From 361446f409124c3ccb631cf9f8ca0cd0398c72d7 Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Mon, 8 Oct 2018 20:20:28 -0400 Subject: [PATCH] unbound: update to 1.8.1 bug fixes for memory leaks bug fixes for DNS over TLS Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 6 +-- .../patches/210-query-state-leak.patch | 38 ------------------- .../patches/211-tls-timeout-leak.patch | 32 ---------------- 3 files changed, 3 insertions(+), 73 deletions(-) delete mode 100644 net/unbound/patches/210-query-state-leak.patch delete mode 100644 net/unbound/patches/211-tls-timeout-leak.patch diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 6624695e4d..eaa9051463 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.8.0 -PKG_RELEASE:=2 +PKG_VERSION:=1.8.1 +PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads -PKG_HASH:=78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f +PKG_HASH:=c362b3b9c35d1b8c1918da02cdd5528d729206c14c767add89ae95acae363c5d PKG_BUILD_PARALLEL:=1 PKG_FIXUP:=autoreconf diff --git a/net/unbound/patches/210-query-state-leak.patch b/net/unbound/patches/210-query-state-leak.patch deleted file mode 100644 index f8a6d25183..0000000000 --- a/net/unbound/patches/210-query-state-leak.patch +++ /dev/null @@ -1,38 +0,0 @@ -Unbound (trunk): -Fix that with harden-below-nxdomain and qname minisation enabled -some iterator states for nonresponsive domains can get into a -state where they waited for an empty list. -Stop UDP to TCP failover after timeouts that causes the ping count -to be reset by the TCP time measurement (that exists for TLS), -because that causes the UDP part to not be measured as timeout. - -Index: iterator/iterator.c -=================================================================== ---- a/iterator/iterator.c -+++ b/iterator/iterator.c -@@ -2752,6 +2752,12 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, - verbose(VERB_ALGO, - "could not validate NXDOMAIN " - "response"); -+ outbound_list_clear(&iq->outlist); -+ iq->num_current_queries = 0; -+ fptr_ok(fptr_whitelist_modenv_detach_subs( -+ qstate->env->detach_subs)); -+ (*qstate->env->detach_subs)(qstate); -+ iq->num_target_queries = 0; - } - } - return next_state(iq, QUERYTARGETS_STATE); -Index: services/outside_network.c -=================================================================== ---- a/services/outside_network.c -+++ b/services/outside_network.c -@@ -1979,7 +1979,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, - return 0; - } - if(rto >= RTT_MAX_TIMEOUT) { -- fallback_tcp = 1; -+ /* fallback_tcp = 1; */ - /* UDP does not work, fallback to TCP below */ - } else { - serviced_callbacks(sq, NETEVENT_TIMEOUT, c, rep); diff --git a/net/unbound/patches/211-tls-timeout-leak.patch b/net/unbound/patches/211-tls-timeout-leak.patch deleted file mode 100644 index 7dfc2a8188..0000000000 --- a/net/unbound/patches/211-tls-timeout-leak.patch +++ /dev/null @@ -1,32 +0,0 @@ -Unbound (trunk): -For DNS over TLS service, it sets the configured tls auth name. -This is useful for hosts that apart from the DNS over TLS services -also provide other (web) services. Add SSL cleanup for tcp timeout. - -Index: services/outside_network.c -=================================================================== ---- a/services/outside_network.c -+++ b/services/outside_network.c -@@ -377,6 +379,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) - if(!SSL_set1_host(pend->c->ssl, w->tls_auth_name)) { - log_err("SSL_set1_host failed"); - pend->c->fd = s; -+ SSL_free(pend->c->ssl); -+ pend->c->ssl = NULL; - comm_point_close(pend->c); - return 0; - } -@@ -1264,6 +1268,13 @@ outnet_tcptimer(void* arg) - } else { - /* it was in use */ - struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting; -+ if(pend->c->ssl) { -+#ifdef HAVE_SSL -+ SSL_shutdown(pend->c->ssl); -+ SSL_free(pend->c->ssl); -+ pend->c->ssl = NULL; -+#endif -+ } - comm_point_close(pend->c); - pend->query = NULL; - pend->next_free = outnet->tcp_free; -- 2.30.2