update

CVE-2020-28935.patch

@@ -1,54 +0,0 @@
-From ad387832979b6ce4c93f64fe706301cd7d034e87 Mon Sep 17 00:00:00 2001
-From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
-Date: Mon, 23 Nov 2020 13:42:11 +0100
-Subject: [PATCH] - Fix for #303 CVE-2020-28935 : Fix that symlink does not
- interfere   with chown of pidfile.
-
----
- daemon/unbound.c | 26 ++++++++++++++++++++------
- doc/Changelog    |  2 ++
- 2 files changed, 22 insertions(+), 6 deletions(-)
-
-diff --git a/daemon/unbound.c b/daemon/unbound.c
-index cd0fd69f2..45537d5c9 100644
---- a/daemon/unbound.c
-+++ b/daemon/unbound.c
-@@ -341,18 +341,32 @@ readpid (const char* file)
- static void
- writepid (const char* pidfile, pid_t pid)
- {
--	FILE* f;
-+	int fd;
-+	char pidbuf[32];
-+	size_t count = 0;
-+	snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)pid);
- 
--	if ((f = fopen(pidfile, "w")) ==  NULL ) {
-+	if((fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC
-+#ifdef O_NOFOLLOW
-+		| O_NOFOLLOW
-+#endif
-+		, 0644)) == -1) {
- 		log_err("cannot open pidfile %s: %s", 
- 			pidfile, strerror(errno));
- 		return;
- 	}
--	if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) {
--		log_err("cannot write to pidfile %s: %s", 
--			pidfile, strerror(errno));
-+	while(count < strlen(pidbuf)) {
-+		ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count);
-+		if(r == -1) {
-+			if(errno == EAGAIN || errno == EINTR)
-+				continue;
-+			log_err("cannot write to pidfile %s: %s",
-+				pidfile, strerror(errno));
-+			break;
-+		}
-+		count += r;
- 	}
--	fclose(f);
-+	close(fd);
- }
- 
- /**

unbound-1.10.0-auth-callback.patch

@@ -1,74 +0,0 @@
---- a/services/authzone.c	2020-04-16 13:01:10.550618034 +0200
-+++ b/services/authzone.c	2020-04-16 13:07:04.624476160 +0200
-@@ -5331,7 +5331,7 @@
- 	log_assert(xfr->task_transfer);
- 	lock_basic_lock(&xfr->lock);
- 	env = xfr->task_transfer->env;
--	if(env->outnet->want_to_quit) {
-+	if(!env || env->outnet->want_to_quit) {
- 		lock_basic_unlock(&xfr->lock);
- 		return; /* stop on quit */
- 	}
-@@ -5770,7 +5770,7 @@
- 	log_assert(xfr->task_transfer);
- 	lock_basic_lock(&xfr->lock);
- 	env = xfr->task_transfer->env;
--	if(env->outnet->want_to_quit) {
-+	if(!env || env->outnet->want_to_quit) {
- 		lock_basic_unlock(&xfr->lock);
- 		return; /* stop on quit */
- 	}
-@@ -5812,7 +5812,7 @@
- 	log_assert(xfr->task_transfer);
- 	lock_basic_lock(&xfr->lock);
- 	env = xfr->task_transfer->env;
--	if(env->outnet->want_to_quit) {
-+	if(!env || env->outnet->want_to_quit) {
- 		lock_basic_unlock(&xfr->lock);
- 		return 0; /* stop on quit */
- 	}
-@@ -5893,7 +5893,7 @@
- 	log_assert(xfr->task_transfer);
- 	lock_basic_lock(&xfr->lock);
- 	env = xfr->task_transfer->env;
--	if(env->outnet->want_to_quit) {
-+	if(!env || env->outnet->want_to_quit) {
- 		lock_basic_unlock(&xfr->lock);
- 		return 0; /* stop on quit */
- 	}
-@@ -6107,7 +6107,7 @@
- 	log_assert(xfr->task_probe);
- 	lock_basic_lock(&xfr->lock);
- 	env = xfr->task_probe->env;
--	if(env->outnet->want_to_quit) {
-+	if(!env || env->outnet->want_to_quit) {
- 		lock_basic_unlock(&xfr->lock);
- 		return; /* stop on quit */
- 	}
-@@ -6143,7 +6143,7 @@
- 	log_assert(xfr->task_probe);
- 	lock_basic_lock(&xfr->lock);
- 	env = xfr->task_probe->env;
--	if(env->outnet->want_to_quit) {
-+	if(!env || env->outnet->want_to_quit) {
- 		lock_basic_unlock(&xfr->lock);
- 		return 0; /* stop on quit */
- 	}
-@@ -6388,7 +6388,7 @@
- 	log_assert(xfr->task_probe);
- 	lock_basic_lock(&xfr->lock);
- 	env = xfr->task_probe->env;
--	if(env->outnet->want_to_quit) {
-+	if(!env || env->outnet->want_to_quit) {
- 		lock_basic_unlock(&xfr->lock);
- 		return; /* stop on quit */
- 	}
-@@ -6465,7 +6465,7 @@
- 	log_assert(xfr->task_nextprobe);
- 	lock_basic_lock(&xfr->lock);
- 	env = xfr->task_nextprobe->env;
--	if(env->outnet->want_to_quit) {
-+	if(!env || env->outnet->want_to_quit) {
- 		lock_basic_unlock(&xfr->lock);
- 		return; /* stop on quit */
- 	}

unbound.spec

@@ -1,8 +1,8 @@
 %{!?delete_la: %global delete_la  find $RPM_BUILD_ROOT -type f -name "*.la" -delete}
 
 Name:          unbound
-Version:       1.10.1
-Release:       6
+Version:       1.13.2
+Release:       1
 Summary:       Unbound is a validating, recursive, caching DNS resolver
 License:       BSD
 Url:           https://nlnetlabs.nl/projects/unbound/about/
@@ -21,9 +21,6 @@ Source11:      unbound.sysconfig
 Source12:      unbound-anchor.timer
 Source13:      unbound-anchor.service
 
-Patch0:        unbound-1.10.0-auth-callback.patch
-Patch1:        CVE-2020-28935.patch
-
 BuildRequires: make flex swig pkgconfig systemd
 BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
 BuildRequires: unbound-libs
@@ -74,9 +71,6 @@ Package help includes includes man pages for unbound.
 
 pushd %{name}-%{version}
 
-%patch0 -p1
-%patch1 -p1
-
 cp -pr doc pythonmod libunbound ../
 popd
 
@@ -88,7 +82,8 @@ popd
             --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\
             --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\
             --enable-sha2 --disable-gost --enable-ecdsa \\\
-            --with-rootkey-file=%{_sharedstatedir}/unbound/root.key
+            --with-rootkey-file=%{_sharedstatedir}/unbound/root.key \\\
+            --enable-linux-ip-local-port-range
 
 pushd %{name}-%{version}
 %configure --with-pythonmodule --with-pyunbound PYTHON=%{__python3} \%{configure_args}
@@ -231,6 +226,12 @@ popd
 %{_mandir}/man*
 
 %changelog
+* Mon Dec 06 2021 quanhongfei <quanhongfei@huawei.com> - 1.13.2-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update unbound version to 1.13.2
+
 * Tue Aug 31 2021 gaihuiying <gaihuiying1@huawei.com> - 1.10.1-6
 - Type:bugfix
 - ID:NA