packages/unbound
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update unbound version to 1.13.2 and remove the dependency of python3.8

Browse Source
This commit is contained in:
eaglegai 2022-02-19 16:57:08 +08:00
parent 1122a4f952
commit 35d58784d9
5 changed files with 10 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
CVE-2020-28935.patch
View File

@ -1,54 +0,0 @@
From ad387832979b6ce4c93f64fe706301cd7d034e87 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Mon, 23 Nov 2020 13:42:11 +0100
Subject: [PATCH] - Fix for #303 CVE-2020-28935 : Fix that symlink does not
interfere with chown of pidfile.
---
daemon/unbound.c | 26 ++++++++++++++++++++------
doc/Changelog | 2 ++
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/daemon/unbound.c b/daemon/unbound.c
index cd0fd69f2..45537d5c9 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -341,18 +341,32 @@ readpid (const char* file)
static void
writepid (const char* pidfile, pid_t pid)
{
- FILE* f;
+ int fd;
+ char pidbuf[32];
+ size_t count = 0;
+ snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)pid);
- if ((f = fopen(pidfile, "w")) == NULL ) {
+ if((fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC
+#ifdef O_NOFOLLOW
+ | O_NOFOLLOW
+#endif
+ , 0644)) == -1) {
log_err("cannot open pidfile %s: %s",
pidfile, strerror(errno));
return;
}
- if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) {
- log_err("cannot write to pidfile %s: %s",
- pidfile, strerror(errno));
+ while(count < strlen(pidbuf)) {
+ ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count);
+ if(r == -1) {
+ if(errno == EAGAIN || errno == EINTR)
+ continue;
+ log_err("cannot write to pidfile %s: %s",
+ pidfile, strerror(errno));
+ break;
+ }
+ count += r;
}
- fclose(f);
+ close(fd);
}
/**

74
unbound-1.10.0-auth-callback.patch
View File

@ -1,74 +0,0 @@
--- a/services/authzone.c 2020-04-16 13:01:10.550618034 +0200
+++ b/services/authzone.c 2020-04-16 13:07:04.624476160 +0200
@@ -5331,7 +5331,7 @@
log_assert(xfr->task_transfer);
lock_basic_lock(&xfr->lock);
env = xfr->task_transfer->env;
- if(env->outnet->want_to_quit) {
+ if(!env || env->outnet->want_to_quit) {
lock_basic_unlock(&xfr->lock);
return; /* stop on quit */
}
@@ -5770,7 +5770,7 @@
log_assert(xfr->task_transfer);
lock_basic_lock(&xfr->lock);
env = xfr->task_transfer->env;
- if(env->outnet->want_to_quit) {
+ if(!env || env->outnet->want_to_quit) {
lock_basic_unlock(&xfr->lock);
return; /* stop on quit */
}
@@ -5812,7 +5812,7 @@
log_assert(xfr->task_transfer);
lock_basic_lock(&xfr->lock);
env = xfr->task_transfer->env;
- if(env->outnet->want_to_quit) {
+ if(!env || env->outnet->want_to_quit) {
lock_basic_unlock(&xfr->lock);
return 0; /* stop on quit */
}
@@ -5893,7 +5893,7 @@
log_assert(xfr->task_transfer);
lock_basic_lock(&xfr->lock);
env = xfr->task_transfer->env;
- if(env->outnet->want_to_quit) {
+ if(!env || env->outnet->want_to_quit) {
lock_basic_unlock(&xfr->lock);
return 0; /* stop on quit */
}
@@ -6107,7 +6107,7 @@
log_assert(xfr->task_probe);
lock_basic_lock(&xfr->lock);
env = xfr->task_probe->env;
- if(env->outnet->want_to_quit) {
+ if(!env || env->outnet->want_to_quit) {
lock_basic_unlock(&xfr->lock);
return; /* stop on quit */
}
@@ -6143,7 +6143,7 @@
log_assert(xfr->task_probe);
lock_basic_lock(&xfr->lock);
env = xfr->task_probe->env;
- if(env->outnet->want_to_quit) {
+ if(!env || env->outnet->want_to_quit) {
lock_basic_unlock(&xfr->lock);
return 0; /* stop on quit */
}
@@ -6388,7 +6388,7 @@
log_assert(xfr->task_probe);
lock_basic_lock(&xfr->lock);
env = xfr->task_probe->env;
- if(env->outnet->want_to_quit) {
+ if(!env || env->outnet->want_to_quit) {
lock_basic_unlock(&xfr->lock);
return; /* stop on quit */
}
@@ -6465,7 +6465,7 @@
log_assert(xfr->task_nextprobe);
lock_basic_lock(&xfr->lock);
env = xfr->task_nextprobe->env;
- if(env->outnet->want_to_quit) {
+ if(!env || env->outnet->want_to_quit) {
lock_basic_unlock(&xfr->lock);
return; /* stop on quit */
}

BIN
unbound-1.10.1.tar.gz
View File

Binary file not shown.

BIN
unbound-1.13.2.tar.gz Normal file
View File

Binary file not shown.

23
unbound.spec
View File

@ -1,8 +1,8 @@
%{!?delete_la: %global delete_la find $RPM_BUILD_ROOT -type f -name "*.la" -delete} %{!?delete_la: %global delete_la find $RPM_BUILD_ROOT -type f -name "*.la" -delete}
Name: unbound Name: unbound
Version: 1.10.1 Version: 1.13.2
Release: 6 Release: 1
Summary: Unbound is a validating, recursive, caching DNS resolver Summary: Unbound is a validating, recursive, caching DNS resolver
License: BSD License: BSD
Url: https://nlnetlabs.nl/projects/unbound/about/ Url: https://nlnetlabs.nl/projects/unbound/about/
@ -21,12 +21,8 @@ Source11: unbound.sysconfig
Source12: unbound-anchor.timer Source12: unbound-anchor.timer
Source13: unbound-anchor.service Source13: unbound-anchor.service
Patch0: unbound-1.10.0-auth-callback.patch
Patch1: CVE-2020-28935.patch
BuildRequires: make flex swig pkgconfig systemd BuildRequires: make flex swig pkgconfig systemd
BuildRequires: libevent-devel expat-devel openssl-devel python3-devel BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
BuildRequires: unbound-libs
BuildRequires: gcc BuildRequires: gcc
%{?systemd_requires} %{?systemd_requires}
@ -74,9 +70,6 @@ Package help includes includes man pages for unbound.
pushd %{name}-%{version} pushd %{name}-%{version}
%patch0 -p1
%patch1 -p1
cp -pr doc pythonmod libunbound ../ cp -pr doc pythonmod libunbound ../
popd popd
@ -88,7 +81,8 @@ popd
--with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\ --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\
--with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\ --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\
--enable-sha2 --disable-gost --enable-ecdsa \\\ --enable-sha2 --disable-gost --enable-ecdsa \\\
--with-rootkey-file=%{_sharedstatedir}/unbound/root.key --with-rootkey-file=%{_sharedstatedir}/unbound/root.key \\\
--enable-linux-ip-local-port-range
pushd %{name}-%{version} pushd %{name}-%{version}
%configure --with-pythonmodule --with-pyunbound PYTHON=%{__python3} \%{configure_args} %configure --with-pythonmodule --with-pyunbound PYTHON=%{__python3} \%{configure_args}
@ -119,9 +113,6 @@ install -p -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/unbound
install -p -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/unbound-anchor.timer install -p -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/unbound-anchor.timer
install -p -m 0644 %{SOURCE13} $RPM_BUILD_ROOT%{_unitdir}/unbound-anchor.service install -p -m 0644 %{SOURCE13} $RPM_BUILD_ROOT%{_unitdir}/unbound-anchor.service
cp -a %{_libdir}/libunbound.so.2* %{buildroot}%{_libdir}
%delete_la %delete_la
for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove; for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove;
@ -231,6 +222,12 @@ popd
%{_mandir}/man* %{_mandir}/man*
%changelog %changelog
* Sat Feb 19 2022 gaihuiying <eaglegai@163.com> - 1.13.2-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update unbound version to 1.13.2 and remove the dependency of python3.8
* Tue Aug 31 2021 gaihuiying <gaihuiying1@huawei.com> - 1.10.1-6 * Tue Aug 31 2021 gaihuiying <gaihuiying1@huawei.com> - 1.10.1-6
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA