diff --git a/unbound-1.4.17-bug452.patch b/unbound-1.4.17-bug452.patch new file mode 100644 index 0000000..b9aa080 --- /dev/null +++ b/unbound-1.4.17-bug452.patch @@ -0,0 +1,104 @@ +Only in unbound-1.4.17/doc: Changelog.orig +diff -aur unbound-1.4.17-orig/iterator/iterator.c unbound-1.4.17/iterator/iterator.c +--- unbound-1.4.17-orig/iterator/iterator.c 2012-03-21 11:01:01.000000000 -0400 ++++ unbound-1.4.17/iterator/iterator.c 2012-07-23 13:29:05.755093317 -0400 +@@ -1541,8 +1541,7 @@ + * the final state (i.e., on answer). + */ + static int +-processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, +- int id) ++processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id) + { + struct module_qstate* subq = NULL; + verbose(VERB_ALGO, "processDSNSFind"); +@@ -1906,8 +1905,16 @@ + if(iq->qchase.qtype == LDNS_RR_TYPE_DS && !iq->dsns_point + && !(iq->chase_flags&BIT_RD) + && iter_ds_toolow(iq->response, iq->dp) +- && iter_dp_cangodown(&iq->qchase, iq->dp)) ++ && iter_dp_cangodown(&iq->qchase, iq->dp)) { ++ /* close down outstanding requests to be discarded */ ++ outbound_list_clear(&iq->outlist); ++ iq->num_current_queries = 0; ++ fptr_ok(fptr_whitelist_modenv_detach_subs( ++ qstate->env->detach_subs)); ++ (*qstate->env->detach_subs)(qstate); ++ iq->num_target_queries = 0; + return processDSNSFind(qstate, iq, id); ++ } + if(!iter_dns_store(qstate->env, &iq->response->qinfo, + iq->response->rep, 0, qstate->prefetch_leeway, + iq->dp&&iq->dp->has_parent_side_NS, +@@ -2032,8 +2039,15 @@ + if(iq->qchase.qtype == LDNS_RR_TYPE_DS && !iq->dsns_point + && !(iq->chase_flags&BIT_RD) + && iter_ds_toolow(iq->response, iq->dp) +- && iter_dp_cangodown(&iq->qchase, iq->dp)) ++ && iter_dp_cangodown(&iq->qchase, iq->dp)) { ++ outbound_list_clear(&iq->outlist); ++ iq->num_current_queries = 0; ++ fptr_ok(fptr_whitelist_modenv_detach_subs( ++ qstate->env->detach_subs)); ++ (*qstate->env->detach_subs)(qstate); ++ iq->num_target_queries = 0; + return processDSNSFind(qstate, iq, id); ++ } + /* Process the CNAME response. */ + if(!handle_cname_response(qstate, iq, iq->response, + &sname, &snamelen)) +Only in unbound-1.4.17/iterator: iterator.c.orig +Only in unbound-1.4.17/iterator: .iterator.c.rej.swp +diff -aur unbound-1.4.17-orig/services/mesh.c unbound-1.4.17/services/mesh.c +--- unbound-1.4.17-orig/services/mesh.c 2011-11-10 13:44:06.000000000 -0500 ++++ unbound-1.4.17/services/mesh.c 2012-07-23 13:27:08.163096837 -0400 +@@ -676,6 +676,7 @@ + /* find it, if not, create it */ + struct mesh_area* mesh = qstate->env->mesh; + struct mesh_state* sub = mesh_area_find(mesh, qinfo, qflags, prime); ++ int was_detached; + if(mesh_detect_cycle_found(qstate, sub)) { + verbose(VERB_ALGO, "attach failed, cycle detected"); + return 0; +@@ -706,9 +707,12 @@ + *newq = &sub->s; + } else + *newq = NULL; ++ was_detached = (sub->super_set.count == 0); + if(!mesh_state_attachment(qstate->mesh_info, sub)) + return 0; +- if(!sub->reply_list && !sub->cb_list && sub->super_set.count == 1) { ++ /* if it was a duplicate attachment, the count was not zero before */ ++ if(!sub->reply_list && !sub->cb_list && was_detached && ++ sub->super_set.count == 1) { + /* it used to be detached, before this one got added */ + log_assert(mesh->num_detached_states > 0); + mesh->num_detached_states--; +@@ -735,16 +739,20 @@ + superref->s = super; + subref->node.key = subref; + subref->s = sub; +-#ifdef UNBOUND_DEBUG +- n = +-#endif +- rbtree_insert(&sub->super_set, &superref->node); +- log_assert(n != NULL); ++ if(!rbtree_insert(&sub->super_set, &superref->node)) { ++ /* this should not happen, iterator and validator do not ++ * attach subqueries that are identical. */ ++ /* already attached, we are done, nothing todo. ++ * since superref and subref already allocated in region, ++ * we cannot free them */ ++ return 1; ++ } + #ifdef UNBOUND_DEBUG + n = + #endif + rbtree_insert(&super->sub_set, &subref->node); +- log_assert(n != NULL); ++ log_assert(n != NULL); /* we checked above if statement, the reverse ++ administration should not fail now, unless they are out of sync */ + return 1; + } + +Only in unbound-1.4.17/testdata: iter_ds_locate_ns_detach.rpl diff --git a/unbound.spec b/unbound.spec index fb029d6..aa5ffdf 100644 --- a/unbound.spec +++ b/unbound.spec @@ -14,7 +14,7 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound Version: 1.4.17 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Url: http://www.nlnetlabs.nl/unbound/ Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz @@ -28,6 +28,7 @@ Source7: unbound-keygen.service Source8: tmpfiles-unbound.conf Patch1: unbound-1.2-glob.patch Patch2: unbound-1.4.17-fips.patch +Patch3: unbound-1.4.17-bug452.patch Group: System Environment/Daemons BuildRequires: flex, openssl-devel , ldns-devel >= 1.5.0, BuildRequires: libevent-devel expat-devel @@ -44,6 +45,8 @@ Requires(preun): systemd-units Requires(postun): systemd-units Requires: ldns >= 1.5.0 Requires(pre): shadow-utils +# Needed because /usr/sbin/unbound links unbound libs staticly +Requires: %{name}-libs = %{version}-%{release} Obsoletes: dnssec-conf < 1.27-2 Provides: dnssec-conf = 1.27-1 @@ -102,6 +105,7 @@ Python modules and extensions for unbound %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %configure --with-ldns= --with-libevent --with-pthreads --with-ssl \ @@ -113,6 +117,7 @@ Python modules and extensions for unbound %endif --enable-sha2 --disable-gost --disable-ecdsa %{__make} %{?_smp_mflags} +%{__make} %{?_smp_mflags} streamtcp %install %{__make} DESTDIR=%{buildroot} install @@ -131,6 +136,9 @@ for plugin in unbound_munin_hits unbound_munin_queue unbound_munin_memory unboun done %endif +# install streamtcp used for monitoring / debugging unbound's port 80/443 modes +install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp + # Install tmpfiles.d config mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ install -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/tmpfiles.d/unbound.conf @@ -144,6 +152,12 @@ rm %{buildroot}%{_libdir}/*.la rm %{buildroot}%{python_sitearch}/*.la %endif +# create softlink for all functions of libunbound man pages +for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove; +do + echo ".so man3/libunbound.3" > %{buildroot}%{_mandir}/man3/$mpage ; +done + mkdir -p %{buildroot}%{_localstatedir}/run/unbound %files @@ -157,7 +171,9 @@ mkdir -p %{buildroot}%{_localstatedir}/run/unbound %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key %{_sbindir}/* -%{_mandir}/*/* +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man8/* %if %{with_python} %files python @@ -175,6 +191,7 @@ mkdir -p %{buildroot}%{_localstatedir}/run/unbound %files devel %{_libdir}/libunbound.so %{_includedir}/unbound.h +%{_mandir}/man3/* %doc README %files libs @@ -237,6 +254,11 @@ fi - don't build unbound-munin on RHEL - Updated to 1.4.17 (which mostly brings in patches we already applied from svn trunk) +- Fix for unbound crasher (upstream bug #452) +- Support libunbound functions in man pages and place in -devel +- Includes unbound-streamtcp (for monitoring) +- Since the daemon links to the libs staticly, add Requires: + (this is rhbz#745288) * Mon Feb 27 2012 Paul Wouters - 1.4.16-2 - Don't ghost the directory (rhbz#788805)