- These fixes are part of the 1.19.1 release, that is a security

point release on 1.19.0, the code repository continues with these fixes, with version number 1.19.2.
NLnetLabs · Feb 13, 2024 · be27499 · be27499
1 parent 56a2b56
commit be27499
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 14 deletions.
diff --git a/configure b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for unbound 1.19.1.
+# Generated by GNU Autoconf 2.71 for unbound 1.19.2.
 #
 # Report bugs to <[email protected] or https://github.com/NLnetLabs/unbound/issues>.
 #
@@ -622,8 +622,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='unbound'
 PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.19.1'
-PACKAGE_STRING='unbound 1.19.1'
+PACKAGE_VERSION='1.19.2'
+PACKAGE_STRING='unbound 1.19.2'
 PACKAGE_BUGREPORT='[email protected] or https://github.com/NLnetLabs/unbound/issues'
 PACKAGE_URL=''
 
@@ -1507,7 +1507,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures unbound 1.19.1 to adapt to many kinds of systems.
+\`configure' configures unbound 1.19.2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1573,7 +1573,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of unbound 1.19.1:";;
+     short | recursive ) echo "Configuration of unbound 1.19.2:";;
    esac
   cat <<\_ACEOF
 
@@ -1820,7 +1820,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-unbound configure 1.19.1
+unbound configure 1.19.2
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2477,7 +2477,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by unbound $as_me 1.19.1, which was
+It was created by unbound $as_me 1.19.2, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -3241,11 +3241,11 @@ UNBOUND_VERSION_MAJOR=1
 
 UNBOUND_VERSION_MINOR=19
 
-UNBOUND_VERSION_MICRO=1
+UNBOUND_VERSION_MICRO=2
 
 
 LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=24
+LIBUNBOUND_REVISION=25
 LIBUNBOUND_AGE=1
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -3337,6 +3337,7 @@ LIBUNBOUND_AGE=1
 # 1.18.0 had 9:22:1
 # 1.19.0 had 9:23:1
 # 1.19.1 had 9:24:1
+# 1.19.2 had 9:25:1
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -24144,7 +24145,7 @@ printf "%s\n" "#define MAXSYSLOGMSGLEN 10240" >>confdefs.h
 
 
 
-version=1.19.1
+version=1.19.2
 
 date=`date +'%b %e, %Y'`
 
@@ -24656,7 +24657,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by unbound $as_me 1.19.1, which was
+This file was extended by unbound $as_me 1.19.2, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -24724,7 +24725,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-unbound config.status 1.19.1
+unbound config.status 1.19.2
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 

diff --git a/configure.ac b/configure.ac
@@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
 # must be numbers. ac_defun because of later processing
 m4_define([VERSION_MAJOR],[1])
 m4_define([VERSION_MINOR],[19])
-m4_define([VERSION_MICRO],[1])
+m4_define([VERSION_MICRO],[2])
 AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[[email protected] or https://github.com/NLnetLabs/unbound/issues],[unbound])
 AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
 AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
 AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
 
 LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=24
+LIBUNBOUND_REVISION=25
 LIBUNBOUND_AGE=1
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -110,6 +110,7 @@ LIBUNBOUND_AGE=1
 # 1.18.0 had 9:22:1
 # 1.19.0 had 9:23:1
 # 1.19.1 had 9:24:1
+# 1.19.2 had 9:25:1
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary

diff --git a/doc/Changelog b/doc/Changelog
@@ -1,3 +1,11 @@
+13 February 2024: Wouter
+	- Fix CVE-2023-50387, DNSSEC verification complexity can be exploited
+	  to exhaust CPU resources and stall DNS resolvers.
+	- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
+	- These fixes are part of the 1.19.1 release, that is a security
+	  point release on 1.19.0, the code repository continues with these
+	  fixes, with version number 1.19.2.
+
 8 February 2024: Wouter
 	- Fix documentation for access-control in the unbound.conf man page.