# Contributor: Sören Tempel # Contributor: Carlo Landmeter # Maintainer: Natanael Copa pkgname=unbound pkgver=1.7.3 pkgrel=2 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver" url="http://unbound.net/" arch="all" license="BSD-3-Clause" depends="dnssec-root" depends_dev="expat-dev" makedepends="$depends_dev libevent-dev libressl-dev python2-dev swig linux-headers" install="$pkgname.pre-install" options="!check" pkgusers="unbound" pkggroups="unbound" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-dbg py-unbound:py $pkgname-migrate::noarch" source="http://unbound.net/downloads/$pkgname-$pkgver.tar.gz conf.patch update-unbound-root-hints CVE-2019-16866.patch CVE-2019-18934.patch migrate-dnscache-to-unbound root.hints $pkgname.initd $pkgname.confd " builddir="$srcdir/$pkgname-$pkgver" # secfixes: # 1.7.3-r2: # - CVE-2019-18934 # 1.7.3-r1: # - CVE-2019-16866 build() { cd "$builddir" ./configure \ --build="$CBUILD" \ --host="$CHOST" \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ --localstatedir=/var \ --with-username=unbound \ --with-run-dir="" \ --with-pidfile="" \ --with-rootkey-file=/usr/share/dnssec-root/trusted-key.key \ --with-libevent \ --with-pthreads \ --disable-static \ --disable-rpath \ --with-ssl \ --without-pythonmodule \ --with-pyunbound # do not link to libpython sed -i -e '/^LIBS=/s/-lpython.*[[:space:]]/ /' Makefile make } package() { cd "$builddir" make DESTDIR="$pkgdir" install install -m755 -D contrib/update-anchor.sh \ "$pkgdir"/usr/share/$pkgname/update-anchor.sh mkdir -p "$pkgdir"/usr/share/doc/$pkgname/ install -m644 doc/CREDITS doc/Changelog doc/FEATURES \ doc/README doc/TODO "$pkgdir"/usr/share/doc/$pkgname/ cd "$pkgdir" install -Dm755 "$srcdir"/update-unbound-root-hints \ ./etc/periodic/monthly/update-unbound-root-hints install -m644 -D "$srcdir"/root.hints ./etc/unbound/root.hints install -m755 -D "$srcdir"/unbound.initd ./etc/init.d/unbound install -m755 -D "$srcdir"/unbound.confd ./etc/conf.d/unbound } libs() { pkgdesc="unbound shared libraries" mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/lib*.so.* "$subpkgdir"/usr/lib/ } py() { pkgdesc="Python bindings to libunbound" mkdir -p "$subpkgdir"/usr/lib/ mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/ } migrate() { pkgdesc="Simple tool to migrate from dnscache to unbound" install -m755 -D "$srcdir"/migrate-dnscache-to-unbound \ "$subpkgdir"/usr/bin/migrate-dnscache-to-unbound } sha512sums="34b2e93660e519b2eccefef26a6c7ac09fa3312384cc3bc449ff2b10743bd86bfeb36ec19d35eb913f8d0a3d91ad7923260a66fc799f28b0a2cc06741d80f27a unbound-1.7.3.tar.gz bd51769e3e2d6035df1abbf220038a56a69795a092b5f31005e1910c6c88e334d7e71fe16d874885ef74c597f3a1d7af50f9ad9736ba7ebb10ae50178828661c conf.patch b16b7b15392c0d560718ee543f1eebc5617085fb30d61cddc20dd948bd8b1634ee5b2de1c9cb172a6c0d1c5bbaf98b6fd39816d39c72a43ff619455449e668ac update-unbound-root-hints da578f620bc1abca4a53bb3448c023c59ccd33c0d560603ab5e6caf7eebd8e4d8a2401f2e4ebbcf1124f168699be02a489ae27d7b723f9b67678592ecea30529 CVE-2019-16866.patch b2ae6363d89c4effa9e926210c4b876eb8fefa79bf459047107e6fb8eb8aca2b9844a4a8bdabe361248be2eeb36519aac7bbc4fe7b805447958088bcc18a83d2 CVE-2019-18934.patch b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131 migrate-dnscache-to-unbound 0dca3470ed4ca9b76d6f47f5d20e92924e6648f0870d8594fe6735d8f1cdfeeee7296301066c2a8b2b94f7daed86c15efe00c301ca27e435e5dd2c85508dc9c8 root.hints d8392a6d238b46fd207d57eb2d23d0806d070c203ae196a6c2a6a4f7de4c95beecee86640649ff7dcc1cec3d3edcd313e8d91bff4188bdc1133b12fe6eff554e unbound.initd 40c660f275a78f93677761f52bdf7ef151941e8469dd17767a947dbe575880e0d113c320d15c7ea7e12ef636d8ec9453eeae804619678293fa35e3d4c7e75a71 unbound.confd"