[packages/unbound] - rel 2; fix CAA queries on CNAME loops
arekm
arekm at pld-linux.org
Wed Feb 21 14:35:15 CET 2018
commit e30ec7d49f7cb229732b43ffc50f3f2247d9e9dc
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed Feb 21 14:35:09 2018 +0100
- rel 2; fix CAA queries on CNAME loops
unbound-bug-3512.patch | 40 ++++++++++++++++++++++++++++++++++++++++
unbound.spec | 4 +++-
2 files changed, 43 insertions(+), 1 deletion(-)
---
diff --git a/unbound.spec b/unbound.spec
index 5e6951c..6f402e1 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -8,7 +8,7 @@ Summary: Recursive, validating DNS resolver
Summary(pl.UTF-8): Rekurencyjny, weryfikujący resolver DNS
Name: unbound
Version: 1.6.8
-Release: 1
+Release: 2
License: BSD
Group: Applications/Network
Source0: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -23,6 +23,7 @@ Patch0: %{name}-default_trust_anchor.patch
Patch1: %{name}-sh.patch
Patch2: %{name}-pythondir.patch
Patch3: %{name}-flex.patch
+Patch4: unbound-bug-3512.patch
URL: http://unbound.net/
BuildRequires: autoconf >= 2.56
BuildRequires: automake
@@ -129,6 +130,7 @@ Pythonowy interfejs do biblioteki unbound.
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
%build
%{__libtoolize}
diff --git a/unbound-bug-3512.patch b/unbound-bug-3512.patch
new file mode 100644
index 0000000..e58a4e5
--- /dev/null
+++ b/unbound-bug-3512.patch
@@ -0,0 +1,40 @@
+diff --git a/iterator/iterator.c b/iterator/iterator.c
+index 7f3c6573..26660059 100644
+--- a/iterator/iterator.c
++++ b/iterator/iterator.c
+@@ -1157,6 +1157,13 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
+ if(iq->query_restart_count > MAX_RESTART_COUNT) {
+ verbose(VERB_QUERY, "request has exceeded the maximum number"
+ " of query restarts with %d", iq->query_restart_count);
++ if(iq->response) {
++ /* return the partial CNAME loop, i.e. with the
++ * actual packet in iq->response cleared of RRsets,
++ * the stored prepend RRsets contain the loop contents
++ * with duplicates removed */
++ return next_state(iq, FINISHED_STATE);
++ }
+ return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
+ }
+
+@@ -1246,6 +1253,10 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
+ iq->qchase.qname_len = slen;
+ /* This *is* a query restart, even if it is a cheap
+ * one. */
++ msg->rep->an_numrrsets = 0;
++ msg->rep->ns_numrrsets = 0;
++ msg->rep->ar_numrrsets = 0;
++ msg->rep->rrset_count = 0;
+ iq->dp = NULL;
+ iq->refetch_glue = 0;
+ iq->query_restart_count++;
+@@ -2739,6 +2750,10 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
+ if (qstate->env->cfg->qname_minimisation)
+ iq->minimisation_state = INIT_MINIMISE_STATE;
+ /* Clear the query state, since this is a query restart. */
++ iq->response->rep->an_numrrsets = 0;
++ iq->response->rep->ns_numrrsets = 0;
++ iq->response->rep->ar_numrrsets = 0;
++ iq->response->rep->rrset_count = 0;
+ iq->deleg_msg = NULL;
+ iq->dp = NULL;
+ iq->dsns_point = NULL;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/unbound.git/commitdiff/e30ec7d49f7cb229732b43ffc50f3f2247d9e9dc
More information about the pld-cvs-commit
mailing list