.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -57,47 +57,3 @@ unbound-1.4.5.tar.gz
 /unbound-1.9.6.tar.gz
 /unbound-1.10.0.tar.gz
 /unbound-1.10.0.tar.gz.asc
-/unbound-1.10.1.tar.gz
-/unbound-1.10.1.tar.gz.asc
-/unbound-1.12.0.tar.gz
-/unbound-1.12.0.tar.gz.asc
-/unbound-1.13.0.tar.gz
-/unbound-1.13.0.tar.gz.asc
-/unbound-1.13.1.tar.gz
-/unbound-1.13.1.tar.gz.asc
-/unbound-1.13.2.tar.gz
-/unbound-1.13.2.tar.gz.asc
-/unbound-1.15.0.tar.gz
-/unbound-1.15.0.tar.gz.asc
-/unbound-1.16.0.tar.gz
-/unbound-1.16.0.tar.gz.asc
-/unbound-1.16.2.tar.gz
-/unbound-1.16.2.tar.gz.asc
-/unbound-1.16.3.tar.gz
-/unbound-1.16.3.tar.gz.asc
-/unbound-1.17.0.tar.gz
-/unbound-1.17.0.tar.gz.asc
-/unbound-1.17.1.tar.gz
-/unbound-1.17.1.tar.gz.asc
-/unbound-1.18.0.tar.gz
-/unbound-1.18.0.tar.gz.asc
-/unbound-1.19.0.tar.gz
-/unbound-1.19.0.tar.gz.asc
-/unbound-1.19.1.tar.gz
-/unbound-1.19.1.tar.gz.asc
-/unbound-1.19.3.tar.gz
-/unbound-1.19.3.tar.gz.asc
-/unbound-1.20.0.tar.gz
-/unbound-1.20.0.tar.gz.asc
-/unbound-1.21.0.tar.gz
-/unbound-1.21.0.tar.gz.asc
-/unbound-1.21.1.tar.gz
-/unbound-1.21.1.tar.gz.asc
-/unbound-1.22.0.tar.gz
-/unbound-1.22.0.tar.gz.asc
-/unbound-1.23.0.tar.gz
-/unbound-1.23.0.tar.gz.asc
-/unbound-1.23.1.tar.gz
-/unbound-1.23.1.tar.gz.asc
-/unbound-1.*.tar.gz
-/unbound-1.*.tar.gz.asc

Yorgos.asc

@@ -1,128 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFfYHeYBEAC/8SdeXNspt9ZIoZRSL9juNLHA17TXcHdKSthgWBtwwWZbUPq8
-SJr7Y+hr6jMCDKY9800QzLF0nLkyXnZgaBcvR0rRbCT/qvALJ0fpfjcotapZ1hBv
-omb9s8Bo28uKn8tbTMXYNsElUae4Ch/CrU1vfe50YoyQgLR8UBa15gV+2RmC+6jI
-qxDYS8sylWlDn6Qim+77feLlObPnNdzgfWGZo14eJByTsz0qrh8aS/BS1FAsnEQ6
-W6AqukhpuKuWvoAUXKjfguXQolxeexubmKaLcGOTvecw+cbh/a5SPHRtRVr9qTxp
-elk6UEpakY5K9UtZkrG55VWih/4KqY9bNyhJBtpAk1fXA+mYfx5BcFpECYdU9kz4
-UgV5jK0HYRHQTLC91PPVQgH86we+Aae6TaJneCLEIzBK36TgAP8RKrvFfPUym5OP
-YbWOom27QTKfRVcyxPKglJxrTSWixnKWS/pqxNY8hF9Ne4crRAF4wX2yBVbGnjNr
-S9TpYmjMwURbuYm+rWZk/8w5OJG60V3wax56c0jn/42O3Y2hzQ+PbOv2M4UuuajS
-2YL3/KUsRLBapUpPQjzChwzdr/vzFEhk9XxK2VGMN+dh2HjYwDFendc5csyt/cVr
-g3LssVS2bKy5g3IhrzCKAk0Sky4S5t/mcN+lWztNvCijuLz58GCym5GwJQARAQAB
-tCtZb3Jnb3MgVGhlc3NhbG9uaWtlZnMgPHlvcmdvc0BubG5ldGxhYnMubmw+iQJX
-BBMBCABBAhsjBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAhkBFiEElI60IyLF0At5
-NA9dz/M0TZCHpJAFAmjWhkcFCRLfm+EACgkQz/M0TZCHpJANXhAAvTpKNl5+kU1d
-lcFrXx4pgi/knhe0y1Z+ENQWVDYTs9v+lMoyCRQuAt1Cir1LAGWfRBdTQh60I6Dc
-BDj+15pFJCv/dyZiQLPUgxLtIxkwIUSjELp8JevNHhGMNz7QWdG4SEpG2aF/D2Zz
-kvaoomPGjRyo/bkgR2la6eqrCOxYVP+FT7682yf0bCvSTs1kTrnwFY93s7O2RciI
-MS0XWcHPtoi96JxhzUIT+v0gSFuitZhRGPh9pyIcHmRER1yKugvMp6xF5UjNIcfL
-ScrNlGXgjc6EJiGXS5CHliIlxlAxs4J1T9JiGQZOAW/CPxe4IND34DhqwvQcJdtL
-8jt1b2xUcuFfYNa3SY671OnLt3EhwMsYDaSIXrPqW8R6XuaSxhb4sL/okHkb833b
-CgaWvjQZgRm1h0R2IY5C3kHotsLUd2fygrtVVvaLxGEoi9UBsKoLu2kHEJnV5HJO
-jfJMBBGgGFscfk3p1v4SAA30xPR7i6O2KDmFsVzL6xKbnFMMmayEVfWzGXmxB7lv
-ob6HrJIvVH6mx64OsAY0LQI6abQI3TTZn13+RNxuATQS+j0tqbZvVJtWFw41eqsU
-OqeNF9W323uvhJcjDyYquAREIivFXkzxa9y3rgQfB9OX9usD79aij4y/YLqZxafl
-InYUlMGygNOGXruFRZ7DD6zciK2Zu7W0K0dlb3JnZSBUaGVzc2Fsb25pa2VmcyA8
-Z2VvcmdlQG5sbmV0bGFicy5ubD6JAlQEEwEIAD4CGyMFCwkIBwIGFQgJCgsCBBYC
-AwECHgECF4AWIQSUjrQjIsXQC3k0D13P8zRNkIekkAUCaNaGWAUJEt+b4QAKCRDP
-8zRNkIekkKovEACQkeEImQeer9jsY066WyIpvrhcy6xtWjeW8v1ZasRoi+DOFWeA
-18O5iD34UaIPPGFRu6PRdSMLdUqtelFgONVDnXEuqOGAptMcCI4wp4+NIFd00v0J
-9A9ur7xWt0Q0O1fMjFOMPa5oQK9dg1MCI0/RWRObOPf3cIr2NhgWwBuKTCluKyFc
-mnRQXwyxBGCBRvK5zKmA8BBlnHuPfunTAcduNSExUx3e0w5BD5lcG4YeyuR+IRcY
-HJPGU20f634dDSJGKJvGxjpaCxGQNca6s8Mpkq3lm/D3Ia4Vpw/HdiSawv/U71S/
-4F6lctMjvoS73Ao9DZ4iDPqkHJ73HidNp7n25SLnXKruZsnXitjYT8ueP7byeLPi
-7IvqoENXoXNqNfDuXfqri/WnHPYWbKIdj5WWFeaR3Ws+szw3Wql7mJ1cNFWbNCE7
-rGFPhSNyG3n6mlEBUKUYn8FuOF9PHwwWl86GHLI6O4xOIohESyrZrq2mJS61sSq6
-AAQ7cqx6UMNJdBcgB5Ry7qRUF6ZmowZZu3aWFF4dW+LwMvuaFjKzShsKzj8GCE0B
-pQDjy+IeWM2mBVneuCicWwvbSzVWx+Ow42QRvmH8Ja9PqoIYeJQUiMr1+aAG6kUK
-3VW4iugsu3/oFIlFrkYZy9YEfCOEMgqRKL/cuBJTZt0OPFRE/9O/M/FVmIkBHAQS
-AQIABgUCV9kUOAAKCRAwkY2CdXJCIju1B/oCvf1kWYndNeLS6U2O6DtFAL2Ia5tY
-Zukcyqb1hkYcrBiMZbQN94gX5a+6Q4pdd2n241r1ZuSWdwUhRUbF4mvbZMVsavnk
-cvrRGviVIUXf71W0O/IsmQ9oN0Finhpf14Y4z/xqF8DpvJdkWc6X5g+RJuko6q2w
-B7x2UfSyF4USp47LSmUQnC59IF8jzaElgBha3gwEuXL3d2qBepoV/e9RiXJClUAT
-+O7qdxzDq1eiZ+NXUjDCmrkuWjHLAZAv0jx1KUTCQ2no62UM95igtJ+Kn56Lc2+J
-CqFJztaZeX8CgXXryxNpsyhZJ33dIoLCT03K25wrV5Y+eag05slQ9sC3iQI9BBMB
-CAAnBQJX2RCwAhsjBQkFo5qABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEM/z
-NE2Qh6SQ3JUP/2G3bRNObS7zsfN3rjkbjLxaDOwNggRdbeXM5rHDVEG9SWesCGaI
-vyQdkSGQoIaKUgNv7Yp8O8pEnD4IwdhNSaXVIB3pBtdOD0UM1wuxRpfqJOUxZEoW
-T2Jr31Tg2qepp6nT7UmdiF7uCBDy8Jm6k6Q+6UT58cPaesRQdSPi6Go7ho2/xVvK
-Ve9ufSTSTdG5+7bJDu6Iv7sydKUEG4jPDqo+jjVLn1X6Rfp+E4JAvOvFrSJHW5sa
-A332xV40GeV+aM1ndP7dPkz8+AGB3QD7JF2DLcqvLo0TYOvjnlOGYcNp8gzp23g9
-KFwe2sdbdtVpuWaJUSpXXiUZnFzrrVxDNiEBjqsPa5ysOxzJ+1gUbcrIjUeNeAFh
-us4XL+IidPATnhTIX3X/uPRB87KaTaA8XUqsuSd2DM9mLxdHKC9Jf8D1t+ywYrek
-Cp+K80vCtFPWBM4+w8nGugTNKJEGIXZDGFOF/c7r6xKkaOYK0Y+IGJawlV5LaADl
-BmQpPk0ubYclwb07FcegaHSxxIqUo/kbyt1YV5mU+QVymZ+xyvIBrnW8hBuNWRvU
-5acnIZibCERayo8ZuI+r/X3bLHfDx0oh2h+cL3utNZUqmgZNR0Di8P+x0hUYsYPO
-TJaDBSgvxUtY0Ci+OWX38kffGGvhW3CM8V6skdVc8cp7Db7gxase4BxxtC5HZW9y
-Z2UgVGhlc3NhbG9uaWtlZnMgPGdlb3JnZUBvcGVubmV0bGFicy5jb20+iQJUBBMB
-CAA+AhsjBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEElI60IyLF0At5NA9dz/M0
-TZCHpJAFAmjWhlgFCRLfm+EACgkQz/M0TZCHpJCWag/+MJOLW1tBNPA9sBcjl9V4
-Cjc2TIR/r8RRGv5lstVXlXc5T4SR48UvQTxaUU+KJia5POsaAsw9yk7Zz4r7ul0D
-Vd9tzHCcwxl46e0Kwn2VGBMHThsWC7QDuK7b+4AlxeO4EDWRPPw4BCB7aTxJzA3N
-O4qpEF4TVeb97uyNQr2YaTGUzSI58vCgXgeOpH9ivomQi1nCxZbdrFh2yKJ+H4EH
-gI8+D9iSnJMI16RS1dE7Pa85IG+qPd3owAbOlc+tBsSvdbFdRufQZeiNGKfQno1E
-oygZt8svcuKpGAG1flzpPu5LE9oMsIDia9hcn4YFqr80F5bW1rUvFeC0rYp9/0ui
-6lo34PAhEieB8XzjbpDDEnlkziRoz2YNVJmZOWrCAMI1bUFI5/+YWuJTXCGF62dE
-dO7aBWoUkchkGGSGKbPW9KYdmqMdfOeuqZRBhKs8bgHIArJ+kvglhCJr/qNX5T8p
-oCHE5bnEwFxnH2Q6a2ffpMpOExGvPaoAWlym/ID/MMet0riZ2izFUdmjEkA0HUaa
-7h5x1dKMhHzYDXOW8Ksx9vE24gLrjfqfvIiYpErn+SVs0KUqkR0BRWLRYjyq/Bj/
-btTQXcDeYpQj4tL2cX3Eosqaoy5NDGCK4yqWOxENOJ/YcO5dTPJDNsHlc2JSdejz
-a4g8AHFlkpPn0tlflbuE7q6JARwEEgECAAYFAlfZFDwACgkQMJGNgnVyQiIHjAf/
-VrPMgIRjRTYi4cxOr5ewaim1hgJZO1oCJoMopwIvpZ2kAUqL/uPMT3wREe5bi79H
-jXYcaX+RbrV4ZdzaajDUFCj867KGErxqtRkANJ1eNLcQmVwGNoFeTQbgEOBfKq1t
-hRfMqHF3fxCPJp4z4U3kBPUpIQPERjgUdkH8fxZ34Omo1SLO1b0dVqsneezccBVv
-Hj7gVoaWw65Ov7vngwNCKH3fjOkcoINTH/nEw4WWh6UV5ZN49GRqa6oWdUJMZbgB
-w8z357RLN6YLe7KMh4oGpUIvfH6Vfq6CIb6s9pfgjAvq8O7p9n0/0FG77j84MuGw
-fdhq8eSazO/j9LUCBM+8k4kCPQQTAQgAJwUCV9kQiwIbIwUJBaOagAULCQgHAgYV
-CAkKCwIEFgIDAQIeAQIXgAAKCRDP8zRNkIekkN9pD/wI8JAyjJEIjUJNLRuARDDv
-pJrQjAo/02naPcGs4yyUd7yRkhzVKLFLvif8XICxxLWk6FdT0PJeKGTvRoe2+Rje
-c14rO30niRymWkBi36iDW46Dpt7Jx+LUDhUMYPL+woKSoHmbBGWLSYXKxaD8F93A
-nVs97nP4PWpspv2BFiuwKGsSsOyyQPPvr7jCin3H5oPH9qDnIV0KonAYbzzEKod5
-t0Rgzo/nWXZBFXWC5xvKeghwkdT++gYS/ThvQY2ua6A1XRE8BntyldD081NPi3NO
-dWa9m8ufFOJsEEiWcpdT+EWoDw5JyGAR7U3IOVl3BTo7shdcYEvRVrDMBpac+ItG
-WvogUv7alBdHWi48amvZE06RI/nDJ/rxj13S/4POgMHU++aQI5a1G5H3jBu4cehH
-4iT1UKmozfzVEfcHb2dsaKnnuFzQxmol0lZu1ETyof+Lxvs+wErN0QR+VDNweJEJ
-PMXiEcjASdLtrEKgFSP2B5yGGzt93C+HbD+VQOU359aAnvVjbTAVz8izuMphd6Bz
-Ix1q//q2VmxqjjT3Iv30hBRX02x2M8gsP/e49XWEll7stkMtbYhBU0sHQ2CqzLGh
-gJN3ecpi2sKWVqN8HUZOwJFj6f9ZX76YSM23wIugHfscMAVJUXvBrbd151WIshOf
-FFPo62sYGt+SEMXWeRcHjbQuWW9yZ29zIFRoZXNzYWxvbmlrZWZzIDx5b3Jnb3NA
-b3Blbm5ldGxhYnMuY29tPokCVAQTAQgAPgIbIwULCQgHAgYVCAkKCwIEFgIDAQIe
-AQIXgBYhBJSOtCMixdALeTQPXc/zNE2Qh6SQBQJo1oZYBQkS35vhAAoJEM/zNE2Q
-h6SQjBkP/0IvctNT9T+DtGZyMiw/Jna9G3QhtW7exhlxzqqX3tFmZpaJj3VswyqA
-5hx5BdJEShC8qNEqrBCHxcCZgsLvR3GKc/0LTgP7+7VH/ugAScrlVeI8rB6V1jn5
-cnfY5fsfOQ8i0b/8C+CiEe0TW90VRHjYV6DWMdUfqQb3E/snl23RMFeTL0Qrrk8H
-Lo3MTko7TeKRYOV/g/qQkb9CFQZNyzgIjD7uZi8or8qFJ/uZTnlBq5/NRDB5Z3ew
-7WXc3QrRUXmbbDzdnIeCtu5vmuk+hc69gbOst9nWf3y2qlK7BjZqT+PqKZa/fa/i
-5pZpv1hB8DrA2WTIpN7iXhCvABXSEoUOJaLkRSJVDqzvuaeqOEPrk1aJSMWoio/w
-8RRa1L7k6m81Dc0dqYbBOSI4MCNm8ZawQI2L4qRs5QORg4nRnAevFgkzhJKFYF2N
-jzX/2xlAuOym126DODC9qJSJZR7uTOJXh0yqknfkPgDXjchpzq+Q+CM+jYo6AGas
-/XPAuRQCQaLSYr9UPL7Fn62//ysZQAyAkJQR1u7UwAd6/UTTMVZpUJsLQyMyikF7
-UT4K7MWrvkZxMRPhGan0P2pRe36M9BBjYRTp0TIr+UjUT8iBfjdrttI9DQlkcEeQ
-rKhcE31KqjwJMdiuzbpqqXaEss9AFuJng3Owewt4wAft3eu1U7PWuQINBFfYHeYB
-EAC2h9yjSe2SgtcB0H+E0ndaewaZaQCE7q+RO43dotGH9eFnVwE4/ftcK1SN42ih
-lF5OnTaKPyXvgQ6U8W8VB8eLjeTwA/dSXuJX7kJpEK8saPqJP6zTUmPqp/GSzS6Y
-rhKLfpFn4chmywpDFcGNMz0sYXiJgPqKL7W0KuG+ziPToAeWl8ckeXyl77/lHVhW
-YylaQJEASklqCViPXSp9vI7/57UEm4MQPXwsDBOwuVVqcSu3ZM5MtY9XlbVPNCYm
-ZIMqmh8HgYwbiq9dTfJi+6v17+uDQGZewWK/WwFM+9dDx7YkTeOBiUduYtJPW64N
-W/RJ7pskbLAy+OZApTZWg0cISN6GOmPN3F0AiWzUjvSMREHhFHyxj4Y15vuDOFvP
-GFxr4xBiyMX1JLCKK6OFnyPfoJ9v/o3UgrQgLrfXCmKdvkwBCgJvN3Fsxzha6Dtf
-6RcZ02fr7SCZZhdBrlrflvC1uWZ0g3A87ss7h4Iw3njlO3aX6Bo9R4VOLUkiRKi4
-hmQBxPvXxI2ERmKRomo6lrMaDMzIjD4APSM1vUfZguzQxVYpM8lwy1COeqxsj5p+
-LH6f/EU+4dXZwooJ1uanBOvG2ntnz8SErE+e7wNYE4a/fb8xYM4j7p6qYtnNZPb8
-sj8bvx8iWXp4A1csVetyVSchBhTVQhhNos6ouYpc4ibrYwARAQABiQI8BBgBCAAm
-AhsMFiEElI60IyLF0At5NA9dz/M0TZCHpJAFAmjWhoAFCRLfnBoACgkQz/M0TZCH
-pJA4sA/7BZrP4nwWF1eQVliMWJ1KKG+sHizK4c+ZiB67aFJw4pLDCL5o6unOWH8V
-ocr1pWC/BMmLG4K77O2qadhUH7mzXm/ddZ/DVF3xHTvTmG1W1bLd6zj3k6qOFYq8
-yPS2QNTa3+3oNbtZQ+RpvhCAmv2Dc1GMPNP2hKR/Ju9r9NwGWBEDQBtiMZ7872QJ
-yR3IFyfQGRvj+GBbEBvJwCFmaRb3eDorhaNhM0b0c/RbIueEWD40nkCUtmM4Zrc1
-0HLod8Li8C4j8sIqIdfTKo1RiJUUg86q1K3pGA86hoOzeaihZekcm6wMwGlhXymb
-Ng41yB/ZTedl9wk+XEEcD6HZMCXyfh55hBdWG06aEhMIALjOCj2VkRnDLmOKLgDZ
-kg7OOQxDfKACCCvk72HZG3qKtaN9oNH1oeaVwc3ytWR8y2hQJcCxmoQsLn+Xvkgc
-aYRNklPW2z8817J3fmvvwS0o6sOWRHLb0XAc+NZg4lEQOgwVFrE0XIAgkXHLQbuQ
-GRpRzRncHX95RXMzGb1+8kpWEcM7gazgUA3omoAumwNEqmeBX1TmEtDop1k5RFCS
-UWbv+A2s2GSAb05MHY0InIhMxzJXEa5+dJDPSvZnbiGRGhQitEe4eIlmPcNA1lB+
-ADFE2UTzcpRTo5cOKfrXyZXr6JCEl2+tB3o5m0v7FRdr6+zIS5g=
-=Ubkv
------END PGP PUBLIC KEY BLOCK-----

changelog

@@ -1,917 +0,0 @@
-* Thu Nov 02 2023 Petr Menšík <pemensik@redhat.com> - 1.19.0-1
-- Update to 1.19.0 (#2248686)
-
-* Wed Sep 06 2023 Petr Menšík <pemensik@redhat.com> - 1.18.0-2
-- Skip failing tests on ELN builds
-
-* Fri Sep 01 2023 Petr Menšík <pemensik@redhat.com> - 1.18.0-1
-- Update to 1.18.0 (#2236097)
-
-* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.1-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 1.17.1-3
-- Rebuilt for Python 3.12
-
-* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Fri Jan 13 2023 Paul Wouters <paul.wouters@aiven.io - 1.17.1-1
-- Resolved rhbz#2160397 unbound-1.17.1 is available (bugfix release)
-- Add support for building with redis
-
-* Thu Dec 01 2022 Petr Menšík <pemensik@redhat.com> - 1.17.0-2
-- Move unbound user creation to libs (#2149036)
-- Use systemd-sysusers for user creation (#2105416)
-- Keep original DNSSEC root key as config (#2132103)
-
-* Tue Nov 01 2022 Petr Menšík <pemensik@redhat.com> - 1.17.0-1
-- Update to 1.17.0 (#2134348)
-
-* Wed Oct 05 2022 Petr Menšík <pemensik@redhat.com> - 1.16.3-3
-- Correct issues made by unbound-anchor package split (#2110858)
-
-* Fri Sep 30 2022 Petr Menšík <pemensik@redhat.com> - 1.16.3-2
-- Update License tag to SPDX identifier
-
-* Fri Sep 23 2022 Petr Menšík <pemensik@redhat.com> - 1.16.3-1
-- Update to 1.16.3 (#2128638)
-
-* Tue Aug 09 2022 Paul Wouters <pwouters@redhat.com> - 1.16.2-3
-- sync up to upstream unbound.conf
-- Enable Extended DNS Error codes (RFC8914)
-
-* Tue Aug 09 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-2
-- Require openssl tool for unbound-keygen (#2116790)
-
-* Wed Aug 03 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-1
-- Update to 1.16.2 (#2105947) for CVE-2022-30698 and CVE-2022-30699
-
-* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Mon Jun 27 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-6
-- Move unbound-anchor to separate package
-- Move unbound-host and unbound-streamtcp to unbound-utils package
-
-* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 1.16.0-5
-- Rebuilt for Python 3.11
-
-* Tue Jun 07 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-4
-- Restart keygen service before every unbound start
-
-* Sat Jun 04 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1
-- Update to 1.16.0
-
-* Tue Apr 26 2022 Petr Menšík <pemensik@redhat.com> - 1.15.0-3
-- Stop creating wrong devel manual pages (#2078929)
-
-* Wed Apr 20 2022 Petr Menšík <pemensik@redhat.com> - 1.15.0-2
-- Update icannbundle.pem
-
-* Tue Mar 29 2022 Petr Menšík <pemensik@redhat.com> - 1.15.0-1
-- Update to 1.15.0 (#2030608)
-
-* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.2-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Sat Nov 06 2021 Adrian Reber <adrian@lisas.de> - 1.13.2-4
-- Rebuilt for protobuf 3.19.0
-
-* Mon Oct 25 2021 Adrian Reber <adrian@lisas.de> - 1.13.2-3
-- Rebuilt for protobuf 3.18.1
-
-* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.13.2-2
-- Rebuilt with OpenSSL 3.0.0
-
-* Thu Aug 12 2021 Paul Wouters <paul.wouters@aiven.io> - 1.13.2-1
-- Resolves: rhbz#1992985 unbound-1.13.2 is available
-- Use system-wide crypto policies
-
-* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.1-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Wed Jun 02 2021 Python Maint <python-maint@redhat.com> - 1.13.1-7
-- Rebuilt for Python 3.10
-
-* Fri Apr 23 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-6
-- Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux
-- Resolves: rhbz#1935101
-
-* Tue Apr 13 2021 Paul Wouters <pwouters@redhat.com> - 1.13.1-5
-- Fix unbound.service to use After=network-online.target
-
-* Tue Apr 06 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-4
-- Don't start unbound-anchor before unbound service if DISABLE_UNBOUND_ANCHOR
-  environment variable equals to "yes"
-
-* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.13.1-3
-- Rebuilt for updated systemd-rpm-macros
-  See https://pagure.io/fesco/issue/2583.
-
-* Mon Feb 15 2021 Victor Stinner <vstinner@python.org> - 1.13.1-2
-- Fix build on Python 3.10 (rhbz#1889726).
-
-* Wed Feb 10 2021 Paul Wouters <pwouters@redhat.com> - 1.13.1-1
-- Resolves rhbz#1860887 unbound-1.13.1 is available
-- Fixup unbound.conf
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Thu Dec 10 2020 Petr Menšík <pemensik@redhat.com> - 1.13.0-1
-- Update to 1.13.0
-
-* Tue Oct 13 2020 Petr Menšík <pemensik@redhat.com> - 1.12.0-1
-- Update to 1.12.0 (#1860887)
-
-* Tue Sep 15 2020 Petr Menšík <pemensik@redhat.com> - 1.10.1-5
-- Move command line tools to utils subpackage
-
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1.10.1-3
-- Use make macros
-- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
-
-* Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 1.10.1-2
-- Rebuilt for Python 3.9
-
-* Tue May 19 2020 Paul Wouters <pwouters@redhat.com> - 1.10.1-1
-- Resolves: rhbz#1837279 unbound-1.10.1 is available
-- Resolves: rhbz#1837598 CVE-2020-12662 unbound: insufficient control of network message volume leads to DoS
-- Resolves: rhbz#1837609 CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
-- Updated unbound.conf for new options in 1.10.1
-
-* Wed Apr 29 2020 Paul Wouters <pwouters@redhat.com> - 1.10.0-3
-- Resolves: rhbz#1667742 SELinux is preventing unbound from 'name_bind' accesses on the udp_socket port 61000.
-
-* Thu Apr 16 2020 Artem Egorenkov <aegorenk@redhat.com> - 1.10.0-2
-- Resolves: rhbz#1824536 unbound crash
-
-* Thu Mar 19 2020 Petr Menšík <pemensik@redhat.com> - 1.10.0-1
-- Update to 1.10.0 (#1805199)
-
-* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.6-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Fri Dec 13 2019 Paul Wouters <pwouters@redhat.com> - 1.9.6-1
-- Resolves: rhbz#1758107 unbound-1.9.5 is available
-- Resolves: CVE-2019-18934
-
-* Fri Nov 01 2019 Paul Wouters <pwouters@redhat.com> - 1.9.4-1
-- Fix build on rhel/centos systems
-- Resolves: rhbz#1767955 (CVE-2019-16866) uninitialized memory accesses leads to crash via a crafted NOTIFY query
-
-* Thu Sep 26 2019 Petr Menšík <pihhan@gmail.com> - 1.9.3-2
-- Obsolete no longer provided python2 subpackage (#1749400)
-
-* Tue Aug 27 2019 Paul Wouters <pwouters@redhat.com> - 1.9.3-1
-- Updated to 1.9.3
-- Resolves: rhbz#1672578 unbound-1.9.2 is available
-- Resolves: rhbz#1694831 [/usr/lib/tmpfiles.d/unbound.conf:1] Line references path below legacy directory /var/run/
-- Resolves: rhbz# 1667387 [abrt] unbound: memmove(): unbound killed by SIGABRT
-
-* Thu Aug 22 2019 Miro Hrončok <mhroncok@redhat.com> - 1.8.3-8
-- Subpackage python2-unbound has been removed
-  See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
-
-* Thu Aug 15 2019 Miro Hrončok <mhroncok@redhat.com> - 1.8.3-7
-- Rebuilt for Python 3.8
-
-* Mon Aug  5 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.8.3-6
-- Drop install-time requirements on systemd (#1723777)
-
-* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jan 11 2019 Paul Wouters <pwouters@redhat.com> - 1.8.3-3
-- Remove KSK-2010 from configs - it has been revoked
-
-* Wed Dec 12 2018 Paul Wouters <pwouters@redhat.com> - 1.8.3-2
-- Another dns64 fixup
-
-* Wed Dec 12 2018 Paul Wouters <pwouters@redhat.com> - 1.8.3-1
-- Updated to 1.8.3 with fixes the dns64 bug and has some other minor fixes
-
-* Mon Dec 10 2018 Paul Wouters <pwouters@redhat.com> - 1.8.2-2
-- Fix dns64 allocation in wrong region for returned internal queries.
-
-* Tue Dec 04 2018 Paul Wouters <pwouters@redhat.com> - 1.8.2-1
-- Updated to 1.8.2.
-- Enabled deny ANY query support and edns-tcp-keepalive
-- Set serve-stale timeout to 4h
-- Updated unbound.conf for latest options
-
-* Mon Oct 22 2018 Petr Menšík <pemensik@redhat.com> - 1.8.1-2
-- Allow group by default to unbound-control (#1640259)
-
-* Mon Oct 08 2018 Petr Menšík <pemensik@redhat.com> - 1.8.1-1
-- Update to 1.8.1
-
-* Mon Oct 01 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-2
-- Skip ipv6 forwarders without ipv6 support (#1633874)
-
-* Wed Sep 19 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-1
-- Rebase to 1.8.0
-
-* Tue Aug 14 2018 Paul Wouters <pwouters@redhat.com> - 1.7.3-9
-- Fix for restarting unbound service after deleting key/pem files for remote control
-
-* Tue Jul 31 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-8
-- Release memory in unbound-host
-
-* Mon Jul 23 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-7
-- Remove unused Group tag
-
-* Wed Jul 18 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-6
-- Cleanup generated client and server keys (#1601773)
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.3-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Mon Jul 09 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-4
-- Do not call ldconfig if possible
-
-* Wed Jul 04 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-3
-- Update trust anchors also behind firewall (#1598078)
-
-* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 1.7.3-2
-- Rebuilt for Python 3.7
-
-* Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-1
-- Update to 1.7.3 (#1593708)
-
-* Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 1.7.2-3
-- Remove last python2 dependency from python3 build
-
-* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.7.2-2
-- Rebuilt for Python 3.7
-
-* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
-- Resolves rhbz#1589807 unbound-1.7.2 is available
-- Add patch to fix stub/forward zone not returning ServFail when TTL expires
-- Enabled the new root-key-sentinel option
-
-* Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1
-- Update to 1.7.1 (#1574495)
-
-* Mon Apr 09 2018 Petr Menšík <pemensik@redhat.com> - 1.7.0-5
-- Require gcc and make on build
-- Remove group, simplify systemd requires
-- Simplify building with single python version, make python3 primary
-
-* Mon Apr 09 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-4
-- Patch for prefetching after flushing cache
-
-* Fri Apr 06 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-3
-- Patch for referral with auth-zone: response
-
-
-* Wed Mar 21 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-2
-- Patch for broken Aggressive NSEC + stub-zone configuration causing NXDOMAIN at TTL expiry
-
-* Thu Mar 15 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-1
-- Updated to 1.7.0 (aggressive nsec, local root support, bugfixes)
-
-* Thu Feb 22 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-6
-- Uncomment again original max-upd-size
-
-* Wed Feb 21 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-5
-- Use default RPM build flags and configure parameters (#1539097)
-
-* Wed Feb 21 2018 Petr Menšík <pemensik@redhat.com> - 1.6.8-4
-- Remove group writable bit from some config files (#1528445)
-
-* Wed Feb 14 2018 Filipe Rosset <rosset.filipe@gmail.com> - 1.6.8-3
-- rebuilt due new libevent 2.1.8
-
-* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.6.8-2
-- Escape macros in %%changelog
-
-* Mon Jan 22 2018 Paul Wouters <pwouters@redhat.com> - 1.6.8-1
-- Resolves rhbz#1483572 unbound-1.6.8 is available
-- Resolves rhbz#1507049 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records
-- Resolves rhbz#1536518 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records [fedora-all]
-
-* Sun Dec 17 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.6.7-2
-- Python 2 binary package renamed to python2-unbound
-  See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
-
-* Thu Oct 12 2017 Paul Wouters <pwouters@redhat.com> - 1.6.7-1
-- Updated to 1.6.7 (minor bugfixes)
-
-* Tue Oct 03 2017 Petr Menšík <pemensik@redhat.com> - 1.6.6-3
-- Update icannbundle.pem
-
-* Mon Oct 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-2
-- Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics
-
-* Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
-- Resolves: rhbz#1483572 unbound-1.6.6 is available
-- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
-
-* Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4
-- Rebuilt with KSK2017 added to root.key and root.anchor
-- Remove noreplace for root key files. We can only improve these files over local copies
-
-* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sun Jul 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-1
-- Updated to 1.6.4 full release, patch to allow missing ipsechook
-- Resolves rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook
-
-* Thu Jun 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-0.rc2
-- Update to 1.6.4 (esubnet, ipsecmod support, bugfixes)
-
-* Tue Jun 13 2017 Paul Wouters <pwouters@redhat.com> - 1.6.3-1
-- Updated to 1.6.3 (fixes assertion failure when receiving malformed packet with 0x20 enabled)
-
-* Thu Jun 08 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-2
-- Patch for cmd: unbound-control set_option val-permissive-mode: yes
-
-* Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1
-- Update to 1.6.2 (rhbz#1425649)
-- Updated unbound.conf with new options
-
-* Wed Mar 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-6
-- Call make unbound-event-install to install unbound-event.h
-
-* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Wed Jan 18 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-4
-- Remove obsoleted DLV key
-
-* Mon Jan 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-3
-- Actually remove dependency because minimum is always satisfied
-
-* Mon Jan 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-2
-- Depend on openssl-libs, not opensl
-
-* Wed Dec 21 2016 Kevin Fenzi <kevin@scrye.com> - 1.6.0-1
-- Update to 1.6.0
-
-* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.5.10-3
-- Rebuild for Python 3.6
-
-* Wed Oct 26 2016 Ilya Evseev <evseev.i@cdnnow.ru> - 1.5.10-2
-- Bugfix building without python2 and python3
-- Fixup streamtcp build (Paul)
-
-* Tue Sep 27 2016 Paul Wouters <pwouters@redhat.com> - 1.5.10-1
-- Updated to 1.5.10 (better TCP handling, bugfixes)
-- Install pkgconfig file in -devel package
-- Updated unbound.conf
-
-* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.9-4
-- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
-
-* Thu Jul 07 2016 Paul Wouters <pwouters@redhat.com> - 1.5.9-3
-- Fix upper port range to 60999 because that's what selinux allows
-
-* Thu Jun 16 2016 Paul Wouters <pwouters@redhat.com> - 1.5.9-2
-- Patch for allowing more queries before failure (needed for query minimalization)
-
-* Mon Jun 13 2016 Paul Wouters <pwouters@redhat.com> - 1.5.9-1
-- Updated to 1.5.9
-
-* Thu Apr 21 2016 Toshio Kuratomi <toshio@fedoraproject.org> - 1.5.8-2
-- Fix streamtcp to link against libpython3.x instead of libpython2.x
-
-* Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1
-- Update to 1.5.8 (rhbz#1313831) which incorporates rhbz#1294339 patch
-- Updated unbound.conf with new upstream options
-- Enabled ip-transparent: yes (see rhbz#1291449)
-
-* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.7-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Thu Jan 21 2016 Tomas Hozza <thozza@redhat.com> - 1.5.7-2
-- Fix escaping of shell chars in unbound-control-setup (#1294339)
-
-* Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1
-- Update to 1.5.7
-- Enable query minimalization for enhanced DNS query privacy
-- Enable nxdomain hardening to assist with query minimalization and SBLs
-- Updated default unbound.conf for new features from upstream.
-
-* Fri Nov 13 2015 Tomas Hozza <thozza@redhat.com> - 1.5.6-1
-- Update to 1.5.6 (#1176729)
-
-* Wed Nov 04 2015 Robert Kuska <rkuska@redhat.com> - 1.5.5-2
-- Rebuilt for Python3.5 rebuild
-
-* Wed Oct 07 2015 Tomas Hozza <thozza@redhat.com> - 1.5.5-1
-- New upstream release 1.5.5 (#1269137)
-- Removed the anchor update from %%post section of -libs subpackage (#1269137#c2)
-
-* Tue Sep 15 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-5
-- Removed dependency and ordering on unbound-anchor.service in unbound.service
-
-* Thu Sep 03 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-4
-- Prefer Python3 build over Python2 build for now (#1254566)
-
-* Mon Jul 20 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-3
-- Added ExecReload section to unbound.service (#1195785)
-- Removed After syslog.target since it is not needed any more
-
-* Thu Jul 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-2
-- Start unbound-anchor.timer only on new installations
-- Rename root.anchor to root.key in %%post section
-
-* Tue Jul 14 2015 Paul Wouters <pwouters@redhat.com> - 1.5.4-1
-- Update to 1.5.4
-- Removed patches merged into upstream
-
-* Tue Jun 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-8
-- Revert: Use low maximum negative cache TTL (5 sec) (#1229596)
-
-* Mon Jun 15 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-7
-- Add option for maximum negative cache TTL (#1229599)
-- Use low maximum negative cache TTL (5 sec) (#1229596)
-
-* Tue May 26 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-6
-- Removed usage of DLV from the default configuration (#1223363)
-
-* Wed May 13 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-5
-- unbound.service now Wants unbound-anchor.timer
-- unbound-anchor man page moved to the unbound-libs
-
-* Mon May 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-4
-- Fixup scriptlets causing systemctl: command not found
-- Resolves rhbz#1219587 Error in PREIN scriptlet in rpm package unbound-libs
-
-* Mon Apr 27 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-3
-- migrate cronjob to systemd timer unit (#1177285)
-- change the period for unbound-anchor from monthly to daily (#1180267)
-- Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch
-
-* Thu Apr 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-2
-- Fix FTBFS (#1206129)
-- Build python3-unbound and python-unbound bindings for Python 3 and 2 (#1188080)
-
-* Mon Mar 16 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-1
-- Updated to 1.5.3 which is a bugfix on 1.5.2 for sighup handling
-- Updated to 1.5.2 which fixes DNSSEC validation with different
-  trust anchors upstream, local-zone has a new keyword 'inform'
-
-* Mon Feb 02 2015 Paul Wouters <pwouters@redhat.com> - 1.5.1-4
-- Build with --enable-ecdsa
-
-* Sun Feb 01 2015 Paul Wouters <pwouters@redhat.com> - 1.5.1-3
-- Fix post to create root.anchor, not root.key, to match cron job
-
-* Tue Dec 09 2014 Paul Wouters <pwouters@redhat.com> - 1.5.1-2
-- Change systemd-units to systemd
-- Use _tmpfilesdir macro, don't mark tmpfiles as config
-
-* Tue Dec 09 2014 Paul Wouters <pwouters@redhat.com> - 1.5.1-1
-- Update to 1.5.1 for CVE-2014-8602 (rhbz#1172066)
-- Removed unbound-aarch64.patch which was merged upstream
-- Don't require autotools for non snapshots or run autoreconf
-
-* Fri Nov 28 2014 Tomas Hozza <thozza@redhat.com> - 1.5.1-0.1.rc1
-- update to 1.5.1rc1
-
-* Fri Nov 28 2014 Marcin Juszkiewicz <mjuszkiewicz@redhat.com> - 1.5.0-3
-- fix build on aarch64
-
-* Wed Nov 26 2014 Tomas Hozza <thozza@redhat.com> - 1.5.0-2
-- Fix race condition in arc4random (#1166878)
-
-* Wed Nov 19 2014 Tomas Hozza <thozza@redhat.com> - 1.5.0-1
-- update to 1.5.0
-
-* Wed Sep 24 2014 Pavel Šimerda <psimerda@redhat.com> - 1.4.22-6
-- Resolves: #1115489 - build with python 3.x for fedora >= 22
-
-* Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 1.4.22-5
-- Rebuild for rpm bug 1131960
-
-* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.22-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
-
-* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.22-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Thu May 01 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-2
-- Added flushcache patch (SVN commit 3125)
-
-* Thu Mar 13 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1
-- Updated to 1.4.22
-- No longer requires the ldns library
-
-* Thu Jan 16 2014 Tomas Hozza <thozza@redhat.com> - 1.4.21-3
-- Fix segfault on adding insecure forward zone when using only iterator (#1054192)
-
-* Mon Oct 21 2013 Tomas Hozza <thozza@redhat.com> - 1.4.21-2
-- run test suite during the build
-
-* Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1
-- Updated to 1.4.21,
-- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
-- Removed patched merged in by upstream
-- Enable statistics-cumulative for munin-plugin
-- Added outgoing-port-avoid: 0-32767 conformant to SElinux restrictions
-- Updated unbound.conf
-
-* Mon Aug 26 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-19
-- Fix errors found by static analysis of source
-
-* Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-18
-- Change unbound.conf to only use ephemeral ports (32768-65535)
-
-* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.20-17
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Mon Jul 22 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-16
-- provide man page for unbound-streamtcp
-
-* Mon Jul 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-15
-- Re-introduce hardening flags for full relro and pie
-- Fixes compilation failure for python module
-
-* Wed Jul 03 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-14
-- remove missing unbound-rootkey.service from post/preun/postun sections
-- don't hardcode hardening flags, let hardened build macro handles it
-
-* Sat Jun 01 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-13
-- Run unbound-anchor as user unbound in unbound.service
-
-* Tue May 28 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-12
-- Enable round-robin (with noths() patch)
-- Change cron and systemd service to use root.key, not root.anchor
-
-* Sat May 25 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-10
-- Use /var/lib/unbound/root.key (more consistent with other distros)
-- Enable minimal responses
-
-* Mon Apr 22 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-8
-- Refix
-
-* Fri Apr 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-7
-- Fix runuser call in post.
-
-* Tue Apr 16 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-6
-- /var/lib/unbound should be owned by unbound. group write is not enough
-
-* Fri Apr 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-5
-- Fix cron job syntax (rhbz#951725)
-- Use install -p to prevent .rpmnew files that are identical to originals
-
-* Mon Apr 8 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-4
-- Updated to 1.4.20
-- Build with full RELRO (not use -z,relro but with -z,relo,-z,now)
-- Fixup man page for unbound-control-setup
-- unbound.service should start before nss-lookup.target (rhbz#919955)
-- Removed patch for rhbz#888759 merged in upstream
-- Move root.anchor to /var/lib/unbound to make selinux policy easier for updating (rhbz#896599/rhbz#891008)
-- Move cronjob for root.anchor from unbound to unbound-libs, require crontabs
-- /etc/unbound (and all) should be owned by unbound-libs (rhbz#909691)
-- Remove Obsolete/Provides for dnssec-conf which was last seen in f13
-- Ensure any unbound-anchor failure in post is ignored
-
-* Tue Mar 05 2013 Adam Tkac <atkac redhat com> - 1.4.19-5
-- build with full RELRO
-- symlink unbound-control-setup.8 manpage to unbound-control.8
-
-* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.19-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Wed Dec 12 2012 Paul Wouters <pwouters@redhat.com> - 1.4.19-3
-- Updated to 1.4.19 - this integrates all existing patches
-- Patch for unbound-anchor (rhbz#888759)
-
-* Fri Nov 09 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-6
-- Patch to ensure stube-zone's aren't lost when using dnssec-triggerd
-- added unbound-munin.README file
-
-* Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-5
-- Patch to allow wildcards in include: statements
-- Add directories /etc/unbound/keys.d,conf.d,local.d with
-  example entries
-- Added /etc/unbound/root.anchor, maintained by unbound-anchor
-  which is installed as monthly cron and PreExec in systemd config
-  (root.key is unused, but left installed in case people depend on it)
-- Native systemd (simple) and /etc/sysconfig/unbound support
-- Run unbound-checkconf in PreExec
-- Moved trust anchor related files to unbound-libs, as they can
-  be used without the daemon.
-- sub packages now depends on base package of same arch
-- Build munin package as noarch
-- unbound-anchor moved to unbound-libs package. It is needed
-  to update the root.anchor key file.
-
-* Tue Sep 04 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-3
-- Fix openssl thread locking bug under high query load
-
-* Thu Aug 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-2
-- Use new systemd-rpm macros (rhbz#850351)
-- Clean up old obsoleted dnssec-conf from < fedora 15
-
-* Fri Aug 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-1
-- Updated to 1.4.18 (FIPS related fixes mostly)
-- Removed patches that were merged in upstream
-- Added comment to root.key
-
-* Mon Jul 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-5
-- Fix for unbound crasher (upstream bug #452)
-- Support libunbound functions in man pages and place in -devel
-
-* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.17-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Tue Jul 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-3
-- unbound FIPS patches for MD5,randomness (rhbz#835106)
-
-* Fri Jun 15 2012 Adam Tkac <atkac redhat com> - 1.4.17-2
-- don't build unbound-munin on RHEL
-
-* Thu May 24 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-1
-- Updated to 1.4.17 (which mostly brings in patches we already
-  applied from svn trunk)
-
-* Wed Feb 29 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-3
-- Since the daemon links to the libs staticly, add Requires:
-  (this is rhbz#745288)
-- Package up streamtcp as unbound-streamtcp (for monitoring)
-
-* Mon Feb 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-2
-- Don't ghost the directory (rhbz#788805)
-- Patch for unbound to support unbound-control forward_zone
-  (needed for openswan in XAUTH mode)
-
-* Thu Feb 02 2012 Paul Wouters <paul@nohats.ca> - 1.4.16-1
-- Upgraded to 1.4.16, which was relesed due to the soname
-  and some DNSSEC validation failures
-
-* Wed Feb 01 2012 Paul Wouters <paul@nohats.ca> - 1.4.15-2
-- Patch for SONAME version (libtool's -version-number vs -version-info)
-
-* Fri Jan 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.15-1
-- Upgraded to 1.4.15
-- Updated unbound.conf to show how to configure listening on tls443
-
-* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.14-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-
-* Mon Dec 19 2011 Paul Wouters <paul@cypherpunks.ca> - 1.4.14-1
-- Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659
-- SSL-wrapped query support for dnssec-trigger
-- EDNS handling changes
-- Removed integrated EDNS patches
-- Disabled use-caps-for-id, GoDaddy domains now break on it
-- Enabled new harden-below-nxdomain
-
-* Thu Sep 15 2011 Paul Wouters <paul@xelerance.com> - 1.4.13-1
-- Upgraded to 1.4.13
-- Removed merged in pythonmod patch
-- Added EDNS1480 patch to fix unbound on broken EDNS/UDP networks
-- Fix python to go into sitearch instead of sitelib
-
-* Wed Sep 14 2011 Tom Callaway <spot@fedoraproject.org> - 1.4.12-4
-- convert to systemd, tmpfiles.d
-
-* Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-3
-- Added pythonmod docs and examples
-
-* Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-2
-- Fix for python module load in the server (Tom Hendrikx)
-- No longer enable --enable-debug as it causes degraded  performance
-  under load.
-
-* Mon Jul 18 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-1
-- Updated to 1.4.12
-
-* Sun Jul 03 2011 Paul Wouters <paul@xelerance.com> - 1.4.11-1
-- Updated to 1.4.11
-- removed integrated CVE patch
-- updated stock unbound.conf for new options introduced
-
-* Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.10-1
-- Added ghost for /var/run/unbound (bz#656710)
-
-* Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-3
-- rebuilt
-
-* Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2
-- Applied patch for CVE-2011-1922 DoS vulnerability
-
-* Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-1
-- Updated to 1.4.9
-
-* Sat Feb 12 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-2
-- rebuilt
-
-* Tue Jan 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-1
-- Updated to 1.4.8
-- Enable root key for DNSSEC
-- Fix unbound-munin to use proper file (could cause excessive logging)
-- Build unbound-python per default
-- Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl
-
-* Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-4
-- Revert last build - it was on the wrong branch
-
-* Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-3
-- Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines
-  (see comments in inbound.conf)
-
-* Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-2
-- Bump release - forgot to upload the new tar ball.
-
-* Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-1
-- Upgraded to 1.4.5
-
-* Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-2
-- Added accidentally omitted svn patches to cvs
-
-* Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-1
-- Upgraded to 1.4.4 with svn patches
-- Obsolete dnssec-conf to ensure it is de-installed
-
-* Thu Mar 11 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-1
-- Update to 1.4.3 that fixes 64bit crasher
-
-* Tue Mar 09 2010 Paul Wouters <paul@xelerance.com> - 1.4.2-1
-- Updated to 1.4.2
-- Updated unbound.conf with new options
-- Enabled pre-fetching DNSKEY records (DNSSEC speedup)
-- Enabled re-fetching popular records before they expire
-- Enabled logging of DNSSEC validation errors
-
-* Mon Mar 01 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-5
-- Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues
-  with pthreads
-
-* Wed Feb 24 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-3
-- Change make/configure lines to attempt to fix -lphtread linking issue
-
-* Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2
-- Removed dependancy for dnssec-conf
-- Added ISC DLV key (formerly in dnssec-conf)
-- Fixup old DLV locations in unbound.conf file via %%post
-- Fix parent child disagreement handling and no-ipv6 present [svn r1953]
-
-* Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-1
-- Updated to 1.4.1
-- Changed %%define to %%global
-
-* Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-2
-- Bump version
-
-* Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-1
-- Upgraded to 1.3.4. Security fix with validating NSEC3 records
-
-* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.3.3-2
-- rebuilt with new openssl
-
-* Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 1.3.3-1
-- Updated to 1.3.3
-
-* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
-* Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-2
-- Added missing glob patch to cvs
-- Place python macros within the %%with_python check
-
-* Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-1
-- Updated to 1.3.0
-- Added unbound-python sub package. disabled for now
-- Patch from svn to fix DLV lookups
-- Patches from svn to detect wrong truncated response from BIND 9.6.1 with
-  minimal-responses)
-- Added Default-Start and Default-Stop to unbound.init
-- Re-enabled --enable-sha2
-- Re-enabled glob.patch
-
-* Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7
-- unbound-iterator.patch was not commited
-
-* Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6
-- Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793
-
-* Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5
-- Use --nocheck to avoid giving an error on missing unbound-remote certs/keys
-
-* Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4
-- enable DNSSEC only if it is enabled in sysconfig/dnssec
-
-* Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3
-- add DNSSEC support to initscript and enabled it per default
-- add requires dnssec-conf
-
-* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
-
-* Tue Feb 10 2009 Paul Wouters <paul@xelerance.com - 1.2.1-1
-- updated to 1.2.1
-
-* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-2
-- rebuild with new openssl
-
-* Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1
-- Updated to 1.2.0
-- Added dependancy on minimum SSL for CVE-2008-5077
-- Added dependancy on bc for unbound-munin
-- Added minimum requirement of libevent 1.4.5. Crashes with older versions
-  (note: libevent is stale in EL-4 and not in EL-5, needs fixing there)
-- Removed dependancy on selinux-policy (will get used when available)
-- Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt
-- Enable unwanted-reply-threshold to mitigate against a Kaminsky attack
-- Enable val-clean-additional to drop addition unsigned data from signed
-  response.
-- Removed patches (got merged into upstream)
-
-* Mon Jan  5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7
-- Modified scandir patch to silently fail when wildcard matches nothing
-- Patch to allow unbound-checkconf to find empty wildcard matches
-
-* Mon Jan  5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-6
-- Added scandir patch for trusted-keys-file: option, which
-  is used to load multiple dnssec keys in bind file format
-
-* Mon Dec  8 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-4
-- Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules.
-
-* Mon Dec  1 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-3
-- We did not own the /etc/unbound directory (#474020)
-- Fixed cvs anomalies
-
-* Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2
-- removed all obsolete chroot related stuff
-- label control certs after generation correctly
-
-* Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1
-- Updated to unbound 1.1.1 which fixes a crasher and
-  addresses nlnetlabs bug #219
-
-* Wed Nov 19 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-3
-- Remove the chroot, obsoleted by SElinux
-- Add additional munin plugin links supported by unbound plugin
-- Move configuration directory from /var/lib/unbound to /etc/unbound
-- Modified unbound.init and unbound.conf to account for chroot changes
-- Updated unbound.conf with new available options
-- Enabled dns-0x20 protection per default
-
-* Wed Nov 19 2008 Adam Tkac <atkac redhat com> - 1.1.0-2
-- unbound-1.1.0-log_open.patch
-  - make sure log is opened before chroot call
-  - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219
-- removed /dev/log and /var/run/unbound and /etc/resolv.conf from
-  chroot, not needed
-- don't mount files in chroot, it causes problems during updates
-- fixed typo in default config file
-
-* Fri Nov 14 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-1
-- Updated to version 1.1.0
-- Updated unbound.conf's statistics options and remote-control
-  to work properly for munin
-- Added unbound-munin package
-- Generate unbound remote-control  key/certs on first startup
-- Required ldns is now 1.4.0
-
-* Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5
-- Only call ldconfig in -libs package
-- Move configure into build section
-- devel subpackage should only depend on libs subpackage
-
-* Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4
-- Fix CFLAGS getting lost in build
-- Don't enable interface-automatic:yes because that
-  causes unbound to listen on 0.0.0.0 instead of 127.0.0.1
-
-* Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3
-- Split off unbound-libs, make build verbose
-
-* Thu Oct  9 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2
-- FSB compliance, chroot fixes, initscript fixes
-
-* Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1
-- Upgraded to 1.0.2
-
-* Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1
-- upgraded to new release
-
-* Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2
-- Build against ldns-1.3.0
-
-* Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1
-- Split of -devel package, fixed dependancies, make rpmlint happy
-
-* Fri Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12
-- Using parts from ports collection entry by Jaap Akkerhuis.
-- Using Fedoraproject wiki guidelines.
-
-* Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11
-- Initial version.

ci.fmf

@@ -1 +0,0 @@
-resultsdb-testcase: separate

fedora-defaults.conf

@@ -1,229 +0,0 @@
-# Fedora distribution defaults
-
-server:
-	# verbosity number, 0 is least verbose. 1 is default.
-	verbosity: 1
-
-	# print statistics to the log (for every thread) every N seconds.
-	# Set to "" or 0 to disable. Default is disabled.
-	# Needs to be disabled for munin plugin
-	statistics-interval: 0
-
-	# enable cumulative statistics, without clearing them after printing.
-	# Needs to be disabled for munin plugin
-	statistics-cumulative: no
-
-	# enable extended statistics (query types, answer codes, status)
-	# Needs to be enabled for munin plugin
-	extended-statistics: yes
-
-	# number of threads to create. 1 disables threading.
-	# num-threads: 1
-	num-threads: 4
-
-	# specify the interfaces to answer queries from by ip-address.
-	# The default is to listen to localhost (127.0.0.1 and ::1).
-	# specify 0.0.0.0 and ::0 to bind to all available interfaces.
-	# specify every interface[@port] on a new 'interface:' labelled line.
-	# The listen interfaces are not changed on reload, only on restart.
-	# interface: 0.0.0.0
-	# interface: ::0
-	# interface: 192.0.2.153
-	# interface: 192.0.2.154
-	# interface: 192.0.2.154@5003
-	# interface: 2001:DB8::5
-	# interface: eth0@5003
-	#
-	# for dns over tls and raw dns over port 80
-	# interface: 0.0.0.0@443
-	# interface: ::0@443
-	# interface: 0.0.0.0@80
-	# interface: ::0@80
-
-	# enable this feature to copy the source address of queries to reply.
-	# Socket options are not supported on all platforms. experimental.
-	# interface-automatic: yes
-	#
-	# NOTE: Enable this option when specifying interface 0.0.0.0 or ::0
-	# NOTE: Disabled per Fedora policy not to listen to * on default install
-	# NOTE: If deploying on non-default port, eg 80/443, this needs to be disabled
-	interface-automatic: no
-
-	# permit Unbound to use this port number or port range for
-	# making outgoing queries, using an outgoing interface.
-	# Only ephemeral ports are allowed by SElinux
-	outgoing-port-permit: 32768-60999
-
-	# IANA-assigned port numbers.
-	# If multiple outgoing-port-permit and outgoing-port-avoid options
-	# are present, they are processed in order.
-	# Our SElinux policy does not allow non-ephemeral ports to be used
-	outgoing-port-avoid: 0-32767
-	outgoing-port-avoid: 61000-65535
-
-	# use SO_REUSEPORT to distribute queries over threads.
-	# at extreme load it could be better to turn it off to distribute even.
-	so-reuseport: yes
-	 
-	# use IP_TRANSPARENT so the interface: addresses can be non-local
-	# and you can config non-existing IPs that are going to work later on
-	# (uses IP_BINDANY on FreeBSD).
-	ip-transparent: yes
-
-	# Enable UDP, "yes" or "no".
-	# NOTE: if setting up an Unbound on tls443 for public use, you might want to
-	# disable UDP to avoid being used in DNS amplification attacks.
-	# do-udp: yes
-
-	# Enable EDNS TCP keepalive option.
-	edns-tcp-keepalive: yes
-
-	# Fedora note: do not activate this - not compiled in because
-	# it causes frequent unbound crashes. Also, socket activation
-	# is bad when you have things like dnsmasq also running with libvirt.
-	# Use systemd socket activation for UDP, TCP, and control sockets.
-	# use-systemd: no
-
-	# If you give "" no chroot is performed. The path must not end in a /.
-	# chroot: "/etc/unbound"
-	chroot: ""
-
-	# If you give a server: directory: dir before include: file statements
-	# then those includes can be relative to the working directory.
-	directory: "/etc/unbound"
-
-	# print UTC timestamp in ascii to logfile, default is epoch in seconds.
-	log-time-ascii: yes
-
-	# Harden against unseemly large queries.
-	harden-large-queries: yes
-
-	# Harden against unverified (outside-zone, including sibling zone) glue rrsets
-	harden-unverified-glue: yes
-
-	# Default off, because the lookups burden the server.  Experimental
-	# implementation of draft-wijngaards-dnsext-resolver-side-mitigation.
-	harden-referral-path: yes
-
-	# Sent minimum amount of information to upstream servers to enhance
-	# privacy. Only sent minimum required labels of the QNAME and set QTYPE
-	# to A when possible.
-	qname-minimisation: yes
-
-	# Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
-	# and other denials, using information from previous NXDOMAINs answers.
-	aggressive-nsec: yes
-
-	# threshold, a warning is printed and a defensive action is taken,
-	# the cache is cleared to flush potential poison out of it.
-	# A suggested value is 10000000, the default is 0 (turned off).
-	unwanted-reply-threshold: 10000000
-
-	# if yes, perform prefetching of almost expired message cache entries.
-	prefetch: yes
-
-	# if yes, perform key lookups adjacent to normal lookups.
-	prefetch-key: yes
-
-	# deny queries of type ANY with an empty response.
-	deny-any: yes
-
-	# if yes, Unbound rotates RRSet order in response.
-	rrset-roundrobin: yes
-
-	# if yes, Unbound doesn't insert authority/additional sections
-	# into response messages when those sections are not required.
-	minimal-responses: yes
-
-	# module configuration of the server. A string with identifiers
-	# separated by spaces. Syntax: "[dns64] [validator] iterator"
-	# most modules have to be listed at the beginning of the line,
-	# except cachedb(just before iterator), and python (at the beginning,
-	# or, just before the iterator).
-	# For redis cachedb use:
-	#    "ipsecmod validator cachedb iterator"
-	module-config: "ipsecmod validator iterator"
-
-	# trust anchor signaling sends a RFC8145 key tag query after priming.
-	trust-anchor-signaling: yes
-
-	# Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel)
-	root-key-sentinel: yes
-
-	# the trusted-keys { name flag proto algo "key"; }; clauses are read.
-	# you need external update procedures to track changes in keys.
-	# trusted-keys-file: ""
-	#
-	trusted-keys-file: /etc/unbound/keys.d/*.key
-	auto-trust-anchor-file: "/var/lib/unbound/root.key"
-
-	# Should additional section of secure message also be kept clean of
-	# unsecure data. Useful to shield the users of this validator from
-	# potential bogus data in the additional section. All unsigned data
-	# in the additional section is removed from secure messages.
-	val-clean-additional: yes
-
-	# Turn permissive mode on to permit bogus messages. Thus, messages
-	# for which security checks failed will be returned to clients,
-	# instead of SERVFAIL. It still performs the security checks, which
-	# result in interesting log files and possibly the AD bit in
-	# replies if the message is found secure. The default is off.
-	# NOTE: TURNING THIS ON DISABLES ALL DNSSEC SECURITY
-	val-permissive-mode: no
-
-	# Serve expired responses from cache, with serve-expired-reply-ttl in
-	# the response, and then attempt to fetch the data afresh.
-	serve-expired: yes
-
-	# Limit serving of expired responses to configured seconds after
-	# expiration. 0 disables the limit.
-	serve-expired-ttl: 14400
-
-	# Have the validator log failed validations for your diagnosis.
-	# 0: off. 1: A line per failed user query. 2: With reason and bad IP.
-	val-log-level: 1
-
-	# service clients over TLS (on the TCP sockets) with plain DNS inside
-	# the TLS stream, and over HTTPS using HTTP/2 as specified in RFC8484.
-	# Give the certificate to use and private key.
-	# default is "" (disabled).  requires restart to take effect.
-	# tls-service-key: "/etc/unbound/unbound_server.key"
-	# tls-service-pem: "/etc/unbound/unbound_server.pem"
-
-	# Fedora/RHEL: use system-wide crypto policies
-	tls-ciphers: "PROFILE=SYSTEM"
-
-	# Enable to attach Extended DNS Error codes (RFC8914) to responses.
-	# Fedora defaults to yes.
-	ede: yes
-
-	# Enable to attach an Extended DNS Error (RFC8914) Code 3 - Stale
-	# Answer as EDNS0 option to expired responses.
-	# Note that the ede option above needs to be enabled for this to work.
-	# Fedora defaults to yes.
-	ede-serve-expired: yes
-
-	# Enable or disable ipsecmod (it still needs to be defined in
-	# module-config above). Can be used when ipsecmod needs to be
-	# enabled/disabled via remote-control(below).
-	# Fedora: module will be enabled on-demand by libreswan
-	ipsecmod-enabled: no
-
-	# Path to executable external hook. It must be defined when ipsecmod is
-	# listed in module-config (above).
-	ipsecmod-hook: /usr/libexec/ipsec/_unbound-hook
-
-python:
-	# Script file to load
-	# python-script: "/etc/unbound/ubmodule-tst.py"
- 
-# Remote control config section moved into own remote-control.conf
-
-#   the module-config then you need one dynlib-file per instance.
-dynlib:
-	# Script file to load
-	# dynlib-file: "/etc/unbound/dynlib.so"
-
-# Fedora: DNSCrypt support not enabled since it requires linking to
-#         another crypto library
-#

gating.yaml

@@ -1,16 +0,0 @@
---- !Policy
-product_versions:
-  - fedora-*
-decision_contexts: [bodhi_update_push_testing]
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
-
-#gating rawhide
---- !Policy
-product_versions:
-  - fedora-*
-decision_contexts: [bodhi_update_push_stable]
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}

icannbundle.pem

@@ -1,3 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
+        Validity
+            Not Before: Dec 23 04:19:12 2009 GMT
+            Not After : Dec 18 04:19:12 2029 GMT
+        Subject: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:a0:db:70:b8:4f:34:da:9c:d4:d0:7e:bb:ea:15:
+                    bc:e9:c9:11:2a:1f:61:2f:6a:b9:bd:3f:3d:76:a0:
+                    9a:0a:f7:ee:93:6e:6e:55:53:84:8c:f2:2c:f1:82:
+                    27:c8:0f:9a:cf:52:1b:54:da:28:d2:2c:30:8e:dd:
+                    fb:92:20:33:2d:d6:c8:f1:0e:10:21:88:71:fa:84:
+                    22:4b:5d:47:56:16:7c:9b:9f:5d:c3:11:79:9c:14:
+                    e2:ff:c0:74:ac:dd:39:d7:e0:38:d8:b0:73:aa:fb:
+                    d1:db:84:af:52:22:a8:f6:d5:9b:94:f4:e6:5d:5e:
+                    e8:3f:87:90:0b:c7:1a:77:f5:2e:d3:8f:1a:ce:02:
+                    1d:07:69:21:47:32:da:46:ae:00:4c:b6:a5:a2:9c:
+                    39:c1:c0:4a:f6:d3:1c:ae:d3:6d:bb:c7:18:f0:7e:
+                    ed:f6:80:ce:d0:01:2e:89:de:12:ba:ee:11:cb:a6:
+                    7a:d7:0d:7c:f3:08:8d:72:9d:bf:55:75:13:70:bb:
+                    31:22:4a:cb:e8:c0:aa:a4:09:aa:36:68:40:60:74:
+                    9d:e7:19:81:43:22:52:fe:c9:2b:52:0f:41:13:36:
+                    09:72:65:95:cc:89:ae:6f:56:17:16:34:73:52:a3:
+                    04:ed:bd:88:82:8a:eb:d7:dc:82:52:9c:06:e1:52:
+                    85:41
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
+    Signature Algorithm: sha256WithRSAEncryption
+        0f:f1:e9:82:a2:0a:87:9f:2d:94:60:5a:b2:c0:4b:a1:2f:2b:
+        3b:47:d5:0a:99:86:38:b2:ec:c6:3b:89:e4:6e:07:cf:14:c7:
+        c7:e8:cf:99:8f:aa:30:c3:19:70:b9:e6:6d:d6:3f:c8:68:26:
+        b2:a0:a5:37:42:ca:d8:62:80:d1:a2:5a:48:2e:1f:85:3f:0c:
+        7b:c2:c7:94:11:5f:19:2a:95:ac:a0:3a:03:d8:91:5b:2e:0d:
+        9c:7c:1f:2e:fc:e9:44:e1:16:26:73:1c:45:4a:65:c1:83:4c:
+        90:f3:f2:28:42:df:db:c4:e7:04:12:18:62:43:5e:bc:1f:6c:
+        84:e6:bc:49:32:df:61:d7:99:ee:e4:90:52:7b:0a:c2:91:8a:
+        98:62:66:b1:c8:e0:b7:5a:b5:46:7c:76:71:54:8e:cc:a4:81:
+        5c:19:db:d2:6f:66:b5:bb:2b:ae:6b:c9:74:04:a8:24:de:e8:
+        c5:d3:fc:2c:1c:d7:8f:db:6a:8d:c9:53:be:5d:50:73:ac:cf:
+        1f:93:c0:52:50:5b:a2:4f:fe:ad:65:36:17:46:d1:2d:e5:a2:
+        90:66:05:db:29:4e:5d:50:5d:e3:4f:da:a0:8f:f0:6b:e4:16:
+        70:dd:7f:f3:77:7d:b9:4e:f9:ec:c3:33:02:d7:e9:63:2f:31:
+        e7:40:61:a4
 -----BEGIN CERTIFICATE-----
 MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
 TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
@@ -19,3 +75,163 @@ DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH
 0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg
 j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk
 -----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 11 (0xb)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
+        Validity
+            Not Before: Nov  8 23:39:47 2016 GMT
+            Not After : Nov  6 23:39:47 2026 GMT
+        Subject: O=ICANN, CN=ICANN EMAIL CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d2:19:1e:22:69:33:f6:a4:d2:76:c5:80:11:75:
+                    8e:d0:e8:6f:bf:89:f8:2a:6a:da:8a:85:28:40:ba:
+                    c5:23:5f:47:ed:72:e2:8e:d3:5c:c8:8a:3a:99:a9:
+                    57:2c:0a:2b:22:f3:54:7b:8b:f7:8c:21:a2:50:01:
+                    4f:8b:af:34:df:72:fc:78:31:d0:1d:eb:bc:9b:e6:
+                    fa:c1:84:d0:05:07:8a:74:53:a5:60:9e:eb:75:9e:
+                    a8:5d:32:c8:02:32:e4:bf:cb:97:9b:7a:fa:2c:f6:
+                    6a:1d:b8:57:ad:e3:03:22:93:d0:f4:4f:a8:b8:01:
+                    db:82:33:98:b6:87:ed:3d:67:40:00:27:2e:d5:95:
+                    d2:ad:36:46:14:c6:17:79:65:7f:65:f3:88:80:65:
+                    7c:22:67:08:23:3c:cf:a5:10:38:72:30:97:92:6f:
+                    20:4a:ba:24:4c:4a:c8:4a:a5:dc:2a:44:a1:29:78:
+                    b4:9f:fe:84:ff:27:5b:3a:72:ea:31:c1:ad:06:22:
+                    d6:44:a0:4a:57:32:9c:f2:46:47:d0:89:6e:20:23:
+                    2c:ea:b0:83:7e:c1:f3:ea:da:dd:e3:63:59:97:21:
+                    fa:1b:11:39:27:cf:82:8b:56:15:d4:36:92:0c:a5:
+                    7e:80:e0:18:c9:50:08:42:0a:df:97:3c:9c:b8:0a:
+                    4d:b1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
+
+            X509v3 Subject Key Identifier: 
+                7B:3F:BA:CE:A1:B3:A6:13:2E:5A:82:84:D4:D2:EA:A5:24:F1:CD:B4
+    Signature Algorithm: sha256WithRSAEncryption
+        0e:8a:c9:ea:6f:9c:e9:23:b6:9c:a6:a4:c2:d1:b1:ee:25:18:
+        24:2b:79:d4:a8:f2:99:b9:5c:91:4d:e6:2b:32:2e:01:f5:87:
+        95:64:fc:6d:f1:87:fa:24:b4:43:4b:49:f3:84:54:44:eb:af:
+        41:ab:49:ab:c8:b7:32:6c:14:83:5b:d7:2c:41:f9:89:d5:c4:
+        2b:9a:55:c5:b6:ad:17:d5:4d:bc:41:58:56:72:0d:db:b7:7d:
+        57:c6:a2:9c:7e:6b:67:ae:26:f8:26:45:bb:c4:95:2e:ea:71:
+        e3:b4:7a:69:95:a4:8a:80:f8:59:dc:88:6e:e1:a7:fc:bb:8e:
+        b2:aa:a8:b6:1b:2f:2c:97:a5:12:d5:82:ae:a0:e8:a6:15:fd:
+        d1:e0:5d:e4:84:b1:76:db:0a:e2:ca:58:2e:d3:df:48:4e:46:
+        ac:c6:35:79:17:99:ce:e9:be:2c:e4:c2:50:ff:5b:96:15:cd:
+        64:ac:1b:db:fe:d2:ac:43:61:c8:5f:ee:24:b6:a4:3b:d2:ff:
+        0a:f4:0c:88:58:a1:9d:a4:c1:1f:6a:6c:67:90:98:e8:1f:5e:
+        2d:55:60:91:26:2a:b1:66:80:e4:e6:0e:05:2c:75:a9:ca:0b:
+        e4:a0:8f:e1:47:a8:8f:61:5d:7c:ce:09:60:88:48:c3:46:bf:
+        be:7e:36:be
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAkygAwIBAgIBCzANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
+TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
+BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTE2MTEwODIzMzk0N1oX
+DTI2MTEwNjIzMzk0N1owKTEOMAwGA1UEChMFSUNBTk4xFzAVBgNVBAMTDklDQU5O
+IEVNQUlMIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hkeImkz
+9qTSdsWAEXWO0Ohvv4n4KmraioUoQLrFI19H7XLijtNcyIo6malXLAorIvNUe4v3
+jCGiUAFPi68033L8eDHQHeu8m+b6wYTQBQeKdFOlYJ7rdZ6oXTLIAjLkv8uXm3r6
+LPZqHbhXreMDIpPQ9E+ouAHbgjOYtoftPWdAACcu1ZXSrTZGFMYXeWV/ZfOIgGV8
+ImcIIzzPpRA4cjCXkm8gSrokTErISqXcKkShKXi0n/6E/ydbOnLqMcGtBiLWRKBK
+VzKc8kZH0IluICMs6rCDfsHz6trd42NZlyH6GxE5J8+Ci1YV1DaSDKV+gOAYyVAI
+QgrflzycuApNsQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjAfBgNVHSMEGDAWgBS6UulJgySGUi/Hmc38jWtpCE3AUDAdBgNVHQ4EFgQU
+ez+6zqGzphMuWoKE1NLqpSTxzbQwDQYJKoZIhvcNAQELBQADggEBAA6KyepvnOkj
+tpympMLRse4lGCQredSo8pm5XJFN5isyLgH1h5Vk/G3xh/oktENLSfOEVETrr0Gr
+SavItzJsFINb1yxB+YnVxCuaVcW2rRfVTbxBWFZyDdu3fVfGopx+a2euJvgmRbvE
+lS7qceO0emmVpIqA+FnciG7hp/y7jrKqqLYbLyyXpRLVgq6g6KYV/dHgXeSEsXbb
+CuLKWC7T30hORqzGNXkXmc7pvizkwlD/W5YVzWSsG9v+0qxDYchf7iS2pDvS/wr0
+DIhYoZ2kwR9qbGeQmOgfXi1VYJEmKrFmgOTmDgUsdanKC+Sgj+FHqI9hXXzOCWCI
+SMNGv75+Nr4=
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10 (0xa)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
+        Validity
+            Not Before: Nov  8 23:38:16 2016 GMT
+            Not After : Nov  6 23:38:16 2026 GMT
+        Subject: O=ICANN, CN=ICANN SSL CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dd:c6:ab:bf:7c:66:9d:b3:2b:96:00:14:c7:60:
+                    7a:8d:62:5b:26:4b:30:d7:b3:4c:82:69:c6:4d:4d:
+                    73:f3:d4:91:21:5d:ab:35:f0:c8:04:0e:f4:a3:35:
+                    e2:e1:18:a9:98:12:03:58:f8:9f:eb:77:54:5b:89:
+                    81:26:c9:aa:c2:f4:c9:0c:82:57:2a:5e:05:e9:61:
+                    17:cc:19:18:71:eb:35:83:c1:86:9d:ec:f1:6b:ca:
+                    dd:a1:96:0b:95:d4:e1:0f:9e:24:6f:dc:3c:d0:28:
+                    9e:f2:53:47:2b:a1:ad:32:03:c8:3f:0d:80:80:7d:
+                    f0:02:d2:6e:5a:2c:44:21:9b:09:50:15:3f:a1:3d:
+                    d3:c9:c8:24:e7:ea:4e:92:2f:94:90:2e:de:e7:68:
+                    f6:c6:b3:90:1f:bc:c9:7b:a2:65:d7:11:e9:8b:f0:
+                    3a:5a:b7:17:07:df:69:e3:6e:b9:54:6a:8e:3a:aa:
+                    94:7f:2c:0a:a1:ad:ba:b7:d9:60:62:27:a7:71:40:
+                    3b:8e:b0:84:7b:b8:c8:67:ef:66:ba:3d:ac:c3:85:
+                    e5:86:bb:a7:9c:fd:b6:e1:c0:10:53:3d:d4:7e:1b:
+                    09:e6:9f:22:5c:a7:27:09:7e:27:12:33:fa:df:9b:
+                    20:2f:14:f7:17:c0:e4:1e:07:91:1f:f9:9a:cd:a8:
+                    e2:c5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
+
+            X509v3 Subject Key Identifier: 
+                6E:77:A8:40:10:4A:D8:9C:0C:F2:B7:5A:3A:A5:2F:79:4A:61:14:D8
+    Signature Algorithm: sha256WithRSAEncryption
+        47:46:4f:c7:5f:46:e3:d1:dc:fc:2b:f8:fc:65:ce:36:b1:f4:
+        5f:ee:14:75:a3:d9:5f:de:75:4b:fa:7b:88:9f:10:8c:2e:97:
+        cc:35:1b:ce:24:d3:36:60:95:d5:ae:11:b6:3f:8b:f4:12:69:
+        85:b5:3b:2a:b6:ab:7a:81:85:c2:55:57:ed:d0:b5:e7:4f:54:
+        37:51:24:c9:d5:07:3a:ef:b6:c5:1a:3e:14:29:a7:a6:f8:08:
+        2a:0b:26:79:f9:62:85:4a:e5:ea:90:ca:71:38:16:91:4e:7e:
+        fd:e3:b3:f3:55:8f:5a:d0:86:cf:33:94:88:f1:90:99:cb:81:
+        e2:81:92:68:2f:c3:61:d5:52:8d:e6:9a:5b:00:83:42:27:88:
+        f6:d9:fa:d1:bc:bb:b0:bc:b5:14:0b:4e:1a:54:ef:fa:d6:9d:
+        c4:0c:fc:ed:15:ab:21:4b:45:b5:d9:3b:ed:3c:d5:1e:2e:7a:
+        83:6f:24:45:d4:4c:b4:ef:60:43:18:d0:84:5d:16:7b:f5:50:
+        80:b1:a9:c2:8f:3b:c8:90:08:fd:aa:17:13:19:38:19:d1:8e:
+        85:7c:1e:57:16:8c:f9:8a:e8:29:25:38:cd:bb:55:8e:4a:6a:
+        6f:e5:7d:fc:d7:55:d6:ae:38:07:96:c1:97:ff:e5:2b:4f:99:
+        2d:70:f2:08
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
+TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
+BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTE2MTEwODIzMzgxNloX
+DTI2MTEwNjIzMzgxNlowJzEOMAwGA1UEChMFSUNBTk4xFTATBgNVBAMTDElDQU5O
+IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3Gq798Zp2z
+K5YAFMdgeo1iWyZLMNezTIJpxk1Nc/PUkSFdqzXwyAQO9KM14uEYqZgSA1j4n+t3
+VFuJgSbJqsL0yQyCVypeBelhF8wZGHHrNYPBhp3s8WvK3aGWC5XU4Q+eJG/cPNAo
+nvJTRyuhrTIDyD8NgIB98ALSblosRCGbCVAVP6E908nIJOfqTpIvlJAu3udo9saz
+kB+8yXuiZdcR6YvwOlq3FwffaeNuuVRqjjqqlH8sCqGturfZYGInp3FAO46whHu4
+yGfvZro9rMOF5Ya7p5z9tuHAEFM91H4bCeafIlynJwl+JxIz+t+bIC8U9xfA5B4H
+kR/5ms2o4sUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHwYDVR0jBBgwFoAUulLpSYMkhlIvx5nN/I1raQhNwFAwHQYDVR0OBBYEFG53
+qEAQSticDPK3WjqlL3lKYRTYMA0GCSqGSIb3DQEBCwUAA4IBAQBHRk/HX0bj0dz8
+K/j8Zc42sfRf7hR1o9lf3nVL+nuInxCMLpfMNRvOJNM2YJXVrhG2P4v0EmmFtTsq
+tqt6gYXCVVft0LXnT1Q3USTJ1Qc677bFGj4UKaem+AgqCyZ5+WKFSuXqkMpxOBaR
+Tn7947PzVY9a0IbPM5SI8ZCZy4HigZJoL8Nh1VKN5ppbAINCJ4j22frRvLuwvLUU
+C04aVO/61p3EDPztFashS0W12TvtPNUeLnqDbyRF1Ey072BDGNCEXRZ79VCAsanC
+jzvIkAj9qhcTGTgZ0Y6FfB5XFoz5iugpJTjNu1WOSmpv5X3811XWrjgHlsGX/+Ur
+T5ktcPII
+-----END CERTIFICATE-----

mkroot.sh

@@ -1,17 +0,0 @@
-#!/bin/sh
-
-SOURCE="/usr/share/dns-root-data/root.key"
-DEST="${1:-root.key}"
-
-mk_key() {
-echo "# Generated from $SOURCE"
-echo "# Use /var/lib/unbound/root.key instead."
-echo "trusted-keys {"
-while read DOMAIN CLS TYPE FLAGS PROTO ALG KEYDATA COMMENT KEYTAG; do
-echo "$DOMAIN $CLS $TYPE $FLAGS $PROTO $ALG \"$KEYDATA\" # $KEYTAG"
-done < "$SOURCE"
-echo "};"
-}
-
-mk_key > "$DEST"
-touch -r "$SOURCE" "$DEST"

module-setup.sh

@@ -1,44 +0,0 @@
-#!/usr/bin/bash
-
-check() {
-    require_binaries unbound unbound-checkconf unbound-control || return 1
-    # the module will be only included if explicitly required either
-    # by configuration or another module
-    return 255
-}
-
-depends() {
-    # because of pid file we need sysusers to create unbound user
-    echo systemd systemd-sysusers
-    return 0
-}
-
-install() {
-    # We have to make unbound wanted by network-online target to make sure
-    # there is a synchronization point when other services are able
-    # to make queries
-    inst_simple "$moddir"/unbound-initrd.conf /etc/systemd/system/unbound.service.d/unbound-initrd.conf
-
-    # /etc and /var/lib do not have its variables
-    inst_multiple -o \
-    "$systemdsystemunitdir"/unbound.service \
-    /etc/unbound/conf.d/remote-control.conf \
-    /etc/unbound/openssl-sha1.conf \
-    /usr/share/unbound/fedora-defaults.conf \
-    /usr/share/unbound/conf.d/*.conf \
-    /etc/unbound/local.d/*.conf \
-    /etc/unbound/keys.d/*.key \
-    /etc/unbound/unbound.conf \
-    /etc/unbound/unbound_control.key \
-    /etc/unbound/unbound_control.pem \
-    /etc/unbound/unbound_server.key \
-    /etc/unbound/unbound_server.pem \
-    "$sysusers"/unbound.conf \
-    "$tmpfilesdir"/unbound.conf \
-    /var/lib/unbound/root.key \
-    unbound \
-    unbound-checkconf \
-    unbound-control
-
-    $SYSTEMCTL -q --root "$initdir" enable unbound.service
-}

nlnetlabs2026-g2.asc

@@ -1,24 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQGNBGc7H5IBDADOZfJwZ6zZ/4JbbR2hef4261/zh7YpdjUREUs0dMQSbf+x7sAE
-50JgvLQWlvA8sDHzbUMQ9cAYZBGGE6iHb50KboeEfuiP5BdiLe8XWKlo1EIh+Idz
-0+e1binxwvXV1/9ACm/UHPRuWjkG7vrP+mVRuhfKglO6xSDxV1cwjYTRtvRtQx8D
-+kTdZzprvtzkU7OIWeczKFJRhVHzNDHYFG9SuxvDA9cbVm1KPVJEkRBwoSBPeB0z
-Z3LSib2uT6Lc/ghAijOwIpR+zNYKOYxRhzoFArrLa0Fs4nq6//LA42/aVjSienEJ
-SR5CVUbZy14WuUsYCkV+ZoORVRYZOcjtPG7FUKDXKzY9/iNhEAZ3OMK7Np2Xq/YO
-gaOiUDFXLHU1n2UVH1rwkMiS2o4EMqvO7gINmnL/ccpI2wj2QrQ+JZ9y1Xky7dQM
-LIIbtp40e0kGocgyba484rW17xlvXRxb1Pjn93JygD6WcraLLNh9jq87hW/J37qi
-S4DL+GUe10H8SeEAEQEAAbQ6TkxuZXQgTGFicyByZWxlYXNlcyBzaWduaW5nIGtl
-eSBHMiA8cmVsZWFzZXNAbmxuZXRsYWJzLm5sPokBzgQTAQoAOBYhBCMQGGkMTZA+
-9BkUaqFEMj3qrN9FBQJnOx+SAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
-EKFEMj3qrN9FZigL/0aVsJ48oe7vko1Mwg9DucFoCL8CESAarA40in1Bauq7p/pT
-l5UcNnFPLO8HBAHWGWtDI63pEhNzHacPzSI94GKS4TUMGzCV1H/c0KnxB7wAO55b
-HEQOZJ+kFRBFXWxbXORtp86NZuyCvVoSA4QAcnCf4m5ZEBb72H2cmy8xP+/HLkbS
-rpr5pyoUWtCYM8FxnjM3bClXSGOlWNl9cSXLqyyVjxvc7cOAS8ytL/zoVStoBmi/
-OwQbeJfAiqDMnipBJNzOHlfniKXE0FGDozKCHWP88ifs8A8OUNtJng7cNq7EQf9K
-vTvbJCcF4akUUcXnx4gv9Z1ZQ93Jg5X7h+0MP7Ut4z9hKSIAOowru7GXGEt256Ja
-eE1nSviDcqUtZpyqCLjpCDFGPMwSPzSwlPXjJVlVxPkDvPuNt2LUIEd8BR8Wo7z+
-NA5uM/zTHkQXEdUgCcl/rHy6moHYV3Q+YbMb17zU37a5vLb+wQ74doaiYo3b8KoV
-K6vVKMmB0qru6ERJ3g==
-=4R8U
------END PGP PUBLIC KEY BLOCK-----

openssl-sha1.conf

@@ -1,8 +0,0 @@
-# OpenSSL configuration file to allow SHA1 validation,
-# regardless of crypto-policy selected.
-# Use it by adding into /etc/sysconfig/unbound:
-# OPENSSL_CONF=/etc/unbound/openssl-sha1.conf
-.include = /etc/ssl/openssl.cnf
-
-[evp_properties]
-rh-allow-sha1-signatures = yes

plans/all.fmf

@@ -1,7 +0,0 @@
-summary: Test plan with all Fedora tests
-discover:
-       how: fmf
-       url: https://gitlab.com/redhat/centos-stream/tests/unbound.git
-execute:
-       how: tmt
-

plans/tier1-public.fmf

@@ -1,7 +0,0 @@
-summary: Public (Fedora) Tier1 beakerlib tests
-discover:
-    how: fmf
-    url: https://gitlab.com/redhat/centos-stream/tests/unbound.git
-    filter: 'tier: 1'
-execute:
-    how: tmt

remote-control-include.conf

@@ -1,4 +0,0 @@
-# Previous defaults allowed any process to change settings, CVE-2023-1488
-# If you want to modify remote configuration, replace this file with
-# contents of included file and modify afterwards.
-include: "/usr/share/unbound/conf.d/remote-control.conf"

remote-control.conf

@@ -1,26 +0,0 @@
-# Remote control config section update.
-# Previous defaults allowed any process to change settings, CVE-2023-1488
-# This file can be used also by: unbound-control -c <path>
-remote-control:
-	# Enable remote control with unbound-control(8) here.
-	# set up the keys and certificates with unbound-control-setup.
-	control-enable: yes
-
-	# set to an absolute path to use a unix local name pipe, certificates
-	# are not used for that, so key and cert files need not be present.
-	control-interface: "/run/unbound/control"
-
-	# For local sockets this option is ignored, and TLS is not used.
-	control-use-cert: "yes"
-
-	# Unbound server key file.
-	server-key-file: "/etc/unbound/unbound_server.key"
-
-	# Unbound server certificate file.
-	server-cert-file: "/etc/unbound/unbound_server.pem"
-
-	# unbound-control key file.
-	control-key-file: "/etc/unbound/unbound_control.key"
-
-	# unbound-control certificate file.
-	control-cert-file: "/etc/unbound/unbound_control.pem"

root.anchor

@@ -1,2 +1 @@
-.	172800	IN	DNSKEY	257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdpWWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwuMoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBevYtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ;{id = 38696 (ksk), size = 2048b}
 .       172800  IN      DNSKEY  257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b}

root.key

@@ -0,0 +1,6 @@
+; // The root key in bind format. This can be read by most tools, including
+; // named, unbound, et. For libunbound, use ub_ctx_trustedkeys() to load this
+trusted-keys {
+"." 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="; // key id = 20326
+
+};

sources

@@ -1,2 +1,2 @@
-SHA512 (unbound-1.24.2.tar.gz) = 655d63ec5305323e84d82691425d74d98c332d0028517bd729d191e5f968ce9481b49ec7447d4c4906dce7997a998a115db36e911a59d2d877da5840c2080261
-SHA512 (unbound-1.24.2.tar.gz.asc) = 66a3e569a606cc3ed7dac9b411fba347da150728427619bdbf12ac57a5d7db1fc17963b1ba052a95d6c6fed67a6f0c1b5920318f6cd34e5091750626dd63fb21
+SHA512 (unbound-1.10.0.tar.gz) = a64514990f5d614d749045a11f5ce9bb33cf856cc31895b4db3503f2b05a98f1ca57945b17dd7ec5befbd0c356fc42a717d3e2bae3d3510a0507d0445b1f6d59
+SHA512 (unbound-1.10.0.tar.gz.asc) = e5fb047d9e5313e512e7d09e309f8467389c4887a1886446cb6eb7e26c97d9f3351a430d8c44bcac0cb405f3ce44ec71e1fa616e988c8f961016ec7f09c450a4

tmpfiles-unbound-libs.conf

@@ -1,2 +0,0 @@
-d /var/lib/unbound          0755  unbound unbound -
-L /var/lib/unbound/root.key -     -       -       -   ../../../etc/unbound/dnssec-root.key

tmpfiles-unbound.conf

@@ -1 +1 @@
-D /run/unbound 0775 unbound root -
+D /run/unbound 0755 unbound unbound -

unbound-1.10.0-auth-callback.patch

@@ -0,0 +1,74 @@
+--- a/services/authzone.c	2020-04-16 13:01:10.550618034 +0200
++++ b/services/authzone.c	2020-04-16 13:07:04.624476160 +0200
+@@ -5331,7 +5331,7 @@
+ 	log_assert(xfr->task_transfer);
+ 	lock_basic_lock(&xfr->lock);
+ 	env = xfr->task_transfer->env;
+-	if(env->outnet->want_to_quit) {
++	if(!env || env->outnet->want_to_quit) {
+ 		lock_basic_unlock(&xfr->lock);
+ 		return; /* stop on quit */
+ 	}
+@@ -5770,7 +5770,7 @@
+ 	log_assert(xfr->task_transfer);
+ 	lock_basic_lock(&xfr->lock);
+ 	env = xfr->task_transfer->env;
+-	if(env->outnet->want_to_quit) {
++	if(!env || env->outnet->want_to_quit) {
+ 		lock_basic_unlock(&xfr->lock);
+ 		return; /* stop on quit */
+ 	}
+@@ -5812,7 +5812,7 @@
+ 	log_assert(xfr->task_transfer);
+ 	lock_basic_lock(&xfr->lock);
+ 	env = xfr->task_transfer->env;
+-	if(env->outnet->want_to_quit) {
++	if(!env || env->outnet->want_to_quit) {
+ 		lock_basic_unlock(&xfr->lock);
+ 		return 0; /* stop on quit */
+ 	}
+@@ -5893,7 +5893,7 @@
+ 	log_assert(xfr->task_transfer);
+ 	lock_basic_lock(&xfr->lock);
+ 	env = xfr->task_transfer->env;
+-	if(env->outnet->want_to_quit) {
++	if(!env || env->outnet->want_to_quit) {
+ 		lock_basic_unlock(&xfr->lock);
+ 		return 0; /* stop on quit */
+ 	}
+@@ -6107,7 +6107,7 @@
+ 	log_assert(xfr->task_probe);
+ 	lock_basic_lock(&xfr->lock);
+ 	env = xfr->task_probe->env;
+-	if(env->outnet->want_to_quit) {
++	if(!env || env->outnet->want_to_quit) {
+ 		lock_basic_unlock(&xfr->lock);
+ 		return; /* stop on quit */
+ 	}
+@@ -6143,7 +6143,7 @@
+ 	log_assert(xfr->task_probe);
+ 	lock_basic_lock(&xfr->lock);
+ 	env = xfr->task_probe->env;
+-	if(env->outnet->want_to_quit) {
++	if(!env || env->outnet->want_to_quit) {
+ 		lock_basic_unlock(&xfr->lock);
+ 		return 0; /* stop on quit */
+ 	}
+@@ -6388,7 +6388,7 @@
+ 	log_assert(xfr->task_probe);
+ 	lock_basic_lock(&xfr->lock);
+ 	env = xfr->task_probe->env;
+-	if(env->outnet->want_to_quit) {
++	if(!env || env->outnet->want_to_quit) {
+ 		lock_basic_unlock(&xfr->lock);
+ 		return; /* stop on quit */
+ 	}
+@@ -6465,7 +6465,7 @@
+ 	log_assert(xfr->task_nextprobe);
+ 	lock_basic_lock(&xfr->lock);
+ 	env = xfr->task_nextprobe->env;
+-	if(env->outnet->want_to_quit) {
++	if(!env || env->outnet->want_to_quit) {
+ 		lock_basic_unlock(&xfr->lock);
+ 		return; /* stop on quit */
+ 	}

unbound-1.13.1-rh1935101.patch

@@ -1,204 +0,0 @@
-diff --git a/config.h.in b/config.h.in
-index 103ad9f..0bb29d9 100644
---- a/config.h.in
-+++ b/config.h.in
-@@ -847,6 +847,14 @@
- /* Define if you enable libevent */
- #undef USE_LIBEVENT
- 
-+/* WARNING! This is only for the libunbound on Linux and does not affect
-+   unbound resolving daemon itself. This may severely limit the number of
-+   available outgoing ports and thus decrease randomness. Define this only
-+   when the target system restricts (e.g. some of SELinux enabled
-+   distributions) the use of non-ephemeral ports. Define this to enable use of
-+   /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range. */
-+#undef USE_LINUX_IP_LOCAL_PORT_RANGE
-+
- /* Define if you want to use internal select based events */
- #undef USE_MINI_EVENT
- 
-diff --git a/configure b/configure
-index c91e8a3..826dce9 100755
---- a/configure
-+++ b/configure
-@@ -898,6 +898,7 @@ enable_ipsecmod
- enable_ipset
- with_libmnl
- enable_explicit_port_randomisation
-+enable_linux_ip_local_port_range
- with_libunbound_only
- '
-       ac_precious_vars='build_alias
-@@ -1590,6 +1591,16 @@ Optional Features:
-   --disable-explicit-port-randomisation
-                           disable explicit source port randomisation and rely
-                           on the kernel to provide random source ports
-+  --enable-linux-ip-local-port-range
-+                          WARNING! This is only for the libunbound on Linux
-+                          and does not affect unbound resolving daemon itself.
-+                          This may severely limit the number of available
-+                          outgoing ports and thus decrease randomness. Use
-+                          this option only when the target system restricts
-+                          the use of non-ephemeral ports. (e.g. some of
-+                          SELinux enabled distributions) Enable this option to
-+                          use /proc/sys/net/ipv4/ip_local_port_range as a
-+                          default outgoing port range
- 
- Optional Packages:
-   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
-@@ -4202,6 +4213,13 @@ else
- 	else on_mingw="no"; fi
- fi
- 
-+# are we on Linux?
-+if uname -s 2>&1 | grep -i linux >/dev/null; then on_linux="yes"
-+else
-+	if echo $host $target | grep linux >/dev/null; then on_linux="yes"
-+	else on_linux="no"; fi
-+fi
-+
- #
- # Determine configuration file
- # the eval is to evaluate shell expansion twice
-@@ -21588,6 +21606,23 @@ $as_echo "#define DISABLE_EXPLICIT_PORT_RANDOMISATION 1" >>confdefs.h
- 		;;
- esac
- 
-+if test $on_linux = "yes"; then
-+	# Check whether --enable-linux-ip-local-port-range was given.
-+if test "${enable_linux_ip_local_port_range+set}" = set; then :
-+  enableval=$enable_linux_ip_local_port_range;
-+fi
-+
-+	case "$enable_linux_ip_local_port_range" in
-+		yes)
-+
-+$as_echo "#define USE_LINUX_IP_LOCAL_PORT_RANGE 1" >>confdefs.h
-+
-+			;;
-+		no|*)
-+			;;
-+	esac
-+fi
-+
- 
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5
- $as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; }
-diff --git a/configure.ac b/configure.ac
-index 2d88048..1207047 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -152,6 +152,13 @@ else
- 	else on_mingw="no"; fi
- fi
- 
-+# are we on Linux?
-+if uname -s 2>&1 | grep -i linux >/dev/null; then on_linux="yes"
-+else
-+	if echo $host $target | grep linux >/dev/null; then on_linux="yes"
-+	else on_linux="no"; fi
-+fi
-+
- #
- # Determine configuration file
- # the eval is to evaluate shell expansion twice
-@@ -1847,6 +1854,17 @@ case "$enable_explicit_port_randomisation" in
- 		;;
- esac
- 
-+if test $on_linux = "yes"; then
-+	AC_ARG_ENABLE(linux-ip-local-port-range, AC_HELP_STRING([--enable-linux-ip-local-port-range], [WARNING! This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Use this option only when the target system restricts the use of non-ephemeral ports. (e.g. some of SELinux enabled distributions) Enable this option to use /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range]))
-+	case "$enable_linux_ip_local_port_range" in
-+		yes)
-+			AC_DEFINE([USE_LINUX_IP_LOCAL_PORT_RANGE], [1], [WARNING! This is only for the libunbound on Linux and does not affect unbound resolving daemon itself. This may severely limit the number of available outgoing ports and thus decrease randomness. Define this only when the target system restricts (e.g. some of SELinux enabled distributions) the use of non-ephemeral ports. Define this to enable use of /proc/sys/net/ipv4/ip_local_port_range as a default outgoing port range.])
-+			;;
-+		no|*)
-+			;;
-+	esac
-+fi
-+
- 
- AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
- # on openBSD, the implicit rule make $< work.
-diff --git a/libunbound/context.c b/libunbound/context.c
-index cff2831..48d76d9 100644
---- a/libunbound/context.c
-+++ b/libunbound/context.c
-@@ -69,6 +69,7 @@ context_finalize(struct ub_ctx* ctx)
- 	} else {
- 		log_init(cfg->logfile, cfg->use_syslog, NULL);
- 	}
-+	cfg_apply_local_port_policy(cfg, 65536);
- 	config_apply(cfg);
- 	if(!modstack_setup(&ctx->mods, cfg->module_conf, ctx->env))
- 		return UB_INITFAIL;
-diff --git a/util/config_file.c b/util/config_file.c
-index 4d87dee..6b90e48 100644
---- a/util/config_file.c
-+++ b/util/config_file.c
-@@ -1681,6 +1681,37 @@ int cfg_condense_ports(struct config_file* cfg, int** avail)
- 	return num;
- }
- 
-+void cfg_apply_local_port_policy(struct config_file* cfg, int num) {
-+(void)cfg;
-+(void)num;
-+#ifdef USE_LINUX_IP_LOCAL_PORT_RANGE
-+	{
-+		int i = 0;
-+		FILE* range_fd;
-+		if ((range_fd = fopen(LINUX_IP_LOCAL_PORT_RANGE_PATH, "r")) != NULL) {
-+			int min_port = 0;
-+			int max_port = num - 1;
-+			if (fscanf(range_fd, "%d %d", &min_port, &max_port) == 2) {
-+				for(i=0; i<min_port; i++) {
-+					cfg->outgoing_avail_ports[i] = 0;
-+				}
-+				for(i=max_port+1; i<num; i++) {
-+					cfg->outgoing_avail_ports[i] = 0;
-+				}
-+			} else {
-+				log_err("unexpected port range in %s",
-+						LINUX_IP_LOCAL_PORT_RANGE_PATH);
-+			}
-+			fclose(range_fd);
-+		} else {
-+			log_warn("failed to read from file: %s (%s)",
-+					LINUX_IP_LOCAL_PORT_RANGE_PATH,
-+					strerror(errno));
-+		}
-+	}
-+#endif
-+}
-+
- /** print error with file and line number */
- static void ub_c_error_va_list(const char *fmt, va_list args)
- {
-diff --git a/util/config_file.h b/util/config_file.h
-index 7cf27cc..d091ef7 100644
---- a/util/config_file.h
-+++ b/util/config_file.h
-@@ -1172,6 +1172,13 @@ int cfg_mark_ports(const char* str, int allow, int* avail, int num);
-  */
- int cfg_condense_ports(struct config_file* cfg, int** avail);
- 
-+/**
-+ * Apply system specific port range policy.
-+ * @param cfg: config file.
-+ * @param num: size of the array (65536).
-+ */
-+void cfg_apply_local_port_policy(struct config_file* cfg, int num);
-+
- /**
-  * Scan ports available
-  * @param avail: the array from cfg.
-@@ -1301,5 +1308,9 @@ void w_config_adjust_directory(struct config_file* cfg);
- /** debug option for unit tests. */
- extern int fake_dsa, fake_sha1;
- 
-+#ifdef USE_LINUX_IP_LOCAL_PORT_RANGE
-+#define LINUX_IP_LOCAL_PORT_RANGE_PATH "/proc/sys/net/ipv4/ip_local_port_range"
-+#endif
-+
- #endif /* UTIL_CONFIG_FILE_H */
- 

unbound-1.24-quic-on-demand-only.patch

@@ -1,171 +0,0 @@
-From 1dfe06278c1446558b5043d7c57cd901e7d96829 Mon Sep 17 00:00:00 2001
-From: Petr Mensik <pemensik@redhat.com>
-Date: Mon, 24 Nov 2025 13:44:14 +0100
-Subject: [PATCH] Do not initialize quic_table unless it is enabled
-
-Fedora in FIPS mode might fail to initialize ngtcp2 library, because
-some ciphers desired are not available.
-
-Make it possible to skip initialization by setting explicitly quic_port
-to 0. Unless we have some listeners for port 853 configured, skip its
-initialization as well.
-
-Related: https://pagure.io/freeipa/issue/9877
----
- daemon/daemon.c           | 14 +++++++++-----
- services/listen_dnsport.c | 14 +++++++++++---
- util/configparser.y       | 15 +++++++++------
- util/netevent.c           |  3 +++
- 4 files changed, 32 insertions(+), 14 deletions(-)
-
-diff --git a/daemon/daemon.c b/daemon/daemon.c
-index f882bb9ad..a9cc25c67 100644
---- a/daemon/daemon.c
-+++ b/daemon/daemon.c
-@@ -558,9 +558,11 @@ daemon_create_workers(struct daemon* daemon)
- 	verbose(VERB_ALGO, "total of %d outgoing ports available", numport);
- 
- #ifdef HAVE_NGTCP2
--	daemon->doq_table = doq_table_create(daemon->cfg, daemon->rand);
--	if(!daemon->doq_table)
--		fatal_exit("could not create doq_table: out of memory");
-+	if (cfg_has_quic(daemon->cfg)) {
-+		daemon->doq_table = doq_table_create(daemon->cfg, daemon->rand);
-+		if(!daemon->doq_table)
-+			fatal_exit("could not create doq_table: out of memory");
-+	}
- #endif
- 	
- 	daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1);
-@@ -917,8 +919,10 @@ daemon_cleanup(struct daemon* daemon)
- 	daemon->dnscenv = NULL;
- #endif
- #ifdef HAVE_NGTCP2
--	doq_table_delete(daemon->doq_table);
--	daemon->doq_table = NULL;
-+	if (daemon->doq_table) {
-+		doq_table_delete(daemon->doq_table);
-+		daemon->doq_table = NULL;
-+	}
- #endif
- 	daemon->cfg = NULL;
- }
-diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
-index f7fcca194..ab8f1ba72 100644
---- a/services/listen_dnsport.c
-+++ b/services/listen_dnsport.c
-@@ -1564,7 +1564,7 @@ listen_create(struct comm_base* base, struct listen_port* ports,
- 			cp = comm_point_create_udp(base, ports->fd,
- 				front->udp_buff, ports->pp2_enabled, cb,
- 				cb_arg, ports->socket);
--		} else if(ports->ftype == listen_type_doq) {
-+		} else if(ports->ftype == listen_type_doq && doq_table) {
- #ifndef HAVE_NGTCP2
- 			log_warn("Unbound is not compiled with "
- 				"ngtcp2. This is required to use DNS "
-@@ -3275,7 +3275,11 @@ nghttp2_session_callbacks* http2_req_callbacks_create(void)
- struct doq_table*
- doq_table_create(struct config_file* cfg, struct ub_randstate* rnd)
- {
--	struct doq_table* table = calloc(1, sizeof(*table));
-+	struct doq_table* table;
-+
-+	if (!cfg->quic_port)
-+		return NULL;
-+	table = calloc(1, sizeof(*table));
- 	if(!table)
- 		return NULL;
- #ifdef USE_NGTCP2_CRYPTO_OSSL
-@@ -3354,7 +3358,7 @@ conn_tree_del(rbnode_type* node, void* arg)
- {
- 	struct doq_table* table = (struct doq_table*)arg;
- 	struct doq_conn* conn;
--	if(!node)
-+	if(!node || !table)
- 		return;
- 	conn = (struct doq_conn*)node->key;
- 	if(conn->timer.timer_in_list) {
-@@ -3413,6 +3417,7 @@ doq_timer_find_time(struct doq_table* table, struct timeval* tv)
- {
- 	struct doq_timer key;
- 	struct rbnode_type* node;
-+	log_assert(table != NULL);
- 	memset(&key, 0, sizeof(key));
- 	key.time.tv_sec = tv->tv_sec;
- 	key.time.tv_usec = tv->tv_usec;
-@@ -4922,6 +4927,7 @@ doq_conid_find(struct doq_table* table, const uint8_t* data, size_t datalen)
- 	key.node.key = &key;
- 	key.cid = (void*)data;
- 	key.cidlen = datalen;
-+	log_assert(table != NULL);
- 	node = rbtree_search(table->conid_tree, &key);
- 	if(node)
- 		return (struct doq_conid*)node->key;
-@@ -5662,6 +5668,8 @@ doq_table_quic_size_available(struct doq_table* table,
- 	struct config_file* cfg, size_t mem)
- {
- 	size_t cur;
-+	if (!table)
-+		return 0;
- 	lock_basic_lock(&table->size_lock);
- 	cur = table->current_size;
- 	lock_basic_unlock(&table->size_lock);
-diff --git a/util/configparser.y b/util/configparser.y
-index bf9c196fc..f159b8cec 100644
---- a/util/configparser.y
-+++ b/util/configparser.y
-@@ -1235,14 +1235,17 @@ server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG
- server_quic_port: VAR_QUIC_PORT STRING_ARG
- 	{
- 		OUTYY(("P(server_quic_port:%s)\n", $2));
-+		if(atoi($2) == 0 && strcmp($2,"0")!=0)
-+			yyerror("port number expected");
-+		else {
-+			cfg_parser->cfg->quic_port = atoi($2);
- #ifndef HAVE_NGTCP2
--		log_warn("%s:%d: Unbound is not compiled with "
--			"ngtcp2. This is required to use DNS "
--			"over QUIC.", cfg_parser->filename, cfg_parser->line);
-+			if (cfg_parser->cfg->quic_port != 0)
-+				log_warn("%s:%d: Unbound is not compiled with "
-+					"ngtcp2. This is required to use DNS "
-+					"over QUIC.", cfg_parser->filename, cfg_parser->line);
- #endif
--		if(atoi($2) == 0)
--			yyerror("port number expected");
--		else cfg_parser->cfg->quic_port = atoi($2);
-+		}
- 		free($2);
- 	};
- server_quic_size: VAR_QUIC_SIZE STRING_ARG
-diff --git a/util/netevent.c b/util/netevent.c
-index aedcb5e07..93db16675 100644
---- a/util/netevent.c
-+++ b/util/netevent.c
-@@ -2723,6 +2723,7 @@ doq_server_socket_create(struct doq_table* table, struct ub_randstate* rnd,
- {
- 	size_t doq_buffer_size = 4096; /* bytes buffer size, for one packet. */
- 	struct doq_server_socket* doq_socket;
-+	log_assert(doq_table != NULL);
- 	doq_socket = calloc(1, sizeof(*doq_socket));
- 	if(!doq_socket) {
- 		return NULL;
-@@ -2804,6 +2805,7 @@ doq_lookup_repinfo(struct doq_table* table, struct comm_reply* repinfo)
- {
- 	struct doq_conn* conn;
- 	struct doq_conn_key key;
-+	log_assert(table != NULL);
- 	doq_conn_key_from_repinfo(&key, repinfo);
- 	lock_rw_rdlock(&table->lock);
- 	conn = doq_conn_find(table, &key.paddr.addr,
-@@ -5880,6 +5882,7 @@ comm_point_create_doq(struct comm_base *base, int fd, sldns_buffer* buffer,
- 	struct config_file* cfg)
- {
- #ifdef HAVE_NGTCP2
-+	log_assert(table != NULL);
- 	struct comm_point* c = (struct comm_point*)calloc(1,
- 		sizeof(struct comm_point));
- 	short evbits;
--- 
-2.52.0
-

unbound-1.24-swig-function.patch

@@ -1,26 +0,0 @@
-From 0fc825def2f812af70189a01b0fe66e1c5050aec Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Fri, 24 Oct 2025 20:20:50 +0200
-Subject: [PATCH] Use $action instead of $function in python SWIG interface
-
-$function is not supported since SWIG 4.4.0.
----
- libunbound/python/libunbound.i | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i
-index dc12514..4576844 100644
---- a/libunbound/python/libunbound.i
-+++ b/libunbound/python/libunbound.i
-@@ -853,7 +853,7 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
- %{ 
-   //printf("resolve_start(%lX)\n",(long unsigned int)arg1);
-   Py_BEGIN_ALLOW_THREADS 
--  $function 
-+  $action 
-   Py_END_ALLOW_THREADS 
-   //printf("resolve_stop()\n");
- %} 
--- 
-2.51.0
-

unbound-anchor.service

@@ -5,6 +5,5 @@ Documentation=man:unbound-anchor(8)
 [Service]
 Type=oneshot
 User=unbound
-EnvironmentFile=-/etc/sysconfig/unbound
-ExecStart=/bin/bash -c 'if [ "$DISABLE_UNBOUND_ANCHOR" = "yes" ] || [ -f /run/unbound/anchor-disable ]; then echo "Updates of root keys with unbound-anchor is disabled"; else /usr/sbin/unbound-anchor $UNBOUND_ANCHOR_OPTIONS; fi'
+ExecStart=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem -f /etc/resolv.conf -R
 SuccessExitStatus=1

unbound-as112-networks.conf

@@ -1,118 +0,0 @@
-# Allow forwarding of private ranges, which are marked forwardable by IANA
-# https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
-# https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
-# https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
-# RFC 6303: Locally Served DNS Zones (https://www.rfc-editor.org/rfc/rfc6303.html)
-#
-# Using this configuration file will simplify forwarding to potentially private ranges.
-# Enables forwarding of networks marked as forwardable at IANA special registry.
-# This is useful when upstream forwarder may be still inside private network. That is the case
-# when unbound works as a localhost DNS cache, not network wide resolver.
-
-server:
-	# RFC 8375: Special-Use Domain 'home.arpa.'
-	local-zone: "home.arpa." nodefault
-
-	# RFC 1918: Address Allocation for Private Internets
-	local-zone: "10.in-addr.arpa." nodefault
-	local-zone: "16.172.in-addr.arpa." nodefault
-	local-zone: "17.172.in-addr.arpa." nodefault
-	local-zone: "18.172.in-addr.arpa." nodefault
-	local-zone: "19.172.in-addr.arpa." nodefault
-	local-zone: "20.172.in-addr.arpa." nodefault
-	local-zone: "21.172.in-addr.arpa." nodefault
-	local-zone: "22.172.in-addr.arpa." nodefault
-	local-zone: "23.172.in-addr.arpa." nodefault
-	local-zone: "24.172.in-addr.arpa." nodefault
-	local-zone: "25.172.in-addr.arpa." nodefault
-	local-zone: "26.172.in-addr.arpa." nodefault
-	local-zone: "27.172.in-addr.arpa." nodefault
-	local-zone: "28.172.in-addr.arpa." nodefault
-	local-zone: "29.172.in-addr.arpa." nodefault
-	local-zone: "30.172.in-addr.arpa." nodefault
-	local-zone: "31.172.in-addr.arpa." nodefault
-	local-zone: "168.192.in-addr.arpa." nodefault
-	# RFC 6598: IANA-Reserved IPv4 Prefix for Shared Address Space
-	local-zone: "64.100.in-addr.arpa." nodefault
-	local-zone: "65.100.in-addr.arpa." nodefault
-	local-zone: "66.100.in-addr.arpa." nodefault
-	local-zone: "67.100.in-addr.arpa." nodefault
-	local-zone: "68.100.in-addr.arpa." nodefault
-	local-zone: "69.100.in-addr.arpa." nodefault
-	local-zone: "70.100.in-addr.arpa." nodefault
-	local-zone: "71.100.in-addr.arpa." nodefault
-	local-zone: "72.100.in-addr.arpa." nodefault
-	local-zone: "73.100.in-addr.arpa." nodefault
-	local-zone: "74.100.in-addr.arpa." nodefault
-	local-zone: "75.100.in-addr.arpa." nodefault
-	local-zone: "76.100.in-addr.arpa." nodefault
-	local-zone: "77.100.in-addr.arpa." nodefault
-	local-zone: "78.100.in-addr.arpa." nodefault
-	local-zone: "79.100.in-addr.arpa." nodefault
-	local-zone: "80.100.in-addr.arpa." nodefault
-	local-zone: "81.100.in-addr.arpa." nodefault
-	local-zone: "82.100.in-addr.arpa." nodefault
-	local-zone: "83.100.in-addr.arpa." nodefault
-	local-zone: "84.100.in-addr.arpa." nodefault
-	local-zone: "85.100.in-addr.arpa." nodefault
-	local-zone: "86.100.in-addr.arpa." nodefault
-	local-zone: "87.100.in-addr.arpa." nodefault
-	local-zone: "88.100.in-addr.arpa." nodefault
-	local-zone: "89.100.in-addr.arpa." nodefault
-	local-zone: "90.100.in-addr.arpa." nodefault
-	local-zone: "91.100.in-addr.arpa." nodefault
-	local-zone: "92.100.in-addr.arpa." nodefault
-	local-zone: "93.100.in-addr.arpa." nodefault
-	local-zone: "94.100.in-addr.arpa." nodefault
-	local-zone: "95.100.in-addr.arpa." nodefault
-	local-zone: "96.100.in-addr.arpa." nodefault
-	local-zone: "97.100.in-addr.arpa." nodefault
-	local-zone: "98.100.in-addr.arpa." nodefault
-	local-zone: "99.100.in-addr.arpa." nodefault
-	local-zone: "100.100.in-addr.arpa." nodefault
-	local-zone: "101.100.in-addr.arpa." nodefault
-	local-zone: "102.100.in-addr.arpa." nodefault
-	local-zone: "103.100.in-addr.arpa." nodefault
-	local-zone: "104.100.in-addr.arpa." nodefault
-	local-zone: "105.100.in-addr.arpa." nodefault
-	local-zone: "106.100.in-addr.arpa." nodefault
-	local-zone: "107.100.in-addr.arpa." nodefault
-	local-zone: "108.100.in-addr.arpa." nodefault
-	local-zone: "109.100.in-addr.arpa." nodefault
-	local-zone: "110.100.in-addr.arpa." nodefault
-	local-zone: "111.100.in-addr.arpa." nodefault
-	local-zone: "112.100.in-addr.arpa." nodefault
-	local-zone: "113.100.in-addr.arpa." nodefault
-	local-zone: "114.100.in-addr.arpa." nodefault
-	local-zone: "115.100.in-addr.arpa." nodefault
-	local-zone: "116.100.in-addr.arpa." nodefault
-	local-zone: "117.100.in-addr.arpa." nodefault
-	local-zone: "118.100.in-addr.arpa." nodefault
-	local-zone: "119.100.in-addr.arpa." nodefault
-	local-zone: "120.100.in-addr.arpa." nodefault
-	local-zone: "121.100.in-addr.arpa." nodefault
-	local-zone: "122.100.in-addr.arpa." nodefault
-	local-zone: "123.100.in-addr.arpa." nodefault
-	local-zone: "124.100.in-addr.arpa." nodefault
-	local-zone: "125.100.in-addr.arpa." nodefault
-	local-zone: "126.100.in-addr.arpa." nodefault
-	local-zone: "127.100.in-addr.arpa." nodefault
-
-	# RFC 4193: Unique Local IPv6 Unicast Addresses
-	local-zone: "d.f.ip6.arpa." nodefault
-
-	# RFC 2606: Reserved Top Level DNS Names
-	local-zone:      "test." nodefault
-	domain-insecure: "test"
-	domain-insecure: "example"
-
-	# RFC 6762: Multicast DNS, Appendix G
-	domain-insecure: "local"
-	domain-insecure: "intranet"
-	domain-insecure: "private"
-	domain-insecure: "corp"
-	domain-insecure: "home"
-	domain-insecure: "lan"
-
-	# draft-davies-internal-tld
-	domain-insecure: "internal"

unbound-fedora-config.patch

@@ -1,120 +0,0 @@
-From 6e2d042505a006ab5fd703631661e68d1cdc66df Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Fri, 15 Nov 2024 13:25:34 +0100
-Subject: [PATCH] Customize unbound.conf for Fedora defaults
-
-Set some Fedora/RHEL specific changes to example configuration file. By
-patching upstream provided config file we would not need to manually
-update external copy in source RPM.
----
- doc/example.conf.in | 33 +++++++++++++++++++++++++++++++--
- 1 file changed, 31 insertions(+), 2 deletions(-)
-
-diff --git a/doc/example.conf.in b/doc/example.conf.in
-index 59090c6..3a86809 100644
---- a/doc/example.conf.in
-+++ b/doc/example.conf.in
-@@ -8,6 +8,9 @@
- # Use this anywhere in the file to include other text into this file.
- #include: "otherfile.conf"
-
-+# Default Fedora settings
-+include: "@UNBOUND_SHARE_DIR@/fedora-defaults.conf"
-+
- # Use this anywhere in the file to include other text, that explicitly starts a
- # clause, into this file. Text after this directive needs to start a clause.
- #include-toplevel: "otherfile.conf"
-@@ -51,11 +51,19 @@ server:
- 	# specify 0.0.0.0 and ::0 to bind to all available interfaces.
- 	# specify every interface[@port] on a new 'interface:' labelled line.
- 	# The listen interfaces are not changed on reload, only on restart.
-+	# interface: 0.0.0.0
-+	# interface: ::0
- 	# interface: 192.0.2.153
- 	# interface: 192.0.2.154
- 	# interface: 192.0.2.154@5003
- 	# interface: 2001:DB8::5
- 	# interface: eth0@5003
-+	#
-+	# for dns over tls and raw dns over port 80
-+	# interface: 0.0.0.0@443
-+	# interface: ::0@443
-+	# interface: 0.0.0.0@80
-+	# interface: ::0@80
- 
- 	# enable this feature to copy the source address of queries to reply.
- 	# Socket options are not supported on all platforms. experimental.
-@@ -285,6 +293,8 @@ server:
- 	# nat64-prefix: 64:ff9b::0/96
- 
- 	# Enable UDP, "yes" or "no".
-+	# NOTE: if setting up an Unbound on tls443 for public use, you might want to
-+	# disable UDP to avoid being used in DNS amplification attacks.
- 	# do-udp: yes
- 
- 	# Enable TCP, "yes" or "no".
-@@ -320,6 +330,9 @@ server:
- 	# can be dropped. Default is 0, disabled. In seconds, such as 3.
- 	# sock-queue-timeout: 0
- 
-+	# Fedora note: do not activate this - not compiled in because
-+	# it causes frequent unbound crashes. Also, socket activation
-+	# is bad when you have things like dnsmasq also running with libvirt.
- 	# Use systemd socket activation for UDP, TCP, and control sockets.
- 	# use-systemd: no
- 
-@@ -906,6 +919,8 @@ server:
- 	# you need to do the reverse notation yourself.
- 	# local-data-ptr: "192.0.2.3 www.example.com"
- 
-+	include: /etc/unbound/local.d/*.conf
-+
- 	# tag a localzone with a list of tag names (in "" with spaces between)
- 	# local-zone-tag: "example.com" "tag2 tag3"
- 
-@@ -916,8 +931,8 @@ server:
- 	# the TLS stream, and over HTTPS using HTTP/2 as specified in RFC8484.
- 	# Give the certificate to use and private key.
- 	# default is "" (disabled).  requires restart to take effect.
--	# tls-service-key: "path/to/privatekeyfile.key"
--	# tls-service-pem: "path/to/publiccertfile.pem"
-+	# tls-service-key: "/etc/unbound/unbound_server.key"
-+	# tls-service-pem: "/etc/unbound/unbound_server.pem"
- 	# tls-port: 853
- 	# https-port: 443
- 	# quic-port: 853
-@@ -1166,6 +1181,9 @@ remote-control:
- 	# unbound-control certificate file.
- 	# control-cert-file: "@UNBOUND_RUN_DIR@/unbound_control.pem"
-
-+# Stub and Forward zones
-+include: "@sysconfdir@/unbound/conf.d/*.conf"
-+
- # Stub zones.
- # Create entries like below, to make all queries for 'example.com' and
- # 'example.org' go to the given list of nameservers. list zero or more
-@@ -1186,6 +1207,10 @@ remote-control:
- #	name: "example.org"
- #	stub-host: ns.example.com.
- 
-+# You can now also dynamically create and delete stub-zone's using
-+# unbound-control stub_add domain.com 1.2.3.4 5.6.7.8
-+# unbound-control stub_remove domain.com 1.2.3.4 5.6.7.8
-+
- # Forward zones
- # Create entries like below, to make all queries for 'example.com' and
- # 'example.org' go to the given list of servers. These servers have to handle
-@@ -1203,6 +1228,10 @@ remote-control:
- # forward-zone:
- # 	name: "example.org"
- # 	forward-host: fwd.example.com
-+#
-+# You can now also dynamically create and delete forward-zone's using
-+# unbound-control forward_add domain.com 1.2.3.4 5.6.7.8
-+# unbound-control forward_remove domain.com 1.2.3.4 5.6.7.8
- 
- # Authority zones
- # The data for these zones is kept locally, from a file or downloaded.
--- 
-2.47.0
-

unbound-initrd.conf

@@ -1,5 +0,0 @@
-[Unit]
-Before=network-online.target
-
-[Install]
-WantedBy=network-online.target

unbound-keygen.service

@@ -13,6 +13,7 @@ Type=oneshot
 Group=unbound
 ExecStart=/usr/sbin/unbound-control-setup -d /etc/unbound/
 ExecStart=/sbin/restorecon /etc/unbound/*
+RemainAfterExit=yes
 
 [Install]
 WantedBy=multi-user.target

unbound-local-root.conf

@@ -1,30 +0,0 @@
-# Authority zones
-# The data for these zones is kept locally, from a file or downloaded.
-# The data can be served to downstream clients, or used instead of the
-# upstream (which saves a lookup to the upstream).
-#
-# Download local root copy and answer TLD queries from it. Because
-# auth-zone has higher precedence, defined forward-zones to internal
-# only TLD will not work. Use stub-zone or disable this zone.
-# Good for a network-wide resolvers, worse for a localhost caching forwarder.
-auth-zone:
-	name: "."
-	primary: 170.247.170.2        # b.root-servers.net
-	primary: 192.33.4.12          # c.root-servers.net
-	primary: 199.7.91.13          # d.root-servers.net
-	primary: 192.5.5.241          # f.root-servers.net
-	primary: 192.112.36.4         # g.root-servers.net
-	primary: 193.0.14.129         # k.root-servers.net
-	primary: 192.0.47.132         # xfr.cjr.dns.icann.org
-	primary: 192.0.32.132         # xfr.lax.dns.icann.org
-	primary: 2801:1b8:10::b       # b.root-servers.net
-	primary: 2001:500:2::c        # c.root-servers.net
-	primary: 2001:500:2d::d       # d.root-servers.net
-	primary: 2001:500:2f::f       # f.root-servers.net
-	primary: 2001:500:12::d0d     # g.root-servers.net
-	primary: 2001:7fd::1          # k.root-servers.net
-	primary: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org
-	primary: 2620:0:2d0:202::132  # xfr.lax.dns.icann.org
-	fallback-enabled: yes
-	for-downstream: no
-	for-upstream: yes

unbound-python310.patch

@@ -1,107 +0,0 @@
-Fix build on Python 3.10 (rhbz#1889726).
-
-Backport two fixes:
-* https://github.com/NLnetLabs/unbound/commit/e0d426ebb10653a78bf5c4053198f6ac19bfcd3e
-* https://github.com/NLnetLabs/unbound/pull/427
-
-diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i
-index a23c45b9c..ab244a6fb 100644
---- a/libunbound/python/libunbound.i
-+++ b/libunbound/python/libunbound.i
-@@ -916,7 +916,13 @@ int _ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype, int rrclass, v
-       struct cb_data* id;
-       id = (struct cb_data*) iddata;
-       arglist = Py_BuildValue("(OiO)",id->data,status, SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_ub_result, 0 |  0 ));   // Build argument list
-+#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9)
-+      /* for python before 3.9 */
-       fresult = PyEval_CallObject(id->func,arglist);     // Call Python
-+#else
-+      /* for python 3.9 and newer */
-+      fresult = PyObject_Call(id->func,arglist,NULL);
-+#endif
-       Py_DECREF(id->func);
-       Py_DECREF(id->data);
-       free(id);
-diff --git a/pythonmod/pythonmod.c b/pythonmod/pythonmod.c
-index 9006429ef..040ff7051 100644
---- a/pythonmod/pythonmod.c
-+++ b/pythonmod/pythonmod.c
-@@ -299,7 +299,10 @@ int pythonmod_init(struct module_env* env, int id)
-       PyImport_AppendInittab(SWIG_name, (void*)SWIG_init);
- #endif
-       Py_Initialize();
-+#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION <= 6)
-+      /* initthreads only for python 3.6 and older */
-       PyEval_InitThreads();
-+#endif
-       SWIG_init();
-       mainthr = PyEval_SaveThread();
-    }
-@@ -354,6 +357,8 @@ int pythonmod_init(struct module_env* env, int id)
-    /* TODO: deallocation of pe->... if an error occurs */
- 
-    if (PyRun_SimpleFile(script_py, pe->fname) < 0) {
-+#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9)
-+      /* for python before 3.9 */
-       log_err("pythonmod: can't parse Python script %s", pe->fname);
-       /* print the error to logs too, run it again */
-       fseek(script_py, 0, SEEK_SET);
-@@ -369,9 +374,45 @@ int pythonmod_init(struct module_env* env, int id)
-       /* ignore the NULL return of _node, it is NULL due to the parse failure
-        * that we are expecting */
-       (void)PyParser_SimpleParseFile(script_py, pe->fname, Py_file_input);
-+#else
-+      /* for python 3.9 and newer */
-+      char* fstr = NULL;
-+      size_t flen = 0;
-+      log_err("pythonmod: can't parse Python script %s", pe->fname);
-+      /* print the error to logs too, run it again */
-+      fseek(script_py, 0, SEEK_END);
-+      flen = (size_t)ftell(script_py);
-+      fstr = malloc(flen+1);
-+      if(!fstr) {
-+	      log_err("malloc failure to print parse error");
-+	      PyGILState_Release(gil);
-+	      fclose(script_py);
-+	      return 0;
-+      }
-+      fseek(script_py, 0, SEEK_SET);
-+      if(fread(fstr, flen, 1, script_py) < 1) {
-+	      log_err("file read failed to print parse error: %s: %s",
-+		pe->fname, strerror(errno));
-+	      PyGILState_Release(gil);
-+	      fclose(script_py);
-+	      free(fstr);
-+	      return 0;
-+      }
-+      fstr[flen] = 0;
-+      /* we compile the string, but do not run it, to stop side-effects */
-+      /* ignore the NULL return of _node, it is NULL due to the parse failure
-+       * that we are expecting */
-+      (void)Py_CompileString(fstr, pe->fname, Py_file_input);
-+#endif
-       log_py_err();
-       PyGILState_Release(gil);
-       fclose(script_py);
-+#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9)
-+      /* no cleanup needed for python before 3.9 */
-+#else
-+      /* cleanup for python 3.9 and newer */
-+      free(fstr);
-+#endif
-       return 0;
-    }
- #if PY_MAJOR_VERSION < 3
-diff --git a/pythonmod/pythonmod.c b/pythonmod/pythonmod.c
-index 040ff70..6e60d02 100644
---- a/pythonmod/pythonmod.c
-+++ b/pythonmod/pythonmod.c
-@@ -338,7 +338,7 @@ int pythonmod_init(struct module_env* env, int id)
-    PyFileObject = PyFile_FromString((char*)pe->fname, "r");
-    script_py = PyFile_AsFile(PyFileObject);
- #else
--   script_py = _Py_fopen(pe->fname, "r");
-+   script_py = fopen(pe->fname, "r");
- #endif
-    if (script_py == NULL)
-    {

unbound.rpmlintrc

@@ -1,30 +0,0 @@
-addFilter(r'crypto-policy-non-compliance-openssl')
-
-# Ignore generated certificates
-addFilter(r'non-readable /etc/unbound/unbound_control.key')
-addFilter(r'non-readable /etc/unbound/unbound_control.pem')
-addFilter(r'non-readable /etc/unbound/unbound_server.key')
-addFilter(r'non-readable /etc/unbound/unbound_server.pem')
-
-addFilter(r'non-standard-gid /etc/unbound/unbound_control.pem')
-addFilter(r'non-standard-gid /etc/unbound/unbound_control.key')
-addFilter(r'non-standard-gid /etc/unbound/unbound_server.pem')
-addFilter(r'non-standard-gid /etc/unbound/unbound_server.key')
-
-# Yes, it is indeed certificate
-addFilter(r'pem-certificate /etc/unbound/icannbundle.pem')
-
-# These files are intentionally replaceable.
-addFilter(r'conffile-without-noreplace-flag /etc/unbound/icannbundle.pem')
-addFilter(r'conffile-without-noreplace-flag /etc/unbound/root.key')
-addFilter(r'conffile-without-noreplace-flag /var/lib/unbound/root.key')
-
-# ldconfig is no longer required
-addFilter(r'post[iu]n-without-ldconfig /usr/lib64/libunbound.so')
-
-# Ignore unbound owned files 
-addFilter(r'non-standard-[ug]id (/var/lib|/etc|/run)/unbound')
-
-# Ignore spelling errors
-addFilter(r'spelling-error %description -l en_US ep ')
-addFilter(r'spelling-error %description -l en_US resolvers ')

unbound.service

@@ -1,23 +1,19 @@
 [Unit]
 Description=Unbound recursive Domain Name Server
 After=network.target
-# Use ip-freebind: yes or add After=network-online.target, rhbz#2338429,
-# if interface: specifies exact address, not localhost nor wildcard
-#After=network-online.target
 After=unbound-keygen.service
 Wants=unbound-keygen.service
-After=unbound-anchor.service
-Wants=unbound-anchor.service
+Wants=unbound-anchor.timer
 Before=nss-lookup.target
 Wants=nss-lookup.target
 
 [Service]
-Type=notify
+Type=simple
 EnvironmentFile=-/etc/sysconfig/unbound
 ExecStartPre=/usr/sbin/unbound-checkconf
+ExecStartPre=-/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem -f /etc/resolv.conf -R
 ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS
 ExecReload=/usr/sbin/unbound-control reload
-Restart=on-abnormal
 
 [Install]
 WantedBy=multi-user.target

unbound.sysconfig

@@ -1,10 +1,3 @@
-# uncomment following line to skip anchor refresh before unbound start
-#DISABLE_UNBOUND_ANCHOR=yes
-# Better way is systemctl mask unbound-anchor.service
-UNBOUND_ANCHOR_OPTIONS="-f /etc/resolv.conf -R"
-
 # for extra debug, add "-v -v" or change verbosity: in unbound.conf
-UNBOUND_OPTIONS=""
 
-# Uncoment to validate SHA1 in any crypto policy
-# OPENSSL_CONF=/etc/unbound/openssl-sha1.conf
+UNBOUND_OPTIONS=""

unbound.sysusers

@@ -1 +0,0 @@
-u unbound - "Unbound DNS resolver" /var/lib/unbound /sbin/nologin

wouter.nlnetlabs.nl.key

@@ -0,0 +1,212 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Public Key Server -- Get "0x9f6f1c2d7e045f8d "</title>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<style type="text/css">
+/*<![CDATA[*/
+ .uid { color: green; text-decoration: underline; }
+ .warn { color: red; font-weight: bold; }
+/*]]>*/
+</style></head><body><h1>Public Key Server -- Get "0x9f6f1c2d7e045f8d "</h1>
+<pre>
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: SKS 1.1.6
+Comment: Hostname: sks.pod02.fleetstreetops.com
+
+mQINBE2v/RwBEACyQpJlpCeSZBV1QUH7jNEp5xGdo6OnX2h9XoZ4ZPsb+u6OT+xESH45ncnI
+SUh8rPCygbeWOoPR/yOBzh+lYoGxQ5iUHtwRrhHq04sQe/qFpXDO2xs61pTcPU2PnH7Rsr2q
+p6fZLPHuXLolD7NJfaSib8sVeMM0/ecyl/L2bBg9NpaGDX0xTQh95M8o6AFo6UKWApBpgsvE
+Zr2aH/B8b9KnCWFhfJyheEM7DamksdZNsKxXQyq3l/ROfdsMLZGF8vPbYV/v11G4keyaLpn8
+AbBpybIiw9SYDwf2ENk3+e1NFfMaiiyEqn9+aaLTKCY87TMUuoN3s3jWOOy5tHXzf6DbKhub
+4Awsby3DH5YpPhi4N2vj2pAXVpl5+m78cH29JLzT+HAoyZ4tq1r3m0P5QogNqYwqxkKWYOjD
+ilNDBiKiDdgtrLYGx+ABovKG/FvToJoaCL4AFaVCzWmL2uHkSgyBN0FPHatCB1UeEkcQit6T
+8E2NQqmFWjUMXSWHHajSMG95+L5PdLHz/Ku0o3Csvlt2pkElYZmzJBfnOM9JevdsmKr/ruJC
+/DCZAn5w2S/9ZF5qfo2F9HUKIwE/dChR29HcN8V4nqZs9oCvEMfFhHmrfwDc5hedhvb6mAkv
+SFFtKIrygLIVeWRj3FE9sGp6sr4VwOLYTFRNk7mAsWD1rZApeQARAQABtCdXLkMuQS4gV2lq
+bmdhYXJkcyA8d291dGVyQG5sbmV0bGFicy5ubD6IRgQQEQIABgUCThRSKQAKCRD5yv3rOc/E
+3iiwAJ0SIjqFSwBm7sEZf2nn4JhkWKoG0gCfTD0g9RhtJFZa+0rdtMGUpYtDA1aIRgQQEQIA
+BgUCT/FYZQAKCRDidkIqx06dxeI6AJ9JZvcA78yRPDAMS+TklrNhFbEixgCgwiltuquOD4Qw
+vTS+NZr1ECUit8+IRgQTEQIABgUCTa///wAKCRCQMuo3A6Gk+Ot2AKCi4IvI/AT2kSzy0pWH
+Zfrpl93zlACZAaBqkUKcA1jxk8HtqDYtuCRhSfiIRgQTEQIABgUCTb7dfwAKCRCL5TxDRLCU
+K/4yAJ9Zgx/YRiu/X+KLDTQoYXTxNNbCHACfcBLrfl5uABiyOzBC+/R5rXnoRaqIRgQTEQIA
+BgUCV+zVuQAKCRAjc9NHiaFq+OY4AKC6GV6dlBdvo4bEaJpWPHh9WShqIwCgjJi+haVoUR52
+ovPF0zsXx6/um+GITAQTEQIADAUCTbAJsgWDCWX06gAKCRC039xrdgkihyx4AJ9iuMMszOpC
+jRYkVjTgmDyVmAA5uACg7qmMbKb03FbTFdd5VG5/6RTiPtSJARwEEAECAAYFAlTvL9UACgkQ
+lumWUDlMmaxLZgf/WeQK3FqemgsgcNCfkPuE9XpSdyJhQ+n1Yb6tAK4osry7H3lFBQIKTpmX
+SxauZDazYt6G4BYWsA0ARBwZVOaEaIbFRHFWs3/SLynNf9ZGBw8FumIMlEw3+tUdZck6u7pU
+q1OFeL1HWRLEC/njyLe7zAFHHWwMUIL9ZAZGiknADbqiiyF/JTcv4cpfNhdRAFzRriUJ2zYf
+0r6vKnf8pjc9QfDricAq/WzfANycfaSqx5GEBokxZY3lq/oLe4dGpZmrGecvBMtmTRHAG0Ln
+sNwXVujej3sU0vfhkZ1A0lnKoZCOTwGTPkL3dkOwbUdoYiYakTjM8NKav/TxNDxdaG/QbYkB
+HAQQAQgABgUCVnyBkgAKCRAIbcKm1AudBFrsB/9oKXW7oiQ7eJJ036fsfM5UODQGoXc1XO0R
+TEV/8pBRSDhqOVwRUsPqgtU6p2UWJbwxgB7MmPt3Z4cXs+ff1jkTzn/iefMyB7W6NogotrTt
+Nlj8x30Y9dVJB4KSHnQW2Gsf/OmZM9cDBAuyK3j3yLWkn65FRKVoH/4sYil1Tm/ogEC8vdvX
+RpwsCaZG8HOLDphjjU0JErE1jWk2L+P0TeGCmbrsfhORxTaCROjvcJ0fQsdX7kcA262iRrU0
+xDlBBYZA9wyGfd4wf+zIt7LcVBjNNvIUdUC3Uf0prYJawaG2/YV6R7eY4ooJxTutadugLmZp
+fBRiITflLZssO3YAW9RxiQEcBBMBCgAGBQJU7y/ZAAoJEMFDUWYtzEe6MyQIALSGlZ4X0LJw
+6zNoHGVxC0P911NBtDRO2/Hfg38UMT8KjQ1jOynm1KZm67viNOVGRGWar23PNppofpViZSlQ
+xUXUyLXVajcV9klg7RV7GC/3P2dvrCjELHXJ6w8qrcUKDighjbdctHXiQ9W5nU1IWPTLdg+z
+cvTbSVybvLwcbu5kzUzlYvesetJjSWnU9PXswed2cN9sqN3ikrWlYv4qHp6RwrLBN/VjZQov
+AxXN68PHxLz8GNxZTO9Aa4j4CheejXPVHDhqqw/K0XI86hnvZX7kwy4KBq/o4Kl+fstaOM6T
+571D2fljTVztmsKZBhiuKm1t8/Ltoifch+bpFx5AZkaJAhwEEAECAAYFAk2+3aIACgkQi0GC
+sRlrLScyHw//accdcVbHGYLwS0imk5SMEJX2bdu87uXqseeMU5OhnYip4ySQ727VihGYkhmL
+c/o1dIEznvFudWc/fMEi0x3R5J53Qbt3XQEUjOgZUoeomQJCItoJsDRoItvgdUvj3o6hVWhu
++8PL6oC2J/JAHvfsMKiaTBHrUcNdgovLPGo5bcZCJwOxqPLYPLW2fCkanY9EhbyVAsFIiuH4
++8tSDnqrgZFATyDqhqAYP96CanJrSalB6l/2r10q3V/OxcyCwys5w54FExhQAhpwThpbpFcK
+kBrM647ak7x8dZha4C/RltwkFn6jFp2sNUSEa0USTOTyDw7WkqgZZOWvauQ+fKgSOJwWU+MR
+cs11bNEGtwBu+wPheeyAlITu7A9PIrMZTmmJKy124I7ZvfXF3NZrHVm2KanLaWqHrso8tYg4
+9C7ptSCEZlgLHaeOl1wOOLbH6OneB3mQqf2u0elWYv64sbEqmFwd0C4rFeT7VSFSDLc1AsZB
+zc4WveDPnjzMXE2KLIwP+/x+betpntuYKYzYov0fryS79fjwu5JGh0gfEDITSta+tPRAYqKf
+mCt/jpeZxUQBfI6SW6LyP2Go8uYlbplV5IJuZ04c2Pr/9G/e3vh4O/kJmDZo4EX9op9TKJpg
+w/shReVuUAP9E24rD0oEyiWnHu/ZsgMtaVKQc2SsIghSG8eJAhwEEAEKAAYFAlTvL+sACgkQ
+V0EnLQMH4n8IuA//cZqhGvBiSNpRkSjjZWu5BY7fhMOdshiVPkEZmILRytnXnxVcu+PuuIk0
+kXfgt/jcS762dBZK3UOVAAsGsLfkisLN18UGWKhokNUWybSmdmhTb6Ns5tJbZfnFTaSjA3Gk
+Z+R/U8O1tNHTmqBfYHTSq8utpIi1JEJRf5itUYytP75nt0rnjpYTFEbvKgukgZldLDk581Zc
+x4Y6pj1ILrxtqF369yBtYIEkHFcYDuXsApTIXY1G4V5mq4t9QCk07E2ZKZ2aJjaCA7VeD+vR
+8Z50oyu4kuc1RdFnP8TfQUAr/tYIFinuzKSqELu9b+JSPO3qawXaq9Y+X42XWkeQSeu7SNl2
+xqe1uVhHd8qduf8U438fUOBeY+gpae9e2IPbErU+itmd+m+WlHp8FUH2pS6VlXXhBrBPEZ3+
+8ph9wUtSAenFVyT1leu21pMuP2nNpD2nTsNlYcX9gA/vkA7bQyOtaEOC+8zNHtZYhx4u/nmI
++yZ4Cc95CmfwTE0/fRX+T+jK2x5ZGRZMudygnKRbnod+OgnNVBWIykGSzULKgLY9i5PlxCA2
+a7FUoLpIOW4OJSgo6WNsBc3j48RjqNm3cUcLco1kDcoGaQ43dGyLVGMlB332u6m2W+g+AwGm
+vhJQh3yy5XYvRXRzfiHvWUok8ess1/0qSRua22JY14KBxJF80EeJAhwEEwECAAYFAk2wI04A
+CgkQ5fj4IS93pJjaOw/8DG4fn6z4LYmY3MsLNu2Efg9YflaWPkD+z0iLPGUHhrzObIIMfGL0
+kpqYJSbvYqYUSIR8AjQGwRrJVidBqOX9bK7ZVPPvsX61hjt6e0T0O2Q6JuDMCfseiseLBo/a
+6DJu2P7LfDNGaath0WMonOxnqs+kRG8SVyTqmbnyC0AwthgYB57CIyNuz3MPkQr7pJNmyWFv
+kUYs7Z2Awq0hyD9M1KAV8igqFGYjrZAJoSv1nX6OzGRCSFmxqKwmCd7OtHLpqdNHos5CLhrj
+ouLJwiNt8gv7w06owYFxEsctAGqjVjvvtD0L19Skp3jgLAro6x53UFUtxm+Z/8YLLh+lNHJx
+JMDQu5CpSn3zLwRkF/cYgINOa1CS1yceynlbRGxrIb2vSfmnZeNZ2cTwedM/+9C044DfIB1y
+9FmmZBaXOaA4ITjvcEf2FpFn9MdF+zN8N8AN5m1y/qftFqgG0P40AQ0hQAhk+F8JxD7wVh65
+jcj62f287L1h8EDo/NE1JH8dAb9dUlJQeohAkiIMurDYLYRop9u+ogtUtRpMKXTwgNUanIq7
+oTYpNunbI1NUXc9Fdi9Z8OYZagHlo4v6T3fqvaRbGElncoF6faz7les2zh2S8etACX7mNsxV
+c6kXIpdHqoHKGShdxtb+PhRirbIxdCzlFstk5c9zpsCJCr/yu+pCL6KJAiIEEAECAAwFAk2w
+CcoFgwll9NIACgkQVGoRHjtqqmQGaRAAuHuKIupTerS7qrEIkyOvECN06fg+U/caYv3Qpue0
+4ZC2aIk4oK/7wsuhEsMLCL3J1JFYCCmbc0QfYBtzIM5lu9SX7/1R8/+VnCvYvME8tKdMdQAM
+BWq4ZG5Bi9rH8j+450mjgmPRC0s8tmmfp62gB9zBAd/poVZQOVSUV43HE3n6Vkxj0ediGEmw
+GakB2pPtAY7HAaLxRdXidwjNTzpAz7JPinoZgpz/MYseuxSSyhIqqREYn/ynX1+YQhu1l4X6
+rpIsVWawMv93PhO42Y3Ny6SvC/hnZ1J+Y359quClHTQ/ogrbZrbhlKtpJNeNOCBKUzgIuT3/
+PSy1XheYQR2m8SbOmOMpgInr16i3ijsYBKI6qdoxB//YCkFCJmxfCUqRGPe6sAW2n9ow4VmE
+rAUDEqYTPDzkRA5zBY6C6cMugoClY8LidDwKHGXjbPMLz+CnWIVsC8BedjQcfPkuQs/P4QtQ
++UYwt6UiFywYe4Na9JfJsYDwkUaKgZadva/JFxGkm7ApMpeMBuZUDIl9qptKipdmRrMnBx9l
+fvBqrrXYKPEzVMW0FpX9D5F1L4k5u3x4B0VDZ9WPJgkSKFQIMatDxFsyJNWZmh/0dODC/LKF
+mZZCk3B34rr91He99MzKNrrq3vZSlbMKoCQYjDGQDWVXCplwjq1zCt/JSZUJYVhwbcyJAiIE
+EQECAAwFAlRgbtMFgwK1j8kACgkQBhyEc3tNEByR3A/+MKwW1tgIspbnE8WEGjdNJtXUHQUv
+UJHFTuoBNKZA/uAYxe7FLoSKQI8lH5PgJrLnu8lq0Z7h4BObnx7F4NrB1ixTtMGgRXD1amVY
+Gw6STlXH6Fhr/0RvBTg/wbdm/nFFdaEEhclMNHY/mW69bcqGjHjcnk6nOmlVrYegWRGjGgTI
+JBqHUhoX2+VixkMrBDSESBpHHQHlwsOlT9T0v3pCVHQz9I/WygQpn0bjgWEISyZkWbLcmJVZ
+yYYmWU9WWw8n16qFChdO6BTEjChuzVupLS5LoBgxCJkh9gl4F6VGRg2kVvsQoxE0CKbM+4qy
+qAAK2jrgQZRg4ihC2WmOpr9X0mrjO38Bz/tmZL389ZBzj9S3VO8otgBRgDbJvNHm8EjWdQHj
+SOE2x5/F2T69g8IK3S/vkkKrySsjSlD/NJpWwldkUh1RtO7wFO2Zk+2+vr55joOjKApXKQgO
+7PKw2awkL91UWWHAvJ3tTq/16FUypnY9RHM9rHtU8XDLCp4iEzE7rzIywEwX4fUAut4CRf8m
+u3czrhdPh+oQyOyQHZJMdX0mCKZREPgKo2ca5iAFtzOzrgD5OTCD/Pz4+99+gLEMOML1bWQ4
+R43L4YyrB1UIQUAvVmLDhn19bUcIS+wZ3kKI0et24wqjkaIsLSSounGBPxB4jOLhG0BBojzV
+dvqUElOJAiIEEwECAAwFAk2wAP4Fgwll/Z4ACgkQrImYjct//fHn8Q/+JdXKAXtSq5ReGTDR
+F3PcpsQK9q0LGvdyNPZ91oSkGl2UpcRhQ2KqTY0RJa7CZdk/3jG9G8aRuAmC6O5MhcsVU36j
+zBTanDgiSqFEpJCLXWWkPbwWIXdL3/FVm/1iYkDNqOZkWsYxU6BixgrDJoKcIZctt2igZqqa
+qdJYJ8tdbEXfW67rx+cu+DTXuZIuBwFETNix8zL7XpCQZAOG79IvBNaSaJr0x90tn+6rlLrk
+w6+NCXFjzm9aDNGyyWTs7s4kLfDR1LbBGpJNL+kmWmF9hkQTFHDxwNmHPyhjZcHVXaRfdl86
+ahClxBT6hitmurAGDIjjqy0d3Rs41Q3rcm9AZUWH4YbtRn2hXC/VCzsDvZvsjFB258mj4oDl
+jcgeuoY4uJEK8EJa9RJ6z3+UATcDaZTmlWhmb3UhG6suhz4hjmC4Y+JcovSVvq9AJksLJA74
+m6TxExiKzCGwy9xw1gcgJlFD4iVarfV4+jv5YGuPipPwz1ho6+P4uUOOtLFVHesSQ7S0W8eX
+rMdbu1Plw+m+fad/Asb8SoUm4ckfCwgoDMZsrGHBLhMa9D7AW/4z478DWqM6aZnZlpK4pNk+
+/jyW8cPDfjRePFKC/zH2Vm679JGgT13qQUJF1fja4KOSEi0lIKegPCRVJ1h0MseVgd2Qa9vX
+2VJwbZkrnoBa6VZH8dqJAj4EEwECACgCGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW
+76tkBQkNAhVIAAoJEJ9vHC1+BF+N2tYQAIxArTFi1m0C8sv/wIJwKL3Y6LWu1dEZadHLslfT
+bSF+2ZaWIyrg/QXcIkpUuGBn+V2nw46qZ8N+bAsxVJoJDzpRuqfs5+t/wq7xIZC4gzFjY4MH
+3uGi5jhucMdozYKqLomQE34bW2B3Co3+Rx5wXa2reqXaTt5f3X74D4XkCki7WyKXMk8vhnxb
+oxU50qu3MQzu3rWFGWxukQ+Pva9tUFnWGZOIgvhVbB3FBhqbEGg56d6yTIMMb6IwIjc/UYbc
+RCST70B5y3+If26u4TSbGfZoo3xx+6hH3dw8X+jMLFLki3ABWc17f1ZE7UZPbNhoWBibSV/1
+zNylGxHM1sbD3fyVneI9SJl77JsqAsqRWa+uQzn2WMdP31KsLXhVfGBDBKziBLet3Ntj20+m
+zrZnWr7EJV9PHUhjk/ie3n3HBBXQjD6lX1L+ZVw6c9eXVQpvS2051gkSuurdGkX8PaD80O0v
+Q5aohrwu+sGXJBiZY8q8rDvq+3hsnc1TfWNJzSjD+PsQ5WM6y3zqzrb3Oa2dsmNZWvos7LkQ
+NQ+6yaoe/W3hnhEyN/w6sl01sUmhFdm/wVtbg3Nd4a0x/yTq8p56Ol0wfj54u6hkbt1yFTUl
+xx+Cp/BanLSiOZvn12slxpCBULom/D2XROYY80iwThSshahxoWC/h04q8cDaFycwMzyuiQI+
+BBMBAgAoBQJNr/0cAhsjBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCfbxwt
+fgRfjd8qEACMp3672f/ETQL/ZS3EnNj1937xu6ESRCUsvbjMiGzLW/2tQVQnoV40fBoRyeQ/
+2d40VgUCsNayy7zqm7gRpKSjEddNGVReM//HuglrUwDhctvH9SUMNvJIpTeyur456NtUtSSd
+VyQHaBXYnMm9Ultq/imKHen40shdJW+9aHfrHZ0hPTv8XQqssrunF/gMHw3LiemPIjlrvAnl
+gM+NS0dUAVEJAm/9PJlXwhLvgo/jN9Y4zw2RMlAMNtfb6+EBXtKN7fjLL9AFGb3EZFuvvKj+
+ZTuiOcHv991gS2R+9JYRb2LaGzOxzjAo4XkWYLks70ahBE3044mtblYt2M9qjOAhXSSGRehK
++/cinAd42Krrpba55R3V2fyGbB1UZOiX4qhZM/btU/T5LzKEOOdmlKJhk4PcUHIZyqXtRPKL
+CoC7pWmPos0xKmfKR/x1lif2E9d/5/KcSvRGwv/EpFYclzXoTkgBg2Wq/rY1QaH4M0vK/hg8
+r/qQU0po4rSK1V2TboYoC6daO077OJIypXBZy4Xwxyfsm+ScomXdNW1b2qp30YQAql31paAt
+LrJUW3oKGMCVIF9ATq7Drhxh9knxo3f0JwNG3BFzNpKdQ6dYKrXBHeUIrZuuO2M/pXlpIa5j
+JrU8Krpl6AHL4M7YSRVD3AM7oV2TX6kCTDhkcQBlSND/e4kCVQQTAQIAPwIbIwYLCQgHAwIG
+FQgCCQoLBBYCAwECHgECF4AWIQTt+qPyyk5usFaBr46fbxwtfgRfjQUCWaU4BQUJEZjVaQAK
+CRCfbxwtfgRfjb1YEACjkhtkyZkYURUmSZNL2IK/Zencv7DZGRfFrzijROFtHbe//H8o2Zhl
+yiaFSA/dT1ehjsukkR0oFkYadA+qUi06WpxGmd/jf8hP4yTUZkwOhQAesWoNmnhKePNaVMKY
+8DP57bA+N2pdCcGu7gUtYzq2JoTAtV+P/PE2w+H9eyBAulv6iUckM5/qvGfJPl8HB9BtgOpG
+N79otVWO6ebM4TQ3cZYI9BDQnt9cF2pviex+z1iLZVJ8UeRxSxYhrBKPJioi0Q1OgcKyO56t
+7EotzxKl5TzprgvdX4cdls+lehD8StlE2Xv/TScHvdOhJuVBrn3a3QjZPb4qSsz74leW5/EI
+QmozBy+qf8AHcCmTXwb2U7oHOct7cVyS5+bFx+ThpV5OK0rjTH1LMNiuTeAN46c1y3prjZRp
+QUlgVwj06q3Zz/fzDyueUS/r4lW4nAf/VNZy/rTS2HYPoZbHZVCtGpDIfag6fV6V97Pd3zfh
+Tf2wmsJsw9Xhktp/o7rMBRSMhvL4oevOXb0JSG2583Q/JnCCceB4NxRRxsgkRYHwdnXN9FnO
+PSa4NyvF4rzpPksLGZrhvm+lBvzVn/e40Q/KlxvSlnn2vW/WBM4pBq1jsoJrd/JkTdijZV7m
+t7HQ2bCLXAPgfZjy7n79WiCQVHg7iYnNikiNWR5TR7JcvdkxOdiA/4kCVQQTAQgAPwIbIwYL
+CQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQTt+qPyyk5usFaBr46fbxwtfgRfjQUCXe4JdQUJ
+GaQN2QAKCRCfbxwtfgRfjQ8gEACe+49aDQHRuZdDHK1VCJKzhb+MvfdIjvl8eQxljpG9Uz5Y
+17Bx4SWfuLHCeGlh1m6IOAWeW4g6Wowm1ec1PkVa79TdrkKb0MxfLSat6iDbiuVjDxy2bWok
+W0/cPzJ/FoWDtEC0H9UTAMb5QGBDZUbLuwX7ZjvMkAhH15/hO9Gj4RHoH1RJGJALRtZzjtzs
+JqL53kW/EV59V1T79Nocyx018iw50Jn02mI8wYJZ9HZc5C7D+K59vcqLRZgkrJrObw0sEv3Y
+FOBYp/1DemH2nHPMBSKMmN5RAcr32guUjd4BEWf2Q7Ao+Qnhdi161W0YKCW4JAmOoQ4bQ0wf
+E9Q5aUIGhUF52L+ac8Hy7dByaCExCA/WTqQQ/iVPybmpJQhFonWt/fmpxbE2wKThSEOHTO67
+e5e3JfUb0vNKssyZojao4h1MF5nvaPNKoybWwKnpNM0ORcyl+aogKwW7E15TEU0TE5//gAsF
+wRDcCnSEKnksgM0321m17RDfJbCajIv47DHDYE3yvhRZjCJCaw0Gow1sDRWjdOFpmIixD5/v
+x5uxyqSHPuGAsXlEvl+Z3Rdc5bQ7pAWu7UNpR3hnJPfg8KL2xqOF75VKG9/NjLE80yj8wdVo
+CfDvvizrBtOXnHI49gCMCfNqbGIb5yVhmTdeo7li+Te9hlJ2DrHnujGJlFe+p7kCDQRNr/0c
+ARAApvDKeVLiSazESdTY9KsSWsqoB38pvOsu25M49tEjc5TtY5LwKNckqkeRlJ83O8dFG7UB
+VuGwLKaf/6OR/pe24upZ27eOOWW7sXvQNv5aXlOYfF+mjIhUINqjq4pKDmO1c9J7h5d+auOV
+fzcgfotg3BVCaKn56ucjiQJ059uUMfgWTvVlibnoJ7deZcgt8v7VcLK9jv+P8QJHTIyDzJd+
+JjdjuHXqC/A37T5G9Z84x8wYrQY6mZmOIYaMjwIKdgFeN+nLk5henARUz4MTFUW4j9hHpuyA
+FomDQ93/wkHZ9IEChTxdZnfvsd//Z45vfcX9dQM+tuR8XCYThVsScI1TnwR46hi5NkfmHo3H
+VxwB8/owJ+FZDsTNBbJd7AVy27Xk4L5hLe7BwLDtFMyOp4lOipCM7//mtFB9mTzqnOwiSSyT
+RlwGUBJkzQFWQa0Z6bfYwA6+y1dn19H519GW49irtl+2+W8W4N8oLriIjPvqrQOyaELFcRfV
+6FfLi09HPhHVbejOqIEbOtfuN0+mjrrGAwortfTBjfw80N+W90BTvta4K2SyjHcJTkDYehfO
+o/5IMpGtDsOgvsCbDaFRnNJuYtSqQmvWk1KIPIw6CkdJtZa3+q3YA7D7ovOVH1OBTKNdBjc+
+X4W8L5R9MCymXWvgiP+52Sv1VIcZmsnCBrwK490AEQEAAYkCJQQYAQIADwIbDAUCVu+raQUJ
+DQIVTQAKCRCfbxwtfgRfjVnYEACZ1E/FfLDi4vLUd9diImmNN/zWDHxTsO/VG3lt50rSoJM5
+NGB4RlwcbUKhah2fD44FFiIqGIvKD9hRgB51dVRIkaR3ozVtXRBKxJJqWj38wf2FDLtUXC5/
+JHYb0sjAc3ad2sA9xEmEBVO1lWK3J6h4gKZiAGlWz3oeOSve3vrTKsBlP0CurUeb4WTVpw4d
+rBJD7cDh8SJ4/Cq76UFx8lW0xR+pHZHcd0/Ir5v5HnnEgbnut4IxeY3/CGBfQfSQHylK7ifm
+PWq+dflC/ZdfHY1V96EHKPM44ZLwiczoY3qp5nkmEc3BY6+P8Ch5gddOYaY18wpedarswnpO
+LQD2Xbsj66Eh0IZuuuZGyfOqJNaWbP33L27eg35XQNTgyhuZmDyRKL6yAbhU74TXCCvze/kk
+fqDn2ouCtM8/kqLX1v0+NkBxlhZUkTTVDyclZtwu6Vypus3+j2Zqk8sXeUZI64sjXpzwOcMZ
+xdl3QuyxMktExWzk9Q5DYqO+pj/YGt1vp2M0YgSUWNWCvfBcjEPFgaljyqz3BdvR/LYohnXu
+QL9SWObF+sIFc9D0w/yORYQcKP5kSWVC/qwFdC61OGeSDnQ/0o0T5PefhYS82gsIrjQ+HIJ7
+CLUTk7kBNljvtfpoWegH02feR0kSRoCXA6x+YHT4fmB41pW8S1V5a5dEltA/JIkCJQQYAQIA
+DwUCTa/9HAIbDAUJCWYBgAAKCRCfbxwtfgRfjTY/D/9+kX8LeqBhwDdwy3udV67KmVmytwGM
+fzBHbAyBdy84X06ip/If/VkjL+2Sv5Uml/cOOzGZT7y/KEt0uXQzgOZhGP5Y0OREf4kSzfb7
+tsGu3ZjTp5uJe7HiJr8uqYGfx94TQG/A3x1C7MlxOGmWDK/Eh/eNVeNd+3yyDEzl2p7a0yUh
+I8LtzllVrEDX+G4rz+mdDw4tfPDqzRPzPvVtPfqnfofHP5r2dshGe7+pCTC+o0jHWpaiFkEi
+IrR3PbZ9tV6+F5LzCUJJP5nepz6CShpLHq9ST6qZiw5ZpdznHW0kVl96YxgynJq9Y4dqD/8n
+OfTzdHhXXEogGvRfcxatxeZF7YNFhUU2p+CswAjRKCUzZAz0hDAu+dJ+fw4Odx7ii8uiwhEn
+EHoo8rPETkXwUK1je4MCzMRSy0Gippzk/oZ7noIml+Njas/UygavUOQm8bcPqGfWeFqvM2C7
+ZobL2iV0fX/bhEmQyosiWJ0nHuKdwDYygYs/4LtZLxwiKli/lm6IDz1028j6/98Z81gGoltX
+WokTYAPEgcBuhyiSLSQ1wojTVMYt9rPKMBakTzP+0FoWqoNafWOlHovP6iUB2Igll2ZT3Avr
+BQ8jAbRbuUl46QpBaKsl+pBo86az0fRkMxv0N4dQv4Q7Z0g71u9NTpaq1vtAZOwc0kl3uGNK
+18PnV4kCPAQYAQIAJgIbDBYhBO36o/LKTm6wVoGvjp9vHC1+BF+NBQJZpTgKBQkRmNVuAAoJ
+EJ9vHC1+BF+NyNQP/A3h+cOOkYUxyKpNHdtlIfCn8db5tHXSCbE19Qi7EK1SiK5atjo+VoRt
+B+L01kH6GCx5oZjeIhUdzYFwEUsdCDgwD6r0dKFwKIGa4TFcfnx+Z5B+HZgLYc6ac5PEHF1q
+ZVXZH9GSGeNw5h2yyqf4yhvetSN6L2id14m5XXJV5e7NfOgmaSnG0Z+wQvPSiu+Q00XpENT8
+HFSTSCjRATjk12rpy6TPeeC52NK1gLhGDRHN0k6m+vm4yoC+Nd6iPQpnc+5xs7NDnq2dFuST
+p7UTGebzPhhdSQgujEFuYLwzQMZu1h5amtA+v9j7BYEJkOMC7bm1PNNA2QQ6QfH8Hf+mJeIN
+yJO8A5KS3ceP+eo3SLR8T0hPzu9gZuZ22Hn3DXQh1VNRshaLKgNvoXpL3dQ48d1SFFKhEDpy
+2HSXUq2fs5rH0uszFGesG7K6EQRAYRcDrCkt9fdfkvCSxAFw9d+472xThzgKcN+MkOec+SaY
++xlVULjEfCWyRVC8Opam4mTm/XT4mVLxP/qnsy7kEhLoc/ouB+lY/ks06LpZJvCXL6WfA9Yo
+u1Fi1Mg7GhSh9JKg6X6E8Trm+N4dxJGut1xbbGmmKXqfi4pej9KlkdeM9t1df/vWKlPa7Hzd
+8H0btgJx066wC4yt0ghxtsJXBsCDxWLfzaSRZ2/eP16mHqxDjsQQiQI8BBgBCAAmAhsMFiEE
+7fqj8spObrBWga+On28cLX4EX40FAl3uCX0FCRmkDeEACgkQn28cLX4EX43TQA/+JV8ReMRJ
+Cn3Cfqbe5ycFn8p6dIVnJiQuhiEyu5yzdpSkKyzcVFJObQcqw7s50FJuLUbxdvbcuGIaoTu7
+dhBoUXO5tOuIQAsKTfGfgoOgelJm+/q2h645EnAVINGbMDXrmo4/UFJkNjUMA6SQi/yiam7N
+0y58eoDC4sGmBKuN2EW2MoWahlXw8SS1+Ab9qVBs/RqbSy6f1nJL39aPpPDmvyJOSYtHnNSF
+lYWVhr0zGAi5rnswlFGrECGbHpr5FajUK7zcmtNPbi7F30K48xfF3XnDIeIBcerrEBQMaPUZ
+cBlddGhmSVVJZU/YhR35JNgPnmp33gOuZaRiW9lauZFwsMQBIBkLpJWoUtu8QLkyC0HmJzVR
+ep0/s1RkzaJ+1G1BzXTQiXaLaUQWG5h3pcMD8fxY5qp9KbG/+10bY0sRbRBXgS6mz7ddHaBt
+g/E8ty2nEB1HDXA9HAHu7KlH9e96sPZjz9C46ZiOXe6ZAOk6wBYts4RG4bCQ9pGORJ+P2Jr2
+pz1NZQbs1AhnjJixTsfZfsGZ5lHxGLjIyxtdGB/irLEqNTIMek2yp4CShmWoZwN0V3aGYMe/
+rC4tSXG79IeKNwF3Vd5MHtB+hcJG2qztBtKQuW29rbRA5bNxwTWe8skwOKsxXnP9RC974k0X
+kPS+VwgmVgNN1ewS/0oHvmEP71Q=
+=ZSkT
+-----END PGP PUBLIC KEY BLOCK-----
+</pre>
+</body></html>