unbound.service.in: upgrade hardening to latest standards #512
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Systemd gradually introduced new protection bits, let’s enable them.
wcawijngaards
added a commit
that referenced
this pull request
Jul 26, 2021
- Merge #512: unbound.service.in: upgrade hardening to latest standards.
|
Thanks for the upgrade, committed the patch to the repository. |
jedisct1
added a commit
to jedisct1/unbound
that referenced
this pull request
Jul 27, 2021
* nlnet/master: - Changelog entry for NLnetLabs#513: Stream reuse, attempt to fix NLnetLabs#411, NLnetLabs#439, NLnetLabs#469. - Fix readzone unknown type print for memory resize. - Fix unittcpreuse.c: properly initialise outnet. - Remove redundant log_assert and fix error messages. - stream reuse, do not explicitly wait for a free pending_tcp if a reuse could be used. Changelog note for NLnetLabs#512 - Merge NLnetLabs#512: unbound.service.in: upgrade hardening to latest standards. unbound.service.in: upgrade hardening to latest standards - Add unittest for tcp_reuse functions. - stream reuse, move log_assert to the correct location. - stream reuse, clean links on structs that are unlinked from a list. - Fix for NLnetLabs#411, NLnetLabs#439, NLnetLabs#469: stream reuse, fix loop in the free pending_tcp list. - Fix for NLnetLabs#411, NLnetLabs#439, NLnetLabs#469: stream reuse, fix outnet deletion for all non-free pending_tcp. - Fix for NLnetLabs#411, NLnetLabs#439, NLnetLabs#469: stream reuse, fix LRU list when reuse is already in the tree. - Fix for NLnetLabs#411, NLnetLabs#439, NLnetLabs#469: stream reuse, fix linking when touching the tcp_reuse LRU list. - More log_assert for stream reuse operations. - Fix that ldns_zone_new_frm_fp_l counts the line number for an empty line after a comment.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Systemd gradually introduced new protection bits, let’s enable them.
This enhance the security score from 3.6 to 3.0. I’ve tested it on two systems, but definitively do not cover all cases, so further testing would be welcome.