diff --git a/SOURCES/unbound-1.13.1-rh1977400.patch b/SOURCES/unbound-1.13.1-rh1977400.patch new file mode 100644 index 0000000..6447e5e --- /dev/null +++ b/SOURCES/unbound-1.13.1-rh1977400.patch @@ -0,0 +1,12 @@ +diff --git a/util/net_help.c b/util/net_help.c +index 3b5527a..42a7666 100644 +--- a/util/net_help.c ++++ b/util/net_help.c +@@ -1172,6 +1172,7 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert) + if((SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION) & + SSL_OP_NO_RENEGOTIATION) != SSL_OP_NO_RENEGOTIATION) { + log_crypto_err("could not set SSL_OP_NO_RENEGOTIATION"); ++ SSL_CTX_free(ctx); + return 0; + } + #endif diff --git a/SOURCES/unbound-1.13.1-rh1977401.patch b/SOURCES/unbound-1.13.1-rh1977401.patch new file mode 100644 index 0000000..4c4c42d --- /dev/null +++ b/SOURCES/unbound-1.13.1-rh1977401.patch @@ -0,0 +1,19 @@ +diff --git a/dns64/dns64.c b/dns64/dns64.c +index c79bc9c..fddbc62 100644 +--- a/dns64/dns64.c ++++ b/dns64/dns64.c +@@ -685,8 +685,12 @@ dns64_operate(struct module_qstate* qstate, enum module_ev event, int id, + switch(event) { + case module_event_new: + /* Tag this query as being new and fall through. */ +- iq = (struct dns64_qstate*)regional_alloc( +- qstate->region, sizeof(*iq)); ++ if (!(iq = (struct dns64_qstate*)regional_alloc( ++ qstate->region, sizeof(*iq)))) { ++ log_err("out of memory"); ++ qstate->ext_state[id] = module_error; ++ return; ++ } + qstate->minfo[id] = iq; + iq->state = DNS64_NEW_QUERY; + iq->started_no_cache_store = qstate->no_cache_store; diff --git a/SPECS/unbound.spec b/SPECS/unbound.spec index 72ce445..e07bbea 100644 --- a/SPECS/unbound.spec +++ b/SPECS/unbound.spec @@ -37,7 +37,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.13.1 -Release: 9%{?extra_version:.%{extra_version}}%{?dist} +Release: 12%{?extra_version:.%{extra_version}}%{?dist} License: BSD Url: https://nlnetlabs.nl/projects/unbound/ Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz @@ -63,6 +63,8 @@ Source19: http://keys.gnupg.net/pks/lookup?op=get&search=0x9F6F1C2D7E045F8D#/wou # rhbz#1952814 upstream PR https://github.com/NLnetLabs/unbound/pull/415/files Patch1: unbound-1.13.1-rh1952814.patch Patch2: unbound-1.13.1-rh1991005.patch +Patch3: unbound-1.13.1-rh1977400.patch +Patch4: unbound-1.13.1-rh1977401.patch BuildRequires: gcc, make BuildRequires: flex, openssl-devel @@ -461,6 +463,18 @@ popd %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %changelog +* Fri Feb 11 2022 Artem Egorenkov - 1.13.1-12 +- Fixed error in the patch +- Resolves: rhbz#1977401 + +* Thu Feb 10 2022 Artem Egorenkov - 1.13.1-11 +- regional_alloc() failure handled +- Resolves: rhbz#1977401 + +* Thu Feb 10 2022 Artem Egorenkov - 1.13.1-10 +- RESOURCE_LEAK fixed +- Resolves: rhbz#1977400 + * Tue Aug 10 2021 Artem Egorenkov - 1.13.1-9 - Don't use delted OpenSSL macroses - Resolves: rhbz#1991005