From b3942245cbdf707e92657d86b20b682f6e52f29e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Mon, 1 Oct 2018 19:23:54 +0200 Subject: [PATCH] - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes qname minimisation with a forwarder when connectivity has issues from rejecting responses. Resolves: rhbz#1633874 --- unbound-1.8.0-rh1633874.patch | 39 +++++++++++++++++++++++++++++++++++ unbound.spec | 9 +++++++- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 unbound-1.8.0-rh1633874.patch diff --git a/unbound-1.8.0-rh1633874.patch b/unbound-1.8.0-rh1633874.patch new file mode 100644 index 0000000..6740a66 --- /dev/null +++ b/unbound-1.8.0-rh1633874.patch @@ -0,0 +1,39 @@ +From 9be04e6fac3f4ee8fa08d3671dac41d2156d2ced Mon Sep 17 00:00:00 2001 +From: Wouter Wijngaards +Date: Thu, 27 Sep 2018 08:19:29 +0000 +Subject: [PATCH] - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, + fixes qname minimisation with a forwarder when connectivity has issues + from rejecting responses. + +git-svn-id: file:///svn/unbound/trunk@4916 be551aaa-1e26-0410-a405-d3ace91eadb9 +--- + iterator/iterator.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/iterator/iterator.c b/iterator/iterator.c +index 7baf92b7..2f26bd33 100644 +--- a/iterator/iterator.c ++++ b/iterator/iterator.c +@@ -2174,7 +2174,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, + return 0; + } + +- if(iq->minimisation_state == INIT_MINIMISE_STATE) { ++ if(iq->minimisation_state == INIT_MINIMISE_STATE ++ && !(iq->chase_flags & BIT_RD)) { + /* (Re)set qinfo_out to (new) delegation point, except when + * qinfo_out is already a subdomain of dp. This happens when + * increasing by more than one label at once (QNAMEs with more +@@ -2715,7 +2716,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, + sock_list_insert(&qstate->reply_origin, + &qstate->reply->addr, qstate->reply->addrlen, + qstate->region); +- if(iq->minimisation_state != DONOT_MINIMISE_STATE) { ++ if(iq->minimisation_state != DONOT_MINIMISE_STATE ++ && !(iq->chase_flags & BIT_RD)) { + if(FLAGS_GET_RCODE(iq->response->rep->flags) != + LDNS_RCODE_NOERROR) { + if(qstate->env->cfg->qname_minimisation_strict) +-- +2.14.4 + diff --git a/unbound.spec b/unbound.spec index 109f989..102f08a 100644 --- a/unbound.spec +++ b/unbound.spec @@ -34,7 +34,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.8.0 -Release: 1%{?extra_version:.%{extra_version}}%{?dist} +Release: 2%{?extra_version:.%{extra_version}}%{?dist} License: BSD Url: https://www.unbound.net/ Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz @@ -55,6 +55,8 @@ Source15: unbound-anchor.timer Source16: unbound-munin.README Source17: unbound-anchor.service +Patch1: unbound-1.8.0-rh1633874.patch + BuildRequires: gcc, make BuildRequires: flex, openssl-devel BuildRequires: libevent-devel expat-devel @@ -150,6 +152,8 @@ Python 3 modules and extensions for unbound pushd %{pkgname} +%patch1 -p1 -b .rh1633874 + # only for snapshots # autoreconf -iv @@ -420,6 +424,9 @@ popd %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %changelog +* Mon Oct 01 2018 Petr Menšík - 1.8.0-2 +- Skip ipv6 forwarders without ipv6 support (#1633874) + * Wed Sep 19 2018 Petr Menšík - 1.8.0-1 - Rebase to 1.8.0