diff options
author | Cy Schubert <cy@FreeBSD.org> | 2021-12-03 05:35:06 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2021-12-03 05:35:06 +0000 |
commit | 68965ba955db755e0cf7c57882a1e99da5c47644 (patch) | |
tree | f8e722161681a766f4425cefdbe71f32f647fd14 /contrib | |
parent | 625f1c1312fb7defbd148c8ba121a0cf058707ef (diff) | |
download | src-68965ba955db755e0cf7c57882a1e99da5c47644.tar.gz src-68965ba955db755e0cf7c57882a1e99da5c47644.zip |
unbound: Vendor import 1.14.0rc1vendor/unbound/1.14.0rc1
This vendor import was requested by glebius@ as it should fix unbound
crashes.
Reported by: glebius
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/Dockerfile.tests | 11 | ||||
-rw-r--r-- | contrib/drop2rpz | 2 | ||||
-rw-r--r-- | contrib/unbound.service.in | 3 |
3 files changed, 14 insertions, 2 deletions
diff --git a/contrib/Dockerfile.tests b/contrib/Dockerfile.tests new file mode 100644 index 000000000000..417daccb21f9 --- /dev/null +++ b/contrib/Dockerfile.tests @@ -0,0 +1,11 @@ +FROM gcc:latest +WORKDIR /usr/src/unbound +RUN apt-get update +# install semantic parser & lexical analyzer +RUN apt-get install -y bison flex +# install packages used in tests +RUN apt-get install -y ldnsutils dnsutils xxd splint doxygen netcat +# accept short rsa keys, which are used in tests +RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf + +CMD ["/bin/bash"] diff --git a/contrib/drop2rpz b/contrib/drop2rpz index 01602f651166..6ac9b492efe3 100644 --- a/contrib/drop2rpz +++ b/contrib/drop2rpz @@ -4,7 +4,7 @@ # # unbound.conf: # rpz: -# name: "spamhaus-drop.rpz.local." +# name: "drop.spamhaus.org.rpz.local." # zonefile: "/path/tp/spamhaus-drop.rpz.local" # rpz-log: yes # rpz-log-name: "spamhaus-drop" diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index 90ee708ce2c5..ada5fac9c224 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -64,7 +64,8 @@ ProtectClock=true ProtectControlGroups=true ProtectKernelLogs=true ProtectKernelModules=true -ProtectKernelTunables=true +# This breaks using socket options like 'so-rcvbuf'. Explicitly disable for visibility. +ProtectKernelTunables=false ProtectProc=invisible ProtectSystem=strict RuntimeDirectory=unbound |