diff --git a/CVE-2020-28935.patch b/CVE-2020-28935.patch deleted file mode 100644 index 2d6c4a52b7bdc70089496d22795d3c3781254459..0000000000000000000000000000000000000000 --- a/CVE-2020-28935.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ad387832979b6ce4c93f64fe706301cd7d034e87 Mon Sep 17 00:00:00 2001 -From: "W.C.A. Wijngaards" -Date: Mon, 23 Nov 2020 13:42:11 +0100 -Subject: [PATCH] - Fix for #303 CVE-2020-28935 : Fix that symlink does not - interfere with chown of pidfile. - ---- - daemon/unbound.c | 26 ++++++++++++++++++++------ - doc/Changelog | 2 ++ - 2 files changed, 22 insertions(+), 6 deletions(-) - -diff --git a/daemon/unbound.c b/daemon/unbound.c -index cd0fd69f2..45537d5c9 100644 ---- a/daemon/unbound.c -+++ b/daemon/unbound.c -@@ -341,18 +341,32 @@ readpid (const char* file) - static void - writepid (const char* pidfile, pid_t pid) - { -- FILE* f; -+ int fd; -+ char pidbuf[32]; -+ size_t count = 0; -+ snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)pid); - -- if ((f = fopen(pidfile, "w")) == NULL ) { -+ if((fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC -+#ifdef O_NOFOLLOW -+ | O_NOFOLLOW -+#endif -+ , 0644)) == -1) { - log_err("cannot open pidfile %s: %s", - pidfile, strerror(errno)); - return; - } -- if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) { -- log_err("cannot write to pidfile %s: %s", -- pidfile, strerror(errno)); -+ while(count < strlen(pidbuf)) { -+ ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count); -+ if(r == -1) { -+ if(errno == EAGAIN || errno == EINTR) -+ continue; -+ log_err("cannot write to pidfile %s: %s", -+ pidfile, strerror(errno)); -+ break; -+ } -+ count += r; - } -- fclose(f); -+ close(fd); - } - - /** diff --git a/unbound-1.10.0-auth-callback.patch b/unbound-1.10.0-auth-callback.patch deleted file mode 100644 index c4d01b8c4ad69fd6fcf4db02dcd3a65339406d68..0000000000000000000000000000000000000000 --- a/unbound-1.10.0-auth-callback.patch +++ /dev/null @@ -1,74 +0,0 @@ ---- a/services/authzone.c 2020-04-16 13:01:10.550618034 +0200 -+++ b/services/authzone.c 2020-04-16 13:07:04.624476160 +0200 -@@ -5331,7 +5331,7 @@ - log_assert(xfr->task_transfer); - lock_basic_lock(&xfr->lock); - env = xfr->task_transfer->env; -- if(env->outnet->want_to_quit) { -+ if(!env || env->outnet->want_to_quit) { - lock_basic_unlock(&xfr->lock); - return; /* stop on quit */ - } -@@ -5770,7 +5770,7 @@ - log_assert(xfr->task_transfer); - lock_basic_lock(&xfr->lock); - env = xfr->task_transfer->env; -- if(env->outnet->want_to_quit) { -+ if(!env || env->outnet->want_to_quit) { - lock_basic_unlock(&xfr->lock); - return; /* stop on quit */ - } -@@ -5812,7 +5812,7 @@ - log_assert(xfr->task_transfer); - lock_basic_lock(&xfr->lock); - env = xfr->task_transfer->env; -- if(env->outnet->want_to_quit) { -+ if(!env || env->outnet->want_to_quit) { - lock_basic_unlock(&xfr->lock); - return 0; /* stop on quit */ - } -@@ -5893,7 +5893,7 @@ - log_assert(xfr->task_transfer); - lock_basic_lock(&xfr->lock); - env = xfr->task_transfer->env; -- if(env->outnet->want_to_quit) { -+ if(!env || env->outnet->want_to_quit) { - lock_basic_unlock(&xfr->lock); - return 0; /* stop on quit */ - } -@@ -6107,7 +6107,7 @@ - log_assert(xfr->task_probe); - lock_basic_lock(&xfr->lock); - env = xfr->task_probe->env; -- if(env->outnet->want_to_quit) { -+ if(!env || env->outnet->want_to_quit) { - lock_basic_unlock(&xfr->lock); - return; /* stop on quit */ - } -@@ -6143,7 +6143,7 @@ - log_assert(xfr->task_probe); - lock_basic_lock(&xfr->lock); - env = xfr->task_probe->env; -- if(env->outnet->want_to_quit) { -+ if(!env || env->outnet->want_to_quit) { - lock_basic_unlock(&xfr->lock); - return 0; /* stop on quit */ - } -@@ -6388,7 +6388,7 @@ - log_assert(xfr->task_probe); - lock_basic_lock(&xfr->lock); - env = xfr->task_probe->env; -- if(env->outnet->want_to_quit) { -+ if(!env || env->outnet->want_to_quit) { - lock_basic_unlock(&xfr->lock); - return; /* stop on quit */ - } -@@ -6465,7 +6465,7 @@ - log_assert(xfr->task_nextprobe); - lock_basic_lock(&xfr->lock); - env = xfr->task_nextprobe->env; -- if(env->outnet->want_to_quit) { -+ if(!env || env->outnet->want_to_quit) { - lock_basic_unlock(&xfr->lock); - return; /* stop on quit */ - } diff --git a/unbound-1.10.1.tar.gz b/unbound-1.13.2.tar.gz similarity index 45% rename from unbound-1.10.1.tar.gz rename to unbound-1.13.2.tar.gz index 083d37ee55cbd9c31ab11ce14ec1ad5c96a7141e..5a9966361641d09bbfa566d16b34a465ba47ab01 100644 Binary files a/unbound-1.10.1.tar.gz and b/unbound-1.13.2.tar.gz differ diff --git a/unbound.spec b/unbound.spec index a3441eb3781b969c4dc93d4a15dc7ac7e810d9f6..090e9cd393c6dba19299a15d844f0cdca0f74fc1 100644 --- a/unbound.spec +++ b/unbound.spec @@ -1,8 +1,8 @@ %{!?delete_la: %global delete_la find $RPM_BUILD_ROOT -type f -name "*.la" -delete} Name: unbound -Version: 1.10.1 -Release: 6 +Version: 1.13.2 +Release: 1 Summary: Unbound is a validating, recursive, caching DNS resolver License: BSD Url: https://nlnetlabs.nl/projects/unbound/about/ @@ -21,9 +21,6 @@ Source11: unbound.sysconfig Source12: unbound-anchor.timer Source13: unbound-anchor.service -Patch0: unbound-1.10.0-auth-callback.patch -Patch1: CVE-2020-28935.patch - BuildRequires: make flex swig pkgconfig systemd BuildRequires: libevent-devel expat-devel openssl-devel python3-devel BuildRequires: unbound-libs @@ -74,9 +71,6 @@ Package help includes includes man pages for unbound. pushd %{name}-%{version} -%patch0 -p1 -%patch1 -p1 - cp -pr doc pythonmod libunbound ../ popd @@ -88,7 +82,8 @@ popd --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\ --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\ --enable-sha2 --disable-gost --enable-ecdsa \\\ - --with-rootkey-file=%{_sharedstatedir}/unbound/root.key + --with-rootkey-file=%{_sharedstatedir}/unbound/root.key \\\ + --enable-linux-ip-local-port-range pushd %{name}-%{version} %configure --with-pythonmodule --with-pyunbound PYTHON=%{__python3} \%{configure_args} @@ -231,6 +226,12 @@ popd %{_mandir}/man* %changelog +* Mon Dec 06 2021 quanhongfei - 1.13.2-1 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:update unbound version to 1.13.2 + * Tue Aug 31 2021 gaihuiying - 1.10.1-6 - Type:bugfix - ID:NA