diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..0a80fdce31f59c062e2abba28776e9521eddff30 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.gz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..a446c3fd20e840a3e83b397dfb80fac12a40d174 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/unbound diff --git a/unbound-1.22.0.tar.gz b/unbound-1.22.0.tar.gz index d9a7e9346dca4bf5bea9715d68617a6e76631529..7a4af9a9c7d632941013cccf44c8792ae1f6a273 100644 Binary files a/unbound-1.22.0.tar.gz and b/unbound-1.22.0.tar.gz differ diff --git a/unbound.spec b/unbound.spec index ad24e51a433a958700441b880679be6a271af9a4..26126b2b1e625e961370c343f5f1bbf152d5b1ea 100644 --- a/unbound.spec +++ b/unbound.spec @@ -1,8 +1,6 @@ -%{!?delete_la: %global delete_la find $RPM_BUILD_ROOT -type f -name "*.la" -delete} - Name: unbound Version: 1.22.0 -Release: 2 +Release: 3 Summary: Unbound is a validating, recursive, caching DNS resolver License: BSD-3-Clause Url: https://nlnetlabs.nl/projects/unbound/about/ @@ -19,6 +17,7 @@ Source10: root.anchor Source11: unbound.sysconfig Source12: unbound-anchor.timer Source13: unbound-anchor.service +Source20: unbound.sysusers Patch1: unbound-remove-buildin-key.patch Patch14: backport-check-before-use-daemon-shm_info.patch @@ -46,7 +45,7 @@ make custom builds or provide specific features to paying customers only. %package libs Summary: Libraries for %{name} -Requires(pre): shadow-utils +%{?sysusers_requires_compat} %description libs Libraries for %{name}. @@ -81,11 +80,7 @@ Requires: %{name}-libs = %{version}-%{release} %description -n python3-unbound The python3 module of unbound DNS resolver. -%package help -Summary: Man pages for unbound - -%description help -Package help includes includes man pages for unbound. +%package_help %prep @@ -142,6 +137,7 @@ install -p -m 0644 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/unbound install -p -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/unbound install -p -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/unbound-anchor.timer install -p -m 0644 %{SOURCE13} $RPM_BUILD_ROOT%{_unitdir}/unbound-anchor.service +install -p -D -m 0644 %{SOURCE20} %{buildroot}%{_sysusersdir}/%{name}.conf %delete_la @@ -155,10 +151,7 @@ install -p %{SOURCE8} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/local.d/ echo ".so man8/unbound-control.8" > $RPM_BUILD_ROOT/%{_mandir}/man8/unbound-control-setup.8 %pre libs -getent group unbound >/dev/null || groupadd -r unbound -getent passwd unbound >/dev/null || \ -useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \ --c "Unbound DNS resolver" unbound +%sysusers_create_compat %{SOURCE20} %post %systemd_post unbound.service @@ -199,8 +192,8 @@ popd %files -%defattr(-,root,root) -%doc doc/CREDITS doc/FEATURES doc/README doc/LICENSE +%license doc/LICENSE +%doc doc/CREDITS doc/FEATURES doc/README %attr(0644,root,root) %{_tmpfilesdir}/unbound.conf %attr(0755,unbound,unbound) %dir %{_rundir}/%{name} %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf @@ -223,7 +216,6 @@ popd %{_sbindir}/unbound-control-setup %files libs -%defattr(-,root,root) %if %{?openEuler:1}0 %dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name} %attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key @@ -232,14 +224,14 @@ popd %attr(0600,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key %endif %{_libdir}/libunbound.so.* +%{_sysusersdir}/%{name}.conf %files -n python3-unbound -%defattr(-,root,root) -%doc pythonmod/examples/* libunbound/python/examples/* pythonmod/LICENSE +%license pythonmod/LICENSE +%doc pythonmod/examples/* libunbound/python/examples/* %{python3_sitearch}/* %files devel -%defattr(-,root,root) %{_libdir}/libunbound.so %{_libdir}/pkgconfig/*.pc %{_includedir}/* @@ -257,10 +249,12 @@ popd %{_sbindir}/unbound-streamtcp %files help -%defattr(-,root,root) -%{_mandir}/man* +%{_mandir}/man?/* %changelog +* Mon Aug 04 2025 Funda Wang - 1.22.0-3 +- use systemd to create users + * Mon Aug 04 2025 gaihuiying - 1.22.0-2 - Type:cves - CVE:CVE-2025-5994 diff --git a/unbound.sysusers b/unbound.sysusers new file mode 100644 index 0000000000000000000000000000000000000000..661468209fd20a3ee77ab496e339c1d839d31865 --- /dev/null +++ b/unbound.sysusers @@ -0,0 +1 @@ +u unbound - "Unbound DNS resolver" /var/lib/unbound /sbin/nologin