Compare commits
No commits in common. "d8a7bde7ea66b750a235b75130c3910c68663b60" and "22cfd5f215bce55a2074d2b7b98463d92a88c2fe" have entirely different histories.
d8a7bde7ea
...
22cfd5f215
File diff suppressed because it is too large
Load Diff
@ -1 +1 @@
|
||||
D /run/unbound 0755 unbound unbound -
|
||||
D /var/run/unbound 0755 unbound unbound -
|
||||
|
||||
@ -805,7 +805,7 @@ remote-control:
|
||||
# Enable remote control with unbound-control(8) here.
|
||||
# set up the keys and certificates with unbound-control-setup.
|
||||
# Note: required for unbound-munin package
|
||||
control-enable: no
|
||||
control-enable: yes
|
||||
|
||||
# Set to no and use an absolute path as control-interface to use
|
||||
# a unix local named pipe for unbound-control.
|
||||
|
||||
@ -13,7 +13,7 @@ EnvironmentFile=-/etc/sysconfig/unbound
|
||||
ExecStartPre=/usr/sbin/unbound-checkconf
|
||||
ExecStartPre=-/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem -f /etc/resolv.conf -R
|
||||
ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS
|
||||
ExecReload=+/bin/kill -HUP $MAINPID
|
||||
ExecReload=/usr/sbin/unbound-control reload
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
78
unbound.spec
78
unbound.spec
@ -2,7 +2,7 @@
|
||||
|
||||
Name: unbound
|
||||
Version: 1.13.2
|
||||
Release: 12
|
||||
Release: 7
|
||||
Summary: Unbound is a validating, recursive, caching DNS resolver
|
||||
License: BSD
|
||||
Url: https://nlnetlabs.nl/projects/unbound/about/
|
||||
@ -27,7 +27,6 @@ Patch2: backport-CVE-2022-30698-and-CVE-2022-30699.patch
|
||||
Patch3: backport-CVE-2022-3204.patch
|
||||
Patch4: backport-Undefine-shift-in-sldns_str2wire_hip_buf.patch
|
||||
Patch5: backport-Integer-overflow-in-sldns_wire2str_pkt_scan.patch
|
||||
Patch6: backport-CVE-2023-50387_CVE-2023-50868.patch
|
||||
|
||||
BuildRequires: make flex swig pkgconfig systemd
|
||||
BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
|
||||
@ -35,7 +34,6 @@ BuildRequires: gcc
|
||||
|
||||
%{?systemd_requires}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Requires: %{name}-anchor = %{version}-%{release}
|
||||
|
||||
%description
|
||||
Unbound is a validating, recursive, caching DNS resolver. It is designed
|
||||
@ -53,13 +51,6 @@ Requires(pre): shadow-utils
|
||||
%description libs
|
||||
Libraries for %{name}.
|
||||
|
||||
%package anchor
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Summary: DNSSEC trust anchor maintaining tool
|
||||
|
||||
%description anchor
|
||||
Contains tool maintaining trust anchor using RFC 5011 key rollover algorithm.
|
||||
|
||||
%package devel
|
||||
Summary: Libraries and header files
|
||||
Requires: %{name}-libs = %{version}-%{release} openssl-devel pkgconfig
|
||||
@ -97,7 +88,7 @@ popd
|
||||
--enable-relro-now --enable-pie \\\
|
||||
--enable-subnet --enable-ipsecmod \\\
|
||||
--with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\
|
||||
--with-pidfile=%{_rundir}/%{name}/%{name}.pid \\\
|
||||
--with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\
|
||||
--enable-sha2 --disable-gost --enable-ecdsa \\\
|
||||
--with-rootkey-file=%{_sharedstatedir}/unbound/root.key \\\
|
||||
--enable-linux-ip-local-port-range
|
||||
@ -142,7 +133,7 @@ do
|
||||
echo ".so man3/libunbound.3" > $RPM_BUILD_ROOT%{_mandir}/man3/$mpage ;
|
||||
done
|
||||
|
||||
install -d $RPM_BUILD_ROOT%{_rundir}/unbound
|
||||
install -d $RPM_BUILD_ROOT%{_localstatedir}/run/unbound
|
||||
|
||||
install -d $RPM_BUILD_ROOT%{_sysconfdir}/unbound/{keys.d,conf.d,local.d}
|
||||
install -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/unbound/keys.d/
|
||||
@ -161,11 +152,10 @@ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
|
||||
%systemd_post unbound.service
|
||||
%systemd_post unbound-keygen.service
|
||||
|
||||
%post anchor
|
||||
%systemd_post unbound-anchor.service unbound-anchor.timer
|
||||
# start the timer only if installing the package to prevent starting it, if it was stopped on purpose
|
||||
%post libs
|
||||
%{?ldconfig}
|
||||
%systemd_post unbound-anchor.timer
|
||||
if [ "$1" -eq 1 ]; then
|
||||
# the Unit is in presets, but would be started after reboot
|
||||
/bin/systemctl start unbound-anchor.timer >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
@ -173,15 +163,16 @@ fi
|
||||
%systemd_preun unbound.service
|
||||
%systemd_preun unbound-keygen.service
|
||||
|
||||
%preun anchor
|
||||
%systemd_preun unbound-anchor.service unbound-anchor.timer
|
||||
%preun libs
|
||||
%systemd_preun unbound-anchor.timer
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart unbound.service
|
||||
%systemd_postun unbound-keygen.service
|
||||
|
||||
%postun anchor
|
||||
%systemd_postun_with_restart unbound-anchor.service unbound-anchor.timer
|
||||
%postun libs
|
||||
%{?ldconfig}
|
||||
%systemd_postun_with_restart unbound-anchor.timer
|
||||
|
||||
%triggerun -- unbound < 1.4.12-4
|
||||
/usr/bin/systemd-sysv-convert --save unbound >/dev/null 2>&1 ||:
|
||||
@ -199,7 +190,6 @@ popd
|
||||
%defattr(-,root,root)
|
||||
%doc doc/CREDITS doc/FEATURES doc/README doc/LICENSE
|
||||
%attr(0644,root,root) %{_tmpfilesdir}/unbound.conf
|
||||
%attr(0755,unbound,unbound) %dir %{_rundir}/%{name}
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
|
||||
%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/keys.d
|
||||
@ -219,14 +209,22 @@ popd
|
||||
|
||||
%files libs
|
||||
%defattr(-,root,root)
|
||||
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}
|
||||
%if %{?openEuler:1}0
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
|
||||
%attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
|
||||
%{_sysconfdir}/%{name}/icannbundle.pem
|
||||
%else
|
||||
%attr(0600,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
|
||||
%attr(0600,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
|
||||
%attr(0600,root,root) %{_sysconfdir}/%{name}/icannbundle.pem
|
||||
%endif
|
||||
%{_sbindir}/unbound-anchor
|
||||
%{_libdir}/libunbound.so.*
|
||||
%{_unitdir}/unbound-anchor.timer
|
||||
%{_unitdir}/unbound-anchor.service
|
||||
|
||||
%files -n python3-unbound
|
||||
%defattr(-,root,root)
|
||||
@ -239,49 +237,11 @@ popd
|
||||
%{_libdir}/pkgconfig/*.pc
|
||||
%{_includedir}/*
|
||||
|
||||
%files anchor
|
||||
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}
|
||||
%{_sbindir}/unbound-anchor
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||
%{_sysconfdir}/%{name}/icannbundle.pem
|
||||
%{_unitdir}/unbound-anchor.timer
|
||||
%{_unitdir}/unbound-anchor.service
|
||||
|
||||
%files help
|
||||
%defattr(-,root,root)
|
||||
%{_mandir}/man*
|
||||
|
||||
%changelog
|
||||
* Tue Jun 25 2024 gaihuiying <eaglegai@163.com> - 1.13.2-12
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:move files about anchor and pem to separate package
|
||||
|
||||
* Tue Mar 05 2024 gaihuiying <eaglegai@163.com> - 1.13.2-11
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:change ExecReload to fix reload failure
|
||||
|
||||
* Tue Feb 27 2024 gaihuiying <eaglegai@163.com> - 1.13.2-10
|
||||
- Type:cves
|
||||
- CVE:CVE-2024-1488
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-1488
|
||||
|
||||
* Fri Feb 23 2024 gaihuiying <eaglegai@163.com> - 1.13.2-9
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2023-50387 CVE-2023-50868
|
||||
|
||||
* Fri Mar 03 2023 gaihuiying <eaglegai@163.com> - 1.13.2-8
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:change run directory from /var/run to /run to fix "/usr/lib/tmpfiles.d/unbound.conf:1: xxxx"
|
||||
|
||||
* Wed Feb 22 2023 gaihuiying <eaglegai@163.com> - 1.13.2-7
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user