diff --git a/.gitignore b/.gitignore index af62255..6248c87 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/icannbundle.pem -SOURCES/unbound-1.16.0.tar.gz +SOURCES/unbound-1.16.2.tar.gz diff --git a/.unbound.metadata b/.unbound.metadata index b5890f7..1e8d688 100644 --- a/.unbound.metadata +++ b/.unbound.metadata @@ -1,2 +1,2 @@ 9a2f73302a13f38dbf7cb3c5e34eb1665d2f156f SOURCES/icannbundle.pem -376305561f177d69cf94de5a3f409d98c2520498 SOURCES/unbound-1.16.0.tar.gz +9aea0e923b9d6779b5bc360094e24a4017e2bb25 SOURCES/unbound-1.16.2.tar.gz diff --git a/SOURCES/unbound-1.15-soversion2-compat.patch b/SOURCES/unbound-1.15-soversion2-compat.patch index ee8e374..897e243 100644 --- a/SOURCES/unbound-1.15-soversion2-compat.patch +++ b/SOURCES/unbound-1.15-soversion2-compat.patch @@ -1,4 +1,4 @@ -From 4e8b6fae827ba0898e9e41eb1fa7c2d03cd74f8d Mon Sep 17 00:00:00 2001 +From 605d66f0b6b8f7c308010f455058299d25c1d2ee Mon Sep 17 00:00:00 2001 From: Petr Mensik Date: Fri, 6 May 2022 16:36:39 +0200 Subject: [PATCH] Rework ABI breaking change to compatible way @@ -13,38 +13,38 @@ operations should be very small price. Much better than ABI break. Make current version compatible back to .2 version. --- - unbound-1.16.0/configure.ac | 2 +- - unbound-1.16.0/daemon/worker.c | 6 ++-- - unbound-1.16.0/libunbound/libworker.c | 34 +++++++++++++++-------- - unbound-1.16.0/libunbound/unbound-event.h | 3 +- - unbound-1.16.0/libunbound/unbound.h | 13 +++++---- - unbound-1.16.0/libunbound/worker.h | 6 ++-- - unbound-1.16.0/services/authzone.c | 11 ++++---- - unbound-1.16.0/services/authzone.h | 9 ++---- - unbound-1.16.0/services/mesh.c | 17 ++++++++---- - unbound-1.16.0/services/mesh.h | 9 +++++- - unbound-1.16.0/smallapp/worker_cb.c | 6 ++-- - unbound-1.16.0/validator/autotrust.c | 2 +- - unbound-1.16.0/validator/autotrust.h | 2 +- + unbound-1.16.2/configure.ac | 2 +- + unbound-1.16.2/daemon/worker.c | 6 ++-- + unbound-1.16.2/libunbound/libworker.c | 34 +++++++++++++++-------- + unbound-1.16.2/libunbound/unbound-event.h | 3 +- + unbound-1.16.2/libunbound/unbound.h | 13 +++++---- + unbound-1.16.2/libunbound/worker.h | 6 ++-- + unbound-1.16.2/services/authzone.c | 11 ++++---- + unbound-1.16.2/services/authzone.h | 9 ++---- + unbound-1.16.2/services/mesh.c | 17 ++++++++---- + unbound-1.16.2/services/mesh.h | 9 +++++- + unbound-1.16.2/smallapp/worker_cb.c | 6 ++-- + unbound-1.16.2/validator/autotrust.c | 2 +- + unbound-1.16.2/validator/autotrust.h | 2 +- 13 files changed, 72 insertions(+), 48 deletions(-) -diff --git a/unbound-1.16.0/configure.ac b/unbound-1.16.0/configure.ac -index 1453b3a..03d258e 100644 ---- a/unbound-1.16.0/configure.ac -+++ b/unbound-1.16.0/configure.ac +diff --git a/unbound-1.16.2/configure.ac b/unbound-1.16.2/configure.ac +index 224501b..71f066c 100644 +--- a/unbound-1.16.2/configure.ac ++++ b/unbound-1.16.2/configure.ac @@ -19,7 +19,7 @@ AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 - LIBUNBOUND_REVISION=16 + LIBUNBOUND_REVISION=18 -LIBUNBOUND_AGE=1 +LIBUNBOUND_AGE=7 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 # 1.0.2 had 0:14:0 -diff --git a/unbound-1.16.0/daemon/worker.c b/unbound-1.16.0/daemon/worker.c -index bf8c5d6..4553475 100644 ---- a/unbound-1.16.0/daemon/worker.c -+++ b/unbound-1.16.0/daemon/worker.c +diff --git a/unbound-1.16.2/daemon/worker.c b/unbound-1.16.2/daemon/worker.c +index 010c4dc..2b87a41 100644 +--- a/unbound-1.16.2/daemon/worker.c ++++ b/unbound-1.16.2/daemon/worker.c @@ -2268,21 +2268,21 @@ void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), @@ -70,10 +70,10 @@ index bf8c5d6..4553475 100644 { log_assert(0); } -diff --git a/unbound-1.16.0/libunbound/libworker.c b/unbound-1.16.0/libunbound/libworker.c +diff --git a/unbound-1.16.2/libunbound/libworker.c b/unbound-1.16.2/libunbound/libworker.c index 11bf5f9..6895119 100644 ---- a/unbound-1.16.0/libunbound/libworker.c -+++ b/unbound-1.16.0/libunbound/libworker.c +--- a/unbound-1.16.2/libunbound/libworker.c ++++ b/unbound-1.16.2/libunbound/libworker.c @@ -549,9 +549,10 @@ libworker_enter_result(struct ub_result* res, sldns_buffer* buf, /** fillup fg results */ static void @@ -182,10 +182,10 @@ index 11bf5f9..6895119 100644 if(q->cancelled || q->w->back->want_to_quit) { if(q->w->is_bg_thread) { /* delete it now */ -diff --git a/unbound-1.16.0/libunbound/unbound-event.h b/unbound-1.16.0/libunbound/unbound-event.h +diff --git a/unbound-1.16.2/libunbound/unbound-event.h b/unbound-1.16.2/libunbound/unbound-event.h index a5d5c03..70aa4c8 100644 ---- a/unbound-1.16.0/libunbound/unbound-event.h -+++ b/unbound-1.16.0/libunbound/unbound-event.h +--- a/unbound-1.16.2/libunbound/unbound-event.h ++++ b/unbound-1.16.2/libunbound/unbound-event.h @@ -170,7 +170,8 @@ struct ub_event { struct ub_event_vmt* vmt; }; @@ -196,10 +196,10 @@ index a5d5c03..70aa4c8 100644 /** * Create a resolving and validation context. -diff --git a/unbound-1.16.0/libunbound/unbound.h b/unbound-1.16.0/libunbound/unbound.h -index ee85587..c822d3f 100644 ---- a/unbound-1.16.0/libunbound/unbound.h -+++ b/unbound-1.16.0/libunbound/unbound.h +diff --git a/unbound-1.16.2/libunbound/unbound.h b/unbound-1.16.2/libunbound/unbound.h +index c779d18..f6d5c7c 100644 +--- a/unbound-1.16.2/libunbound/unbound.h ++++ b/unbound-1.16.2/libunbound/unbound.h @@ -203,18 +203,19 @@ struct ub_result { */ char* why_bogus; @@ -226,10 +226,10 @@ index ee85587..c822d3f 100644 }; /** -diff --git a/unbound-1.16.0/libunbound/worker.h b/unbound-1.16.0/libunbound/worker.h +diff --git a/unbound-1.16.2/libunbound/worker.h b/unbound-1.16.2/libunbound/worker.h index 0fa5bfa..8b64b4d 100644 ---- a/unbound-1.16.0/libunbound/worker.h -+++ b/unbound-1.16.0/libunbound/worker.h +--- a/unbound-1.16.2/libunbound/worker.h ++++ b/unbound-1.16.2/libunbound/worker.h @@ -90,15 +90,15 @@ void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len, /** mesh callback with fg results */ @@ -249,11 +249,11 @@ index 0fa5bfa..8b64b4d 100644 /** * Worker signal handler function. User argument is the worker itself. -diff --git a/unbound-1.16.0/services/authzone.c b/unbound-1.16.0/services/authzone.c -index 02fb621..4ba8be8 100644 ---- a/unbound-1.16.0/services/authzone.c -+++ b/unbound-1.16.0/services/authzone.c -@@ -5654,8 +5654,7 @@ xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset, +diff --git a/unbound-1.16.2/services/authzone.c b/unbound-1.16.2/services/authzone.c +index b9e0b11..c72949f 100644 +--- a/unbound-1.16.2/services/authzone.c ++++ b/unbound-1.16.2/services/authzone.c +@@ -5656,8 +5656,7 @@ xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset, /** callback for task_transfer lookup of host name, of A or AAAA */ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf, @@ -263,7 +263,7 @@ index 02fb621..4ba8be8 100644 { struct auth_xfer* xfr = (struct auth_xfer*)arg; struct module_env* env; -@@ -5667,6 +5666,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf, +@@ -5669,6 +5668,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf, return; /* stop on quit */ } @@ -271,7 +271,7 @@ index 02fb621..4ba8be8 100644 /* process result */ if(rcode == LDNS_RCODE_NOERROR) { uint16_t wanted_qtype = LDNS_RR_TYPE_A; -@@ -6715,8 +6715,7 @@ xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env) +@@ -6717,8 +6717,7 @@ xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env) /** callback for task_probe lookup of host name, of A or AAAA */ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf, @@ -281,7 +281,7 @@ index 02fb621..4ba8be8 100644 { struct auth_xfer* xfr = (struct auth_xfer*)arg; struct module_env* env; -@@ -6728,6 +6727,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf, +@@ -6730,6 +6729,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf, return; /* stop on quit */ } @@ -289,7 +289,7 @@ index 02fb621..4ba8be8 100644 /* process result */ if(rcode == LDNS_RCODE_NOERROR) { uint16_t wanted_qtype = LDNS_RR_TYPE_A; -@@ -8211,7 +8211,7 @@ auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z, +@@ -8212,7 +8212,7 @@ auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z, /** callback for ZONEMD lookup of DNSKEY */ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, @@ -298,7 +298,7 @@ index 02fb621..4ba8be8 100644 { struct auth_zone* z = (struct auth_zone*)arg; struct module_env* env; -@@ -8233,6 +8233,7 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, +@@ -8234,6 +8234,7 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DS) typestr = "DS"; downprot = env->cfg->harden_algo_downgrade; @@ -306,10 +306,10 @@ index 02fb621..4ba8be8 100644 /* process result */ if(sec == sec_status_bogus) { -diff --git a/unbound-1.16.0/services/authzone.h b/unbound-1.16.0/services/authzone.h +diff --git a/unbound-1.16.2/services/authzone.h b/unbound-1.16.2/services/authzone.h index 07614ed..b339fc1 100644 ---- a/unbound-1.16.0/services/authzone.h -+++ b/unbound-1.16.0/services/authzone.h +--- a/unbound-1.16.2/services/authzone.h ++++ b/unbound-1.16.2/services/authzone.h @@ -690,12 +690,10 @@ void auth_xfer_probe_timer_callback(void* arg); void auth_xfer_transfer_timer_callback(void* arg); /** mesh callback for task_probe on lookup of host names */ @@ -335,10 +335,10 @@ index 07614ed..b339fc1 100644 /** * Check the ZONEMD records that need online DNSSEC chain lookups, -diff --git a/unbound-1.16.0/services/mesh.c b/unbound-1.16.0/services/mesh.c -index fbaa966..c66b01f 100644 ---- a/unbound-1.16.0/services/mesh.c -+++ b/unbound-1.16.0/services/mesh.c +diff --git a/unbound-1.16.2/services/mesh.c b/unbound-1.16.2/services/mesh.c +index 30bcf7c..fc3c690 100644 +--- a/unbound-1.16.2/services/mesh.c ++++ b/unbound-1.16.2/services/mesh.c @@ -63,6 +63,7 @@ #include "util/data/dname.h" #include "respip/respip.h" @@ -347,7 +347,7 @@ index fbaa966..c66b01f 100644 #ifdef CLIENT_SUBNET #include "edns-subnet/subnetmod.h" -@@ -1010,7 +1011,7 @@ mesh_state_cleanup(struct mesh_state* mstate) +@@ -1012,7 +1013,7 @@ mesh_state_cleanup(struct mesh_state* mstate) mstate->cb_list = cb->next; fptr_ok(fptr_whitelist_mesh_cb(cb->cb)); (*cb->cb)(cb->cb_arg, LDNS_RCODE_SERVFAIL, NULL, @@ -356,7 +356,7 @@ index fbaa966..c66b01f 100644 log_assert(mesh->num_reply_addrs > 0); mesh->num_reply_addrs--; } -@@ -1266,8 +1267,9 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, +@@ -1268,8 +1269,9 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, r->edns.opt_list_inplace_cb_out = NULL; } fptr_ok(fptr_whitelist_mesh_cb(r->cb)); @@ -368,7 +368,7 @@ index fbaa966..c66b01f 100644 } else { size_t udp_size = r->edns.udp_size; sldns_buffer_clear(r->buf); -@@ -1285,11 +1287,14 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, +@@ -1287,11 +1289,14 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, { fptr_ok(fptr_whitelist_mesh_cb(r->cb)); (*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf, @@ -386,10 +386,10 @@ index fbaa966..c66b01f 100644 } } free(reason); -diff --git a/unbound-1.16.0/services/mesh.h b/unbound-1.16.0/services/mesh.h +diff --git a/unbound-1.16.2/services/mesh.h b/unbound-1.16.2/services/mesh.h index 3be9b63..5050d6c 100644 ---- a/unbound-1.16.0/services/mesh.h -+++ b/unbound-1.16.0/services/mesh.h +--- a/unbound-1.16.2/services/mesh.h ++++ b/unbound-1.16.2/services/mesh.h @@ -234,13 +234,20 @@ struct mesh_reply { struct http2_stream* h2_stream; }; @@ -412,10 +412,10 @@ index 3be9b63..5050d6c 100644 /** * Callback to result routine -diff --git a/unbound-1.16.0/smallapp/worker_cb.c b/unbound-1.16.0/smallapp/worker_cb.c +diff --git a/unbound-1.16.2/smallapp/worker_cb.c b/unbound-1.16.2/smallapp/worker_cb.c index c689817..c7b1653 100644 ---- a/unbound-1.16.0/smallapp/worker_cb.c -+++ b/unbound-1.16.0/smallapp/worker_cb.c +--- a/unbound-1.16.2/smallapp/worker_cb.c ++++ b/unbound-1.16.2/smallapp/worker_cb.c @@ -159,21 +159,21 @@ void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), @@ -441,10 +441,10 @@ index c689817..c7b1653 100644 { log_assert(0); } -diff --git a/unbound-1.16.0/validator/autotrust.c b/unbound-1.16.0/validator/autotrust.c +diff --git a/unbound-1.16.2/validator/autotrust.c b/unbound-1.16.2/validator/autotrust.c index 3cdf9ce..40b3e35 100644 ---- a/unbound-1.16.0/validator/autotrust.c -+++ b/unbound-1.16.0/validator/autotrust.c +--- a/unbound-1.16.2/validator/autotrust.c ++++ b/unbound-1.16.2/validator/autotrust.c @@ -2331,7 +2331,7 @@ autr_debug_print(struct val_anchors* anchors) void probe_answer_cb(void* arg, int ATTR_UNUSED(rcode), @@ -454,10 +454,10 @@ index 3cdf9ce..40b3e35 100644 { /* retry was set before the query was done, * re-querytime is set when query succeeded, but that may not -diff --git a/unbound-1.16.0/validator/autotrust.h b/unbound-1.16.0/validator/autotrust.h +diff --git a/unbound-1.16.2/validator/autotrust.h b/unbound-1.16.2/validator/autotrust.h index 057f2b6..c549798 100644 ---- a/unbound-1.16.0/validator/autotrust.h -+++ b/unbound-1.16.0/validator/autotrust.h +--- a/unbound-1.16.2/validator/autotrust.h ++++ b/unbound-1.16.2/validator/autotrust.h @@ -206,6 +206,6 @@ void autr_debug_print(struct val_anchors* anchors); /** callback for query answer to 5011 probe */ @@ -467,5 +467,5 @@ index 057f2b6..c549798 100644 #endif /* VALIDATOR_AUTOTRUST_H */ -- -2.35.3 +2.37.1 diff --git a/SOURCES/unbound-1.16.2.tar.gz.asc b/SOURCES/unbound-1.16.2.tar.gz.asc new file mode 100644 index 0000000..0f94fb9 --- /dev/null +++ b/SOURCES/unbound-1.16.2.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmLnudYACgkQn28cLX4E +X43GmRAAoROXbktLR2AXGEECgPCFlHag9oNZosa3J5yR2vaV4e8eA6AMzPyZbl7P +LnLon8PZZR+pTW+dDRqakvzJIwXkLeONFgEdvd0cAghWAtPrKCDZIkCyeQj0OOv3 +wt1pRRl2PXUKNZZf0bzpTUIhVsHF/w5f5T/mFAZm49rUDboj77xgokmaFK4kei0I +Gz4W8Vx3TIwwJc8nea8GtCYIg3UKmR/TMznMFExAoKdMllzKuJnGx5lR/eU0+NRc +uwWEQhNJrHXZyWethp9swLCrOmDHcgBJOd04TqcDwSIZrw9VuT3/Uza3Tw73N7kr +PZvF2xSOASL+i91QP6tnkmQD5pAORVpUFN3NePEWV5922iG/pVipaYBbEyV3dfph +Y4QGwj8G6ppcfjV7gmlxsAOM2gnhD3rDqFmkxau6zB1kktHnV2aqlzIQo396ZBJQ +hKyIAJlNvpTiFaACD7/cFkE80awJnCD/qvXATN//BWHKytgO8eYg7fZGrxjbpIQk +XV/vVlOJWRXPyPBnp8MQyCIDe2eq2ELlMfYw62/TNDuj2qKsM/W03cem3GlveOa6 +tw8RVfFFjwZlCLbXSbmsKo+mWJ3jCAvb3/gql52vJDE5FuRz7MvptIVU6DVE1O+J +mQ3AoQ2Mq9iHsZePfze4sq531DMlWTgBMwqfBTWqMaTC/8VH5rg= +=Ax9n +-----END PGP SIGNATURE----- diff --git a/SPECS/unbound.spec b/SPECS/unbound.spec index 6aecc4f..1007706 100644 --- a/SPECS/unbound.spec +++ b/SPECS/unbound.spec @@ -33,7 +33,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound -Version: 1.16.0 +Version: 1.16.2 Release: 2%{?extra_version:.%{extra_version}}%{?dist} License: BSD Url: https://www.unbound.net/ @@ -54,6 +54,7 @@ Source14: unbound.sysconfig Source15: unbound-anchor.timer Source16: unbound-munin.README Source17: unbound-anchor.service +Source18: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz.asc # Reverts ABI change done in version 1.8.0 (bz#2027735) # Makes possible backward binary compatibility with a new features @@ -79,6 +80,8 @@ BuildRequires: automake autoconf libtool %{?systemd_requires} # Needed because /usr/sbin/unbound links unbound libs staticly Requires: %{name}-libs%{?_isa} = %{version}-%{release} +# unbound-keygen.service requires it, bug #2116790 +Requires: openssl %description Unbound is a validating, recursive, and caching DNS(SEC) resolver. @@ -430,6 +433,12 @@ popd %verify(not md5 size mtime) %{_sharedstatedir}/%{name}/root.key %changelog +* Tue Aug 09 2022 Petr Menšík - 1.16.2-2 +- Require openssl tool for unbound-keygen (#2018806) + +* Wed Aug 03 2022 Petr Menšík - 1.16.2-1 +- Update to 1.16.2 (#2027735) + * Wed Jun 15 2022 Petr Menšík - 1.16.0-2 - Restart keygen service before every unbound start (#1959468)