From ec2071d644c643fb388bdbcb5e0a8c8d916c3713 Mon Sep 17 00:00:00 2001 From: eaglegai Date: Fri, 1 Mar 2024 07:28:42 +0000 Subject: [PATCH] synchronize a patch from SP1 to remove default buildin key --- unbound-remove-buildin-key.patch | 42 ++++++++++++++++++++++++++++++++ unbound.spec | 9 ++++++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 unbound-remove-buildin-key.patch diff --git a/unbound-remove-buildin-key.patch b/unbound-remove-buildin-key.patch new file mode 100644 index 0000000..eabe1d3 --- /dev/null +++ b/unbound-remove-buildin-key.patch @@ -0,0 +1,42 @@ +From bd895d2d82990bfe059acfb0e078bb8d44207287 Mon Sep 17 00:00:00 2001 +From: hanzhijun +Date: Fri, 19 Feb 2021 16:20:53 +0800 +Subject: [PATCH] remove buildin key + +--- + smallapp/unbound-anchor.c | 19 ------------------- + 1 file changed, 19 deletions(-) + +diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c +index b8bd1b8..4c8f404 100644 +--- a/smallapp/unbound-anchor.c ++++ b/smallapp/unbound-anchor.c +@@ -215,25 +215,6 @@ get_builtin_cert(void) + return + /* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */ + "-----BEGIN CERTIFICATE-----\n" +-"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n" +-"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n" +-"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n" +-"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n" +-"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n" +-"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n" +-"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n" +-"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n" +-"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n" +-"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n" +-"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n" +-"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n" +-"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n" +-"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n" +-"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n" +-"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n" +-"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n" +-"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n" +-"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n" + "-----END CERTIFICATE-----\n" + ; + } +-- +1.8.3.1 + diff --git a/unbound.spec b/unbound.spec index bac5bec..30fd1c4 100644 --- a/unbound.spec +++ b/unbound.spec @@ -2,7 +2,7 @@ Name: unbound Version: 1.11.0 -Release: 10 +Release: 11 Summary: Unbound is a validating, recursive, caching DNS resolver License: BSD Url: https://nlnetlabs.nl/projects/unbound/about/ @@ -29,6 +29,7 @@ Patch4: backport-0001-CVE-2022-30698-and-CVE-2022-30699.patch Patch5: backport-0002-CVE-2022-30698-and-CVE-2022-30699.patch Patch6: backport-CVE-2022-3204.patch Patch7: backport-CVE-2023-50387_CVE-2023-50868.patch +Patch8: unbound-remove-buildin-key.patch BuildRequires: make flex swig pkgconfig systemd python-unversioned-command BuildRequires: libevent-devel expat-devel openssl-devel python3-devel @@ -231,6 +232,12 @@ popd %{_mandir}/man* %changelog +* Fri Mar 01 2024 gaihuiying - 1.11.0-11 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:synchronize a patch from SP1 to remove default buildin key + * Tue Feb 27 2024 gaihuiying - 1.11.0-10 - Type:cves - CVE:CVE-2024-1488 -- Gitee