From 42efe7f60b9beeeca6bcd188b2362f10577fd8fb Mon Sep 17 00:00:00 2001 From: sthen Date: Thu, 2 Feb 2012 13:42:13 +0000 Subject: [PATCH] Add a patch to Unbound from upstream correcting a bug resulting in failure to validate DNSSEC which was introduced in 1.4.15: http://permalink.gmane.org/gmane.network.dns.unbound.user/2006 Full update to Unbound 1.4.16 can wait until we're done with 5.1 ok ajacoutot@ --- net/unbound/Makefile | 3 ++- .../patches/patch-services_cache_rrset_c | 20 +++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 net/unbound/patches/patch-services_cache_rrset_c diff --git a/net/unbound/Makefile b/net/unbound/Makefile index ffccbb09991..b65e07aa309 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -1,8 +1,9 @@ -# $OpenBSD: Makefile,v 1.38 2012/01/26 22:04:03 sthen Exp $ +# $OpenBSD: Makefile,v 1.39 2012/02/02 13:42:13 sthen Exp $ COMMENT= validating DNS resolver DISTNAME= unbound-1.4.15 +REVISION= 0 CATEGORIES= net MASTER_SITES= http://www.unbound.net/downloads/ diff --git a/net/unbound/patches/patch-services_cache_rrset_c b/net/unbound/patches/patch-services_cache_rrset_c new file mode 100644 index 00000000000..531c96d45d0 --- /dev/null +++ b/net/unbound/patches/patch-services_cache_rrset_c @@ -0,0 +1,20 @@ +$OpenBSD: patch-services_cache_rrset_c,v 1.1 2012/02/02 13:42:13 sthen Exp $ + +http://permalink.gmane.org/gmane.network.dns.unbound.user/2006 + +Fix DNSSEC validation failures after hours or days: +"validation failure xx: no NSEC3 closest encloser from yy for DS zz while +building chain of trust." + +--- services/cache/rrset.c.orig Thu Feb 2 11:05:28 2012 ++++ services/cache/rrset.c Thu Feb 2 11:05:49 2012 +@@ -207,7 +207,8 @@ rrset_cache_update(struct rrset_cache* r, struct rrset + /* cache is superior, return that value */ + lock_rw_unlock(&e->lock); + ub_packed_rrset_parsedelete(k, alloc); +- return 2; ++ if(equal) return 2; ++ return 1; + } + lock_rw_unlock(&e->lock); + /* Go on and insert the passed item.