diff --git a/unbound-1.19-b.root-servers.net-conf.patch b/unbound-1.19-b.root-servers.net-conf.patch new file mode 100644 index 0000000..c3f41c9 --- /dev/null +++ b/unbound-1.19-b.root-servers.net-conf.patch @@ -0,0 +1,38 @@ +From 101f9efb8de8e5e41fe40d05461276299e4c8980 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Tue, 16 Jan 2024 16:13:29 +0100 +Subject: [PATCH] Update b.root-servers.net also in example config file + +Addition to commit a8739bad76d4d179290627e989c7ef236345bda6, which +updated only address specified in code. But addresses provided in +example configuration were not updated, I think they should be updated +too. +--- + unbound-1.19.0/doc/example.conf.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/unbound-1.19.0/doc/example.conf.in b/unbound-1.19.0/doc/example.conf.in +index b79a322..3a15357 100644 +--- a/unbound-1.19.0/doc/example.conf.in ++++ b/unbound-1.19.0/doc/example.conf.in +@@ -1203,7 +1203,7 @@ include: /etc/unbound/conf.d/*.conf + # notifies. + auth-zone: + name: "." +- primary: 199.9.14.201 # b.root-servers.net ++ primary: 170.247.170.2 # b.root-servers.net + primary: 192.33.4.12 # c.root-servers.net + primary: 199.7.91.13 # d.root-servers.net + primary: 192.5.5.241 # f.root-servers.net +@@ -1211,7 +1211,7 @@ auth-zone: + primary: 193.0.14.129 # k.root-servers.net + primary: 192.0.47.132 # xfr.cjr.dns.icann.org + primary: 192.0.32.132 # xfr.lax.dns.icann.org +- primary: 2001:500:200::b # b.root-servers.net ++ primary: 2801:1b8:10::b # b.root-servers.net + primary: 2001:500:2::c # c.root-servers.net + primary: 2001:500:2d::d # d.root-servers.net + primary: 2001:500:2f::f # f.root-servers.net +-- +2.43.0 + diff --git a/unbound-1.19-b.root-servers.net.patch b/unbound-1.19-b.root-servers.net.patch new file mode 100644 index 0000000..c3b9a47 --- /dev/null +++ b/unbound-1.19-b.root-servers.net.patch @@ -0,0 +1,35 @@ +From 72c65bfc2fe35cf4f0665a5e3f173f4f8f6f151b Mon Sep 17 00:00:00 2001 +From: "W.C.A. Wijngaards" +Date: Wed, 6 Dec 2023 13:25:58 +0100 +Subject: [PATCH] - Updated IPv4 and IPv6 address for b.root-servers.net in + root hints. + +--- + unbound-1.19.0/iterator/iter_hints.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/unbound-1.19.0/iterator/iter_hints.c b/unbound-1.19.0/iterator/iter_hints.c +index a60d9a6..6b56daa 100644 +--- a/unbound-1.19.0/iterator/iter_hints.c ++++ b/unbound-1.19.0/iterator/iter_hints.c +@@ -129,7 +129,7 @@ compile_time_root_prime(int do_ip4, int do_ip6) + dp->has_parent_side_NS = 1; + if(do_ip4) { + if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4")) goto failed; +- if(!ah(dp, "B.ROOT-SERVERS.NET.", "199.9.14.201")) goto failed; ++ if(!ah(dp, "B.ROOT-SERVERS.NET.", "170.247.170.2")) goto failed; + if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) goto failed; + if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) goto failed; + if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed; +@@ -144,7 +144,7 @@ compile_time_root_prime(int do_ip4, int do_ip6) + } + if(do_ip6) { + if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed; +- if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:200::b")) goto failed; ++ if(!ah(dp, "B.ROOT-SERVERS.NET.", "2801:1b8:10::b")) goto failed; + if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed; + if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed; + if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed; +-- +2.43.0 + diff --git a/unbound.spec b/unbound.spec index 31b1448..7c07131 100644 --- a/unbound.spec +++ b/unbound.spec @@ -57,6 +57,11 @@ Source20: unbound.sysusers # Downstream configuration changes Patch1: unbound-fedora-config.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2253461 +# https://github.com/NLnetLabs/unbound/commit/a8739bad76d4d179290627e989c7ef236345bda6 +Patch2: unbound-1.19-b.root-servers.net.patch +# https://github.com/NLnetLabs/unbound/pull/993 +Patch3: unbound-1.19-b.root-servers.net-conf.patch BuildRequires: gcc, make BuildRequires: flex, openssl-devel