From 6c630af30575bfb4cffc1afb55092f37376bd2d2bb0aa58a3367b29ba923ca49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 23 Oct 2024 12:06:31 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main unbound revision ad7b7eae882ec29aee37b968f8eb3162 --- libunbound-devel-mini.changes | 81 +++++++++++++++++- libunbound-devel-mini.spec | 2 +- unbound-1.21.1.tar.gz | 3 - unbound-1.21.1.tar.gz.asc | 17 ---- unbound-1.22.0.tar.gz | 3 + unbound-1.22.0.tar.gz.asc | 16 ++++ unbound.changes | 81 +++++++++++++++++- unbound.keyring | 151 ++++++++++++---------------------- unbound.spec | 2 +- 9 files changed, 235 insertions(+), 121 deletions(-) delete mode 100644 unbound-1.21.1.tar.gz delete mode 100644 unbound-1.21.1.tar.gz.asc create mode 100644 unbound-1.22.0.tar.gz create mode 100644 unbound-1.22.0.tar.gz.asc diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes index 0bca02a..4f80089 100644 --- a/libunbound-devel-mini.changes +++ b/libunbound-devel-mini.changes @@ -1,7 +1,86 @@ +------------------------------------------------------------------- +Fri Oct 18 11:13:51 UTC 2024 - Jorik Cronenberg + +- Update to 1.22.0: + Features: + * Add iter-scrub-ns, iter-scrub-cname and max-global-quota + configuration options. + * Merge patch to fix for glue that is outside of zone, with + `harden-unverified-glue`, from Karthik Umashankar (Microsoft). + Enabling this option protects the Unbound resolver against bad + glue, that is unverified out of zone glue, by resolving them. + It uses the records as last resort if there is no other working + glue. + * Add redis-command-timeout: 20 and redis-connect-timeout: 200, + that can set the timeout separately for commands and the + connection set up to the redis server. If they are not + specified, the redis-timeout value is used. + * Log timestamps in ISO8601 format with timezone. This adds the + option `log-time-iso: yes` that logs in ISO8601 format. + * DNS over QUIC. This adds `quic-port: 853` and `quic-size: 8m` + that enable dnsoverquic, and the counters `num.query.quic` and + `mem.quic` in the statistics output. The feature needs to be + enabled by compiling with libngtcp2, with + `--with-libngtcp2=path` and libngtcp2 needs openssl+quic, pass + that with `--with-ssl=path` to compile unbound as well. + + Bug Fixes: + * unbound-control-setup hangs while testing for openssl presence + starting from version 1.21.0. + * Fix error: "memory exhausted" when defining more than 9994 + local-zones. + * Fix documentation for cache_fill_missing function. + * Fix Loads of logs: "validation failure: key for validation + . is marked as invalid because of a previous" for + non-DNSSEC signed zone. + * Fix that when rpz is applied the message does not get picked up + by the validator. That stops validation failures for the + message. + * Fix that stub-zone and forward-zone clauses do not exhaust + memory for long content. + * Fix to print port number in logs for auth zone transfer + activities. + * b.root renumbering. + * Add new IANA trust anchor. + * Fix config file read for dnstap-sample-rate. + * Fix alloc-size and calloc-transposed-args compiler warnings. + * Fix to limit NSEC and NSEC3 TTL when aggressive nsec is enabled + (RFC9077). + * Fix dns64 with prefetch that the prefetch is stored in cache. + * Attempt to further fix doh_downstream_buffer_size.tdir + flakiness. + * More clear text for prefetch and minimal-responses in the + unbound.conf man page. + * Fix cache update when serve expired is used. Expired records + are favored over resolution and validation failures when + serve-expired is used. + * Fix negative cache NSEC3 parameter compares for zero length + NSEC3 salt. + * Fix unbound-control-setup hangs sometimes depending on the + openssl version. + * Fix Cannot override tcp-upstream and tls-upstream with + forward-tcp-upstream and forward-tls-upstream. + * Fix to limit NSEC TTL for messages from cachedb. Fix to limit + the prefetch ttl for messages after a CNAME with short TTL. + * Fix to disable detection of quic configured ports when quic is + not compiled in. + * Fix harden-unverified-glue for AAAA cache_fill_missing lookups. + * Fix contrib/aaaa-filter-iterator.patch for change in call + signature for cache_fill_missing. + * Fix to display warning if quic-port is set but dnsoverquic is + not enabled when compiled. + * Fix dnsoverquic to extend the number of streams when one is + closed. + * Fix for dnstap with dnscrypt and dnstap without dnsoverquic. + * Fix for dnsoverquic and dnstap to use the correct dnstap + environment. + +- Update keyring + ------------------------------------------------------------------- Mon Oct 7 11:07:12 UTC 2024 - Jorik Cronenberg -- Update to 1.21.0: +- Update to 1.21.1: Security Fixes: * Fix CVE-2024-8508, unbounded name compression could lead to denial of service. diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec index fded32d..b37c6c9 100644 --- a/libunbound-devel-mini.spec +++ b/libunbound-devel-mini.spec @@ -22,7 +22,7 @@ %bcond_without hardened_build # Name: libunbound-devel-mini -Version: 1.21.1 +Version: 1.22.0 #!BcntSyncTag: unbound Release: 0 Summary: Just a devel package for build loops diff --git a/unbound-1.21.1.tar.gz b/unbound-1.21.1.tar.gz deleted file mode 100644 index ee68466..0000000 --- a/unbound-1.21.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3036d23c23622b36d3c87e943117bdec1ac8f819636eb978d806416b0fa9ea46 -size 6568258 diff --git a/unbound-1.21.1.tar.gz.asc b/unbound-1.21.1.tar.gz.asc deleted file mode 100644 index d3267b9..0000000 --- a/unbound-1.21.1.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJIBAABCAAyFiEElI60IyLF0At5NA9dz/M0TZCHpJAFAmb+oYkUHGdlb3JnZUBu -bG5ldGxhYnMubmwACgkQz/M0TZCHpJCSFg//UCvlmqfk8YoEdUCeQ33pq0qHD3Sq -t4ZktdfQ8irZ/RbKw4vbdooMWheiMqnpW6YC9V5ROGC3kW6eM3e3rR6pgXEROjnv -HvOgMEZ3t3yL70Fb7JkabklUK9nN4kzMY6MU2DMRxUBUshglSwb6e5j7QBihmGbg -cZHHrtvPcYheCA3fHHFmr7VKluX+jbQpv6uz5JEmkNw5rNxACfla6l2QADuaCS2m -a9DOdt0NJFhnO/J/GxaVdqwAAH8vLb+SGzLgTH26zIfJyvoqhrowM3X2i/sIgcQ6 -0+B2xtuOkpRIqyx0lEf0ShnoyGlW57VJyOBwlmI1RWWBph+KctptvncIH1EVjGbU -yZ5ywPSYVJvT5Z7DVYgRsITKCdLcj7OcfToGGLO3ebmQJDGknpCecgZtRbiPplO0 -Irk45ydwN+g1+dxj5XGip86cEJd0/RlBFg7+iDmWSv8xmrs5mMtB8MM4AifyBR8n -Qa27QhM4bKhWpRZjTnvkLz+nZHfPZGpCr+9lSimFrm51htmjLGU6VD25Bk/7mj6j -Ck5I/1tZLl36+waCDaO3bug+tymrwcPDjWiL9M0Ffl9R/XEtiXotpTWuGzMG7qV5 -tvlYDWnBki+fScSb/ceWhnNyoPbg2XhQk+xuIwTRQpZ8AcK/iOIXDinGRzcrWM98 -lGFgpm3+wJbOGFs= -=TrGe ------END PGP SIGNATURE----- diff --git a/unbound-1.22.0.tar.gz b/unbound-1.22.0.tar.gz new file mode 100644 index 0000000..438f838 --- /dev/null +++ b/unbound-1.22.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c5dd1bdef5d5685b2cedb749158dd152c52d44f65529a34ac15cd88d4b1b3d43 +size 6682466 diff --git a/unbound-1.22.0.tar.gz.asc b/unbound-1.22.0.tar.gz.asc new file mode 100644 index 0000000..9ff5154 --- /dev/null +++ b/unbound-1.22.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmcQu3AACgkQn28cLX4E +X406WxAApGHTdne/RVrQq/v+lUz6CDkkm5r5AXFsmKBGvPJZm+CAEVECq4mKXa5E +X1SqlZCQx/LCcqPqdffEVSlmFiI219rEo2z/wCNJzCJXqzx9B1/daW8vv8k+N2TZ +La2NxlOG2zeyiitxoGCBb5Y3aZgyD9ZIEW/nB7kkt0V41Z60ssLA6zzXAlqxhxp5 +HIMRRzfvPwguDKkEFm390ob+oWiqDGIZTTBRyjJAaGa46o3WBLUYIz1yB51X+v+E +TCpbVV29ZmC4V7G0B96zxg+tnqw2fpkL2DgHTnyKbKaWXwo7aGhxHMux2PuiZKxR +eXeJ0Mz5Np/E0TgVPD33g3idbr6dHzsT+lZ9BuAG+RBJ49iMH/tSDGUTw3/GJvQb +XPWJeRsWSn2MSMNX45n6FH2azBZJ4+VA9tWR2Q5zm2fLzzUVhvhtkwl3fYsmzsam +Lccj9Okp9xFxGohFO4d9NxMP57Tvzi1ur5Fp4dsCH9rfGIzKJTQP1AWAEB1ga9+5 +g+himRGuzpRVoqCXeKp6MBf8kZJIhXxX/94vSyiiWuCTaJQYvMi0+p1dF3TcWEnH +Tpce+9nj9gddrrOXnSs+2Mljt9pm0A8fWSsqsObf+SGt8QGbpHVkCX74HGbNY5Yz +tun/VDN/tkbOhLX6ibivqAfjKsk8gjlfNme1HbCD3cPUmPrlG54= +=5pYC +-----END PGP SIGNATURE----- diff --git a/unbound.changes b/unbound.changes index 7e429ca..18c9724 100644 --- a/unbound.changes +++ b/unbound.changes @@ -1,7 +1,86 @@ +------------------------------------------------------------------- +Fri Oct 18 11:02:26 UTC 2024 - Jorik Cronenberg + +- Update to 1.22.0: + Features: + * Add iter-scrub-ns, iter-scrub-cname and max-global-quota + configuration options. + * Merge patch to fix for glue that is outside of zone, with + `harden-unverified-glue`, from Karthik Umashankar (Microsoft). + Enabling this option protects the Unbound resolver against bad + glue, that is unverified out of zone glue, by resolving them. + It uses the records as last resort if there is no other working + glue. + * Add redis-command-timeout: 20 and redis-connect-timeout: 200, + that can set the timeout separately for commands and the + connection set up to the redis server. If they are not + specified, the redis-timeout value is used. + * Log timestamps in ISO8601 format with timezone. This adds the + option `log-time-iso: yes` that logs in ISO8601 format. + * DNS over QUIC. This adds `quic-port: 853` and `quic-size: 8m` + that enable dnsoverquic, and the counters `num.query.quic` and + `mem.quic` in the statistics output. The feature needs to be + enabled by compiling with libngtcp2, with + `--with-libngtcp2=path` and libngtcp2 needs openssl+quic, pass + that with `--with-ssl=path` to compile unbound as well. + + Bug Fixes: + * unbound-control-setup hangs while testing for openssl presence + starting from version 1.21.0. + * Fix error: "memory exhausted" when defining more than 9994 + local-zones. + * Fix documentation for cache_fill_missing function. + * Fix Loads of logs: "validation failure: key for validation + . is marked as invalid because of a previous" for + non-DNSSEC signed zone. + * Fix that when rpz is applied the message does not get picked up + by the validator. That stops validation failures for the + message. + * Fix that stub-zone and forward-zone clauses do not exhaust + memory for long content. + * Fix to print port number in logs for auth zone transfer + activities. + * b.root renumbering. + * Add new IANA trust anchor. + * Fix config file read for dnstap-sample-rate. + * Fix alloc-size and calloc-transposed-args compiler warnings. + * Fix to limit NSEC and NSEC3 TTL when aggressive nsec is enabled + (RFC9077). + * Fix dns64 with prefetch that the prefetch is stored in cache. + * Attempt to further fix doh_downstream_buffer_size.tdir + flakiness. + * More clear text for prefetch and minimal-responses in the + unbound.conf man page. + * Fix cache update when serve expired is used. Expired records + are favored over resolution and validation failures when + serve-expired is used. + * Fix negative cache NSEC3 parameter compares for zero length + NSEC3 salt. + * Fix unbound-control-setup hangs sometimes depending on the + openssl version. + * Fix Cannot override tcp-upstream and tls-upstream with + forward-tcp-upstream and forward-tls-upstream. + * Fix to limit NSEC TTL for messages from cachedb. Fix to limit + the prefetch ttl for messages after a CNAME with short TTL. + * Fix to disable detection of quic configured ports when quic is + not compiled in. + * Fix harden-unverified-glue for AAAA cache_fill_missing lookups. + * Fix contrib/aaaa-filter-iterator.patch for change in call + signature for cache_fill_missing. + * Fix to display warning if quic-port is set but dnsoverquic is + not enabled when compiled. + * Fix dnsoverquic to extend the number of streams when one is + closed. + * Fix for dnstap with dnscrypt and dnstap without dnsoverquic. + * Fix for dnsoverquic and dnstap to use the correct dnstap + environment. + +- Update keyring + ------------------------------------------------------------------- Mon Oct 7 11:06:04 UTC 2024 - Jorik Cronenberg -- Update to 1.21.0: +- Update to 1.21.1: Security Fixes: * Fix CVE-2024-8508, unbounded name compression could lead to denial of service. diff --git a/unbound.keyring b/unbound.keyring index 40aea7f..44e7c95 100644 --- a/unbound.keyring +++ b/unbound.keyring @@ -1,100 +1,57 @@ +pub rsa4096 2011-04-21 [SCA] [expires: 2024-12-07] + EDFAA3F2CA4E6EB05681AF8E9F6F1C2D7E045F8D +uid W.C.A. Wijngaards +sub rsa4096 2011-04-21 [E] [expires: 2024-12-07] + -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFfYHeYBEAC/8SdeXNspt9ZIoZRSL9juNLHA17TXcHdKSthgWBtwwWZbUPq8 -SJr7Y+hr6jMCDKY9800QzLF0nLkyXnZgaBcvR0rRbCT/qvALJ0fpfjcotapZ1hBv -omb9s8Bo28uKn8tbTMXYNsElUae4Ch/CrU1vfe50YoyQgLR8UBa15gV+2RmC+6jI -qxDYS8sylWlDn6Qim+77feLlObPnNdzgfWGZo14eJByTsz0qrh8aS/BS1FAsnEQ6 -W6AqukhpuKuWvoAUXKjfguXQolxeexubmKaLcGOTvecw+cbh/a5SPHRtRVr9qTxp -elk6UEpakY5K9UtZkrG55VWih/4KqY9bNyhJBtpAk1fXA+mYfx5BcFpECYdU9kz4 -UgV5jK0HYRHQTLC91PPVQgH86we+Aae6TaJneCLEIzBK36TgAP8RKrvFfPUym5OP -YbWOom27QTKfRVcyxPKglJxrTSWixnKWS/pqxNY8hF9Ne4crRAF4wX2yBVbGnjNr -S9TpYmjMwURbuYm+rWZk/8w5OJG60V3wax56c0jn/42O3Y2hzQ+PbOv2M4UuuajS -2YL3/KUsRLBapUpPQjzChwzdr/vzFEhk9XxK2VGMN+dh2HjYwDFendc5csyt/cVr -g3LssVS2bKy5g3IhrzCKAk0Sky4S5t/mcN+lWztNvCijuLz58GCym5GwJQARAQAB -tCtHZW9yZ2UgVGhlc3NhbG9uaWtlZnMgPGdlb3JnZUBubG5ldGxhYnMubmw+iQI9 -BBMBCAAnAhsjBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQJhFXGpBQkM8ovDAAoJ -EM/zNE2Qh6SQMTkP/j4dP/X1ILrba+X93LszR0gIGconbznZzn9oK4YR4n6Gi63f -h+vNvVIMEWmJsVsc8tOiN9djUOroIkafLOBuSsi/L7RhRFmNFjLjDIc9mXy60QmJ -+cohIXgEyHUPYd95cWgQDZqC9BtQ2sXsImU3cKqBwcW5X4ev0HkhkFlT00d0+tcv -4W0s4EzjzGM4X1N6HXFP+KZOLsam3OaQikyHW5BKLAzn0Iux43YAY0UH9AI/9Jmq -c/3Zw9frMr6CrWAiVtNA+lVoFu5MxOX3UL+LwBRbo/i7HhMrEiZLP5rIKFlBa8Wa -SzSDGydijESnuFQhkmf3kjFYhheP7D3+YplQg3rWb4JWrN1QwUsxoRYBuqrOWdQs -eXwbxhLNrfWegIp6Y7zQZ770Il5BLSToOXvZ++lIXWz/K41IoyszFfKEpd3vCwjX -gfFi+cvjhNq1oGNg0SAxffujo539fiteiujdGNJ5IDKrYq6ba/oDneqLgevoiLN4 -V39TJRynZCS47TfolqhGkuZ0mXffNPKjdUvPRmIZbA/VxN2Xb4UzuBfo8ySke1E8 -BtvFUuwgIElr6pS8TM/V1CbeOcmX60SbllNO7ta65Wn6NWE898SUPase95rEpyEU -5cz6RV+NLNU+woeg1Oa4pBnRUzhN/kRNMFxpvn8ZspJMPTpX4V/9eMVPkaudiQI9 -BBMBCAAnAhsjBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQJfLTc9BQkJNkzWAAoJ -EM/zNE2Qh6SQg8kP/3AzVxcSlYiMrJn+02z07Hc382BWr4E0N9IywMrrFznMVqI1 -xP4Aj4hOKPwuJXB3vS3RnkF+R50/IlyiiiBg7MmrtZsXDeDRUwKC2qrnoYVQBR4m -RYjIU3tpOKYAwNetclZ/l3y+q+QJq4qlF1x3b1tyBRbNYJL0keD3oouyeHPyidag -RlWaMvyHsMLy2Nm4yg8DrO7DbySMf6OB05nTcQes26l05qAEsAhHw1R+rhMU5Fk/ -pa+itEY9ABjKIjzu/U5yMM0m2SjTX+Wgp43OYvZhsJiMlEfBQoHRjhuR7PIaZv02 -dxYjWTTMgmWOyis8KY6i4wQ9W5XYxrK3PgsVuySJ/m5hkgh9p1WCEjI37K1At34t -renUJJr66BWUWmTKdSxwhkbS4uDPk3DWnZVYQi5aCzUfTZ7tqvChlYAYgnYDz6BE -NDqjHpzKmQ5tMnX/nQUWy/O/+kxgW8/W32pDoxuLtvHCNKPsVU+JdvOiDMGEDDil -rDEIk+6kJG+E2G65qmil4DXJOu2r4emcitCvtrnTv10S8CpjIa7Vmah6USHui7Vv -Jvr+KDcyazCHFhTfOszSU0ttJxxlU1tiub5AF/RYDonPLWVa32jDkaDVrtFiFf3M -jx9J1gFw5Ea5bNuhIxAXTFuoI7Pwe3Kt5DIyUtioerlhgOMkiQzaAxdDFsN6iQI9 -BBMBCAAnBQJX2RCwAhsjBQkFo5qABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJ -EM/zNE2Qh6SQ3JUP/2G3bRNObS7zsfN3rjkbjLxaDOwNggRdbeXM5rHDVEG9SWes -CGaIvyQdkSGQoIaKUgNv7Yp8O8pEnD4IwdhNSaXVIB3pBtdOD0UM1wuxRpfqJOUx -ZEoWT2Jr31Tg2qepp6nT7UmdiF7uCBDy8Jm6k6Q+6UT58cPaesRQdSPi6Go7ho2/ -xVvKVe9ufSTSTdG5+7bJDu6Iv7sydKUEG4jPDqo+jjVLn1X6Rfp+E4JAvOvFrSJH -W5saA332xV40GeV+aM1ndP7dPkz8+AGB3QD7JF2DLcqvLo0TYOvjnlOGYcNp8gzp -23g9KFwe2sdbdtVpuWaJUSpXXiUZnFzrrVxDNiEBjqsPa5ysOxzJ+1gUbcrIjUeN -eAFhus4XL+IidPATnhTIX3X/uPRB87KaTaA8XUqsuSd2DM9mLxdHKC9Jf8D1t+yw -YrekCp+K80vCtFPWBM4+w8nGugTNKJEGIXZDGFOF/c7r6xKkaOYK0Y+IGJawlV5L -aADlBmQpPk0ubYclwb07FcegaHSxxIqUo/kbyt1YV5mU+QVymZ+xyvIBrnW8hBuN -WRvU5acnIZibCERayo8ZuI+r/X3bLHfDx0oh2h+cL3utNZUqmgZNR0Di8P+x0hUY -sYPOTJaDBSgvxUtY0Ci+OWX38kffGGvhW3CM8V6skdVc8cp7Db7gxase4BxxtC5H -ZW9yZ2UgVGhlc3NhbG9uaWtlZnMgPGdlb3JnZUBvcGVubmV0bGFicy5jb20+iQI9 -BBMBCAAnAhsjBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQJfLTc8BQkJNkzWAAoJ -EM/zNE2Qh6SQ1egP/2AbFCOti5egkn+zTGW0ArwbStH7vxTfqEVB0AYJio236kso -hS0f3t+H+6xG4PZAAmSf5Nsi3iPD9pTzFH+Tj8ioZG9aqCvml0sC5+7dc/26AM09 -xpHPzKo7Q318U2eMS8GmOQt9a7n0AFm2mkWb6qZNEYsBa5qDpgNX4j/XfP/n8mFd -p+ESB++GATq79QFWoi35kwea9v9tT/ZKTp4tY51Am2okXTKgpuYXyLjEFOkonYZw -pDBgXfQ7c+ywqhymeb7RHXoehkY+TzkYO13AE2Dp1OczR2DzCJcej0/dM6qqY3xR -taTreFgKxGKTeBBmkB0rRqmCY+83L3uOMuKA3Qu50rLwkTL4pvkZK6sgPMi+Bkiw -2zdb3H0W0uoGUX+3B71QCdpj8jfAogjcEgXFGvhA/rZCFwGhWTbhf/7pFRm1wMZi -ByStEVwNvGKPvdwNqgtzyKilQrwfzj+jDfz6bxHDBHP8BmJXgP7dvWEdTxSL20Xg -tmf8N0XgsHp5BYEz5FrRS7LL6/g02P2hlz0nCRE5vk6/IyV9zBb5/u+ukVLKsD0p -74BdOZBYmGBcNhPSRESrkfzKF7WEDnTMN311+Oo56hmXd7KU4uvKv5wDEtD8jaCB -Kp1hNYJuo1psEZM6rTw+QpCxgsA5NBJ/W7VbrA6m4M0nAemb0H3qQOV+vw/oiQI9 -BBMBCAAnBQJX2RCLAhsjBQkFo5qABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJ -EM/zNE2Qh6SQ32kP/AjwkDKMkQiNQk0tG4BEMO+kmtCMCj/Tado9wazjLJR3vJGS -HNUosUu+J/xcgLHEtaToV1PQ8l4oZO9Gh7b5GN5zXis7fSeJHKZaQGLfqINbjoOm -3snH4tQOFQxg8v7CgpKgeZsEZYtJhcrFoPwX3cCdWz3uc/g9amym/YEWK7AoaxKw -7LJA8++vuMKKfcfmg8f2oOchXQqicBhvPMQqh3m3RGDOj+dZdkEVdYLnG8p6CHCR -1P76BhL9OG9Bja5roDVdETwGe3KV0PTzU0+Lc051Zr2by58U4mwQSJZyl1P4RagP -DknIYBHtTcg5WXcFOjuyF1xgS9FWsMwGlpz4i0Za+iBS/tqUF0daLjxqa9kTTpEj -+cMn+vGPXdL/g86AwdT75pAjlrUbkfeMG7hx6EfiJPVQqajN/NUR9wdvZ2xoqee4 -XNDGaiXSVm7URPKh/4vG+z7ASs3RBH5UM3B4kQk8xeIRyMBJ0u2sQqAVI/YHnIYb -O33cL4dsP5VA5Tfn1oCe9WNtMBXPyLO4ymF3oHMjHWr/+rZWbGqONPci/fSEFFfT -bHYzyCw/97j1dYSWXuy2Qy1tiEFTSwdDYKrMsaGAk3d5ymLawpZWo3wdRk7AkWPp -/1lfvphIzbfAi6Ad+xwwBUlRe8Gtt3XnVYiyE58UU+jraxga35IQxdZ5FweNuQIN -BFfYHeYBEAC2h9yjSe2SgtcB0H+E0ndaewaZaQCE7q+RO43dotGH9eFnVwE4/ftc -K1SN42ihlF5OnTaKPyXvgQ6U8W8VB8eLjeTwA/dSXuJX7kJpEK8saPqJP6zTUmPq -p/GSzS6YrhKLfpFn4chmywpDFcGNMz0sYXiJgPqKL7W0KuG+ziPToAeWl8ckeXyl -77/lHVhWYylaQJEASklqCViPXSp9vI7/57UEm4MQPXwsDBOwuVVqcSu3ZM5MtY9X -lbVPNCYmZIMqmh8HgYwbiq9dTfJi+6v17+uDQGZewWK/WwFM+9dDx7YkTeOBiUdu -YtJPW64NW/RJ7pskbLAy+OZApTZWg0cISN6GOmPN3F0AiWzUjvSMREHhFHyxj4Y1 -5vuDOFvPGFxr4xBiyMX1JLCKK6OFnyPfoJ9v/o3UgrQgLrfXCmKdvkwBCgJvN3Fs -xzha6Dtf6RcZ02fr7SCZZhdBrlrflvC1uWZ0g3A87ss7h4Iw3njlO3aX6Bo9R4VO -LUkiRKi4hmQBxPvXxI2ERmKRomo6lrMaDMzIjD4APSM1vUfZguzQxVYpM8lwy1CO -eqxsj5p+LH6f/EU+4dXZwooJ1uanBOvG2ntnz8SErE+e7wNYE4a/fb8xYM4j7p6q -YtnNZPb8sj8bvx8iWXp4A1csVetyVSchBhTVQhhNos6ouYpc4ibrYwARAQABiQIv -BBgBCAAPAhsMBQJhFXGqBQkM8ovDABQJEM/zNE2Qh6SQCRDP8zRNkIekkF8CD/4z -StdPS9ipir2X9Jd1KoN0ZndZmEn26zy4+vb3ZAFfQLArrzHAbaEOSvGuL9ApXyvR -cCzC44RcNBJeFHoyPoz1uIdkdCPLjZmzeSyPvcPhpJw9zC08nq1JGpq+JkY2WztD -nYOU4xvNTSEBadTPDk4Wgbps205qmGEA49s6baTAAW5+7qna3XzsKCsG7YI7KX9a -HiBvUx55+cqtUiF80mJ9sInhQxqgQ8npz4aNgiY4dV1r0+6fpw9jP38K5RGKR5p+ -E4+CvZ4YpMaLZr04VqxPl/cExsm4u6ZKHrDLPiTnA+3Tn402VUwN3uGVWr1//Ar6 -5fN1hddEo5GKFWnSe9jCG1KDu8RrSjX0vNSRja0dAgPfay/79FM12QogQ34rX64R -K+QTjFY6rD+c8xiS5ZF6Ns7vG9A1w82jpn2jRlWQxrxedAtUg6ky/UhJbg7EKMVZ -WZPuu0vFHPGntBO1aqilg8lJhJ25+PJRLFSAVT85qfewvjvyRYxNHFLyCk704fb8 -hS2Px6vUTgX45MuikufHdvFSQl3dIs7TLQp5pNS0tQ97zYUEvxyyDKJJPhd8ByDd -PvkuAix4/fwjvo4swNHjIfT1NByijU+HlJ1EtMq1ALa6T8ho8nx+ZlwRyWYmstk1 -xx7RyrHfcscU6cVyHG7g2pIADvGy6s1yTCpLI39P+w== -=5n+j +mQINBE2v/RwBEACyQpJlpCeSZBV1QUH7jNEp5xGdo6OnX2h9XoZ4ZPsb+u6OT+xE +SH45ncnISUh8rPCygbeWOoPR/yOBzh+lYoGxQ5iUHtwRrhHq04sQe/qFpXDO2xs6 +1pTcPU2PnH7Rsr2qp6fZLPHuXLolD7NJfaSib8sVeMM0/ecyl/L2bBg9NpaGDX0x +TQh95M8o6AFo6UKWApBpgsvEZr2aH/B8b9KnCWFhfJyheEM7DamksdZNsKxXQyq3 +l/ROfdsMLZGF8vPbYV/v11G4keyaLpn8AbBpybIiw9SYDwf2ENk3+e1NFfMaiiyE +qn9+aaLTKCY87TMUuoN3s3jWOOy5tHXzf6DbKhub4Awsby3DH5YpPhi4N2vj2pAX +Vpl5+m78cH29JLzT+HAoyZ4tq1r3m0P5QogNqYwqxkKWYOjDilNDBiKiDdgtrLYG +x+ABovKG/FvToJoaCL4AFaVCzWmL2uHkSgyBN0FPHatCB1UeEkcQit6T8E2NQqmF +WjUMXSWHHajSMG95+L5PdLHz/Ku0o3Csvlt2pkElYZmzJBfnOM9JevdsmKr/ruJC +/DCZAn5w2S/9ZF5qfo2F9HUKIwE/dChR29HcN8V4nqZs9oCvEMfFhHmrfwDc5hed +hvb6mAkvSFFtKIrygLIVeWRj3FE9sGp6sr4VwOLYTFRNk7mAsWD1rZApeQARAQAB +tCdXLkMuQS4gV2lqbmdhYXJkcyA8d291dGVyQG5sbmV0bGFicy5ubD6JAlUEEwEI +AD8CGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE7fqj8spObrBWga+On28c +LX4EX40FAl3uCXUFCRmkDdkACgkQn28cLX4EX40PIBAAnvuPWg0B0bmXQxytVQiS +s4W/jL33SI75fHkMZY6RvVM+WNewceEln7ixwnhpYdZuiDgFnluIOlqMJtXnNT5F +Wu/U3a5Cm9DMXy0mreog24rlYw8ctm1qJFtP3D8yfxaFg7RAtB/VEwDG+UBgQ2VG +y7sF+2Y7zJAIR9ef4TvRo+ER6B9USRiQC0bWc47c7Cai+d5FvxFefVdU+/TaHMsd +NfIsOdCZ9NpiPMGCWfR2XOQuw/iufb3Ki0WYJKyazm8NLBL92BTgWKf9Q3ph9pxz +zAUijJjeUQHK99oLlI3eARFn9kOwKPkJ4XYtetVtGCgluCQJjqEOG0NMHxPUOWlC +BoVBedi/mnPB8u3QcmghMQgP1k6kEP4lT8m5qSUIRaJ1rf35qcWxNsCk4UhDh0zu +u3uXtyX1G9LzSrLMmaI2qOIdTBeZ72jzSqMm1sCp6TTNDkXMpfmqICsFuxNeUxFN +ExOf/4ALBcEQ3Ap0hCp5LIDNN9tZte0Q3yWwmoyL+Owxw2BN8r4UWYwiQmsNBqMN +bA0Vo3ThaZiIsQ+f78ebscqkhz7hgLF5RL5fmd0XXOW0O6QFru1DaUd4ZyT34PCi +9sajhe+VShvfzYyxPNMo/MHVaAnw774s6wbTl5xyOPYAjAnzamxiG+clYZk3XqO5 +Yvk3vYZSdg6x57oxiZRXvqe5Ag0ETa/9HAEQAKbwynlS4kmsxEnU2PSrElrKqAd/ +KbzrLtuTOPbRI3OU7WOS8CjXJKpHkZSfNzvHRRu1AVbhsCymn/+jkf6XtuLqWdu3 +jjllu7F70Db+Wl5TmHxfpoyIVCDao6uKSg5jtXPSe4eXfmrjlX83IH6LYNwVQmip ++ernI4kCdOfblDH4Fk71ZYm56Ce3XmXILfL+1XCyvY7/j/ECR0yMg8yXfiY3Y7h1 +6gvwN+0+RvWfOMfMGK0GOpmZjiGGjI8CCnYBXjfpy5OYXpwEVM+DExVFuI/YR6bs +gBaJg0Pd/8JB2fSBAoU8XWZ377Hf/2eOb33F/XUDPrbkfFwmE4VbEnCNU58EeOoY +uTZH5h6Nx1ccAfP6MCfhWQ7EzQWyXewFctu15OC+YS3uwcCw7RTMjqeJToqQjO// +5rRQfZk86pzsIkksk0ZcBlASZM0BVkGtGem32MAOvstXZ9fR+dfRluPYq7Zftvlv +FuDfKC64iIz76q0DsmhCxXEX1ehXy4tPRz4R1W3ozqiBGzrX7jdPpo66xgMKK7X0 +wY38PNDflvdAU77WuCtksox3CU5A2HoXzqP+SDKRrQ7DoL7Amw2hUZzSbmLUqkJr +1pNSiDyMOgpHSbWWt/qt2AOw+6LzlR9TgUyjXQY3Pl+FvC+UfTAspl1r4Ij/udkr +9VSHGZrJwga8CuPdABEBAAGJAjwEGAEIACYCGwwWIQTt+qPyyk5usFaBr46fbxwt +fgRfjQUCXe4JfQUJGaQN4QAKCRCfbxwtfgRfjdNAD/4lXxF4xEkKfcJ+pt7nJwWf +ynp0hWcmJC6GITK7nLN2lKQrLNxUUk5tByrDuznQUm4tRvF29ty4YhqhO7t2EGhR +c7m064hACwpN8Z+Cg6B6Umb7+raHrjkScBUg0ZswNeuajj9QUmQ2NQwDpJCL/KJq +bs3TLnx6gMLiwaYEq43YRbYyhZqGVfDxJLX4Bv2pUGz9GptLLp/Wckvf1o+k8Oa/ +Ik5Ji0ec1IWVhZWGvTMYCLmuezCUUasQIZsemvkVqNQrvNya009uLsXfQrjzF8Xd +ecMh4gFx6usQFAxo9RlwGV10aGZJVUllT9iFHfkk2A+eanfeA65lpGJb2Vq5kXCw +xAEgGQuklahS27xAuTILQeYnNVF6nT+zVGTNon7UbUHNdNCJdotpRBYbmHelwwPx +/Fjmqn0psb/7XRtjSxFtEFeBLqbPt10doG2D8Ty3LacQHUcNcD0cAe7sqUf173qw +9mPP0LjpmI5d7pkA6TrAFi2zhEbhsJD2kY5En4/YmvanPU1lBuzUCGeMmLFOx9l+ +wZnmUfEYuMjLG10YH+KssSo1Mgx6TbKngJKGZahnA3RXdoZgx7+sLi1Jcbv0h4o3 +AXdV3kwe0H6FwkbarO0G0pC5bb2ttEDls3HBNZ7yyTA4qzFec/1EL3viTReQ9L5X +CCZWA03V7BL/Sge+YQ/vVA== +=Sy7Z -----END PGP PUBLIC KEY BLOCK----- diff --git a/unbound.spec b/unbound.spec index 123b8e9..407e6cd 100644 --- a/unbound.spec +++ b/unbound.spec @@ -33,7 +33,7 @@ %define piddir /run Name: unbound -Version: 1.21.1 +Version: 1.22.0 Release: 0 BuildRequires: flex BuildRequires: ldns-devel >= %{ldns_version}