Compare commits
No commits in common. "c8" and "c8s-RHEL-64339" have entirely different histories.
c8
...
c8s-RHEL-6
4
.gitignore
vendored
4
.gitignore
vendored
@ -1 +1,3 @@
|
||||
SOURCES/unbound-1.16.2.tar.gz
|
||||
/unbound-1.7.3.tar.gz
|
||||
/unbound-1.16.0.tar.gz
|
||||
/unbound-1.16.2.tar.gz
|
||||
|
||||
@ -1 +0,0 @@
|
||||
9aea0e923b9d6779b5bc360094e24a4017e2bb25 SOURCES/unbound-1.16.2.tar.gz
|
||||
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||
@ -1 +1,2 @@
|
||||
. 172800 IN DNSKEY 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdpWWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwuMoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBevYtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ;{id = 38696 (ksk), size = 2048b}
|
||||
. 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b}
|
||||
@ -1,5 +1,6 @@
|
||||
; // The root key in bind format. This can be read by most tools, including
|
||||
; // named, unbound, et. For libunbound, use ub_ctx_trustedkeys() to load this
|
||||
trusted-keys {
|
||||
"." 257 3 8 "AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdpWWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwuMoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBevYtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc="; // key id = 38696
|
||||
"." 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="; // key id = 20326
|
||||
};
|
||||
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
||||
SHA512 (unbound-1.16.2.tar.gz) = 0ea65ea63265be677441bd2a28df12098ec5e86c3372240c2874f9bd13752b8b818da81ae6076cf02cbeba3d36e397698a4c2b50570be1a6a8e47f57a0251572
|
||||
29
unbound-1.20-unbound-anchor-key-38696.patch
Normal file
29
unbound-1.20-unbound-anchor-key-38696.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From acc84268e4156fb9a8dd36eafaf04d064ee5895a Mon Sep 17 00:00:00 2001
|
||||
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
|
||||
Date: Thu, 25 Jul 2024 11:42:22 +0200
|
||||
Subject: [PATCH] - Add root key 38696 from 2024 for DNSSEC validation. It is
|
||||
added to the default root keys in unbound-anchor. The content can be
|
||||
inspected with `unbound-anchor -l`.
|
||||
|
||||
---
|
||||
unbound-1.20.0/smallapp/unbound-anchor.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/unbound-1.20.0/smallapp/unbound-anchor.c b/unbound-1.20.0/smallapp/unbound-anchor.c
|
||||
index 137b2e9..8738cf2 100644
|
||||
--- a/unbound-1.20.0/smallapp/unbound-anchor.c
|
||||
+++ b/unbound-1.20.0/smallapp/unbound-anchor.c
|
||||
@@ -183,7 +183,9 @@ static const char DS_TRUST_ANCHOR[] =
|
||||
/* The anchors must start on a new line with ". IN DS and end with \n"[;]
|
||||
* because the makedist script greps on the source here */
|
||||
/* anchor 20326 is from 2017 */
|
||||
-". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n";
|
||||
+". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"
|
||||
+ /* anchor 38696 is from 2024 */
|
||||
+". IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16\n";
|
||||
|
||||
/** verbosity for this application */
|
||||
static int verb = 0;
|
||||
--
|
||||
2.53.0
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
Name: unbound
|
||||
Version: 1.16.2
|
||||
Release: 5.9%{?extra_version:.%{extra_version}}%{?dist}
|
||||
Release: 5.10%{?extra_version:.%{extra_version}}%{?dist}
|
||||
License: BSD
|
||||
Url: https://www.unbound.net/
|
||||
Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
|
||||
@ -76,6 +76,8 @@ Patch5: unbound-1.21-CVE-2024-8508.patch
|
||||
# https://github.com/NLnetLabs/unbound/commit/5bf82f246481098a6473f296b21fc1229d276c0f
|
||||
# https://github.com/NLnetLabs/unbound/commit/a1150078f29e14b36c8e4d9d05a263a5e6abbc5b
|
||||
Patch6: unbound-1.23.1-CVE-2025-5994.patch
|
||||
# https://github.com/NLnetLabs/unbound/commit/f094f4ea3c943c5b5b2b6fa8bee0e7a8f3cfdc51
|
||||
Patch7: unbound-1.20-unbound-anchor-key-38696.patch
|
||||
|
||||
BuildRequires: gdb
|
||||
BuildRequires: gcc, make
|
||||
@ -181,6 +183,7 @@ pushd %{pkgname}
|
||||
%patch4 -p2 -b .CVE-2023-50387-CVE-2023-50868
|
||||
%patch5 -p2 -b .CVE-2024-8508
|
||||
%patch6 -p2 -b .CVE-2025-5994
|
||||
%patch7 -p2 -b .dnssec-ta-2024
|
||||
|
||||
|
||||
# copy common doc files - after here, since it may be patched
|
||||
@ -448,6 +451,10 @@ popd
|
||||
%verify(not md5 size mtime) %{_sharedstatedir}/%{name}/root.key
|
||||
|
||||
%changelog
|
||||
* Tue Nov 11 2025 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.10
|
||||
- Add new root key 38696 (RHEL-131172)
|
||||
- Update unbound-anchor built-in dnssec key
|
||||
|
||||
* Thu Jul 24 2025 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-5.9
|
||||
- Fix RebirthDay Attack (CVE-2025-5994)
|
||||
- Resolves: RHEL-104123
|
||||
Loading…
Reference in New Issue
Block a user