsc#1157268)
[ + patch_cve_2019-18934.patch ]
* Tue Jun 23 2020 rtorreromarijnissen@suse.com
- Avoid amplifying an incoming query to a large number of queries
Resolves CVE-2020-12662 CVE-2020-12663 (bsc#1171889)
[ + unbound-1.6.8-amplifying-an-incoming-query.patch ]
* Tue Apr 23 2019 rtorreromarijnissen@suse.com
- Add systemd require in unbound-anchor to reflect new dependency (due to systemd-timers)
* Thu Mar 07 2019 rtorreromarijnissen@suse.com
- Remove old pwdutils dependency and add shadow to cover both useradd
and groupadd as suggested in (bsc#1126757)
* Fri Jan 04 2019 rtorreromarijnissen@suse.com
- Use systemd-tmpfiles to create /var/lib/unbound/root.key
to avoid transactional update breakage (bsc#1111383)
* Thu Nov 15 2018 rtorreromarijnissen@suse.com
- Migrated from cron to systemd timers (bsc#1115417)
* Tue Oct 16 2018 kbabioch@suse.com
- Disabled DLV configuration by default (bsc#1055060)
- Updated the DNSSEC root trust anchor due to KSK roll over (bsc#1112009)