# Contributor: Sören Tempel # Contributor: Carlo Landmeter # Maintainer: Natanael Copa pkgname=unbound pkgver=1.8.3 pkgrel=4 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver" url="http://unbound.net/" arch="all" license="BSD-3-Clause" depends="dnssec-root" depends_dev="expat-dev" makedepends="$depends_dev libevent-dev openssl-dev python2-dev swig linux-headers" install="$pkgname.pre-install" options="!check" pkgusers="unbound" pkggroups="unbound" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-dbg py-unbound:py $pkgname-migrate::noarch" source="https://unbound.net/downloads/$pkgname-$pkgver.tar.gz conf.patch update-unbound-root-hints CVE-2019-16866.patch CVE-2019-18934.patch CVE-2020-12662_CVE-2020-12663.patch migrate-dnscache-to-unbound root.hints $pkgname.initd $pkgname.confd " builddir="$srcdir/$pkgname-$pkgver" # secfixes: # 1.8.3-r4: # - CVE-2020-12662 # - CVE-2020-12663 # 1.8.3-r3: # - CVE-2019-18934 # 1.8.3-r2: # - CVE-2019-16866 build() { cd "$builddir" ./configure \ --build="$CBUILD" \ --host="$CHOST" \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ --localstatedir=/var \ --with-username=unbound \ --with-run-dir="" \ --with-pidfile="" \ --with-rootkey-file=/usr/share/dnssec-root/trusted-key.key \ --with-libevent \ --with-pthreads \ --disable-static \ --disable-rpath \ --with-ssl \ --without-pythonmodule \ --with-pyunbound # do not link to libpython sed -i -e '/^LIBS=/s/-lpython.*[[:space:]]/ /' Makefile make } package() { cd "$builddir" make DESTDIR="$pkgdir" install install -m755 -D contrib/update-anchor.sh \ "$pkgdir"/usr/share/$pkgname/update-anchor.sh mkdir -p "$pkgdir"/usr/share/doc/$pkgname/ install -m644 doc/CREDITS doc/Changelog doc/FEATURES \ doc/README doc/TODO "$pkgdir"/usr/share/doc/$pkgname/ cd "$pkgdir" install -Dm755 "$srcdir"/update-unbound-root-hints \ ./etc/periodic/monthly/update-unbound-root-hints install -m644 -D "$srcdir"/root.hints ./etc/unbound/root.hints install -m755 -D "$srcdir"/unbound.initd ./etc/init.d/unbound install -m755 -D "$srcdir"/unbound.confd ./etc/conf.d/unbound } libs() { pkgdesc="unbound shared libraries" mkdir -p "$subpkgdir"/usr/lib mv "$pkgdir"/usr/lib/lib*.so.* "$subpkgdir"/usr/lib/ } py() { pkgdesc="Python bindings to libunbound" mkdir -p "$subpkgdir"/usr/lib/ mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/ } migrate() { pkgdesc="Simple tool to migrate from dnscache to unbound" install -m755 -D "$srcdir"/migrate-dnscache-to-unbound \ "$subpkgdir"/usr/bin/migrate-dnscache-to-unbound } sha512sums="545486ccce288a6ef1937d82653a43a11dbd3aec7b8d0036e7fd107e537cdfc935def9db9178c2eb418d6f4b0849a242a0be1dea966f3e9e0145aa7266e483ad unbound-1.8.3.tar.gz bd51769e3e2d6035df1abbf220038a56a69795a092b5f31005e1910c6c88e334d7e71fe16d874885ef74c597f3a1d7af50f9ad9736ba7ebb10ae50178828661c conf.patch b16b7b15392c0d560718ee543f1eebc5617085fb30d61cddc20dd948bd8b1634ee5b2de1c9cb172a6c0d1c5bbaf98b6fd39816d39c72a43ff619455449e668ac update-unbound-root-hints da578f620bc1abca4a53bb3448c023c59ccd33c0d560603ab5e6caf7eebd8e4d8a2401f2e4ebbcf1124f168699be02a489ae27d7b723f9b67678592ecea30529 CVE-2019-16866.patch b2ae6363d89c4effa9e926210c4b876eb8fefa79bf459047107e6fb8eb8aca2b9844a4a8bdabe361248be2eeb36519aac7bbc4fe7b805447958088bcc18a83d2 CVE-2019-18934.patch 9362936e4ce7c3f391590526423c7f13c596bc71db6b643056bcf885797a26ea74e44e920383b6af6ac56294f5dc9529dded96645f519a377269f920e9a8cf68 CVE-2020-12662_CVE-2020-12663.patch 0dca3470ed4ca9b76d6f47f5d20e92924e6648f0870d8594fe6735d8f1cdfeeee7296301066c2a8b2b94f7daed86c15efe00c301ca27e435e5dd2c85508dc9c8 root.hints b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131 migrate-dnscache-to-unbound a2b39cb00d342c3bae70ae714dc2bd7c15d0475b35f7afff11fb0bd4c1786f83dd5425a5900a7b4d6c17915a6c546e37f82404bceb44f79c054629e999f23152 unbound.initd 40c660f275a78f93677761f52bdf7ef151941e8469dd17767a947dbe575880e0d113c320d15c7ea7e12ef636d8ec9453eeae804619678293fa35e3d4c7e75a71 unbound.confd"