rpms/unbound/EL-5 unbound-1.2.0-nolibevent.patch, NONE, 1.1 unbound-initgroups-r1453.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.3, 1.4 unbound.init, 1.2, 1.3 unbound.spec, 1.5, 1.6

Paul Wouters pwouters at fedoraproject.org
Wed May 20 15:43:36 UTC 2009 

Author: pwouters

Update of /cvs/extras/rpms/unbound/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31174

Modified Files:
	.cvsignore sources unbound.init unbound.spec 
Added Files:
	unbound-1.2.0-nolibevent.patch unbound-initgroups-r1453.patch 
Log Message:
* Wed May 20 2009 Paul Wouters <paul at xelerance.com> - 1.2.1
- Upgraded to 1.2.1


unbound-1.2.0-nolibevent.patch:

--- NEW FILE unbound-1.2.0-nolibevent.patch ---
Index: Makefile.in
===================================================================
--- Makefile.in	(revision 1432)
+++ Makefile.in	(working copy)
@@ -2,11 +2,13 @@
 # See the file LICENSE for the license
 
 debug_enabled=@debug_enabled@
+ifeq "$(QUIET)" ""
 ifeq ($(debug_enabled),yes)
   QUIET=yes
 else
   QUIET=no
 endif
+endif
 
 ifeq "$(QUIET)" "yes"
   Q=@


unbound-initgroups-r1453.patch:

--- NEW FILE unbound-initgroups-r1453.patch ---
commit b1a2731277dd0939572901bf018afa7a0debdb54
Author: wouter <wouter at be551aaa-1e26-0410-a405-d3ace91eadb9>
Date:   Thu Feb 5 11:12:01 2009 +0000

    call initgroups.
    
    
    git-svn-id: http://unbound.nlnetlabs.nl/svn/trunk@1453 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/config.h.in b/config.h.in
index 956224d..aa7ce2d 100644
--- a/config.h.in
+++ b/config.h.in
@@ -85,6 +85,9 @@
 /* Define to 1 if you have the `gmtime_r' function. */
 #undef HAVE_GMTIME_R
 
+/* Define to 1 if you have the <grp.h> header file. */
+#undef HAVE_GRP_H
+
 /* If you have HMAC_CTX_init */
 #undef HAVE_HMAC_CTX_INIT
 
@@ -97,6 +100,9 @@
 /* Define to 1 if you have the `inet_pton' function. */
 #undef HAVE_INET_PTON
 
+/* Define to 1 if you have the `initgroups' function. */
+#undef HAVE_INITGROUPS
+
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H
 
diff --git a/configure b/configure
index a823b0b..0b1f96a 100755
--- a/configure
+++ b/configure
@@ -19961,7 +19961,8 @@ fi
 
 
 
-for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h
+
+for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
 { echo "$as_me:$LINENO: checking for $ac_header" >&5
@@ -25282,7 +25283,8 @@ fi
 
 
 
-for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob
+
+for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
 { echo "$as_me:$LINENO: checking for $ac_func" >&5
diff --git a/configure.ac b/configure.ac
index bd000bc..48a4385 100644
--- a/configure.ac
+++ b/configure.ac
@@ -480,7 +480,7 @@ AC_PROG_LIBTOOL
 
 # Checks for header files.
 AC_HEADER_STDC
-AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h],,, [AC_INCLUDES_DEFAULT])
 
 # check for types
 AC_CHECK_TYPE(int8_t, char)
@@ -854,7 +854,7 @@ AC_CHECK_GETADDRINFO_WITH_INCLUDES
 if test $ac_cv_func_getaddrinfo = no; then
 AC_LIBOBJ([fake-rfc2553])
 fi
-AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob])
+AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setsid sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev setresuid setreuid setresgid setregid glob initgroups])
 
 # check if setreuid en setregid fail, on MacOSX10.4(darwin8).
 if echo $build_os | grep darwin8 > /dev/null; then
diff --git a/daemon/unbound.c b/daemon/unbound.c
index 09767a4..6c5fb6f 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -56,6 +56,9 @@
 #ifdef HAVE_PWD_H
 #include <pwd.h>
 #endif
+#ifdef HAVE_GRP_H
+#include <grp.h>
+#endif
 
 #ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
@@ -451,6 +454,11 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 	/* drop permissions after chroot, getpwnam, pidfile, syslog done*/
 #ifdef HAVE_GETPWNAM
 	if(cfg->username && cfg->username[0]) {
+#ifdef HAVE_INITGROUPS
+		if(initgroups(cfg->username, gid) != 0)
+			log_warn("unable to initgroups %s: %s",
+				cfg->username, strerror(errno));
+#endif
 #ifdef HAVE_SETRESGID
 		if(setresgid(gid,gid,gid) != 0)
 #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/unbound/EL-5/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- .cvsignore	31 Oct 2008 16:59:08 -0000	1.1
+++ .cvsignore	20 May 2009 15:43:06 -0000	1.2
@@ -0,0 +1 @@
+unbound-1.2.1.tar.gz


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/unbound/EL-5/sources,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- sources	21 Jan 2009 01:33:46 -0000	1.3
+++ sources	20 May 2009 15:43:06 -0000	1.4
@@ -1 +1 @@
-2517f811ec4939c0ea602c99a6fdea23  unbound-1.2.0.tar.gz
+5437f2a1e698d8aa73ba19a60662a654  unbound-1.2.1.tar.gz


Index: unbound.init
===================================================================
RCS file: /cvs/extras/rpms/unbound/EL-5/unbound.init,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- unbound.init	21 Jan 2009 01:33:47 -0000	1.2
+++ unbound.init	20 May 2009 15:43:06 -0000	1.3
@@ -25,6 +25,7 @@ exec="/usr/sbin/unbound"
 config="/etc/unbound/unbound.conf"
 rootdir="/var/lib/unbound"
 pidfile="/var/run/unbound/unbound.pid"
+piddir=`dirname $pidfile`
 
 [ -e /etc/sysconfig/unbound ] && . /etc/sysconfig/unbound
 
@@ -33,11 +34,15 @@ lockfile=/var/lock/subsys/unbound
 start() {
     [ -x $exec ] || exit 5
     [ -f $config ] || exit 6
+    # /var/run could (and should) be tmpfs
+    [ -d $piddir ] || mkdir $piddir
 
     if [ ! -f /etc/unbound/unbound_control.key ]
     then
 	echo -n $"Generating unbound control key and certificate: "
 	/usr/sbin/unbound-control-setup -d /etc/unbound/ > /dev/null 2> /dev/null
+	chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem
+
 	[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \
 	    [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*
 	echo
@@ -46,7 +51,7 @@ start() {
     echo -n $"Starting unbound: "
 
     # if not running, start it up here
-    daemon $exec
+    daemon --pidfile=$pidfile $exec
     retval=$?
     [ $retval -eq 0 ] && touch $lockfile
     echo


Index: unbound.spec
===================================================================
RCS file: /cvs/extras/rpms/unbound/EL-5/unbound.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- unbound.spec	8 Feb 2009 23:33:54 -0000	1.5
+++ unbound.spec	20 May 2009 15:43:06 -0000	1.6
@@ -1,15 +1,15 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
-Version: 1.2.0
-Release: 4%{?dist}
+Version: 1.2.1
+Release: 1%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
 Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
 Source1: unbound.init
 Source2: unbound.conf
 Source3: unbound.munin
-Patch0: unbound-libevent-r1441.patch
-Patch1: unbound-1.2-glob.patch
+Patch0: unbound-1.2-glob.patch
+Patch1: unbound-initgroups-r1453.patch
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: flex, openssl-devel, ldns-devel >= 1.4.0, libevent-devel
@@ -17,7 +17,9 @@ Requires(post): chkconfig
 Requires(preun): chkconfig
 Requires(preun): initscripts
 Requires(postun): initscripts
-Requires: ldns >= 1.4.0
+Requires: ldns >= 1.5.0
+Requires: openssl >= 0.9.8e-7
+#Requires: openssl >= 0.9.8b-10.el5.1
 Requires(pre): shadow-utils
 # Is this obsolete?
 #Provides: caching-nameserver
@@ -62,7 +64,7 @@ Contains libraries used by the unbound s
 
 %prep
 %setup -q 
-%patch0 -p0
+%patch0 -p1
 %patch1 -p1
 
 %build
@@ -122,7 +124,7 @@ rm -rf ${RPM_BUILD_ROOT}
 %pre
 getent group unbound >/dev/null || groupadd -r unbound
 getent passwd unbound >/dev/null || \
-useradd -r -g unbound -d %{_localstatedir}/lib/%{name} -s /sbin/nologin \
+useradd -r -g unbound -d %{_sysconfdir}/%{name} -s /sbin/nologin \
 -c "Unbound DNS resolver" unbound
 exit 0
 
@@ -146,6 +148,12 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Wed May 20 2009 Paul Wouters <paul at xelerance.com> - 1.2.1
+- Upgraded to 1.2.1
+- Properly drop group privs
+- Fix so unbound starts from init scripts properly with
+  unbound-remote: yes
+
 * Sun Feb  8 2009 Paul Wouters <paul at xelerance.com - 1.2.0-4
 - Not my best day, fixed the missing buildroot.

More information about the fedora-extras-commits mailing list