- rel 2; fix CAA queries on CNAME loops

diff --git a/unbound-bug-3512.patch b/unbound-bug-3512.patch
new file mode 100644 (file)
index 0000000..e58a4e5
--- /dev/null
+++ b/unbound-bug-3512.patch
@@ -0,0 +1,40 @@
+diff --git a/iterator/iterator.c b/iterator/iterator.c
+index 7f3c6573..26660059 100644
+--- a/iterator/iterator.c
++++ b/iterator/iterator.c
+@@ -1157,6 +1157,13 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
+       if(iq->query_restart_count > MAX_RESTART_COUNT) {
+               verbose(VERB_QUERY, "request has exceeded the maximum number"
+                       " of query restarts with %d", iq->query_restart_count);
++              if(iq->response) {
++                      /* return the partial CNAME loop, i.e. with the
++                       * actual packet in iq->response cleared of RRsets,
++                       * the stored prepend RRsets contain the loop contents
++                       * with duplicates removed */
++                      return next_state(iq, FINISHED_STATE);
++              }
+               return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
+       }
+ 
+@@ -1246,6 +1253,10 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
+                       iq->qchase.qname_len = slen;
+                       /* This *is* a query restart, even if it is a cheap 
+                        * one. */
++                      msg->rep->an_numrrsets = 0;
++                      msg->rep->ns_numrrsets = 0;
++                      msg->rep->ar_numrrsets = 0;
++                      msg->rep->rrset_count = 0;
+                       iq->dp = NULL;
+                       iq->refetch_glue = 0;
+                       iq->query_restart_count++;
+@@ -2739,6 +2750,10 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
+               if (qstate->env->cfg->qname_minimisation)
+                       iq->minimisation_state = INIT_MINIMISE_STATE;
+               /* Clear the query state, since this is a query restart. */
++              iq->response->rep->an_numrrsets = 0;
++              iq->response->rep->ns_numrrsets = 0;
++              iq->response->rep->ar_numrrsets = 0;
++              iq->response->rep->rrset_count = 0;
+               iq->deleg_msg = NULL;
+               iq->dp = NULL;
+               iq->dsns_point = NULL;

diff --git a/unbound.spec b/unbound.spec
index 5e6951cc15eb958323eaad84c954bba4852158c2..6f402e19f42f118a91eccf6db92d52bcf20b5655 100644 (file)
--- a/unbound.spec
+++ b/unbound.spec
@@ -8,7 +8,7 @@ Summary:        Recursive, validating DNS resolver
 Summary(pl.UTF-8):     Rekurencyjny, weryfikujący resolver DNS
 Name:          unbound
 Version:       1.6.8
-Release:       1
+Release:       2
 License:       BSD
 Group:         Applications/Network
 Source0:       http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -23,6 +23,7 @@ Patch0:               %{name}-default_trust_anchor.patch
 Patch1:                %{name}-sh.patch
 Patch2:                %{name}-pythondir.patch
 Patch3:                %{name}-flex.patch
+Patch4:                unbound-bug-3512.patch
 URL:           http://unbound.net/
 BuildRequires: autoconf >= 2.56
 BuildRequires: automake
@@ -129,6 +130,7 @@ Pythonowy interfejs do biblioteki unbound.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 %{__libtoolize}