Compare commits
No commits in common. "c9-beta" and "c8" have entirely different histories.
@ -2,5 +2,4 @@
|
||||
; // named, unbound, et. For libunbound, use ub_ctx_trustedkeys() to load this
|
||||
trusted-keys {
|
||||
"." 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="; // key id = 20326
|
||||
|
||||
};
|
||||
|
85
SOURCES/unbound-1.15-source-compat.patch
Normal file
85
SOURCES/unbound-1.15-source-compat.patch
Normal file
@ -0,0 +1,85 @@
|
||||
From fbde301c2706a5d0c9c3942fe84693f2b7a6b16c Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Sat, 7 May 2022 10:05:33 +0200
|
||||
Subject: [PATCH] Use reserved RCODE, fake source version
|
||||
|
||||
Use RCODE value assigned for a private use. Previous value were possible
|
||||
returned value.
|
||||
|
||||
Fake source version to be still 1.7.x. Hide real version into micro
|
||||
version component and export it also in a proper way with _REAL
|
||||
suffixes. Should workaround any source code detection to support correct
|
||||
callback format. Fixes compilation error in libreswan.
|
||||
|
||||
Use preprocessed unbound.h to prevent failures
|
||||
|
||||
Swig complains about wrong @ variable formats. Make it use preprocessed
|
||||
header instead of a template.
|
||||
---
|
||||
libunbound/python/libunbound.i | 4 ++--
|
||||
libunbound/unbound.h | 13 ++++++++++---
|
||||
services/mesh.h | 2 +-
|
||||
3 files changed, 13 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i
|
||||
index c9549bf90..f01e9111e 100644
|
||||
--- a/libunbound/python/libunbound.i
|
||||
+++ b/libunbound/python/libunbound.i
|
||||
@@ -53,7 +53,7 @@
|
||||
#ifdef HAVE_ARPA_INET_H
|
||||
#include <arpa/inet.h>
|
||||
#endif
|
||||
- #include "libunbound/unbound.h"
|
||||
+ #include "unbound.h"
|
||||
%}
|
||||
|
||||
%pythoncode %{
|
||||
@@ -855,7 +855,7 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
|
||||
//printf("resolve_stop()\n");
|
||||
%}
|
||||
|
||||
-%include "libunbound/unbound.h"
|
||||
+%include "unbound.h"
|
||||
|
||||
%inline %{
|
||||
//SWIG will see the ub_ctx as a class
|
||||
diff --git a/libunbound/unbound.h b/libunbound/unbound.h
|
||||
index c822d3f89..82660bd51 100644
|
||||
--- a/libunbound/unbound.h
|
||||
+++ b/libunbound/unbound.h
|
||||
@@ -102,9 +102,16 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
/** the version of this header file */
|
||||
-#define UNBOUND_VERSION_MAJOR @UNBOUND_VERSION_MAJOR@
|
||||
-#define UNBOUND_VERSION_MINOR @UNBOUND_VERSION_MINOR@
|
||||
-#define UNBOUND_VERSION_MICRO @UNBOUND_VERSION_MICRO@
|
||||
+/* Because of RHEL compat change, callback type remains at
|
||||
+ * 1.7.3 version. To prevent source-level incompatibility,
|
||||
+ * fake still old version. Export real version in _REAL
|
||||
+ * suffix definitions. */
|
||||
+#define UNBOUND_VERSION_MAJOR 1
|
||||
+#define UNBOUND_VERSION_MINOR 7
|
||||
+#define UNBOUND_VERSION_MICRO @UNBOUND_VERSION_MAJOR@@UNBOUND_VERSION_MINOR@@UNBOUND_VERSION_MICRO@
|
||||
+#define UNBOUND_VERSION_MAJOR_REAL @UNBOUND_VERSION_MAJOR@
|
||||
+#define UNBOUND_VERSION_MINOR_REAL @UNBOUND_VERSION_MINOR@
|
||||
+#define UNBOUND_VERSION_MICRO_REAL @UNBOUND_VERSION_MICRO@
|
||||
|
||||
/**
|
||||
* The validation context is created to hold the resolver status,
|
||||
diff --git a/services/mesh.h b/services/mesh.h
|
||||
index 9c6f958ff..c0cbf355e 100644
|
||||
--- a/services/mesh.h
|
||||
+++ b/services/mesh.h
|
||||
@@ -237,7 +237,7 @@ struct mesh_reply {
|
||||
/* RHEL 8 compatibility layer.
|
||||
* Special rcode to send was_ratelimited to callback without adding
|
||||
* extra parameter. It is ORed to the rcode parameter of the callback. */
|
||||
-#define LDNS_RCODE_RATELIMITED 0x100
|
||||
+#define LDNS_RCODE_RATELIMITED 0xf80
|
||||
#define RCODE_IS_RATELIMITED(rcode) ((rcode & LDNS_RCODE_RATELIMITED) != 0)
|
||||
#define RCODE_NOT_RATELIMITED(rcode) (rcode & ~LDNS_RCODE_RATELIMITED)
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
471
SOURCES/unbound-1.15-soversion2-compat.patch
Normal file
471
SOURCES/unbound-1.15-soversion2-compat.patch
Normal file
@ -0,0 +1,471 @@
|
||||
From 605d66f0b6b8f7c308010f455058299d25c1d2ee Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Fri, 6 May 2022 16:36:39 +0200
|
||||
Subject: [PATCH] Rework ABI breaking change to compatible way
|
||||
|
||||
Upstream commit 749d1b9ebc6fcb79824afd0471a1cfc12ca861b1 introduced
|
||||
was_ratelimited variable to every async callback. Such change led to ABI
|
||||
break and increase of soname of libunbound.
|
||||
|
||||
Use rcode to pass that boolean inside rcode variable. Allows keeping
|
||||
original callback prototype, but does not lose data. Extra integer bit
|
||||
operations should be very small price. Much better than ABI break.
|
||||
|
||||
Make current version compatible back to .2 version.
|
||||
---
|
||||
unbound-1.16.2/configure.ac | 2 +-
|
||||
unbound-1.16.2/daemon/worker.c | 6 ++--
|
||||
unbound-1.16.2/libunbound/libworker.c | 34 +++++++++++++++--------
|
||||
unbound-1.16.2/libunbound/unbound-event.h | 3 +-
|
||||
unbound-1.16.2/libunbound/unbound.h | 13 +++++----
|
||||
unbound-1.16.2/libunbound/worker.h | 6 ++--
|
||||
unbound-1.16.2/services/authzone.c | 11 ++++----
|
||||
unbound-1.16.2/services/authzone.h | 9 ++----
|
||||
unbound-1.16.2/services/mesh.c | 17 ++++++++----
|
||||
unbound-1.16.2/services/mesh.h | 9 +++++-
|
||||
unbound-1.16.2/smallapp/worker_cb.c | 6 ++--
|
||||
unbound-1.16.2/validator/autotrust.c | 2 +-
|
||||
unbound-1.16.2/validator/autotrust.h | 2 +-
|
||||
13 files changed, 72 insertions(+), 48 deletions(-)
|
||||
|
||||
diff --git a/unbound-1.16.2/configure.ac b/unbound-1.16.2/configure.ac
|
||||
index 224501b..71f066c 100644
|
||||
--- a/unbound-1.16.2/configure.ac
|
||||
+++ b/unbound-1.16.2/configure.ac
|
||||
@@ -19,7 +19,7 @@ AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||
|
||||
LIBUNBOUND_CURRENT=9
|
||||
LIBUNBOUND_REVISION=18
|
||||
-LIBUNBOUND_AGE=1
|
||||
+LIBUNBOUND_AGE=7
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
# 1.0.2 had 0:14:0
|
||||
diff --git a/unbound-1.16.2/daemon/worker.c b/unbound-1.16.2/daemon/worker.c
|
||||
index 010c4dc..2b87a41 100644
|
||||
--- a/unbound-1.16.2/daemon/worker.c
|
||||
+++ b/unbound-1.16.2/daemon/worker.c
|
||||
@@ -2268,21 +2268,21 @@ void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
|
||||
|
||||
void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode),
|
||||
sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
|
||||
- char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
|
||||
+ char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
|
||||
void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode),
|
||||
sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
|
||||
- char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
|
||||
+ char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
|
||||
void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode),
|
||||
sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
|
||||
- char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
|
||||
+ char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
diff --git a/unbound-1.16.2/libunbound/libworker.c b/unbound-1.16.2/libunbound/libworker.c
|
||||
index 11bf5f9..6895119 100644
|
||||
--- a/unbound-1.16.2/libunbound/libworker.c
|
||||
+++ b/unbound-1.16.2/libunbound/libworker.c
|
||||
@@ -549,9 +549,10 @@ libworker_enter_result(struct ub_result* res, sldns_buffer* buf,
|
||||
/** fillup fg results */
|
||||
static void
|
||||
libworker_fillup_fg(struct ctx_query* q, int rcode, sldns_buffer* buf,
|
||||
- enum sec_status s, char* why_bogus, int was_ratelimited)
|
||||
+ enum sec_status s, char* why_bogus)
|
||||
{
|
||||
- q->res->was_ratelimited = was_ratelimited;
|
||||
+ q->res->was_ratelimited = RCODE_IS_RATELIMITED(rcode);
|
||||
+ rcode = RCODE_NOT_RATELIMITED(rcode);
|
||||
if(why_bogus)
|
||||
q->res->why_bogus = strdup(why_bogus);
|
||||
if(rcode != 0) {
|
||||
@@ -575,13 +576,13 @@ libworker_fillup_fg(struct ctx_query* q, int rcode, sldns_buffer* buf,
|
||||
|
||||
void
|
||||
libworker_fg_done_cb(void* arg, int rcode, sldns_buffer* buf, enum sec_status s,
|
||||
- char* why_bogus, int was_ratelimited)
|
||||
+ char* why_bogus)
|
||||
{
|
||||
struct ctx_query* q = (struct ctx_query*)arg;
|
||||
/* fg query is done; exit comm base */
|
||||
comm_base_exit(q->w->base);
|
||||
|
||||
- libworker_fillup_fg(q, rcode, buf, s, why_bogus, was_ratelimited);
|
||||
+ libworker_fillup_fg(q, rcode, buf, s, why_bogus);
|
||||
}
|
||||
|
||||
/** setup qinfo and edns */
|
||||
@@ -634,7 +635,7 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
|
||||
NULL, 0, NULL, 0, NULL)) {
|
||||
regional_free_all(w->env->scratch);
|
||||
libworker_fillup_fg(q, LDNS_RCODE_NOERROR,
|
||||
- w->back->udp_buff, sec_status_insecure, NULL, 0);
|
||||
+ w->back->udp_buff, sec_status_insecure, NULL);
|
||||
libworker_delete(w);
|
||||
free(qinfo.qname);
|
||||
return UB_NOERROR;
|
||||
@@ -643,7 +644,7 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
|
||||
w->env, &qinfo, &edns, NULL, w->back->udp_buff, w->env->scratch)) {
|
||||
regional_free_all(w->env->scratch);
|
||||
libworker_fillup_fg(q, LDNS_RCODE_NOERROR,
|
||||
- w->back->udp_buff, sec_status_insecure, NULL, 0);
|
||||
+ w->back->udp_buff, sec_status_insecure, NULL);
|
||||
libworker_delete(w);
|
||||
free(qinfo.qname);
|
||||
return UB_NOERROR;
|
||||
@@ -665,7 +666,7 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
|
||||
|
||||
void
|
||||
libworker_event_done_cb(void* arg, int rcode, sldns_buffer* buf,
|
||||
- enum sec_status s, char* why_bogus, int was_ratelimited)
|
||||
+ enum sec_status s, char* why_bogus)
|
||||
{
|
||||
struct ctx_query* q = (struct ctx_query*)arg;
|
||||
ub_event_callback_type cb = q->cb_event;
|
||||
@@ -688,7 +689,7 @@ libworker_event_done_cb(void* arg, int rcode, sldns_buffer* buf,
|
||||
else if(s == sec_status_secure)
|
||||
sec = 2;
|
||||
(*cb)(cb_arg, rcode, (buf?(void*)sldns_buffer_begin(buf):NULL),
|
||||
- (buf?(int)sldns_buffer_limit(buf):0), sec, why_bogus, was_ratelimited);
|
||||
+ (buf?(int)sldns_buffer_limit(buf):0), sec, why_bogus);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -715,7 +716,7 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q,
|
||||
regional_free_all(w->env->scratch);
|
||||
free(qinfo.qname);
|
||||
libworker_event_done_cb(q, LDNS_RCODE_NOERROR,
|
||||
- w->back->udp_buff, sec_status_insecure, NULL, 0);
|
||||
+ w->back->udp_buff, sec_status_insecure, NULL);
|
||||
return UB_NOERROR;
|
||||
}
|
||||
if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones,
|
||||
@@ -723,7 +724,7 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q,
|
||||
regional_free_all(w->env->scratch);
|
||||
free(qinfo.qname);
|
||||
libworker_event_done_cb(q, LDNS_RCODE_NOERROR,
|
||||
- w->back->udp_buff, sec_status_insecure, NULL, 0);
|
||||
+ w->back->udp_buff, sec_status_insecure, NULL);
|
||||
return UB_NOERROR;
|
||||
}
|
||||
/* process new query */
|
||||
@@ -788,12 +789,23 @@ add_bg_result(struct libworker* w, struct ctx_query* q, sldns_buffer* pkt,
|
||||
}
|
||||
}
|
||||
|
||||
+
|
||||
+void
|
||||
+libworker_bg_done_cb_compat(void* arg, int rcode, sldns_buffer* buf, enum sec_status s,
|
||||
+ char* why_bogus)
|
||||
+{
|
||||
+ rcode = RCODE_NOT_RATELIMITED(rcode);
|
||||
+ libworker_bg_done_cb(arg, rcode, buf, s, why_bogus);
|
||||
+}
|
||||
+
|
||||
void
|
||||
libworker_bg_done_cb(void* arg, int rcode, sldns_buffer* buf, enum sec_status s,
|
||||
- char* why_bogus, int was_ratelimited)
|
||||
+ char* why_bogus)
|
||||
{
|
||||
+ int was_ratelimited = RCODE_IS_RATELIMITED(rcode);
|
||||
struct ctx_query* q = (struct ctx_query*)arg;
|
||||
|
||||
+ rcode = RCODE_NOT_RATELIMITED(rcode);
|
||||
if(q->cancelled || q->w->back->want_to_quit) {
|
||||
if(q->w->is_bg_thread) {
|
||||
/* delete it now */
|
||||
diff --git a/unbound-1.16.2/libunbound/unbound-event.h b/unbound-1.16.2/libunbound/unbound-event.h
|
||||
index a5d5c03..70aa4c8 100644
|
||||
--- a/unbound-1.16.2/libunbound/unbound-event.h
|
||||
+++ b/unbound-1.16.2/libunbound/unbound-event.h
|
||||
@@ -170,7 +170,8 @@ struct ub_event {
|
||||
struct ub_event_vmt* vmt;
|
||||
};
|
||||
|
||||
-typedef void (*ub_event_callback_type)(void*, int, void*, int, int, char*, int);
|
||||
+/* Uses define LDNS_RCODE_RATELIMITED from services/mesh.h */
|
||||
+typedef void (*ub_event_callback_type)(void*, int, void*, int, int, char*);
|
||||
|
||||
/**
|
||||
* Create a resolving and validation context.
|
||||
diff --git a/unbound-1.16.2/libunbound/unbound.h b/unbound-1.16.2/libunbound/unbound.h
|
||||
index c779d18..f6d5c7c 100644
|
||||
--- a/unbound-1.16.2/libunbound/unbound.h
|
||||
+++ b/unbound-1.16.2/libunbound/unbound.h
|
||||
@@ -203,18 +203,19 @@ struct ub_result {
|
||||
*/
|
||||
char* why_bogus;
|
||||
|
||||
+ /**
|
||||
+ * TTL for the result, in seconds. If the security is bogus, then
|
||||
+ * you also cannot trust this value.
|
||||
+ */
|
||||
+ int ttl;
|
||||
+
|
||||
/**
|
||||
* If the query or one of its subqueries was ratelimited. Useful if
|
||||
* ratelimiting is enabled and answer to the client is SERVFAIL as a
|
||||
* result.
|
||||
+ * RHEL8 Change, moved after ttl.
|
||||
*/
|
||||
int was_ratelimited;
|
||||
-
|
||||
- /**
|
||||
- * TTL for the result, in seconds. If the security is bogus, then
|
||||
- * you also cannot trust this value.
|
||||
- */
|
||||
- int ttl;
|
||||
};
|
||||
|
||||
/**
|
||||
diff --git a/unbound-1.16.2/libunbound/worker.h b/unbound-1.16.2/libunbound/worker.h
|
||||
index 0fa5bfa..8b64b4d 100644
|
||||
--- a/unbound-1.16.2/libunbound/worker.h
|
||||
+++ b/unbound-1.16.2/libunbound/worker.h
|
||||
@@ -90,15 +90,15 @@ void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
|
||||
|
||||
/** mesh callback with fg results */
|
||||
void libworker_fg_done_cb(void* arg, int rcode, sldns_buffer* buf,
|
||||
- enum sec_status s, char* why_bogus, int was_ratelimited);
|
||||
+ enum sec_status s, char* why_bogus);
|
||||
|
||||
/** mesh callback with bg results */
|
||||
void libworker_bg_done_cb(void* arg, int rcode, sldns_buffer* buf,
|
||||
- enum sec_status s, char* why_bogus, int was_ratelimited);
|
||||
+ enum sec_status s, char* why_bogus);
|
||||
|
||||
/** mesh callback with event results */
|
||||
void libworker_event_done_cb(void* arg, int rcode, struct sldns_buffer* buf,
|
||||
- enum sec_status s, char* why_bogus, int was_ratelimited);
|
||||
+ enum sec_status s, char* why_bogus);
|
||||
|
||||
/**
|
||||
* Worker signal handler function. User argument is the worker itself.
|
||||
diff --git a/unbound-1.16.2/services/authzone.c b/unbound-1.16.2/services/authzone.c
|
||||
index b9e0b11..c72949f 100644
|
||||
--- a/unbound-1.16.2/services/authzone.c
|
||||
+++ b/unbound-1.16.2/services/authzone.c
|
||||
@@ -5656,8 +5656,7 @@ xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset,
|
||||
|
||||
/** callback for task_transfer lookup of host name, of A or AAAA */
|
||||
void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
|
||||
- enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
|
||||
- int ATTR_UNUSED(was_ratelimited))
|
||||
+ enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
struct auth_xfer* xfr = (struct auth_xfer*)arg;
|
||||
struct module_env* env;
|
||||
@@ -5669,6 +5668,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
|
||||
return; /* stop on quit */
|
||||
}
|
||||
|
||||
+ rcode = RCODE_NOT_RATELIMITED(rcode);
|
||||
/* process result */
|
||||
if(rcode == LDNS_RCODE_NOERROR) {
|
||||
uint16_t wanted_qtype = LDNS_RR_TYPE_A;
|
||||
@@ -6717,8 +6717,7 @@ xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env)
|
||||
|
||||
/** callback for task_probe lookup of host name, of A or AAAA */
|
||||
void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
|
||||
- enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
|
||||
- int ATTR_UNUSED(was_ratelimited))
|
||||
+ enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
struct auth_xfer* xfr = (struct auth_xfer*)arg;
|
||||
struct module_env* env;
|
||||
@@ -6730,6 +6729,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
|
||||
return; /* stop on quit */
|
||||
}
|
||||
|
||||
+ rcode = RCODE_NOT_RATELIMITED(rcode);
|
||||
/* process result */
|
||||
if(rcode == LDNS_RCODE_NOERROR) {
|
||||
uint16_t wanted_qtype = LDNS_RR_TYPE_A;
|
||||
@@ -8212,7 +8212,7 @@ auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z,
|
||||
|
||||
/** callback for ZONEMD lookup of DNSKEY */
|
||||
void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
|
||||
- enum sec_status sec, char* why_bogus, int ATTR_UNUSED(was_ratelimited))
|
||||
+ enum sec_status sec, char* why_bogus)
|
||||
{
|
||||
struct auth_zone* z = (struct auth_zone*)arg;
|
||||
struct module_env* env;
|
||||
@@ -8234,6 +8234,7 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
|
||||
if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DS)
|
||||
typestr = "DS";
|
||||
downprot = env->cfg->harden_algo_downgrade;
|
||||
+ rcode = RCODE_NOT_RATELIMITED(rcode);
|
||||
|
||||
/* process result */
|
||||
if(sec == sec_status_bogus) {
|
||||
diff --git a/unbound-1.16.2/services/authzone.h b/unbound-1.16.2/services/authzone.h
|
||||
index 07614ed..b339fc1 100644
|
||||
--- a/unbound-1.16.2/services/authzone.h
|
||||
+++ b/unbound-1.16.2/services/authzone.h
|
||||
@@ -690,12 +690,10 @@ void auth_xfer_probe_timer_callback(void* arg);
|
||||
void auth_xfer_transfer_timer_callback(void* arg);
|
||||
/** mesh callback for task_probe on lookup of host names */
|
||||
void auth_xfer_probe_lookup_callback(void* arg, int rcode,
|
||||
- struct sldns_buffer* buf, enum sec_status sec, char* why_bogus,
|
||||
- int was_ratelimited);
|
||||
+ struct sldns_buffer* buf, enum sec_status sec, char* why_bogus);
|
||||
/** mesh callback for task_transfer on lookup of host names */
|
||||
void auth_xfer_transfer_lookup_callback(void* arg, int rcode,
|
||||
- struct sldns_buffer* buf, enum sec_status sec, char* why_bogus,
|
||||
- int was_ratelimited);
|
||||
+ struct sldns_buffer* buf, enum sec_status sec, char* why_bogus);
|
||||
|
||||
/*
|
||||
* Compares two 32-bit serial numbers as defined in RFC1982. Returns
|
||||
@@ -774,8 +772,7 @@ void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env,
|
||||
|
||||
/** mesh callback for zonemd on lookup of dnskey */
|
||||
void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode,
|
||||
- struct sldns_buffer* buf, enum sec_status sec, char* why_bogus,
|
||||
- int was_ratelimited);
|
||||
+ struct sldns_buffer* buf, enum sec_status sec, char* why_bogus);
|
||||
|
||||
/**
|
||||
* Check the ZONEMD records that need online DNSSEC chain lookups,
|
||||
diff --git a/unbound-1.16.2/services/mesh.c b/unbound-1.16.2/services/mesh.c
|
||||
index 30bcf7c..fc3c690 100644
|
||||
--- a/unbound-1.16.2/services/mesh.c
|
||||
+++ b/unbound-1.16.2/services/mesh.c
|
||||
@@ -63,6 +63,7 @@
|
||||
#include "util/data/dname.h"
|
||||
#include "respip/respip.h"
|
||||
#include "services/listen_dnsport.h"
|
||||
+#include "libunbound/unbound-event.h"
|
||||
|
||||
#ifdef CLIENT_SUBNET
|
||||
#include "edns-subnet/subnetmod.h"
|
||||
@@ -1012,7 +1013,7 @@ mesh_state_cleanup(struct mesh_state* mstate)
|
||||
mstate->cb_list = cb->next;
|
||||
fptr_ok(fptr_whitelist_mesh_cb(cb->cb));
|
||||
(*cb->cb)(cb->cb_arg, LDNS_RCODE_SERVFAIL, NULL,
|
||||
- sec_status_unchecked, NULL, 0);
|
||||
+ sec_status_unchecked, NULL);
|
||||
log_assert(mesh->num_reply_addrs > 0);
|
||||
mesh->num_reply_addrs--;
|
||||
}
|
||||
@@ -1268,8 +1269,9 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep,
|
||||
r->edns.opt_list_inplace_cb_out = NULL;
|
||||
}
|
||||
fptr_ok(fptr_whitelist_mesh_cb(r->cb));
|
||||
- (*r->cb)(r->cb_arg, rcode, r->buf, sec_status_unchecked, NULL,
|
||||
- was_ratelimited);
|
||||
+ if (was_ratelimited)
|
||||
+ rcode |= LDNS_RCODE_RATELIMITED;
|
||||
+ (*r->cb)(r->cb_arg, rcode, r->buf, sec_status_unchecked, NULL);
|
||||
} else {
|
||||
size_t udp_size = r->edns.udp_size;
|
||||
sldns_buffer_clear(r->buf);
|
||||
@@ -1287,11 +1289,14 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep,
|
||||
{
|
||||
fptr_ok(fptr_whitelist_mesh_cb(r->cb));
|
||||
(*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf,
|
||||
- sec_status_unchecked, NULL, 0);
|
||||
+ sec_status_unchecked, NULL);
|
||||
} else {
|
||||
fptr_ok(fptr_whitelist_mesh_cb(r->cb));
|
||||
- (*r->cb)(r->cb_arg, LDNS_RCODE_NOERROR, r->buf,
|
||||
- rep->security, reason, was_ratelimited);
|
||||
+ rcode = LDNS_RCODE_NOERROR;
|
||||
+ if (was_ratelimited)
|
||||
+ rcode |= LDNS_RCODE_RATELIMITED;
|
||||
+ (*r->cb)(r->cb_arg, rcode, r->buf,
|
||||
+ rep->security, reason);
|
||||
}
|
||||
}
|
||||
free(reason);
|
||||
diff --git a/unbound-1.16.2/services/mesh.h b/unbound-1.16.2/services/mesh.h
|
||||
index 3be9b63..5050d6c 100644
|
||||
--- a/unbound-1.16.2/services/mesh.h
|
||||
+++ b/unbound-1.16.2/services/mesh.h
|
||||
@@ -234,13 +234,20 @@ struct mesh_reply {
|
||||
struct http2_stream* h2_stream;
|
||||
};
|
||||
|
||||
+/* RHEL 8 compatibility layer.
|
||||
+ * Special rcode to send was_ratelimited to callback without adding
|
||||
+ * extra parameter. It is ORed to the rcode parameter of the callback. */
|
||||
+#define LDNS_RCODE_RATELIMITED 0x100
|
||||
+#define RCODE_IS_RATELIMITED(rcode) ((rcode & LDNS_RCODE_RATELIMITED) != 0)
|
||||
+#define RCODE_NOT_RATELIMITED(rcode) (rcode & ~LDNS_RCODE_RATELIMITED)
|
||||
+
|
||||
/**
|
||||
* Mesh result callback func.
|
||||
* called as func(cb_arg, rcode, buffer_with_reply, security, why_bogus,
|
||||
* was_ratelimited);
|
||||
*/
|
||||
typedef void (*mesh_cb_func_type)(void* cb_arg, int rcode, struct sldns_buffer*,
|
||||
- enum sec_status, char* why_bogus, int was_ratelimited);
|
||||
+ enum sec_status, char* why_bogus);
|
||||
|
||||
/**
|
||||
* Callback to result routine
|
||||
diff --git a/unbound-1.16.2/smallapp/worker_cb.c b/unbound-1.16.2/smallapp/worker_cb.c
|
||||
index c689817..c7b1653 100644
|
||||
--- a/unbound-1.16.2/smallapp/worker_cb.c
|
||||
+++ b/unbound-1.16.2/smallapp/worker_cb.c
|
||||
@@ -159,21 +159,21 @@ void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
|
||||
|
||||
void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode),
|
||||
struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
|
||||
- char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
|
||||
+ char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
|
||||
void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode),
|
||||
struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
|
||||
- char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
|
||||
+ char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
|
||||
void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode),
|
||||
struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
|
||||
- char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
|
||||
+ char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
log_assert(0);
|
||||
}
|
||||
diff --git a/unbound-1.16.2/validator/autotrust.c b/unbound-1.16.2/validator/autotrust.c
|
||||
index 3cdf9ce..40b3e35 100644
|
||||
--- a/unbound-1.16.2/validator/autotrust.c
|
||||
+++ b/unbound-1.16.2/validator/autotrust.c
|
||||
@@ -2331,7 +2331,7 @@ autr_debug_print(struct val_anchors* anchors)
|
||||
|
||||
void probe_answer_cb(void* arg, int ATTR_UNUSED(rcode),
|
||||
sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(sec),
|
||||
- char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
|
||||
+ char* ATTR_UNUSED(why_bogus))
|
||||
{
|
||||
/* retry was set before the query was done,
|
||||
* re-querytime is set when query succeeded, but that may not
|
||||
diff --git a/unbound-1.16.2/validator/autotrust.h b/unbound-1.16.2/validator/autotrust.h
|
||||
index 057f2b6..c549798 100644
|
||||
--- a/unbound-1.16.2/validator/autotrust.h
|
||||
+++ b/unbound-1.16.2/validator/autotrust.h
|
||||
@@ -206,6 +206,6 @@ void autr_debug_print(struct val_anchors* anchors);
|
||||
|
||||
/** callback for query answer to 5011 probe */
|
||||
void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf,
|
||||
- enum sec_status sec, char* errinf, int was_ratelimited);
|
||||
+ enum sec_status sec, char* errinf);
|
||||
|
||||
#endif /* VALIDATOR_AUTOTRUST_H */
|
||||
--
|
||||
2.37.1
|
||||
|
@ -1,212 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>Public Key Server -- Get "0x9f6f1c2d7e045f8d "</title>
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
.uid { color: green; text-decoration: underline; }
|
||||
.warn { color: red; font-weight: bold; }
|
||||
/*]]>*/
|
||||
</style></head><body><h1>Public Key Server -- Get "0x9f6f1c2d7e045f8d "</h1>
|
||||
<pre>
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: SKS 1.1.6
|
||||
Comment: Hostname: sks.pod02.fleetstreetops.com
|
||||
|
||||
mQINBE2v/RwBEACyQpJlpCeSZBV1QUH7jNEp5xGdo6OnX2h9XoZ4ZPsb+u6OT+xESH45ncnI
|
||||
SUh8rPCygbeWOoPR/yOBzh+lYoGxQ5iUHtwRrhHq04sQe/qFpXDO2xs61pTcPU2PnH7Rsr2q
|
||||
p6fZLPHuXLolD7NJfaSib8sVeMM0/ecyl/L2bBg9NpaGDX0xTQh95M8o6AFo6UKWApBpgsvE
|
||||
Zr2aH/B8b9KnCWFhfJyheEM7DamksdZNsKxXQyq3l/ROfdsMLZGF8vPbYV/v11G4keyaLpn8
|
||||
AbBpybIiw9SYDwf2ENk3+e1NFfMaiiyEqn9+aaLTKCY87TMUuoN3s3jWOOy5tHXzf6DbKhub
|
||||
4Awsby3DH5YpPhi4N2vj2pAXVpl5+m78cH29JLzT+HAoyZ4tq1r3m0P5QogNqYwqxkKWYOjD
|
||||
ilNDBiKiDdgtrLYGx+ABovKG/FvToJoaCL4AFaVCzWmL2uHkSgyBN0FPHatCB1UeEkcQit6T
|
||||
8E2NQqmFWjUMXSWHHajSMG95+L5PdLHz/Ku0o3Csvlt2pkElYZmzJBfnOM9JevdsmKr/ruJC
|
||||
/DCZAn5w2S/9ZF5qfo2F9HUKIwE/dChR29HcN8V4nqZs9oCvEMfFhHmrfwDc5hedhvb6mAkv
|
||||
SFFtKIrygLIVeWRj3FE9sGp6sr4VwOLYTFRNk7mAsWD1rZApeQARAQABtCdXLkMuQS4gV2lq
|
||||
bmdhYXJkcyA8d291dGVyQG5sbmV0bGFicy5ubD6IRgQQEQIABgUCThRSKQAKCRD5yv3rOc/E
|
||||
3iiwAJ0SIjqFSwBm7sEZf2nn4JhkWKoG0gCfTD0g9RhtJFZa+0rdtMGUpYtDA1aIRgQQEQIA
|
||||
BgUCT/FYZQAKCRDidkIqx06dxeI6AJ9JZvcA78yRPDAMS+TklrNhFbEixgCgwiltuquOD4Qw
|
||||
vTS+NZr1ECUit8+IRgQTEQIABgUCTa///wAKCRCQMuo3A6Gk+Ot2AKCi4IvI/AT2kSzy0pWH
|
||||
Zfrpl93zlACZAaBqkUKcA1jxk8HtqDYtuCRhSfiIRgQTEQIABgUCTb7dfwAKCRCL5TxDRLCU
|
||||
K/4yAJ9Zgx/YRiu/X+KLDTQoYXTxNNbCHACfcBLrfl5uABiyOzBC+/R5rXnoRaqIRgQTEQIA
|
||||
BgUCV+zVuQAKCRAjc9NHiaFq+OY4AKC6GV6dlBdvo4bEaJpWPHh9WShqIwCgjJi+haVoUR52
|
||||
ovPF0zsXx6/um+GITAQTEQIADAUCTbAJsgWDCWX06gAKCRC039xrdgkihyx4AJ9iuMMszOpC
|
||||
jRYkVjTgmDyVmAA5uACg7qmMbKb03FbTFdd5VG5/6RTiPtSJARwEEAECAAYFAlTvL9UACgkQ
|
||||
lumWUDlMmaxLZgf/WeQK3FqemgsgcNCfkPuE9XpSdyJhQ+n1Yb6tAK4osry7H3lFBQIKTpmX
|
||||
SxauZDazYt6G4BYWsA0ARBwZVOaEaIbFRHFWs3/SLynNf9ZGBw8FumIMlEw3+tUdZck6u7pU
|
||||
q1OFeL1HWRLEC/njyLe7zAFHHWwMUIL9ZAZGiknADbqiiyF/JTcv4cpfNhdRAFzRriUJ2zYf
|
||||
0r6vKnf8pjc9QfDricAq/WzfANycfaSqx5GEBokxZY3lq/oLe4dGpZmrGecvBMtmTRHAG0Ln
|
||||
sNwXVujej3sU0vfhkZ1A0lnKoZCOTwGTPkL3dkOwbUdoYiYakTjM8NKav/TxNDxdaG/QbYkB
|
||||
HAQQAQgABgUCVnyBkgAKCRAIbcKm1AudBFrsB/9oKXW7oiQ7eJJ036fsfM5UODQGoXc1XO0R
|
||||
TEV/8pBRSDhqOVwRUsPqgtU6p2UWJbwxgB7MmPt3Z4cXs+ff1jkTzn/iefMyB7W6NogotrTt
|
||||
Nlj8x30Y9dVJB4KSHnQW2Gsf/OmZM9cDBAuyK3j3yLWkn65FRKVoH/4sYil1Tm/ogEC8vdvX
|
||||
RpwsCaZG8HOLDphjjU0JErE1jWk2L+P0TeGCmbrsfhORxTaCROjvcJ0fQsdX7kcA262iRrU0
|
||||
xDlBBYZA9wyGfd4wf+zIt7LcVBjNNvIUdUC3Uf0prYJawaG2/YV6R7eY4ooJxTutadugLmZp
|
||||
fBRiITflLZssO3YAW9RxiQEcBBMBCgAGBQJU7y/ZAAoJEMFDUWYtzEe6MyQIALSGlZ4X0LJw
|
||||
6zNoHGVxC0P911NBtDRO2/Hfg38UMT8KjQ1jOynm1KZm67viNOVGRGWar23PNppofpViZSlQ
|
||||
xUXUyLXVajcV9klg7RV7GC/3P2dvrCjELHXJ6w8qrcUKDighjbdctHXiQ9W5nU1IWPTLdg+z
|
||||
cvTbSVybvLwcbu5kzUzlYvesetJjSWnU9PXswed2cN9sqN3ikrWlYv4qHp6RwrLBN/VjZQov
|
||||
AxXN68PHxLz8GNxZTO9Aa4j4CheejXPVHDhqqw/K0XI86hnvZX7kwy4KBq/o4Kl+fstaOM6T
|
||||
571D2fljTVztmsKZBhiuKm1t8/Ltoifch+bpFx5AZkaJAhwEEAECAAYFAk2+3aIACgkQi0GC
|
||||
sRlrLScyHw//accdcVbHGYLwS0imk5SMEJX2bdu87uXqseeMU5OhnYip4ySQ727VihGYkhmL
|
||||
c/o1dIEznvFudWc/fMEi0x3R5J53Qbt3XQEUjOgZUoeomQJCItoJsDRoItvgdUvj3o6hVWhu
|
||||
+8PL6oC2J/JAHvfsMKiaTBHrUcNdgovLPGo5bcZCJwOxqPLYPLW2fCkanY9EhbyVAsFIiuH4
|
||||
+8tSDnqrgZFATyDqhqAYP96CanJrSalB6l/2r10q3V/OxcyCwys5w54FExhQAhpwThpbpFcK
|
||||
kBrM647ak7x8dZha4C/RltwkFn6jFp2sNUSEa0USTOTyDw7WkqgZZOWvauQ+fKgSOJwWU+MR
|
||||
cs11bNEGtwBu+wPheeyAlITu7A9PIrMZTmmJKy124I7ZvfXF3NZrHVm2KanLaWqHrso8tYg4
|
||||
9C7ptSCEZlgLHaeOl1wOOLbH6OneB3mQqf2u0elWYv64sbEqmFwd0C4rFeT7VSFSDLc1AsZB
|
||||
zc4WveDPnjzMXE2KLIwP+/x+betpntuYKYzYov0fryS79fjwu5JGh0gfEDITSta+tPRAYqKf
|
||||
mCt/jpeZxUQBfI6SW6LyP2Go8uYlbplV5IJuZ04c2Pr/9G/e3vh4O/kJmDZo4EX9op9TKJpg
|
||||
w/shReVuUAP9E24rD0oEyiWnHu/ZsgMtaVKQc2SsIghSG8eJAhwEEAEKAAYFAlTvL+sACgkQ
|
||||
V0EnLQMH4n8IuA//cZqhGvBiSNpRkSjjZWu5BY7fhMOdshiVPkEZmILRytnXnxVcu+PuuIk0
|
||||
kXfgt/jcS762dBZK3UOVAAsGsLfkisLN18UGWKhokNUWybSmdmhTb6Ns5tJbZfnFTaSjA3Gk
|
||||
Z+R/U8O1tNHTmqBfYHTSq8utpIi1JEJRf5itUYytP75nt0rnjpYTFEbvKgukgZldLDk581Zc
|
||||
x4Y6pj1ILrxtqF369yBtYIEkHFcYDuXsApTIXY1G4V5mq4t9QCk07E2ZKZ2aJjaCA7VeD+vR
|
||||
8Z50oyu4kuc1RdFnP8TfQUAr/tYIFinuzKSqELu9b+JSPO3qawXaq9Y+X42XWkeQSeu7SNl2
|
||||
xqe1uVhHd8qduf8U438fUOBeY+gpae9e2IPbErU+itmd+m+WlHp8FUH2pS6VlXXhBrBPEZ3+
|
||||
8ph9wUtSAenFVyT1leu21pMuP2nNpD2nTsNlYcX9gA/vkA7bQyOtaEOC+8zNHtZYhx4u/nmI
|
||||
+yZ4Cc95CmfwTE0/fRX+T+jK2x5ZGRZMudygnKRbnod+OgnNVBWIykGSzULKgLY9i5PlxCA2
|
||||
a7FUoLpIOW4OJSgo6WNsBc3j48RjqNm3cUcLco1kDcoGaQ43dGyLVGMlB332u6m2W+g+AwGm
|
||||
vhJQh3yy5XYvRXRzfiHvWUok8ess1/0qSRua22JY14KBxJF80EeJAhwEEwECAAYFAk2wI04A
|
||||
CgkQ5fj4IS93pJjaOw/8DG4fn6z4LYmY3MsLNu2Efg9YflaWPkD+z0iLPGUHhrzObIIMfGL0
|
||||
kpqYJSbvYqYUSIR8AjQGwRrJVidBqOX9bK7ZVPPvsX61hjt6e0T0O2Q6JuDMCfseiseLBo/a
|
||||
6DJu2P7LfDNGaath0WMonOxnqs+kRG8SVyTqmbnyC0AwthgYB57CIyNuz3MPkQr7pJNmyWFv
|
||||
kUYs7Z2Awq0hyD9M1KAV8igqFGYjrZAJoSv1nX6OzGRCSFmxqKwmCd7OtHLpqdNHos5CLhrj
|
||||
ouLJwiNt8gv7w06owYFxEsctAGqjVjvvtD0L19Skp3jgLAro6x53UFUtxm+Z/8YLLh+lNHJx
|
||||
JMDQu5CpSn3zLwRkF/cYgINOa1CS1yceynlbRGxrIb2vSfmnZeNZ2cTwedM/+9C044DfIB1y
|
||||
9FmmZBaXOaA4ITjvcEf2FpFn9MdF+zN8N8AN5m1y/qftFqgG0P40AQ0hQAhk+F8JxD7wVh65
|
||||
jcj62f287L1h8EDo/NE1JH8dAb9dUlJQeohAkiIMurDYLYRop9u+ogtUtRpMKXTwgNUanIq7
|
||||
oTYpNunbI1NUXc9Fdi9Z8OYZagHlo4v6T3fqvaRbGElncoF6faz7les2zh2S8etACX7mNsxV
|
||||
c6kXIpdHqoHKGShdxtb+PhRirbIxdCzlFstk5c9zpsCJCr/yu+pCL6KJAiIEEAECAAwFAk2w
|
||||
CcoFgwll9NIACgkQVGoRHjtqqmQGaRAAuHuKIupTerS7qrEIkyOvECN06fg+U/caYv3Qpue0
|
||||
4ZC2aIk4oK/7wsuhEsMLCL3J1JFYCCmbc0QfYBtzIM5lu9SX7/1R8/+VnCvYvME8tKdMdQAM
|
||||
BWq4ZG5Bi9rH8j+450mjgmPRC0s8tmmfp62gB9zBAd/poVZQOVSUV43HE3n6Vkxj0ediGEmw
|
||||
GakB2pPtAY7HAaLxRdXidwjNTzpAz7JPinoZgpz/MYseuxSSyhIqqREYn/ynX1+YQhu1l4X6
|
||||
rpIsVWawMv93PhO42Y3Ny6SvC/hnZ1J+Y359quClHTQ/ogrbZrbhlKtpJNeNOCBKUzgIuT3/
|
||||
PSy1XheYQR2m8SbOmOMpgInr16i3ijsYBKI6qdoxB//YCkFCJmxfCUqRGPe6sAW2n9ow4VmE
|
||||
rAUDEqYTPDzkRA5zBY6C6cMugoClY8LidDwKHGXjbPMLz+CnWIVsC8BedjQcfPkuQs/P4QtQ
|
||||
+UYwt6UiFywYe4Na9JfJsYDwkUaKgZadva/JFxGkm7ApMpeMBuZUDIl9qptKipdmRrMnBx9l
|
||||
fvBqrrXYKPEzVMW0FpX9D5F1L4k5u3x4B0VDZ9WPJgkSKFQIMatDxFsyJNWZmh/0dODC/LKF
|
||||
mZZCk3B34rr91He99MzKNrrq3vZSlbMKoCQYjDGQDWVXCplwjq1zCt/JSZUJYVhwbcyJAiIE
|
||||
EQECAAwFAlRgbtMFgwK1j8kACgkQBhyEc3tNEByR3A/+MKwW1tgIspbnE8WEGjdNJtXUHQUv
|
||||
UJHFTuoBNKZA/uAYxe7FLoSKQI8lH5PgJrLnu8lq0Z7h4BObnx7F4NrB1ixTtMGgRXD1amVY
|
||||
Gw6STlXH6Fhr/0RvBTg/wbdm/nFFdaEEhclMNHY/mW69bcqGjHjcnk6nOmlVrYegWRGjGgTI
|
||||
JBqHUhoX2+VixkMrBDSESBpHHQHlwsOlT9T0v3pCVHQz9I/WygQpn0bjgWEISyZkWbLcmJVZ
|
||||
yYYmWU9WWw8n16qFChdO6BTEjChuzVupLS5LoBgxCJkh9gl4F6VGRg2kVvsQoxE0CKbM+4qy
|
||||
qAAK2jrgQZRg4ihC2WmOpr9X0mrjO38Bz/tmZL389ZBzj9S3VO8otgBRgDbJvNHm8EjWdQHj
|
||||
SOE2x5/F2T69g8IK3S/vkkKrySsjSlD/NJpWwldkUh1RtO7wFO2Zk+2+vr55joOjKApXKQgO
|
||||
7PKw2awkL91UWWHAvJ3tTq/16FUypnY9RHM9rHtU8XDLCp4iEzE7rzIywEwX4fUAut4CRf8m
|
||||
u3czrhdPh+oQyOyQHZJMdX0mCKZREPgKo2ca5iAFtzOzrgD5OTCD/Pz4+99+gLEMOML1bWQ4
|
||||
R43L4YyrB1UIQUAvVmLDhn19bUcIS+wZ3kKI0et24wqjkaIsLSSounGBPxB4jOLhG0BBojzV
|
||||
dvqUElOJAiIEEwECAAwFAk2wAP4Fgwll/Z4ACgkQrImYjct//fHn8Q/+JdXKAXtSq5ReGTDR
|
||||
F3PcpsQK9q0LGvdyNPZ91oSkGl2UpcRhQ2KqTY0RJa7CZdk/3jG9G8aRuAmC6O5MhcsVU36j
|
||||
zBTanDgiSqFEpJCLXWWkPbwWIXdL3/FVm/1iYkDNqOZkWsYxU6BixgrDJoKcIZctt2igZqqa
|
||||
qdJYJ8tdbEXfW67rx+cu+DTXuZIuBwFETNix8zL7XpCQZAOG79IvBNaSaJr0x90tn+6rlLrk
|
||||
w6+NCXFjzm9aDNGyyWTs7s4kLfDR1LbBGpJNL+kmWmF9hkQTFHDxwNmHPyhjZcHVXaRfdl86
|
||||
ahClxBT6hitmurAGDIjjqy0d3Rs41Q3rcm9AZUWH4YbtRn2hXC/VCzsDvZvsjFB258mj4oDl
|
||||
jcgeuoY4uJEK8EJa9RJ6z3+UATcDaZTmlWhmb3UhG6suhz4hjmC4Y+JcovSVvq9AJksLJA74
|
||||
m6TxExiKzCGwy9xw1gcgJlFD4iVarfV4+jv5YGuPipPwz1ho6+P4uUOOtLFVHesSQ7S0W8eX
|
||||
rMdbu1Plw+m+fad/Asb8SoUm4ckfCwgoDMZsrGHBLhMa9D7AW/4z478DWqM6aZnZlpK4pNk+
|
||||
/jyW8cPDfjRePFKC/zH2Vm679JGgT13qQUJF1fja4KOSEi0lIKegPCRVJ1h0MseVgd2Qa9vX
|
||||
2VJwbZkrnoBa6VZH8dqJAj4EEwECACgCGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW
|
||||
76tkBQkNAhVIAAoJEJ9vHC1+BF+N2tYQAIxArTFi1m0C8sv/wIJwKL3Y6LWu1dEZadHLslfT
|
||||
bSF+2ZaWIyrg/QXcIkpUuGBn+V2nw46qZ8N+bAsxVJoJDzpRuqfs5+t/wq7xIZC4gzFjY4MH
|
||||
3uGi5jhucMdozYKqLomQE34bW2B3Co3+Rx5wXa2reqXaTt5f3X74D4XkCki7WyKXMk8vhnxb
|
||||
oxU50qu3MQzu3rWFGWxukQ+Pva9tUFnWGZOIgvhVbB3FBhqbEGg56d6yTIMMb6IwIjc/UYbc
|
||||
RCST70B5y3+If26u4TSbGfZoo3xx+6hH3dw8X+jMLFLki3ABWc17f1ZE7UZPbNhoWBibSV/1
|
||||
zNylGxHM1sbD3fyVneI9SJl77JsqAsqRWa+uQzn2WMdP31KsLXhVfGBDBKziBLet3Ntj20+m
|
||||
zrZnWr7EJV9PHUhjk/ie3n3HBBXQjD6lX1L+ZVw6c9eXVQpvS2051gkSuurdGkX8PaD80O0v
|
||||
Q5aohrwu+sGXJBiZY8q8rDvq+3hsnc1TfWNJzSjD+PsQ5WM6y3zqzrb3Oa2dsmNZWvos7LkQ
|
||||
NQ+6yaoe/W3hnhEyN/w6sl01sUmhFdm/wVtbg3Nd4a0x/yTq8p56Ol0wfj54u6hkbt1yFTUl
|
||||
xx+Cp/BanLSiOZvn12slxpCBULom/D2XROYY80iwThSshahxoWC/h04q8cDaFycwMzyuiQI+
|
||||
BBMBAgAoBQJNr/0cAhsjBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCfbxwt
|
||||
fgRfjd8qEACMp3672f/ETQL/ZS3EnNj1937xu6ESRCUsvbjMiGzLW/2tQVQnoV40fBoRyeQ/
|
||||
2d40VgUCsNayy7zqm7gRpKSjEddNGVReM//HuglrUwDhctvH9SUMNvJIpTeyur456NtUtSSd
|
||||
VyQHaBXYnMm9Ultq/imKHen40shdJW+9aHfrHZ0hPTv8XQqssrunF/gMHw3LiemPIjlrvAnl
|
||||
gM+NS0dUAVEJAm/9PJlXwhLvgo/jN9Y4zw2RMlAMNtfb6+EBXtKN7fjLL9AFGb3EZFuvvKj+
|
||||
ZTuiOcHv991gS2R+9JYRb2LaGzOxzjAo4XkWYLks70ahBE3044mtblYt2M9qjOAhXSSGRehK
|
||||
+/cinAd42Krrpba55R3V2fyGbB1UZOiX4qhZM/btU/T5LzKEOOdmlKJhk4PcUHIZyqXtRPKL
|
||||
CoC7pWmPos0xKmfKR/x1lif2E9d/5/KcSvRGwv/EpFYclzXoTkgBg2Wq/rY1QaH4M0vK/hg8
|
||||
r/qQU0po4rSK1V2TboYoC6daO077OJIypXBZy4Xwxyfsm+ScomXdNW1b2qp30YQAql31paAt
|
||||
LrJUW3oKGMCVIF9ATq7Drhxh9knxo3f0JwNG3BFzNpKdQ6dYKrXBHeUIrZuuO2M/pXlpIa5j
|
||||
JrU8Krpl6AHL4M7YSRVD3AM7oV2TX6kCTDhkcQBlSND/e4kCVQQTAQIAPwIbIwYLCQgHAwIG
|
||||
FQgCCQoLBBYCAwECHgECF4AWIQTt+qPyyk5usFaBr46fbxwtfgRfjQUCWaU4BQUJEZjVaQAK
|
||||
CRCfbxwtfgRfjb1YEACjkhtkyZkYURUmSZNL2IK/Zencv7DZGRfFrzijROFtHbe//H8o2Zhl
|
||||
yiaFSA/dT1ehjsukkR0oFkYadA+qUi06WpxGmd/jf8hP4yTUZkwOhQAesWoNmnhKePNaVMKY
|
||||
8DP57bA+N2pdCcGu7gUtYzq2JoTAtV+P/PE2w+H9eyBAulv6iUckM5/qvGfJPl8HB9BtgOpG
|
||||
N79otVWO6ebM4TQ3cZYI9BDQnt9cF2pviex+z1iLZVJ8UeRxSxYhrBKPJioi0Q1OgcKyO56t
|
||||
7EotzxKl5TzprgvdX4cdls+lehD8StlE2Xv/TScHvdOhJuVBrn3a3QjZPb4qSsz74leW5/EI
|
||||
QmozBy+qf8AHcCmTXwb2U7oHOct7cVyS5+bFx+ThpV5OK0rjTH1LMNiuTeAN46c1y3prjZRp
|
||||
QUlgVwj06q3Zz/fzDyueUS/r4lW4nAf/VNZy/rTS2HYPoZbHZVCtGpDIfag6fV6V97Pd3zfh
|
||||
Tf2wmsJsw9Xhktp/o7rMBRSMhvL4oevOXb0JSG2583Q/JnCCceB4NxRRxsgkRYHwdnXN9FnO
|
||||
PSa4NyvF4rzpPksLGZrhvm+lBvzVn/e40Q/KlxvSlnn2vW/WBM4pBq1jsoJrd/JkTdijZV7m
|
||||
t7HQ2bCLXAPgfZjy7n79WiCQVHg7iYnNikiNWR5TR7JcvdkxOdiA/4kCVQQTAQgAPwIbIwYL
|
||||
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQTt+qPyyk5usFaBr46fbxwtfgRfjQUCXe4JdQUJ
|
||||
GaQN2QAKCRCfbxwtfgRfjQ8gEACe+49aDQHRuZdDHK1VCJKzhb+MvfdIjvl8eQxljpG9Uz5Y
|
||||
17Bx4SWfuLHCeGlh1m6IOAWeW4g6Wowm1ec1PkVa79TdrkKb0MxfLSat6iDbiuVjDxy2bWok
|
||||
W0/cPzJ/FoWDtEC0H9UTAMb5QGBDZUbLuwX7ZjvMkAhH15/hO9Gj4RHoH1RJGJALRtZzjtzs
|
||||
JqL53kW/EV59V1T79Nocyx018iw50Jn02mI8wYJZ9HZc5C7D+K59vcqLRZgkrJrObw0sEv3Y
|
||||
FOBYp/1DemH2nHPMBSKMmN5RAcr32guUjd4BEWf2Q7Ao+Qnhdi161W0YKCW4JAmOoQ4bQ0wf
|
||||
E9Q5aUIGhUF52L+ac8Hy7dByaCExCA/WTqQQ/iVPybmpJQhFonWt/fmpxbE2wKThSEOHTO67
|
||||
e5e3JfUb0vNKssyZojao4h1MF5nvaPNKoybWwKnpNM0ORcyl+aogKwW7E15TEU0TE5//gAsF
|
||||
wRDcCnSEKnksgM0321m17RDfJbCajIv47DHDYE3yvhRZjCJCaw0Gow1sDRWjdOFpmIixD5/v
|
||||
x5uxyqSHPuGAsXlEvl+Z3Rdc5bQ7pAWu7UNpR3hnJPfg8KL2xqOF75VKG9/NjLE80yj8wdVo
|
||||
CfDvvizrBtOXnHI49gCMCfNqbGIb5yVhmTdeo7li+Te9hlJ2DrHnujGJlFe+p7kCDQRNr/0c
|
||||
ARAApvDKeVLiSazESdTY9KsSWsqoB38pvOsu25M49tEjc5TtY5LwKNckqkeRlJ83O8dFG7UB
|
||||
VuGwLKaf/6OR/pe24upZ27eOOWW7sXvQNv5aXlOYfF+mjIhUINqjq4pKDmO1c9J7h5d+auOV
|
||||
fzcgfotg3BVCaKn56ucjiQJ059uUMfgWTvVlibnoJ7deZcgt8v7VcLK9jv+P8QJHTIyDzJd+
|
||||
JjdjuHXqC/A37T5G9Z84x8wYrQY6mZmOIYaMjwIKdgFeN+nLk5henARUz4MTFUW4j9hHpuyA
|
||||
FomDQ93/wkHZ9IEChTxdZnfvsd//Z45vfcX9dQM+tuR8XCYThVsScI1TnwR46hi5NkfmHo3H
|
||||
VxwB8/owJ+FZDsTNBbJd7AVy27Xk4L5hLe7BwLDtFMyOp4lOipCM7//mtFB9mTzqnOwiSSyT
|
||||
RlwGUBJkzQFWQa0Z6bfYwA6+y1dn19H519GW49irtl+2+W8W4N8oLriIjPvqrQOyaELFcRfV
|
||||
6FfLi09HPhHVbejOqIEbOtfuN0+mjrrGAwortfTBjfw80N+W90BTvta4K2SyjHcJTkDYehfO
|
||||
o/5IMpGtDsOgvsCbDaFRnNJuYtSqQmvWk1KIPIw6CkdJtZa3+q3YA7D7ovOVH1OBTKNdBjc+
|
||||
X4W8L5R9MCymXWvgiP+52Sv1VIcZmsnCBrwK490AEQEAAYkCJQQYAQIADwIbDAUCVu+raQUJ
|
||||
DQIVTQAKCRCfbxwtfgRfjVnYEACZ1E/FfLDi4vLUd9diImmNN/zWDHxTsO/VG3lt50rSoJM5
|
||||
NGB4RlwcbUKhah2fD44FFiIqGIvKD9hRgB51dVRIkaR3ozVtXRBKxJJqWj38wf2FDLtUXC5/
|
||||
JHYb0sjAc3ad2sA9xEmEBVO1lWK3J6h4gKZiAGlWz3oeOSve3vrTKsBlP0CurUeb4WTVpw4d
|
||||
rBJD7cDh8SJ4/Cq76UFx8lW0xR+pHZHcd0/Ir5v5HnnEgbnut4IxeY3/CGBfQfSQHylK7ifm
|
||||
PWq+dflC/ZdfHY1V96EHKPM44ZLwiczoY3qp5nkmEc3BY6+P8Ch5gddOYaY18wpedarswnpO
|
||||
LQD2Xbsj66Eh0IZuuuZGyfOqJNaWbP33L27eg35XQNTgyhuZmDyRKL6yAbhU74TXCCvze/kk
|
||||
fqDn2ouCtM8/kqLX1v0+NkBxlhZUkTTVDyclZtwu6Vypus3+j2Zqk8sXeUZI64sjXpzwOcMZ
|
||||
xdl3QuyxMktExWzk9Q5DYqO+pj/YGt1vp2M0YgSUWNWCvfBcjEPFgaljyqz3BdvR/LYohnXu
|
||||
QL9SWObF+sIFc9D0w/yORYQcKP5kSWVC/qwFdC61OGeSDnQ/0o0T5PefhYS82gsIrjQ+HIJ7
|
||||
CLUTk7kBNljvtfpoWegH02feR0kSRoCXA6x+YHT4fmB41pW8S1V5a5dEltA/JIkCJQQYAQIA
|
||||
DwUCTa/9HAIbDAUJCWYBgAAKCRCfbxwtfgRfjTY/D/9+kX8LeqBhwDdwy3udV67KmVmytwGM
|
||||
fzBHbAyBdy84X06ip/If/VkjL+2Sv5Uml/cOOzGZT7y/KEt0uXQzgOZhGP5Y0OREf4kSzfb7
|
||||
tsGu3ZjTp5uJe7HiJr8uqYGfx94TQG/A3x1C7MlxOGmWDK/Eh/eNVeNd+3yyDEzl2p7a0yUh
|
||||
I8LtzllVrEDX+G4rz+mdDw4tfPDqzRPzPvVtPfqnfofHP5r2dshGe7+pCTC+o0jHWpaiFkEi
|
||||
IrR3PbZ9tV6+F5LzCUJJP5nepz6CShpLHq9ST6qZiw5ZpdznHW0kVl96YxgynJq9Y4dqD/8n
|
||||
OfTzdHhXXEogGvRfcxatxeZF7YNFhUU2p+CswAjRKCUzZAz0hDAu+dJ+fw4Odx7ii8uiwhEn
|
||||
EHoo8rPETkXwUK1je4MCzMRSy0Gippzk/oZ7noIml+Njas/UygavUOQm8bcPqGfWeFqvM2C7
|
||||
ZobL2iV0fX/bhEmQyosiWJ0nHuKdwDYygYs/4LtZLxwiKli/lm6IDz1028j6/98Z81gGoltX
|
||||
WokTYAPEgcBuhyiSLSQ1wojTVMYt9rPKMBakTzP+0FoWqoNafWOlHovP6iUB2Igll2ZT3Avr
|
||||
BQ8jAbRbuUl46QpBaKsl+pBo86az0fRkMxv0N4dQv4Q7Z0g71u9NTpaq1vtAZOwc0kl3uGNK
|
||||
18PnV4kCPAQYAQIAJgIbDBYhBO36o/LKTm6wVoGvjp9vHC1+BF+NBQJZpTgKBQkRmNVuAAoJ
|
||||
EJ9vHC1+BF+NyNQP/A3h+cOOkYUxyKpNHdtlIfCn8db5tHXSCbE19Qi7EK1SiK5atjo+VoRt
|
||||
B+L01kH6GCx5oZjeIhUdzYFwEUsdCDgwD6r0dKFwKIGa4TFcfnx+Z5B+HZgLYc6ac5PEHF1q
|
||||
ZVXZH9GSGeNw5h2yyqf4yhvetSN6L2id14m5XXJV5e7NfOgmaSnG0Z+wQvPSiu+Q00XpENT8
|
||||
HFSTSCjRATjk12rpy6TPeeC52NK1gLhGDRHN0k6m+vm4yoC+Nd6iPQpnc+5xs7NDnq2dFuST
|
||||
p7UTGebzPhhdSQgujEFuYLwzQMZu1h5amtA+v9j7BYEJkOMC7bm1PNNA2QQ6QfH8Hf+mJeIN
|
||||
yJO8A5KS3ceP+eo3SLR8T0hPzu9gZuZ22Hn3DXQh1VNRshaLKgNvoXpL3dQ48d1SFFKhEDpy
|
||||
2HSXUq2fs5rH0uszFGesG7K6EQRAYRcDrCkt9fdfkvCSxAFw9d+472xThzgKcN+MkOec+SaY
|
||||
+xlVULjEfCWyRVC8Opam4mTm/XT4mVLxP/qnsy7kEhLoc/ouB+lY/ks06LpZJvCXL6WfA9Yo
|
||||
u1Fi1Mg7GhSh9JKg6X6E8Trm+N4dxJGut1xbbGmmKXqfi4pej9KlkdeM9t1df/vWKlPa7Hzd
|
||||
8H0btgJx066wC4yt0ghxtsJXBsCDxWLfzaSRZ2/eP16mHqxDjsQQiQI8BBgBCAAmAhsMFiEE
|
||||
7fqj8spObrBWga+On28cLX4EX40FAl3uCX0FCRmkDeEACgkQn28cLX4EX43TQA/+JV8ReMRJ
|
||||
Cn3Cfqbe5ycFn8p6dIVnJiQuhiEyu5yzdpSkKyzcVFJObQcqw7s50FJuLUbxdvbcuGIaoTu7
|
||||
dhBoUXO5tOuIQAsKTfGfgoOgelJm+/q2h645EnAVINGbMDXrmo4/UFJkNjUMA6SQi/yiam7N
|
||||
0y58eoDC4sGmBKuN2EW2MoWahlXw8SS1+Ab9qVBs/RqbSy6f1nJL39aPpPDmvyJOSYtHnNSF
|
||||
lYWVhr0zGAi5rnswlFGrECGbHpr5FajUK7zcmtNPbi7F30K48xfF3XnDIeIBcerrEBQMaPUZ
|
||||
cBlddGhmSVVJZU/YhR35JNgPnmp33gOuZaRiW9lauZFwsMQBIBkLpJWoUtu8QLkyC0HmJzVR
|
||||
ep0/s1RkzaJ+1G1BzXTQiXaLaUQWG5h3pcMD8fxY5qp9KbG/+10bY0sRbRBXgS6mz7ddHaBt
|
||||
g/E8ty2nEB1HDXA9HAHu7KlH9e96sPZjz9C46ZiOXe6ZAOk6wBYts4RG4bCQ9pGORJ+P2Jr2
|
||||
pz1NZQbs1AhnjJixTsfZfsGZ5lHxGLjIyxtdGB/irLEqNTIMek2yp4CShmWoZwN0V3aGYMe/
|
||||
rC4tSXG79IeKNwF3Vd5MHtB+hcJG2qztBtKQuW29rbRA5bNxwTWe8skwOKsxXnP9RC974k0X
|
||||
kPS+VwgmVgNN1ewS/0oHvmEP71Q=
|
||||
=ZSkT
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
</pre>
|
||||
</body></html>
|
@ -1,39 +1,43 @@
|
||||
%{?!with_python2: %global with_python2 0}
|
||||
%{?!with_python3: %global with_python3 1}
|
||||
%{?!with_munin: %global with_munin 1}
|
||||
%bcond_without dnstap
|
||||
%bcond_with systemd
|
||||
%bcond_without doh
|
||||
|
||||
%global _hardened_build 1
|
||||
|
||||
#%%global extra_version rc1
|
||||
#global extra_version rc1
|
||||
|
||||
%if 0%{with_python2}
|
||||
%global python_primary %{__python2}
|
||||
%endif
|
||||
%endif # with_python2
|
||||
|
||||
%if 0%{with_python3}
|
||||
%global python_primary %{__python3}
|
||||
%endif
|
||||
%endif # with_python3
|
||||
|
||||
%if 0%{?rhel}
|
||||
%global with_munin 0
|
||||
|
||||
%if 0%{?with_python2} && 0%{?rhel} <= 6
|
||||
# needed just for EPEL
|
||||
%{!?__python2: %global __python2 /usr/bin/python2}
|
||||
%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
|
||||
%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
|
||||
%endif # with_python2 && rhel <= 6
|
||||
|
||||
%if 0%{?rhel} <= 7
|
||||
%global with_python3 0
|
||||
%else
|
||||
%global with_python2 0
|
||||
%endif
|
||||
%endif
|
||||
%endif # rhel <= 7
|
||||
%endif # rhel
|
||||
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
Name: unbound
|
||||
Version: 1.16.2
|
||||
Release: 8%{?extra_version:.%{extra_version}}%{?dist}
|
||||
Release: 5%{?extra_version:.%{extra_version}}%{?dist}.6
|
||||
License: BSD
|
||||
Url: https://nlnetlabs.nl/projects/unbound/
|
||||
Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
|
||||
Url: https://www.unbound.net/
|
||||
Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
|
||||
Source1: unbound.service
|
||||
Source2: unbound.conf
|
||||
Source3: unbound.munin
|
||||
@ -51,45 +55,34 @@ Source15: unbound-anchor.timer
|
||||
Source16: unbound-munin.README
|
||||
Source17: unbound-anchor.service
|
||||
Source18: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz.asc
|
||||
Source19: http://keys.gnupg.net/pks/lookup?op=get&search=0x9F6F1C2D7E045F8D#/wouter.nlnetlabs.nl.key
|
||||
Source21: remote-control.conf
|
||||
|
||||
# Reverts ABI change done in version 1.8.0 (bz#2027735)
|
||||
# Makes possible backward binary compatibility with a new features
|
||||
Patch1: unbound-1.15-soversion2-compat.patch
|
||||
Patch2: unbound-1.15-source-compat.patch
|
||||
# https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554
|
||||
Patch1: unbound-1.16-CVE-2022-3204.patch
|
||||
Patch3: unbound-1.16-CVE-2022-3204.patch
|
||||
# https://nlnetlabs.nl/downloads/unbound/patch_CVE-2023-50387_CVE-2023-50868.diff
|
||||
Patch4: unbound-1.16-CVE-2023-50387-CVE-2023-50868.patch
|
||||
|
||||
BuildRequires: gdb
|
||||
BuildRequires: gcc, make
|
||||
BuildRequires: flex, openssl-devel
|
||||
BuildRequires: byacc, flex, openssl-devel
|
||||
BuildRequires: libevent-devel expat-devel
|
||||
BuildRequires: pkgconfig
|
||||
%if 0%{?fedora}
|
||||
BuildRequires: gnupg2
|
||||
%endif
|
||||
%if 0%{with_python2}
|
||||
BuildRequires: python2-devel swig
|
||||
%endif
|
||||
%endif # with_python
|
||||
%if 0%{with_python3}
|
||||
BuildRequires: python3-devel swig
|
||||
%endif
|
||||
%if %{with dnstap}
|
||||
BuildRequires: fstrm-devel protobuf-c-devel
|
||||
%endif
|
||||
%if %{with systemd}
|
||||
BuildRequires: systemd-devel
|
||||
%endif
|
||||
%if %{with doh}
|
||||
BuildRequires: libnghttp2-devel
|
||||
%endif
|
||||
%if 0%{?fedora} >= 30
|
||||
BuildRequires: systemd-rpm-macros
|
||||
%else
|
||||
%endif # with_python3
|
||||
BuildRequires: systemd
|
||||
%endif
|
||||
# Required for SVN versions or modified configure.ac
|
||||
# Required for SVN versions
|
||||
BuildRequires: bison
|
||||
BuildRequires: automake autoconf libtool
|
||||
|
||||
%{?systemd_requires}
|
||||
# Needed because /usr/sbin/unbound links unbound libs staticly
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
# unbound-keygen.service requires it, bug #2116790
|
||||
@ -127,11 +120,8 @@ The devel package contains the unbound library and the include files
|
||||
|
||||
%package libs
|
||||
Summary: Libraries used by the unbound server and client applications
|
||||
%{?systemd_requires}
|
||||
Requires(pre): shadow-utils
|
||||
%if ! 0%{with_python2}
|
||||
# Make explicit conflict with no longer provided python package
|
||||
Obsoletes: python2-unbound < 1.9.3
|
||||
%endif
|
||||
|
||||
%description libs
|
||||
Contains libraries used by the unbound server and client applications
|
||||
@ -146,26 +136,19 @@ Obsoletes: unbound-python < %{version}-%{release}
|
||||
|
||||
%description -n python2-unbound
|
||||
Python 2 modules and extensions for unbound
|
||||
%endif
|
||||
%endif # with_python
|
||||
|
||||
%if 0%{with_python3}
|
||||
%package -n python3-unbound
|
||||
Summary: Python 3 modules and extensions for unbound
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
%if ! 0%{with_python2}
|
||||
# Make explicit conflict with no longer provided python package
|
||||
Conflicts: python2-unbound < 1.9.3
|
||||
%endif
|
||||
|
||||
%description -n python3-unbound
|
||||
Python 3 modules and extensions for unbound
|
||||
%endif
|
||||
%endif # with_python3
|
||||
|
||||
|
||||
%prep
|
||||
%if 0%{?fedora}
|
||||
%gpgverify -k 19 -s 18 -d 0
|
||||
%endif
|
||||
%global pkgname %{name}-%{version}%{?extra_version}
|
||||
|
||||
%if 0%{with_python2} && 0%{with_python3}
|
||||
@ -175,16 +158,17 @@ Python 3 modules and extensions for unbound
|
||||
%global python_secondary %{__python2}
|
||||
%else
|
||||
%global dir_primary %{pkgname}
|
||||
%endif
|
||||
%endif # with_python2 && with_python3
|
||||
|
||||
%autosetup -c -N -n %{pkgname}
|
||||
%setup -qcn %{pkgname}
|
||||
|
||||
pushd %{pkgname}
|
||||
# patches go here
|
||||
%autopatch -p2
|
||||
|
||||
# only for snapshots
|
||||
autoreconf -iv
|
||||
%patch1 -p2 -b .solib2-compat
|
||||
%patch2 -p1 -b .srccompat
|
||||
%patch3 -p2 -b .CVE-2022-3204
|
||||
%patch4 -p2 -b .CVE-2023-50387-CVE-2023-50868
|
||||
|
||||
|
||||
# copy common doc files - after here, since it may be patched
|
||||
cp -pr doc pythonmod libunbound ../
|
||||
@ -196,39 +180,30 @@ cp -a %{dir_primary} %{dir_secondary}
|
||||
%endif
|
||||
|
||||
%build
|
||||
# This is needed to rebuild the configure script to support Python 3.x
|
||||
# autoreconf -iv
|
||||
|
||||
# ./configure script common arguments
|
||||
%global configure_args --with-libevent --with-pthreads --with-ssl \\\
|
||||
--disable-rpath --disable-static \\\
|
||||
--enable-relro-now --enable-pie \\\
|
||||
--enable-subnet --enable-ipsecmod \\\
|
||||
--with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\
|
||||
--with-pidfile=%{_rundir}/%{name}/%{name}.pid \\\
|
||||
--with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\
|
||||
--enable-sha2 --disable-gost --enable-ecdsa \\\
|
||||
--with-rootkey-file=%{_sharedstatedir}/unbound/root.key \\\
|
||||
--enable-linux-ip-local-port-range --disable-sha1
|
||||
--enable-linux-ip-local-port-range
|
||||
|
||||
pushd %{dir_primary}
|
||||
|
||||
# configure.ac is modified, force refresh
|
||||
autoreconf -fiv
|
||||
|
||||
%configure \
|
||||
%if 0%{?python_primary:1}
|
||||
--with-pythonmodule --with-pyunbound PYTHON=%{python_primary} \
|
||||
%endif
|
||||
%if %{with dnstap}
|
||||
--enable-dnstap \
|
||||
%endif
|
||||
%if %{with systemd}
|
||||
--enable-systemd \
|
||||
%endif
|
||||
%if %{with doh}
|
||||
--with-libnghttp2 \
|
||||
%endif
|
||||
%endif # python_primary
|
||||
%{configure_args}
|
||||
|
||||
%make_build
|
||||
%make_build streamtcp
|
||||
%{__make} %{?_smp_mflags}
|
||||
%{__make} %{?_smp_mflags} streamtcp
|
||||
|
||||
popd
|
||||
|
||||
@ -236,17 +211,11 @@ popd
|
||||
pushd %{dir_secondary}
|
||||
%configure \
|
||||
--with-pythonmodule --with-pyunbound PYTHON=%{python_secondary} \
|
||||
%if %{with dnstap}
|
||||
--enable-dnstap \
|
||||
%endif
|
||||
%if %{with systemd}
|
||||
--enable-systemd \
|
||||
%endif
|
||||
%{configure_args}
|
||||
|
||||
%make_build
|
||||
%{__make} %{?_smp_mflags}
|
||||
popd
|
||||
%endif
|
||||
%endif # python_secondary
|
||||
|
||||
|
||||
%install
|
||||
@ -255,12 +224,12 @@ install -p -m 0644 %{SOURCE16} .
|
||||
%if 0%{?python_secondary:1}
|
||||
# install first secondary build. It will be overwritten by primary
|
||||
pushd %{dir_secondary}
|
||||
%make_install unbound-event-install
|
||||
%{__make} DESTDIR=%{buildroot} unbound-event-install install
|
||||
popd
|
||||
%endif
|
||||
%endif # python_secondary
|
||||
|
||||
pushd %{dir_primary}
|
||||
%make_install unbound-event-install
|
||||
%{__make} DESTDIR=%{buildroot} unbound-event-install install
|
||||
install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp
|
||||
popd
|
||||
|
||||
@ -304,13 +273,13 @@ rm %{buildroot}%{_libdir}/*.la
|
||||
|
||||
%if 0%{with_python2}
|
||||
rm %{buildroot}%{python2_sitearch}/*.la
|
||||
%endif
|
||||
%endif # with_python
|
||||
|
||||
%if 0%{with_python3}
|
||||
rm %{buildroot}%{python3_sitearch}/*.la
|
||||
%endif
|
||||
%endif # with_python3
|
||||
|
||||
mkdir -p %{buildroot}%{_rundir}/unbound
|
||||
mkdir -p %{buildroot}%{_localstatedir}/run/unbound
|
||||
|
||||
# Install directories for easier config file drop in
|
||||
|
||||
@ -335,6 +304,7 @@ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
|
||||
%systemd_post unbound-keygen.service
|
||||
|
||||
%post libs
|
||||
%{?ldconfig}
|
||||
%systemd_post unbound-anchor.timer
|
||||
# start the timer only if installing the package to prevent starting it, if it was stopped on purpose
|
||||
if [ "$1" -eq 1 ]; then
|
||||
@ -354,8 +324,20 @@ fi
|
||||
%systemd_postun unbound-keygen.service
|
||||
|
||||
%postun libs
|
||||
%{?ldconfig}
|
||||
%systemd_postun_with_restart unbound-anchor.timer
|
||||
|
||||
%triggerun -- unbound < 1.4.12-4
|
||||
# Save the current service runlevel info
|
||||
# User must manually run systemd-sysv-convert --apply unbound
|
||||
# to migrate them to systemd targets
|
||||
/usr/bin/systemd-sysv-convert --save unbound >/dev/null 2>&1 ||:
|
||||
|
||||
# Run these because the SysV package being removed won't do them
|
||||
/sbin/chkconfig --del unbound >/dev/null 2>&1 || :
|
||||
/bin/systemctl try-restart unbound.service >/dev/null 2>&1 || :
|
||||
/bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
|
||||
|
||||
%check
|
||||
pushd %{dir_primary}
|
||||
#pushd pythonmod
|
||||
@ -373,14 +355,14 @@ pushd %{dir_secondary}
|
||||
#popd
|
||||
make check
|
||||
popd
|
||||
%endif
|
||||
%endif # python_secondary
|
||||
|
||||
|
||||
%files
|
||||
%doc doc/CREDITS doc/FEATURES
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_unitdir}/%{name}-keygen.service
|
||||
%attr(0755,unbound,unbound) %dir %{_rundir}/%{name}
|
||||
%attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name}
|
||||
%attr(0644,root,root) %{_tmpfilesdir}/unbound.conf
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
|
||||
@ -442,215 +424,115 @@ popd
|
||||
%{_sbindir}/unbound-anchor
|
||||
%{_libdir}/libunbound.so.*
|
||||
%{_mandir}/man8/unbound-anchor*
|
||||
# icannbundle and root.key(s) should be replaced from package
|
||||
# intentionally not using noreplace
|
||||
%config %{_sysconfdir}/%{name}/icannbundle.pem
|
||||
%{_sysconfdir}/%{name}/icannbundle.pem
|
||||
%{_unitdir}/unbound-anchor.timer
|
||||
%{_unitdir}/unbound-anchor.service
|
||||
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
|
||||
%attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
|
||||
# just left for backwards compat with user changed unbound.conf files - format is different!
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
# modification of root.key is maintained by unbound-achor.service and is intentional, so let rpm know
|
||||
%verify(not md5 size mtime) %{_sharedstatedir}/%{name}/root.key
|
||||
|
||||
%changelog
|
||||
* Mon Mar 11 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-8
|
||||
* Wed Apr 03 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.6
|
||||
- Rebuilt again with z-stream target
|
||||
|
||||
* Wed Apr 03 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.5
|
||||
- Correct typo in new config file
|
||||
|
||||
* Mon Mar 11 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.4
|
||||
- Ensure group access correction reaches also updated configs (CVE-2024-1488)
|
||||
|
||||
* Wed Feb 28 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-7
|
||||
* Wed Feb 28 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.3
|
||||
- Ensure only unbound group can change configuration (CVE-2024-1488)
|
||||
|
||||
* Fri Feb 16 2024 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-6
|
||||
* Mon Feb 19 2024 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-5.2
|
||||
- Fix wrong entry in changelog
|
||||
- Resolves: RHEL-25634
|
||||
|
||||
* Fri Feb 16 2024 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-5.1
|
||||
- Fix KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387
|
||||
- Fix Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868
|
||||
- Resolves: RHEL-25671
|
||||
- Resolves: RHEL-25643
|
||||
- Resolves: RHEL-25660
|
||||
- Resolves: RHEL-25634
|
||||
|
||||
* Sat Oct 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-5
|
||||
- Stop creating wrong devel manual pages (#2135322)
|
||||
|
||||
* Sat Oct 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-4
|
||||
- Apply correctly previous change (CVE-2022-3204)
|
||||
|
||||
* Tue Oct 11 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-3
|
||||
- Fix NRDelegation attack leading to uncontrolled resource consumption
|
||||
(CVE-2022-3204)
|
||||
|
||||
* Tue Aug 09 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-2
|
||||
- Require openssl tool for unbound-keygen (#2116802)
|
||||
- Require openssl tool for unbound-keygen (#2018806)
|
||||
|
||||
* Wed Aug 03 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-1
|
||||
- Update to 1.16.2 (#2087120)
|
||||
- Update to 1.16.2 (#2027735)
|
||||
|
||||
* Fri Jul 08 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-3
|
||||
- Disable ED25519 and ED448 in FIPS mode (#2079548)
|
||||
* Wed Jun 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-2
|
||||
- Restart keygen service before every unbound start (#1959468)
|
||||
|
||||
* Tue Jun 07 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-2
|
||||
- Restart keygen service before every unbound start (#2094336)
|
||||
* Wed Jun 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1
|
||||
- Upgrade to 9.16.0 (#2027735)
|
||||
- Update to recent version with compatibility with RHEL8 (#2027735)
|
||||
- Ensure also source level compatibility with previous version
|
||||
|
||||
* Sat Jun 04 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1
|
||||
- Update to 1.16.0 (#2087120)
|
||||
* Thu May 19 2022 Richard Lescak <rlescak@gmail.com> - 1.7.3-18
|
||||
- Change file mode before owner when configuring remote control unix socket to avoid AVC denials
|
||||
- Resolves: rhbz#2038251
|
||||
|
||||
* Mon May 02 2022 Petr Menšík <pemensik@redhat.com> - 1.15.0-1
|
||||
- Update to 1.15.0 (#2030608)
|
||||
- Update icannbundle.pem
|
||||
|
||||
* Mon May 02 2022 Paul Wouters <paul.wouters@aiven.io> - 1.13.2-1
|
||||
- Resolves: rhbz#1992985 unbound-1.13.2 is available
|
||||
- Use system-wide crypto policies
|
||||
|
||||
* Mon May 02 2022 Petr Menšík <pemensik@redhat.com> - 1.13.1-15
|
||||
- Export unbound-devel to CRB repository (#2056116)
|
||||
|
||||
* Tue Apr 26 2022 Petr Menšík <pemensik@redhat.com> - 1.13.1-14
|
||||
- Stop creating wrong devel manual pages (#2071943)
|
||||
|
||||
* Thu Mar 31 2022 Petr Menšík <pemensik@redhat.com> - 1.13.1-13
|
||||
- Disable SHA-1 support (#2070495)
|
||||
|
||||
* Fri Feb 11 2022 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-12
|
||||
- Fixed error in the patch
|
||||
- Resolves: rhbz#1977401
|
||||
|
||||
* Thu Feb 10 2022 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-11
|
||||
- regional_alloc() failure handled
|
||||
- Resolves: rhbz#1977401
|
||||
|
||||
* Thu Feb 10 2022 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-10
|
||||
- RESOURCE_LEAK fixed
|
||||
- Resolves: rhbz#1977400
|
||||
|
||||
* Tue Aug 10 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-9
|
||||
- Don't use delted OpenSSL macroses
|
||||
- Resolves: rhbz#1991005
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.13.1-8
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.13.1-7
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
|
||||
* Tue Jun 08 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-6
|
||||
- Changelog date fixed
|
||||
- Rebuild for new gating.yaml
|
||||
- Resolves: rhbz#1951923
|
||||
|
||||
* Mon Apr 26 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-5
|
||||
* Mon Apr 26 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.7.3-17
|
||||
- Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux
|
||||
- Resolves: rhbz#1952814
|
||||
- Resolves: rhbz#1830625
|
||||
|
||||
* Tue Apr 20 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-4
|
||||
* Tue Apr 06 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.7.3-16
|
||||
- Don't start unbound-anchor before unbound service if DISABLE_UNBOUND_ANCHOR
|
||||
environment variable equals to "yes"
|
||||
- Resolves: rhbz#1951923
|
||||
- Resolves: rhbz#1922448
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.13.1-2
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
* Tue Sep 01 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-15
|
||||
- Fix SPEC file to not check md5 mtime and size of /var/lib/unbound/root.key
|
||||
- Resolves: rhbz#1714175
|
||||
- Use system-wide crypto policy setting (PROFILE=SYSTEM) instead of custom setting
|
||||
- Resolves: rhbz#1842837
|
||||
- Enable additional logging in unbound
|
||||
- Resolves: rhbz#1850460
|
||||
- security hardening from x41 report
|
||||
- Resolves: rhbz#1859933
|
||||
- symbolic link traversal when writing PID file
|
||||
- Resolves: rhbz#1899058
|
||||
|
||||
* Wed Feb 10 2021 Paul Wouters <pwouters@redhat.com> - 1.13.1-1
|
||||
- Resolves rhbz#1860887 unbound-1.13.1 is available
|
||||
- Fixup unbound.conf
|
||||
* Thu May 28 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-14
|
||||
- Fix unbound-1.7.3-amplifying-an-incoming-query.patch patch
|
||||
- Resolves: rhbz#1839178 (CVE-2020-12662)
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
* Mon May 25 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-13
|
||||
- Fix two previous patches and add missing patch lines to %%prep
|
||||
- Fix amplifying an incoming query into a large number of queries directed to a target
|
||||
- Resolves: rhbz#1839178 (CVE-2020-12662)
|
||||
|
||||
* Thu Dec 10 2020 Petr Menšík <pemensik@redhat.com> - 1.13.0-1
|
||||
- Update to 1.13.0
|
||||
* Tue Apr 21 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-12
|
||||
- Remove KSK-2010 from configuration files
|
||||
- Resolves: rhbz#1665502
|
||||
- Replace legacy directory /var/run/ with /run
|
||||
- Resolves: rhbz#1766463
|
||||
- Resolves: rhbz#1805978
|
||||
- Fix memory leak when DNS over TLS forwarding is configured
|
||||
- Resolves: rhbz#1819870
|
||||
|
||||
* Tue Oct 13 2020 Petr Menšík <pemensik@redhat.com> - 1.12.0-1
|
||||
- Update to 1.12.0 (#1860887)
|
||||
* Thu Apr 16 2020 Artem Egorenkov <aegorenk@redhat.com> - 1.7.3-11
|
||||
- Resolves bz1818761. unbound crash fixed.
|
||||
|
||||
* Tue Sep 15 2020 Petr Menšík <pemensik@redhat.com> - 1.10.1-5
|
||||
- Move command line tools to utils subpackage
|
||||
* Tue Dec 10 2019 Tomas Korbar <tkorbar@redhat.com> - 1.7.3-10
|
||||
- Secure ipsec mode (#1772061)
|
||||
- CVE-2019-18934
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1.10.1-3
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
||||
* Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 1.10.1-2
|
||||
- Rebuilt for Python 3.9
|
||||
|
||||
* Tue May 19 2020 Paul Wouters <pwouters@redhat.com> - 1.10.1-1
|
||||
- Resolves: rhbz#1837279 unbound-1.10.1 is available
|
||||
- Resolves: rhbz#1837598 CVE-2020-12662 unbound: insufficient control of network message volume leads to DoS
|
||||
- Resolves: rhbz#1837609 CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
|
||||
- Updated unbound.conf for new options in 1.10.1
|
||||
|
||||
* Wed Apr 29 2020 Paul Wouters <pwouters@redhat.com> - 1.10.0-3
|
||||
- Resolves: rhbz#1667742 SELinux is preventing unbound from 'name_bind' accesses on the udp_socket port 61000.
|
||||
|
||||
* Thu Apr 16 2020 Artem Egorenkov <aegorenk@redhat.com> - 1.10.0-2
|
||||
- Resolves: rhbz#1824536 unbound crash
|
||||
|
||||
* Thu Mar 19 2020 Petr Menšík <pemensik@redhat.com> - 1.10.0-1
|
||||
- Update to 1.10.0 (#1805199)
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.6-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Dec 13 2019 Paul Wouters <pwouters@redhat.com> - 1.9.6-1
|
||||
- Resolves: rhbz#1758107 unbound-1.9.5 is available
|
||||
- Resolves: CVE-2019-18934
|
||||
|
||||
* Fri Nov 01 2019 Paul Wouters <pwouters@redhat.com> - 1.9.4-1
|
||||
- Fix build on rhel/centos systems
|
||||
- Resolves: rhbz#1767955 (CVE-2019-16866) uninitialized memory accesses leads to crash via a crafted NOTIFY query
|
||||
|
||||
* Thu Sep 26 2019 Petr Menšík <pihhan@gmail.com> - 1.9.3-2
|
||||
- Obsolete no longer provided python2 subpackage (#1749400)
|
||||
|
||||
* Tue Aug 27 2019 Paul Wouters <pwouters@redhat.com> - 1.9.3-1
|
||||
- Updated to 1.9.3
|
||||
- Resolves: rhbz#1672578 unbound-1.9.2 is available
|
||||
- Resolves: rhbz#1694831 [/usr/lib/tmpfiles.d/unbound.conf:1] Line references path below legacy directory /var/run/
|
||||
- Resolves: rhbz# 1667387 [abrt] unbound: memmove(): unbound killed by SIGABRT
|
||||
|
||||
* Thu Aug 22 2019 Miro Hrončok <mhroncok@redhat.com> - 1.8.3-8
|
||||
- Subpackage python2-unbound has been removed
|
||||
See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
|
||||
|
||||
* Thu Aug 15 2019 Miro Hrončok <mhroncok@redhat.com> - 1.8.3-7
|
||||
- Rebuilt for Python 3.8
|
||||
|
||||
* Mon Aug 5 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.8.3-6
|
||||
- Drop install-time requirements on systemd (#1723777)
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Fri Jan 11 2019 Paul Wouters <pwouters@redhat.com> - 1.8.3-3
|
||||
- Remove KSK-2010 from configs - it has been revoked
|
||||
|
||||
* Wed Dec 12 2018 Paul Wouters <pwouters@redhat.com> - 1.8.3-2
|
||||
- Another dns64 fixup
|
||||
|
||||
* Wed Dec 12 2018 Paul Wouters <pwouters@redhat.com> - 1.8.3-1
|
||||
- Updated to 1.8.3 with fixes the dns64 bug and has some other minor fixes
|
||||
|
||||
* Mon Dec 10 2018 Paul Wouters <pwouters@redhat.com> - 1.8.2-2
|
||||
- Fix dns64 allocation in wrong region for returned internal queries.
|
||||
|
||||
* Tue Dec 04 2018 Paul Wouters <pwouters@redhat.com> - 1.8.2-1
|
||||
- Updated to 1.8.2.
|
||||
- Enabled deny ANY query support and edns-tcp-keepalive
|
||||
- Set serve-stale timeout to 4h
|
||||
- Updated unbound.conf for latest options
|
||||
|
||||
* Mon Oct 22 2018 Petr Menšík <pemensik@redhat.com> - 1.8.1-2
|
||||
- Allow group by default to unbound-control (#1640259)
|
||||
|
||||
* Mon Oct 08 2018 Petr Menšík <pemensik@redhat.com> - 1.8.1-1
|
||||
- Update to 1.8.1
|
||||
|
||||
* Mon Oct 01 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-2
|
||||
- Skip ipv6 forwarders without ipv6 support (#1633874)
|
||||
|
||||
* Wed Sep 19 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-1
|
||||
- Rebase to 1.8.0
|
||||
|
||||
* Tue Aug 14 2018 Paul Wouters <pwouters@redhat.com> - 1.7.3-9
|
||||
- Fix for restarting unbound service after deleting key/pem files for remote control
|
||||
* Tue Dec 10 2019 Tomas Korbar <tkorbar@redhat.com> - 1.7.3-9
|
||||
- Use pthread_mutex_t locks when dealing with I/O operations (#1775708)
|
||||
|
||||
* Tue Jul 31 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-8
|
||||
- Release memory in unbound-host
|
||||
@ -679,16 +561,8 @@ popd
|
||||
* Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 1.7.2-3
|
||||
- Remove last python2 dependency from python3 build
|
||||
|
||||
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.7.2-2
|
||||
- Rebuilt for Python 3.7
|
||||
|
||||
* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
|
||||
- Resolves rhbz#1589807 unbound-1.7.2 is available
|
||||
- Add patch to fix stub/forward zone not returning ServFail when TTL expires
|
||||
- Enabled the new root-key-sentinel option
|
||||
|
||||
* Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1
|
||||
- Update to 1.7.1 (#1574495)
|
||||
* Mon Jun 25 2018 Tomas Hozza <thozza@redhat.com> - 1.7.0-6
|
||||
- Disable Python2 support
|
||||
|
||||
* Mon Apr 09 2018 Petr Menšík <pemensik@redhat.com> - 1.7.0-5
|
||||
- Require gcc and make on build
|
||||
|
Loading…
Reference in New Issue
Block a user