Compare commits
25 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
05be45ef97
|
|||
|
6009512f17
|
|||
|
abb288f410
|
|||
|
8b98049e11
|
|||
|
0e942d97ea
|
|||
|
d5fbe28fea
|
|||
|
cc0d4d917a
|
|||
|
a88134e09c
|
|||
| 45b8656053 | |||
| 46ad51449c | |||
| 602ae39175 | |||
| d95cae9d05 | |||
| f35d66188c | |||
| 8edd97db41 | |||
| 85b77de3dc | |||
| 782bb8ffbb | |||
| 694a51992a | |||
| 6836f2acef | |||
| 698dcbbcb2 | |||
| f66756741a | |||
| 3e2de2b0a5 | |||
| a9ce76fffd | |||
| 9cdf590e6f | |||
| 07733f6c7b | |||
| cc69efeb4c |
@@ -1,11 +1,25 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 23 11:18:09 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
Wed Nov 26 11:33:22 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to 1.24.2:
|
||||
Bug Fixes:
|
||||
* Additional fix for CVE-2025-11411 (possible domain hijacking
|
||||
attack), to include YXDOMAIN and non-referral nodata answers in
|
||||
the mitigation as well, reported by TaoFei Guo from Peking
|
||||
University, Yang Luo and JianJun Chen from Tsinghua University.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 22 10:35:26 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to 1.24.1:
|
||||
Security Fixes:
|
||||
* Fix CVE-2025-11411 (possible domain hijacking attack)
|
||||
[bsc#1252525]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 24 10:54:29 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to 1.24.0:
|
||||
Features:
|
||||
* Increase default to num-queries-per-thread: 2048, when unbound
|
||||
is compiled with libevent. It makes saturation of the task
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
%bcond_without hardened_build
|
||||
#
|
||||
Name: libunbound-devel-mini
|
||||
Version: 1.24.1
|
||||
Version: 1.24.2
|
||||
#!BcntSyncTag: unbound
|
||||
Release: 0
|
||||
Summary: Just a devel package for build loops
|
||||
|
||||
3
tmpfiles-unbound-anchor.conf
Normal file
3
tmpfiles-unbound-anchor.conf
Normal file
@@ -0,0 +1,3 @@
|
||||
#Type Path Mode UID GID Age Argument
|
||||
d /var/lib/unbound 0755 unbound unbound - -
|
||||
C /var/lib/unbound/root.key 0644 unbound unbound - /usr/share/unbound/root.key
|
||||
@@ -1 +1,2 @@
|
||||
D /run/unbound 0755 unbound unbound -
|
||||
#Type Path Mode UID GID Age Argument
|
||||
D /run/unbound 0755 unbound unbound - -
|
||||
|
||||
BIN
unbound-1.24.1.tar.gz
LFS
BIN
unbound-1.24.1.tar.gz
LFS
Binary file not shown.
@@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJIBAABCAAyFiEElI60IyLF0At5NA9dz/M0TZCHpJAFAmj4oOIUHGdlb3JnZUBu
|
||||
bG5ldGxhYnMubmwACgkQz/M0TZCHpJBY2Q//aZRuSdAq68p0s1L4wnCKr6NCH9Uk
|
||||
64EFECEzY8pULuE5EOY/IAJ8Hv2hHTlL9moFxR0FiIKzouiyyp1l34m+s4d+Jcvq
|
||||
Ox+4XLKqAz5OdcUAK7Dw8wIORqZg/NNS7U1X2bCTOEpfeCx9qM4d9+/X9Hz6QIoq
|
||||
2/3s31lXW2CbevzjQHkFNO4RmBETNDe94pyhq0d/pEhOVHQtFFLx28NEUCeW44YC
|
||||
ChRJMO9w0H1nfE/bc4XpyIXqVwH0mdUoiHTv4jJxMpnqzKFlRLR2qQ2jEWjvjQTo
|
||||
dcxprljUqQTSuJDGu1W0OrPIRSDeX4bqgksMms2p1ZKwIKlgEg2nv3MH8qUNRR+x
|
||||
GiOBXk+CxKT4HyPtjDJxAQwiM6bbQo7NJYie3AEaEJDvoIDE78Ktq8i2AGRDFWTA
|
||||
bUUpqIT1PXsT/nYPtyN4i3AnPwHNaUHrOXXKJDw63kz9xv1gWQHMaSxWiOznF6vM
|
||||
5/NOAhG+WJMlz5HELYpxVkO/XIRflXYcQuTbhBeHoAjHcgpHM5rcaNXmYg4jHs8a
|
||||
151Uk2NwBFQahkTc1RRL5bSqNAekKeOWUVz3SQE7fEwxt8bJDmymFVTlBo254jtQ
|
||||
oQz3Lyz6ZyiTZW5MQvkM6DCdihqQtqEtmyTyuixQf4vmetazkjeXCBWl/Tp1HeKX
|
||||
kKR7/YW1Aw6gaxU=
|
||||
=a3Wl
|
||||
-----END PGP SIGNATURE-----
|
||||
BIN
unbound-1.24.2.tar.gz
LFS
Normal file
BIN
unbound-1.24.2.tar.gz
LFS
Normal file
Binary file not shown.
17
unbound-1.24.2.tar.gz.asc
Normal file
17
unbound-1.24.2.tar.gz.asc
Normal file
@@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJIBAABCAAyFiEElI60IyLF0At5NA9dz/M0TZCHpJAFAmkm1EQUHGdlb3JnZUBu
|
||||
bG5ldGxhYnMubmwACgkQz/M0TZCHpJBShg//WYjN8jarUIfeH1IhnnqxTBxZ5CvT
|
||||
WUkgQy5laBIeWRE9l+rWdG7KRVjIH5wDLN9kuwSA6daO1owwxubrj20czkyaByFi
|
||||
Mfb2V0FgpUwvfqXILEW0taEzQyGnzJy/UPV3nZXWWaLeRIrjVb5rNtazprQMlFSV
|
||||
1OhCJX77BI1NNC87/I5HGPO5dAR8epe3+6tdXP29vDJHnkWkEvy17y8uTxDwRA/b
|
||||
Yip9yiT7HbOHQsQhfFwQ747Tzc6CZ8XkRPLd2QNWA6tGaqQINDJv7N8/VqxqnjXF
|
||||
wtpsRpn/qBx8m3T6u6/au0LiwnGUikmPyjsPZapIvlgP/BW33wU/HO2AxQWFO234
|
||||
5wdZ37BSchvHJFPtNJXX3Wak4FcWbe41GlP9dHCD74D/d1uG9DyeuMC5aoGStQZu
|
||||
ldMzCoNwLKS4bfQyFsNA1rldinNRtoz7/Ac2Y9+Z6VhI6d/uqb+FBmenavvqQblz
|
||||
bFccL0nQ4I4xjhGFqSjfTrQgwHQnyKKTToZzTSABqssG97m3F6twdrcZOqYCotLN
|
||||
9ttXdwEwOUIpVD2UUbjS3LfZHBuQDjIETqgC89UZb6cOVzLbTFfnAQBDhFTGvqq5
|
||||
ohhAiZa9ePg8gXuziPtxp7AyQ+izvWESn7Af1yuXu315xuU7OG/7Wh1wyN2wjD5+
|
||||
vbIU556z7rrFT30=
|
||||
=vyR7
|
||||
-----END PGP SIGNATURE-----
|
||||
13
unbound-swig-4.4.0-compat.patch
Normal file
13
unbound-swig-4.4.0-compat.patch
Normal file
@@ -0,0 +1,13 @@
|
||||
diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i
|
||||
index dc125146c..9ed1be90b 100644
|
||||
--- a/libunbound/python/libunbound.i
|
||||
+++ b/libunbound/python/libunbound.i
|
||||
@@ -853,7 +853,7 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
|
||||
%{
|
||||
//printf("resolve_start(%lX)\n",(long unsigned int)arg1);
|
||||
Py_BEGIN_ALLOW_THREADS
|
||||
- $function
|
||||
+ $action
|
||||
Py_END_ALLOW_THREADS
|
||||
//printf("resolve_stop()\n");
|
||||
%}
|
||||
@@ -1,11 +1,40 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 23 11:08:38 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
Fri Jan 30 12:21:42 UTC 2026 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Create /var/lib/unbound with systemd-tmpfiles, move root.key to
|
||||
/usr/share/unbound and copy it to /var/lib/unbound/root.key to
|
||||
improve immutable os compatibility.
|
||||
- Add BuildRequires for pkgconfig(systemd) to avoid tmpfiles not
|
||||
found error in install section.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 26 11:31:04 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to 1.24.2:
|
||||
Bug Fixes:
|
||||
* Additional fix for CVE-2025-11411 (possible domain hijacking
|
||||
attack), to include YXDOMAIN and non-referral nodata answers in
|
||||
the mitigation as well, reported by TaoFei Guo from Peking
|
||||
University, Yang Luo and JianJun Chen from Tsinghua University.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 23 09:56:53 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Add patch to fix build issue with swig 4.4.0
|
||||
[unbound-swig-4.4.0-compat.patch]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 22 10:35:26 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to 1.24.1:
|
||||
Security Fixes:
|
||||
* Fix CVE-2025-11411 (possible domain hijacking attack)
|
||||
[bsc#1252525]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 24 10:54:29 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to 1.24.0:
|
||||
Features:
|
||||
* Increase default to num-queries-per-thread: 2048, when unbound
|
||||
is compiled with libevent. It makes saturation of the task
|
||||
|
||||
19
unbound.spec
19
unbound.spec
@@ -39,7 +39,7 @@
|
||||
%define piddir /run
|
||||
|
||||
Name: unbound
|
||||
Version: 1.24.1
|
||||
Version: 1.24.2
|
||||
Release: 0
|
||||
BuildRequires: flex
|
||||
BuildRequires: ldns-devel >= %{ldns_version}
|
||||
@@ -68,6 +68,7 @@ Requires: ldns >= %{ldns_version}
|
||||
# unbound-control-setup depends on /usr/bin/openssl
|
||||
Requires: openssl
|
||||
%if %{with systemd}
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
%{?systemd_requires}
|
||||
%endif
|
||||
@@ -94,6 +95,8 @@ Source15: unbound-anchor.timer
|
||||
Source16: unbound-munin.README
|
||||
Source18: unbound-anchor.service
|
||||
Source19: unbound.sysusers
|
||||
Source20: tmpfiles-unbound-anchor.conf
|
||||
Patch0: unbound-swig-4.4.0-compat.patch
|
||||
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
License: BSD-3-Clause
|
||||
@@ -176,7 +179,7 @@ Unbound is a validating, recursive, and caching DNS(SEC) resolver.
|
||||
This package holds the Python modules and extensions for unbound.
|
||||
|
||||
%prep
|
||||
%setup
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
%sysusers_generate_pre %{SOURCE19} anchor unbound.conf
|
||||
@@ -253,13 +256,14 @@ install -m 0644 testcode/streamtcp.1 %{buildroot}/%{_mandir}/man1/unbound-stream
|
||||
|
||||
# Install tmpfiles.d config
|
||||
install -d -m 0755 %{buildroot}%{_tmpfilesdir}/ \
|
||||
%{buildroot}%{_sharedstatedir}/unbound
|
||||
%{buildroot}%{_datadir}/unbound
|
||||
install -m 0644 %{SOURCE8} %{buildroot}%{_tmpfilesdir}/unbound.conf
|
||||
install -m 0644 %{SOURCE20} %{buildroot}%{_tmpfilesdir}/unbound-anchor.conf
|
||||
|
||||
# install root and DLV key - we keep a copy of the root key in old location,
|
||||
# in case user has changed the configuration and we wouldn't update it there
|
||||
install -m 0644 %{SOURCE5} %{SOURCE6} %{buildroot}%{_sysconfdir}/unbound/
|
||||
install -m 0644 %{SOURCE13} %{buildroot}%{_sharedstatedir}/unbound/root.key
|
||||
install -m 0644 %{SOURCE13} %{buildroot}%{_datadir}/unbound/root.key
|
||||
|
||||
# create softlink for all functions of libunbound man pages
|
||||
for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove;
|
||||
@@ -403,8 +407,11 @@ systemd-tmpfiles --create %{_tmpfilesdir}/unbound.conf || :
|
||||
%{_unitdir}/unbound-anchor.timer
|
||||
%{_unitdir}/unbound-anchor.service
|
||||
%{_sysusersdir}/unbound.conf
|
||||
%dir %attr(-,unbound,unbound) %{_sharedstatedir}/%{name}
|
||||
%attr(0644,unbound,unbound) %config(noreplace) %{_sharedstatedir}/%{name}/root.key
|
||||
%{_tmpfilesdir}/unbound-anchor.conf
|
||||
%ghost %dir %{_sharedstatedir}/%{name}
|
||||
%ghost %attr(0644,root,root) %{_sharedstatedir}/%{name}/root.key
|
||||
%dir %attr(-,unbound,unbound) %{_datadir}/%{name}
|
||||
%attr(0644,unbound,unbound) %{_datadir}/%{name}/root.key
|
||||
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
|
||||
# just left for backwards compat with user changed unbound.conf files - format is different!
|
||||
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/root.key
|
||||
|
||||
Reference in New Issue
Block a user