%{?!with_python:      %global with_python      1}

%{?!with_python3:     %global with_python3     1}

%{?!with_munin:       %global with_munin       1}

%if 0%{with_python} == 0

# if not building Python, don't build Python3

%global with_python3 0

%else # with_python

# needed just for EPEL

%if 0%{?rhel} <= 6

%{!?__python2: %global __python2 /usr/bin/python2}

%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}

%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}

%endif # rhel <= 6

%endif # with_python

%global _hardened_build 1

#global extra_version rc1

Summary: Validating, recursive, and caching DNS(SEC) resolver

Name: unbound

Version: 1.6.6

Release: 1%{?extra_version:.%{extra_version}}%{?dist}

License: BSD

Url: https://www.unbound.net/

Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz

Source1: unbound.service

Source2: unbound.conf

Source3: unbound.munin

Source4: unbound_munin_

Source5: root.key

Source7: unbound-keygen.service

Source8: tmpfiles-unbound.conf

Source9: example.com.key

Source10: example.com.conf

Source11: block-example.com.conf

# From https://data.iana.org/root-anchors/icannbundle.pem

Source12: icannbundle.pem

Source13: root.anchor

Source14: unbound.sysconfig

Source15: unbound-anchor.timer

Source16: unbound-munin.README

Source17: unbound-anchor.service

Group: System Environment/Daemons

BuildRequires: flex, openssl-devel

BuildRequires: libevent-devel expat-devel

BuildRequires: pkgconfig

%if 0%{with_python}

BuildRequires: python2-devel swig

%endif # with_python

%if 0%{with_python3}

BuildRequires: python3-devel

%endif # with_python3

BuildRequires: systemd

# Required for SVN versions

# BuildRequires: bison

# BuildRequires: automake autoconf libtool

Requires(post): systemd

Requires(preun): systemd

Requires(postun): systemd

# Needed because /usr/sbin/unbound links unbound libs staticly

Requires: %{name}-libs%{?_isa} = %{version}-%{release}

%description

Unbound is a validating, recursive, and caching DNS(SEC) resolver.

The C implementation of Unbound is developed and maintained by NLnet

Labs. It is based on ideas and algorithms taken from a java prototype

developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also

DNSSEC (secure DNS) validation and stub-resolvers (that do not run

as a server, but are linked into an application) are easily possible.

%if %{with_munin}

%package munin

Summary: Plugin for the munin / munin-node monitoring package

Group:     System Environment/Daemons

Requires: munin-node

Requires: %{name} = %{version}-%{release}, bc

BuildArch: noarch

%description munin

Plugin for the munin / munin-node monitoring package

%endif

%package devel

Summary: Development package that includes the unbound header files

Group: Development/Libraries

Requires: %{name}-libs%{?_isa} = %{version}-%{release}, openssl-devel

Requires: pkgconfig

%description devel

The devel package contains the unbound library and the include files

%package libs

Summary: Libraries used by the unbound server and client applications

Group: Applications/System

Requires(post): /sbin/ldconfig

Requires(post): systemd

Requires(postun): /sbin/ldconfig

Requires(postun): systemd

Requires(preun): systemd

Requires(pre): shadow-utils

%description libs

Contains libraries used by the unbound server and client applications

%if 0%{with_python}

%package -n python-unbound

Summary: Python 2 modules and extensions for unbound

Group: Applications/System

Requires: %{name}-libs%{?_isa} = %{version}-%{release}

Provides: unbound-python = %{version}-%{release}

Obsoletes: unbound-python < %{version}-%{release}

%description -n python-unbound

Python 2 modules and extensions for unbound

%endif # with_python

%if 0%{with_python3}

%package -n python3-unbound

Summary: Python 3 modules and extensions for unbound

Group: Applications/System

Requires: %{name}-libs%{?_isa} = %{version}-%{release}

%description -n python3-unbound

Python 3 modules and extensions for unbound

%endif # with_python3

%prep

%{?extra_version:%global pkgname %{name}-%{version}%{extra_version}}%{!?extra_version:%global pkgname %{name}-%{version}}

%setup -qcn %{pkgname}

%if 0%{with_python}

mv %{pkgname} %{pkgname}_python2

pushd %{pkgname}_python2

%else

pushd %{pkgname}

%endif # with_python

# only for snapshots

# autoreconf -iv

# copy common doc files - after here, since it may be patched

cp -pr doc pythonmod libunbound ../

popd

%if 0%{?with_python3}

cp -a %{pkgname}_python2 %{pkgname}_python3

%endif # with_python3

%build

# This is needed to rebuild the configure script to support Python 3.x

# autoreconf -iv

export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"

export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie"

export CXXFLAGS="$RPM_OPT_FLAGS -fPIE -pie"

# ./configure script common arguments

%global configure_args --with-libevent --with-pthreads --with-ssl \\\

            --disable-rpath --disable-static \\\

            --enable-subnet --enable-ipsecmod \\\

            --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\

            --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\

            --enable-sha2 --disable-gost --enable-ecdsa \\\

            --with-rootkey-file=%{_sharedstatedir}/unbound/root.key

%if 0%{with_python}

pushd %{pkgname}_python2

%else

pushd %{pkgname}

%endif # with_python

%configure  \

%if %{with_python}

            --with-pythonmodule --with-pyunbound PYTHON=%{__python2} \

%endif # with_python

            %{configure_args}

%{__make} %{?_smp_mflags}

%{__make} %{?_smp_mflags} streamtcp

%if 0%{with_python}

popd

%endif # with_python

%if 0%{with_python3}

pushd %{pkgname}_python3

%configure  \

            --with-pythonmodule --with-pyunbound PYTHON=%{__python3} \

            %{configure_args}

%{__make} %{?_smp_mflags}

%{__make} %{?_smp_mflags} streamtcp

popd

%endif # with_python3

%install

install -p -m 0644 %{SOURCE16} .

%if 0%{with_python}

pushd %{pkgname}_python2

%else

pushd %{pkgname}

%endif # with_python

%{__make} DESTDIR=%{buildroot} unbound-event-install install

install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp

%if 0%{with_python}

popd

%endif # with_python

%if 0%{with_python3}

pushd %{pkgname}_python3

%{__make} DESTDIR=%{buildroot} unbound-event-install install

install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp

popd

%endif # with_python3

install -d -m 0755 %{buildroot}%{_unitdir} %{buildroot}%{_sysconfdir}/sysconfig

install -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/unbound.service

install -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/unbound-keygen.service

install -p -m 0644 %{SOURCE15} %{buildroot}%{_unitdir}/unbound-anchor.timer

install -p -m 0644 %{SOURCE17} %{buildroot}%{_unitdir}/unbound-anchor.service

install -p -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound

install -p -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/unbound

install -p -m 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/sysconfig/unbound

%if %{with_munin}

# Install munin plugin and its softlinks

install -d -m 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d

install -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound

install -d -m 0755 %{buildroot}%{_datadir}/munin/plugins/

install -p -m 0755 %{SOURCE4} %{buildroot}%{_datadir}/munin/plugins/unbound

for plugin in unbound_munin_hits unbound_munin_queue unbound_munin_memory unbound_munin_by_type unbound_munin_by_class unbound_munin_by_opcode unbound_munin_by_rcode unbound_munin_by_flags unbound_munin_histogram; do

    ln -s unbound %{buildroot}%{_datadir}/munin/plugins/$plugin

done

%endif

%if 0%{with_python}

pushd %{pkgname}_python2

%endif # with_python

%if 0%{with_python3}

# install streamtcp man page

install -m 0644 testcode/streamtcp.1 %{buildroot}/%{_mandir}/man1/unbound-streamtcp.1

%endif

install -D -m 0644 contrib/libunbound.pc %{buildroot}/%{_libdir}/pkgconfig/libunbound.pc

%if 0%{with_python}

popd

%endif # with_python

# Install tmpfiles.d config

install -d -m 0755 %{buildroot}%{_tmpfilesdir} %{buildroot}%{_sharedstatedir}/unbound

install -m 0644 %{SOURCE8} %{buildroot}%{_tmpfilesdir}/unbound.conf

# install root - we keep a copy of the root key in old location,

# in case user has changed the configuration and we wouldn't update it there

install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/unbound/

install -m 0644 %{SOURCE13} %{buildroot}%{_sharedstatedir}/unbound/root.key

# remove static library from install (fedora packaging guidelines)

rm %{buildroot}%{_libdir}/*.la

%if 0%{with_python}

rm %{buildroot}%{python2_sitearch}/*.la

%endif # with_python

%if 0%{with_python3}

rm %{buildroot}%{python3_sitearch}/*.la

%endif # with_python3

# create softlink for all functions of libunbound man pages

for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove;

do

  echo ".so man3/libunbound.3" > %{buildroot}%{_mandir}/man3/$mpage ;

done

mkdir -p %{buildroot}%{_localstatedir}/run/unbound

# Install directories for easier config file drop in

mkdir -p %{buildroot}%{_sysconfdir}/unbound/{keys.d,conf.d,local.d}

install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/unbound/keys.d/

install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/unbound/conf.d/

install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/unbound/local.d/

# Link unbound-control-setup.8 manpage to unbound-control.8

echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control-setup.8

%pre libs

getent group unbound >/dev/null || groupadd -r unbound

getent passwd unbound >/dev/null || \

useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \

-c "Unbound DNS resolver" unbound

%post

%systemd_post unbound.service

%systemd_post unbound-keygen.service

%post libs

/sbin/ldconfig

%systemd_post unbound-anchor.timer

# start the timer only if installing the package to prevent starting it, if it was stopped on purpose

if [ "$1" -eq 1 ]; then

    # the Unit is in presets, but would be started after reboot

    /bin/systemctl start unbound-anchor.timer >/dev/null 2>&1 || :

fi

%preun

%systemd_preun unbound.service

%systemd_preun unbound-keygen.service

%preun libs

%systemd_preun unbound-anchor.timer

%postun

%systemd_postun_with_restart unbound.service

%systemd_postun unbound-keygen.service

%postun libs

/sbin/ldconfig

%systemd_postun_with_restart unbound-anchor.timer

%triggerun -- unbound < 1.4.12-4

# Save the current service runlevel info

# User must manually run systemd-sysv-convert --apply unbound

# to migrate them to systemd targets

/usr/bin/systemd-sysv-convert --save unbound >/dev/null 2>&1 ||:

# Run these because the SysV package being removed won't do them

/sbin/chkconfig --del unbound >/dev/null 2>&1 || :

/bin/systemctl try-restart unbound.service >/dev/null 2>&1 || :

/bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :

%check

%if 0%{with_python}

pushd %{pkgname}_python2

#pushd pythonmod

#make test

#popd

%else

pushd %{pkgname}

%endif # with_python

make check

popd

%if 0%{with_python3}

pushd %{pkgname}_python3

#pushd pythonmod

#make test

#popd

make check

popd

%endif # with_python3

%files

%doc doc/CREDITS doc/FEATURES

%{_unitdir}/%{name}.service

%{_unitdir}/%{name}-keygen.service

%attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name}

%attr(0644,root,root) %{_tmpfilesdir}/unbound.conf

%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf

%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}

%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/keys.d

%attr(0664,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/keys.d/*.key

%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/conf.d

%attr(0664,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf

%dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/local.d

%attr(0664,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf

%{_sbindir}/unbound

%{_sbindir}/unbound-checkconf

%{_sbindir}/unbound-control

%{_sbindir}/unbound-control-setup

%{_sbindir}/unbound-host

#%if 0%{with_python3}

%{_sbindir}/unbound-streamtcp

#%endif

%{_mandir}/man1/*

%{_mandir}/man5/*

%exclude %{_mandir}/man8/unbound-anchor*

%{_mandir}/man8/*

%if 0%{with_python}

%files -n python-unbound

%license pythonmod/LICENSE

%{python2_sitearch}/*

%doc libunbound/python/examples/*

%doc pythonmod/examples/*

%endif

%if 0%{with_python3}

%files -n python3-unbound

%license pythonmod/LICENSE

%{python3_sitearch}/*

%doc libunbound/python/examples/*

%doc pythonmod/examples/*

%endif

%if 0%{with_munin}

%files munin

%doc unbound-munin.README

%config(noreplace) %{_sysconfdir}/munin/plugin-conf.d/unbound

%{_datadir}/munin/plugins/unbound*

%endif

%files devel

%{_libdir}/libunbound.so

%{_includedir}/unbound.h

%{_includedir}/unbound-event.h

%{_mandir}/man3/*

%{_libdir}/pkgconfig/*.pc

%files libs

%doc doc/README

%license doc/LICENSE

%attr(0755,root,root) %dir %{_sysconfdir}/%{name}

%{_sbindir}/unbound-anchor

%{_libdir}/libunbound.so.*

%{_mandir}/man8/unbound-anchor*

%{_sysconfdir}/%{name}/icannbundle.pem

%{_unitdir}/unbound-anchor.timer

%{_unitdir}/unbound-anchor.service

%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}

%attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key

# just left for backwards compat with user changed unbound.conf files - format is different!

%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key

%changelog

* Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1

- Resolves: rhbz#1483572 unbound-1.6.6 is available

- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit) 

* Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4

- Rebuilt with KSK2017 added to root.key and root.anchor

- Remove noreplace for root key files. We can only improve these files over local copies

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Sun Jul 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-1

- Updated to 1.6.4 full release, patch to allow missing ipsechook

- Resolves rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook

* Thu Jun 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-0.rc2

- Update to 1.6.4 (esubnet, ipsecmod support, bugfixes)

* Tue Jun 13 2017 Paul Wouters <pwouters@redhat.com> - 1.6.3-1

- Updated to 1.6.3 (fixes assertion failure when receiving malformed packet with 0x20 enabled)

* Thu Jun 08 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-2

- Patch for cmd: unbound-control set_option val-permissive-mode: yes

* Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1

- Update to 1.6.2 (rhbz#1425649)

- Updated unbound.conf with new options

* Wed Mar 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-6

- Call make unbound-event-install to install unbound-event.h

* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Wed Jan 18 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-4

- Remove obsoleted DLV key

* Mon Jan 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-3

- Actually remove dependency because minimum is always satisfied

* Mon Jan 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.0-2

- Depend on openssl-libs, not opensl

* Wed Dec 21 2016 Kevin Fenzi <kevin@scrye.com> - 1.6.0-1

- Update to 1.6.0

* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.5.10-3

- Rebuild for Python 3.6

* Wed Oct 26 2016 Ilya Evseev <evseev.i@cdnnow.ru> - 1.5.10-2

- Bugfix building without python2 and python3

- Fixup streamtcp build (Paul)

* Tue Sep 27 2016 Paul Wouters <pwouters@redhat.com> - 1.5.10-1

- Updated to 1.5.10 (better TCP handling, bugfixes)

- Install pkgconfig file in -devel package

- Updated unbound.conf

* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.9-4

- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages

* Thu Jul 07 2016 Paul Wouters <pwouters@redhat.com> - 1.5.9-3

- Fix upper port range to 60999 because that's what selinux allows

* Thu Jun 16 2016 Paul Wouters <pwouters@redhat.com> - 1.5.9-2

- Patch for allowing more queries before failure (needed for query minimalization)

* Mon Jun 13 2016 Paul Wouters <pwouters@redhat.com> - 1.5.9-1

- Updated to 1.5.9

* Thu Apr 21 2016 Toshio Kuratomi <toshio@fedoraproject.org> - 1.5.8-2

- Fix streamtcp to link against libpython3.x instead of libpython2.x

* Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1

- Update to 1.5.8 (rhbz#1313831) which incorporates rhbz#1294339 patch

- Updated unbound.conf with new upstream options

- Enabled ip-transparent: yes (see rhbz#1291449)

* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.7-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Thu Jan 21 2016 Tomas Hozza <thozza@redhat.com> - 1.5.7-2

- Fix escaping of shell chars in unbound-control-setup (#1294339)

* Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1

- Update to 1.5.7

- Enable query minimalization for enhanced DNS query privacy

- Enable nxdomain hardening to assist with query minimalization and SBLs

- Updated default unbound.conf for new features from upstream.

* Fri Nov 13 2015 Tomas Hozza <thozza@redhat.com> - 1.5.6-1

- Update to 1.5.6 (#1176729)

* Wed Nov 04 2015 Robert Kuska <rkuska@redhat.com> - 1.5.5-2

- Rebuilt for Python3.5 rebuild

* Wed Oct 07 2015 Tomas Hozza <thozza@redhat.com> - 1.5.5-1

- New upstream release 1.5.5 (#1269137)

- Removed the anchor update from %%post section of -libs subpackage (#1269137#c2)

* Tue Sep 15 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-5

- Removed dependency and ordering on unbound-anchor.service in unbound.service

* Thu Sep 03 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-4

- Prefer Python3 build over Python2 build for now (#1254566)

* Mon Jul 20 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-3

- Added ExecReload section to unbound.service (#1195785)

- Removed After syslog.target since it is not needed any more

* Thu Jul 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.4-2

- Start unbound-anchor.timer only on new installations

- Rename root.anchor to root.key in %post section

* Tue Jul 14 2015 Paul Wouters <pwouters@redhat.com> - 1.5.4-1

- Update to 1.5.4

- Removed patches merged into upstream

* Tue Jun 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-8

- Revert: Use low maximum negative cache TTL (5 sec) (#1229596)

* Mon Jun 15 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-7

- Add option for maximum negative cache TTL (#1229599)

- Use low maximum negative cache TTL (5 sec) (#1229596)

* Tue May 26 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-6

- Removed usage of DLV from the default configuration (#1223363)

* Wed May 13 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-5

- unbound.service now Wants unbound-anchor.timer

- unbound-anchor man page moved to the unbound-libs

* Mon May 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-4

- Fixup scriptlets causing systemctl: command not found

- Resolves rhbz#1219587 Error in PREIN scriptlet in rpm package unbound-libs

* Mon Apr 27 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-3

- migrate cronjob to systemd timer unit (#1177285)

- change the period for unbound-anchor from monthly to daily (#1180267)

- Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch

* Thu Apr 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-2

- Fix FTBFS (#1206129)

- Build python3-unbound and python-unbound bindings for Python 3 and 2 (#1188080)

* Mon Mar 16 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-1

- Updated to 1.5.3 which is a bugfix on 1.5.2 for sighup handling

- Updated to 1.5.2 which fixes DNSSEC validation with different

  trust anchors upstream, local-zone has a new keyword 'inform'

* Mon Feb 02 2015 Paul Wouters <pwouters@redhat.com> - 1.5.1-4

- Build with --enable-ecdsa

* Sun Feb 01 2015 Paul Wouters <pwouters@redhat.com> - 1.5.1-3

- Fix post to create root.anchor, not root.key, to match cron job

* Tue Dec 09 2014 Paul Wouters <pwouters@redhat.com> - 1.5.1-2

- Change systemd-units to systemd

- Use _tmpfilesdir macro, don't mark tmpfiles as config

* Tue Dec 09 2014 Paul Wouters <pwouters@redhat.com> - 1.5.1-1

- Update to 1.5.1 for CVE-2014-8602 (rhbz#1172066)

- Removed unbound-aarch64.patch which was merged upstream

- Don't require autotools for non snapshots or run autoreconf

* Fri Nov 28 2014 Tomas Hozza <thozza@redhat.com> - 1.5.1-0.1.rc1

- update to 1.5.1rc1

* Fri Nov 28 2014 Marcin Juszkiewicz <mjuszkiewicz@redhat.com> - 1.5.0-3

- fix build on aarch64

* Wed Nov 26 2014 Tomas Hozza <thozza@redhat.com> - 1.5.0-2

- Fix race condition in arc4random (#1166878)

* Wed Nov 19 2014 Tomas Hozza <thozza@redhat.com> - 1.5.0-1

- update to 1.5.0

* Wed Sep 24 2014 Pavel Šimerda <psimerda@redhat.com> - 1.4.22-6

- Resolves: #1115489 - build with python 3.x for fedora >= 22

* Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 1.4.22-5

- Rebuild for rpm bug 1131960

* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.22-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.22-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Thu May 01 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-2

- Added flushcache patch (SVN commit 3125)

* Thu Mar 13 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1

- Updated to 1.4.22

- No longer requires the ldns library

* Thu Jan 16 2014 Tomas Hozza <thozza@redhat.com> - 1.4.21-3

- Fix segfault on adding insecure forward zone when using only iterator (#1054192)

* Mon Oct 21 2013 Tomas Hozza <thozza@redhat.com> - 1.4.21-2

- run test suite during the build

* Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1

- Updated to 1.4.21, 

- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)

- Removed patched merged in by upstream

- Enable statistics-cumulative for munin-plugin

- Added outgoing-port-avoid: 0-32767 conformant to SElinux restrictions

- Updated unbound.conf

* Mon Aug 26 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-19

- Fix errors found by static analysis of source

* Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-18

- Change unbound.conf to only use ephemeral ports (32768-65535)

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.20-17

- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Mon Jul 22 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-16

- provide man page for unbound-streamtcp

* Mon Jul 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-15

- Re-introduce hardening flags for full relro and pie

- Fixes compilation failure for python module

* Wed Jul 03 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-14

- remove missing unbound-rootkey.service from post/preun/postun sections

- don't hardcode hardening flags, let hardened build macro handles it

* Sat Jun 01 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-13

- Run unbound-anchor as user unbound in unbound.service

* Tue May 28 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-12

- Enable round-robin (with noths() patch)

- Change cron and systemd service to use root.key, not root.anchor

* Sat May 25 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-10

- Use /var/lib/unbound/root.key (more consistent with other distros)

- Enable minimal responses

* Mon Apr 22 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-8

- Refix

* Fri Apr 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-7

- Fix runuser call in post.

* Tue Apr 16 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-6

- /var/lib/unbound should be owned by unbound. group write is not enough

* Fri Apr 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-5

- Fix cron job syntax (rhbz#951725)

- Use install -p to prevent .rpmnew files that are identical to originals

* Mon Apr 8 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-4

- Updated to 1.4.20

- Build with full RELRO (not use -z,relro but with -z,relo,-z,now)

- Fixup man page for unbound-control-setup

- unbound.service should start before nss-lookup.target (rhbz#919955)

- Removed patch for rhbz#888759 merged in upstream

- Move root.anchor to /var/lib/unbound to make selinux policy easier for updating (rhbz#896599/rhbz#891008)

- Move cronjob for root.anchor from unbound to unbound-libs, require crontabs

- /etc/unbound (and all) should be owned by unbound-libs (rhbz#909691)

- Remove Obsolete/Provides for dnssec-conf which was last seen in f13

- Ensure any unbound-anchor failure in post is ignored

* Tue Mar 05 2013 Adam Tkac <atkac redhat com> - 1.4.19-5

- build with full RELRO

- symlink unbound-control-setup.8 manpage to unbound-control.8

* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.19-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Wed Dec 12 2012 Paul Wouters <pwouters@redhat.com> - 1.4.19-3

- Updated to 1.4.19 - this integrates all existing patches

- Patch for unbound-anchor (rhbz#888759)