代码拉取完成,页面将自动刷新
%global _hardened_build 1
Summary: Validating, recursive, caching DNS resolver
Name: unbound
Version: 1.17.1
Release: 9%{?dist}
License: BSD
URL: https://nlnetlabs.nl/projects/unbound/
Source0: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
Source1: unbound.service
Source2: unbound.conf
Source3: root.key
Source4: unbound-keygen.service
Source5: tmpfiles-unbound.conf
Source6: example.com.key
Source7: example.com.conf
Source8: block-example.com.conf
# https://data.iana.org/root-anchors/
Source9: icannbundle.pem
Source10: root.anchor
Source11: unbound.sysconfig
Source12: unbound-anchor.timer
Source13: unbound-anchor.service
Source14: remote-control.conf
Patch0001: 0001-fix-CVE-2023-50387-CVE-2023-50868.patch
Patch3001: backport-pre-CVE-2024-33655-extended_error_encode-for-extended-errors.patch
Patch3002: backport-pre-CVE-2024-33655-Downstream-DNS-Cookies-a-la-RFC7873-and-RFC9018.patch
Patch3003: backport-pre-CVE-2024-33655-Fix-possibly-unaligned-memory-access-in-parse_edns_options_from_query.patch
Patch3004: backport-pre-CVE-2024-33655-Fix-out-of-bounds-read-in-parse_edns_options_from_query.patch
Patch3005: backport-CVE-2024-33655.patch
BuildRequires: gcc make flex pkgconfig byacc
BuildRequires: openssl-devel libevent-devel expat-devel
#for python extensions
BuildRequires: python3-devel swig
#for dnstap
%ifarch loongarch64
BuildRequires: fstrm-devel
%else
BuildRequires: fstrm-devel protobuf-c-devel
%endif
#for doh
BuildRequires: libnghttp2-devel
BuildRequires: systemd
Requires: %{name}-libs = %{version}-%{release}
%description
Unbound is a validating, recursive, caching DNS resolver.
It is designed to be fast and lean and incorporates modern features
based on open standards.To help increase online privacy, Unbound supports
DNS-over-TLS and DNS-over-HTTPS which allows clients to encrypt their
communication. In addition, it supports various modern standards that
limit the amount of data exchanged with authoritative servers.
These standards do not only improve privacy but also help making the DNS more robust.
The most important are Query Name Minimisation, the Aggressive Use of DNSSEC-Validated Cache
and support for authority zones, which can be used to load a copy of the root zone.
%package libs
Summary: Libraries for unbound
Requires(pre): shadow-utils
%description libs
Libraries used by the unbound server and client applications
%package devel
Summary: Libraries and header files for unbound development
Requires: %{name}-libs = %{version}-%{release}
Requires: openssl-devel pkgconfig
%description devel
Libraries and header files for developing unbound applications
%package -n python3-unbound
Summary: Python3 modules and extensions for unbound
Requires: %{name}-libs = %{version}-%{release}
%description -n python3-unbound
Python3 modules and extensions for unbound
%prep
%autosetup -n %{name}-%{version} -p1
%build
%configure --disable-rpath \
--disable-static \
--enable-relro-now \
--enable-pie \
--with-libevent \
--with-pthreads \
--with-ssl \
--with-libnghttp2 \
%ifnarch loongarch64
--enable-dnstap \
%endif
--enable-subnet \
--enable-ipsecmod \
--enable-sha2 \
--disable-sha1 \
--disable-gost \
--enable-ecdsa \
--enable-linux-ip-local-port-range \
--with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \
--with-pidfile=%{_rundir}/%{name}/%{name}.pid \
--with-rootkey-file=%{_sharedstatedir}/unbound/root.key \
--with-pythonmodule --with-pyunbound PYTHON=%{__python3}
make %{?_smp_mflags} all streamtcp
%install
%make_install unbound-event-install
install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp
install -m 0644 testcode/streamtcp.1 %{buildroot}/%{_mandir}/man1/unbound-streamtcp.1
install -d -m 0755 %{buildroot}%{_unitdir}
install -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/unbound.service
install -p -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/unbound-keygen.service
install -p -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/unbound-anchor.timer
install -p -m 0644 %{SOURCE13} %{buildroot}%{_unitdir}/unbound-anchor.service
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
install -p -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/unbound
install -p -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound/
install -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/unbound/
install -p -m 0644 %{SOURCE9} %{buildroot}%{_sysconfdir}/unbound/
install -d -m 0755 %{buildroot}%{_sysconfdir}/unbound/{keys.d,conf.d,local.d}
install -p -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/unbound/keys.d/
install -p -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/unbound/conf.d/
install -p -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/unbound/local.d/
install -p -m 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/unbound/conf.d/
install -d -m 0755 %{buildroot}%{_tmpfilesdir}
install -p -m 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/unbound.conf
install -d -m 0755 %{buildroot}%{_sharedstatedir}/unbound
install -p -m 0644 %{SOURCE10} %{buildroot}%{_sharedstatedir}/unbound/root.key
install -d -m 0755 %{buildroot}%{_rundir}/unbound
echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control-setup.8
rm %{buildroot}%{_libdir}/*.la %{buildroot}%{python3_sitearch}/*.la
%check
make check
%pre libs
getent group unbound >/dev/null || groupadd -r unbound
getent passwd unbound >/dev/null || \
useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
-c "Unbound DNS resolver" unbound
%post libs
%systemd_post unbound-anchor.timer
if [ "$1" -eq 1 ]; then
/bin/systemctl start unbound-anchor.timer >/dev/null 2>&1 || :
fi
%preun libs
%systemd_preun unbound-anchor.timer
%postun libs
%systemd_postun_with_restart unbound-anchor.timer
%post
%systemd_post unbound.service
%systemd_post unbound-keygen.service
%preun
%systemd_preun unbound.service
%systemd_preun unbound-keygen.service
%postun
%systemd_postun_with_restart unbound.service
%systemd_postun unbound-keygen.service
%files
%license doc/LICENSE
%doc doc/README doc/CREDITS doc/FEATURES
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}-keygen.service
%attr(0755,unbound,unbound) %dir %{_rundir}/%{name}
%attr(0644,root,root) %{_tmpfilesdir}/unbound.conf
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_control.pem
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_control.key
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.pem
%ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.key
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/keys.d
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/keys.d/*.key
%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/conf.d
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf
%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/local.d
%attr(0644,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf
%{_sbindir}/unbound
%{_sbindir}/unbound-checkconf
%{_sbindir}/unbound-control
%{_sbindir}/unbound-control-setup
%{_sbindir}/unbound-host
%{_sbindir}/unbound-streamtcp
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%exclude %{_mandir}/man8/unbound-anchor*
%files libs
%license doc/LICENSE
%doc doc/README
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
%config %{_sysconfdir}/%{name}/icannbundle.pem
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
%{_sbindir}/unbound-anchor
%{_libdir}/libunbound.so.*
%{_mandir}/man8/unbound-anchor*
%{_unitdir}/unbound-anchor.timer
%{_unitdir}/unbound-anchor.service
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
%attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
%files devel
%{_libdir}/libunbound.so
%{_libdir}/pkgconfig/*.pc
%{_includedir}/unbound.h
%{_includedir}/unbound-event.h
%{_mandir}/man3/*
%files -n python3-unbound
%license pythonmod/LICENSE
%{python3_sitearch}/*
%doc libunbound/python/examples/*
%doc pythonmod/examples/*
%changelog
* Thu Sep 26 2024 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 1.17.1-9
- Rebuilt for clarifying the packages requirement in BaseOS and AppStream
* Fri Aug 16 2024 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 1.17.1-8
- Rebuilt for loongarch release
* Wed Jul 31 2024 Zien Huang <ethanehuang@tencent.com> - 1.17.1-7
- [Type] security
- [DESC] DNS resolvers vulnerable to remote DoS attacks via response amplification (fix CVE-2024-33655)
* Fri May 31 2024 Xin Cheng <denisecheng@tencent.com> - 1.17.1-6
- [Type] security
- [DESC] Ensure only unbound group can change configuration (fix CVE-2024-1488)
* Mon Mar 18 2024 Wenlong Zhang <zhangwenlong@loongson.cn> - 1.17.1-5
- disable dnstap for loongarch64
* Fri Mar 01 2024 Xin Cheng <denisecheng@tencent.com> - 1.17.1-4
- Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers.
- Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
* Tue Sep 19 2023 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 1.17.1-3
- Rebuilt for python 3.11
* Fri Sep 08 2023 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 1.17.1-2
- Rebuilt for OpenCloudOS Stream 23.09
* Tue Jul 11 2023 rockerzhu <rockerzhu@tencent.com> - 1.17.1-1
- Upgrade to 1.17.1
* Fri Apr 28 2023 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 1.16.0-3
- Rebuilt for OpenCloudOS Stream 23.05
* Fri Mar 31 2023 OpenCloudOS Release Engineering <releng@opencloudos.tech> - 1.16.0-2
- Rebuilt for OpenCloudOS Stream 23
* Thu Jun 23 2022 rockerzhu <rockerzhu@tencent.com> - 1.16.0-1
- Initial build
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手