diff --git a/unbound-remove-buildin-key.patch b/unbound-remove-buildin-key.patch new file mode 100644 index 0000000000000000000000000000000000000000..eabe1d3ef4f3d568ecd1986666beb401f51192b8 --- /dev/null +++ b/unbound-remove-buildin-key.patch @@ -0,0 +1,42 @@ +From bd895d2d82990bfe059acfb0e078bb8d44207287 Mon Sep 17 00:00:00 2001 +From: hanzhijun +Date: Fri, 19 Feb 2021 16:20:53 +0800 +Subject: [PATCH] remove buildin key + +--- + smallapp/unbound-anchor.c | 19 ------------------- + 1 file changed, 19 deletions(-) + +diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c +index b8bd1b8..4c8f404 100644 +--- a/smallapp/unbound-anchor.c ++++ b/smallapp/unbound-anchor.c +@@ -215,25 +215,6 @@ get_builtin_cert(void) + return + /* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */ + "-----BEGIN CERTIFICATE-----\n" +-"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n" +-"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n" +-"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n" +-"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n" +-"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n" +-"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n" +-"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n" +-"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n" +-"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n" +-"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n" +-"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n" +-"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n" +-"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n" +-"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n" +-"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n" +-"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n" +-"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n" +-"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n" +-"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n" + "-----END CERTIFICATE-----\n" + ; + } +-- +1.8.3.1 + diff --git a/unbound.spec b/unbound.spec index 2dbcbd82c6c49e868dc971d20c1fce8595b51af6..dd3ea307f14a5c7757cb54f564789fefae1c1d04 100644 --- a/unbound.spec +++ b/unbound.spec @@ -2,7 +2,7 @@ Name: unbound Version: 1.11.0 -Release: 2 +Release: 3 Summary: Unbound is a validating, recursive, caching DNS resolver License: BSD Url: https://nlnetlabs.nl/projects/unbound/about/ @@ -23,6 +23,8 @@ Source13: unbound-anchor.service Patch0: CVE-2020-28935.patch +Patch6000: unbound-remove-buildin-key.patch + BuildRequires: make flex swig pkgconfig systemd python-unversioned-command BuildRequires: libevent-devel expat-devel openssl-devel python3-devel BuildRequires: unbound-libs @@ -74,6 +76,7 @@ Package help includes includes man pages for unbound. pushd %{name}-%{version} %patch0 -p1 +%patch6000 -p1 cp -pr doc pythonmod libunbound ../ popd @@ -229,6 +232,12 @@ popd %{_mandir}/man* %changelog +* Thu Dec 02 2021 xihaochen - 1.11.0-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:synchronize a patch + * Tue Feb 23 2021 zhouyihang - 1.11.0-2 - Type:CVE - ID:NA