Accepting request 1208856 from server:dns

Update to 1.22.0 OBS-URL: https://build.opensuse.org/request/show/1208856 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unbound?expand=0&rev=71
2024-10-20 08:08:52 +00:00 · 2024-10-20 08:08:52 +00:00 · af8df0358b
commit af8df0358b
parent 9e40039e58 1e5b7ccf36
9 changed files with 234 additions and 120 deletions
--- a/libunbound-devel-mini.changes
+++ b/libunbound-devel-mini.changes
@ -1,7 +1,86 @@
+-------------------------------------------------------------------
+Fri Oct 18 11:13:51 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to 1.22.0:
+  Features:
+  * Add iter-scrub-ns, iter-scrub-cname and max-global-quota
+    configuration options.
+  * Merge patch to fix for glue that is outside of zone, with
+    `harden-unverified-glue`, from Karthik Umashankar (Microsoft).
+    Enabling this option protects the Unbound resolver against bad
+    glue, that is unverified out of zone glue, by resolving them.
+    It uses the records as last resort if there is no other working
+    glue.
+  * Add redis-command-timeout: 20 and redis-connect-timeout: 200,
+    that can set the timeout separately for commands and the
+    connection set up to the redis server. If they are not
+    specified, the redis-timeout value is used.
+  * Log timestamps in ISO8601 format with timezone. This adds the
+    option `log-time-iso: yes` that logs in ISO8601 format.
+  * DNS over QUIC. This adds `quic-port: 853` and `quic-size: 8m`
+    that enable dnsoverquic, and the counters `num.query.quic` and
+    `mem.quic` in the statistics output. The feature needs to be
+    enabled by compiling with libngtcp2, with
+    `--with-libngtcp2=path` and libngtcp2 needs openssl+quic, pass
+    that with `--with-ssl=path` to compile unbound as well.
+
+  Bug Fixes:
+  * unbound-control-setup hangs while testing for openssl presence
+    starting from version 1.21.0.
+  * Fix error: "memory exhausted" when defining more than 9994
+    local-zones.
+  * Fix documentation for cache_fill_missing function.
+  * Fix Loads of logs: "validation failure: key for validation
+    <domain>. is marked as invalid because of a previous" for
+    non-DNSSEC signed zone.
+  * Fix that when rpz is applied the message does not get picked up
+    by the validator. That stops validation failures for the
+    message.
+  * Fix that stub-zone and forward-zone clauses do not exhaust
+    memory for long content.
+  * Fix to print port number in logs for auth zone transfer
+    activities.
+  * b.root renumbering.
+  * Add new IANA trust anchor.
+  * Fix config file read for dnstap-sample-rate.
+  * Fix alloc-size and calloc-transposed-args compiler warnings.
+  * Fix to limit NSEC and NSEC3 TTL when aggressive nsec is enabled
+    (RFC9077).
+  * Fix dns64 with prefetch that the prefetch is stored in cache.
+  * Attempt to further fix doh_downstream_buffer_size.tdir
+    flakiness.
+  * More clear text for prefetch and minimal-responses in the
+    unbound.conf man page.
+  * Fix cache update when serve expired is used. Expired records
+    are favored over resolution and validation failures when
+    serve-expired is used.
+  * Fix negative cache NSEC3 parameter compares for zero length
+    NSEC3 salt.
+  * Fix unbound-control-setup hangs sometimes depending on the
+    openssl version.
+  * Fix Cannot override tcp-upstream and tls-upstream with
+    forward-tcp-upstream and forward-tls-upstream.
+  * Fix to limit NSEC TTL for messages from cachedb. Fix to limit
+    the prefetch ttl for messages after a CNAME with short TTL.
+  * Fix to disable detection of quic configured ports when quic is
+    not compiled in.
+  * Fix harden-unverified-glue for AAAA cache_fill_missing lookups.
+  * Fix contrib/aaaa-filter-iterator.patch for change in call
+    signature for cache_fill_missing.
+  * Fix to display warning if quic-port is set but dnsoverquic is
+    not enabled when compiled.
+  * Fix dnsoverquic to extend the number of streams when one is
+    closed.
+  * Fix for dnstap with dnscrypt and dnstap without dnsoverquic.
+  * Fix for dnsoverquic and dnstap to use the correct dnstap
+    environment.
+
+- Update keyring
+
 -------------------------------------------------------------------
 Mon Oct  7 11:07:12 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>

- Update to 1.21.0:
+- Update to 1.21.1:
  Security Fixes:
  * Fix CVE-2024-8508, unbounded name compression could lead to
    denial of service.
--- a/libunbound-devel-mini.spec
+++ b/libunbound-devel-mini.spec
@ -22,7 +22,7 @@
 %bcond_without hardened_build
 #
 Name:           libunbound-devel-mini
-Version:        1.21.1
+Version:        1.22.0
 #!BcntSyncTag: unbound
 Release:        0
 Summary:        Just a devel package for build loops
--- a/unbound-1.21.1.tar.gz
+++ b/unbound-1.21.1.tar.gz
--- a/unbound-1.21.1.tar.gz.asc
+++ b/unbound-1.21.1.tar.gz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJIBAABCAAyFiEElI60IyLF0At5NA9dz/M0TZCHpJAFAmb+oYkUHGdlb3JnZUBu
-bG5ldGxhYnMubmwACgkQz/M0TZCHpJCSFg//UCvlmqfk8YoEdUCeQ33pq0qHD3Sq
-t4ZktdfQ8irZ/RbKw4vbdooMWheiMqnpW6YC9V5ROGC3kW6eM3e3rR6pgXEROjnv
-HvOgMEZ3t3yL70Fb7JkabklUK9nN4kzMY6MU2DMRxUBUshglSwb6e5j7QBihmGbg
-cZHHrtvPcYheCA3fHHFmr7VKluX+jbQpv6uz5JEmkNw5rNxACfla6l2QADuaCS2m
-a9DOdt0NJFhnO/J/GxaVdqwAAH8vLb+SGzLgTH26zIfJyvoqhrowM3X2i/sIgcQ6
-0+B2xtuOkpRIqyx0lEf0ShnoyGlW57VJyOBwlmI1RWWBph+KctptvncIH1EVjGbU
-yZ5ywPSYVJvT5Z7DVYgRsITKCdLcj7OcfToGGLO3ebmQJDGknpCecgZtRbiPplO0
-Irk45ydwN+g1+dxj5XGip86cEJd0/RlBFg7+iDmWSv8xmrs5mMtB8MM4AifyBR8n
-Qa27QhM4bKhWpRZjTnvkLz+nZHfPZGpCr+9lSimFrm51htmjLGU6VD25Bk/7mj6j
-Ck5I/1tZLl36+waCDaO3bug+tymrwcPDjWiL9M0Ffl9R/XEtiXotpTWuGzMG7qV5
-tvlYDWnBki+fScSb/ceWhnNyoPbg2XhQk+xuIwTRQpZ8AcK/iOIXDinGRzcrWM98
-lGFgpm3+wJbOGFs=
-=TrGe
-----END PGP SIGNATURE-----
--- a/unbound-1.22.0.tar.gz
+++ b/unbound-1.22.0.tar.gz
--- a/unbound-1.22.0.tar.gz.asc
+++ b/unbound-1.22.0.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmcQu3AACgkQn28cLX4E
+X406WxAApGHTdne/RVrQq/v+lUz6CDkkm5r5AXFsmKBGvPJZm+CAEVECq4mKXa5E
+X1SqlZCQx/LCcqPqdffEVSlmFiI219rEo2z/wCNJzCJXqzx9B1/daW8vv8k+N2TZ
+La2NxlOG2zeyiitxoGCBb5Y3aZgyD9ZIEW/nB7kkt0V41Z60ssLA6zzXAlqxhxp5
+HIMRRzfvPwguDKkEFm390ob+oWiqDGIZTTBRyjJAaGa46o3WBLUYIz1yB51X+v+E
+TCpbVV29ZmC4V7G0B96zxg+tnqw2fpkL2DgHTnyKbKaWXwo7aGhxHMux2PuiZKxR
+eXeJ0Mz5Np/E0TgVPD33g3idbr6dHzsT+lZ9BuAG+RBJ49iMH/tSDGUTw3/GJvQb
+XPWJeRsWSn2MSMNX45n6FH2azBZJ4+VA9tWR2Q5zm2fLzzUVhvhtkwl3fYsmzsam
+Lccj9Okp9xFxGohFO4d9NxMP57Tvzi1ur5Fp4dsCH9rfGIzKJTQP1AWAEB1ga9+5
+g+himRGuzpRVoqCXeKp6MBf8kZJIhXxX/94vSyiiWuCTaJQYvMi0+p1dF3TcWEnH
+Tpce+9nj9gddrrOXnSs+2Mljt9pm0A8fWSsqsObf+SGt8QGbpHVkCX74HGbNY5Yz
+tun/VDN/tkbOhLX6ibivqAfjKsk8gjlfNme1HbCD3cPUmPrlG54=
+=5pYC
+-----END PGP SIGNATURE-----
--- a/unbound.changes
+++ b/unbound.changes
@ -1,3 +1,82 @@
+-------------------------------------------------------------------
+Fri Oct 18 11:02:26 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to 1.22.0:
+  Features:
+  * Add iter-scrub-ns, iter-scrub-cname and max-global-quota
+    configuration options.
+  * Merge patch to fix for glue that is outside of zone, with
+    `harden-unverified-glue`, from Karthik Umashankar (Microsoft).
+    Enabling this option protects the Unbound resolver against bad
+    glue, that is unverified out of zone glue, by resolving them.
+    It uses the records as last resort if there is no other working
+    glue.
+  * Add redis-command-timeout: 20 and redis-connect-timeout: 200,
+    that can set the timeout separately for commands and the
+    connection set up to the redis server. If they are not
+    specified, the redis-timeout value is used.
+  * Log timestamps in ISO8601 format with timezone. This adds the
+    option `log-time-iso: yes` that logs in ISO8601 format.
+  * DNS over QUIC. This adds `quic-port: 853` and `quic-size: 8m`
+    that enable dnsoverquic, and the counters `num.query.quic` and
+    `mem.quic` in the statistics output. The feature needs to be
+    enabled by compiling with libngtcp2, with
+    `--with-libngtcp2=path` and libngtcp2 needs openssl+quic, pass
+    that with `--with-ssl=path` to compile unbound as well.
+
+  Bug Fixes:
+  * unbound-control-setup hangs while testing for openssl presence
+    starting from version 1.21.0.
+  * Fix error: "memory exhausted" when defining more than 9994
+    local-zones.
+  * Fix documentation for cache_fill_missing function.
+  * Fix Loads of logs: "validation failure: key for validation
+    <domain>. is marked as invalid because of a previous" for
+    non-DNSSEC signed zone.
+  * Fix that when rpz is applied the message does not get picked up
+    by the validator. That stops validation failures for the
+    message.
+  * Fix that stub-zone and forward-zone clauses do not exhaust
+    memory for long content.
+  * Fix to print port number in logs for auth zone transfer
+    activities.
+  * b.root renumbering.
+  * Add new IANA trust anchor.
+  * Fix config file read for dnstap-sample-rate.
+  * Fix alloc-size and calloc-transposed-args compiler warnings.
+  * Fix to limit NSEC and NSEC3 TTL when aggressive nsec is enabled
+    (RFC9077).
+  * Fix dns64 with prefetch that the prefetch is stored in cache.
+  * Attempt to further fix doh_downstream_buffer_size.tdir
+    flakiness.
+  * More clear text for prefetch and minimal-responses in the
+    unbound.conf man page.
+  * Fix cache update when serve expired is used. Expired records
+    are favored over resolution and validation failures when
+    serve-expired is used.
+  * Fix negative cache NSEC3 parameter compares for zero length
+    NSEC3 salt.
+  * Fix unbound-control-setup hangs sometimes depending on the
+    openssl version.
+  * Fix Cannot override tcp-upstream and tls-upstream with
+    forward-tcp-upstream and forward-tls-upstream.
+  * Fix to limit NSEC TTL for messages from cachedb. Fix to limit
+    the prefetch ttl for messages after a CNAME with short TTL.
+  * Fix to disable detection of quic configured ports when quic is
+    not compiled in.
+  * Fix harden-unverified-glue for AAAA cache_fill_missing lookups.
+  * Fix contrib/aaaa-filter-iterator.patch for change in call
+    signature for cache_fill_missing.
+  * Fix to display warning if quic-port is set but dnsoverquic is
+    not enabled when compiled.
+  * Fix dnsoverquic to extend the number of streams when one is
+    closed.
+  * Fix for dnstap with dnscrypt and dnstap without dnsoverquic.
+  * Fix for dnsoverquic and dnstap to use the correct dnstap
+    environment.
+
+- Update keyring
+
 -------------------------------------------------------------------
 Mon Oct  7 11:06:04 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>

--- a/unbound.keyring
+++ b/unbound.keyring
@ -1,100 +1,57 @@
+pub   rsa4096 2011-04-21 [SCA] [expires: 2024-12-07]
+      EDFAA3F2CA4E6EB05681AF8E9F6F1C2D7E045F8D
+uid           W.C.A. Wijngaards <wouter@nlnetlabs.nl>
+sub   rsa4096 2011-04-21 [E] [expires: 2024-12-07]
+
 -----BEGIN PGP PUBLIC KEY BLOCK-----

-mQINBFfYHeYBEAC/8SdeXNspt9ZIoZRSL9juNLHA17TXcHdKSthgWBtwwWZbUPq8
-SJr7Y+hr6jMCDKY9800QzLF0nLkyXnZgaBcvR0rRbCT/qvALJ0fpfjcotapZ1hBv
-omb9s8Bo28uKn8tbTMXYNsElUae4Ch/CrU1vfe50YoyQgLR8UBa15gV+2RmC+6jI
-qxDYS8sylWlDn6Qim+77feLlObPnNdzgfWGZo14eJByTsz0qrh8aS/BS1FAsnEQ6
-W6AqukhpuKuWvoAUXKjfguXQolxeexubmKaLcGOTvecw+cbh/a5SPHRtRVr9qTxp
-elk6UEpakY5K9UtZkrG55VWih/4KqY9bNyhJBtpAk1fXA+mYfx5BcFpECYdU9kz4
-UgV5jK0HYRHQTLC91PPVQgH86we+Aae6TaJneCLEIzBK36TgAP8RKrvFfPUym5OP
-YbWOom27QTKfRVcyxPKglJxrTSWixnKWS/pqxNY8hF9Ne4crRAF4wX2yBVbGnjNr
-S9TpYmjMwURbuYm+rWZk/8w5OJG60V3wax56c0jn/42O3Y2hzQ+PbOv2M4UuuajS
-2YL3/KUsRLBapUpPQjzChwzdr/vzFEhk9XxK2VGMN+dh2HjYwDFendc5csyt/cVr
-g3LssVS2bKy5g3IhrzCKAk0Sky4S5t/mcN+lWztNvCijuLz58GCym5GwJQARAQAB
-tCtHZW9yZ2UgVGhlc3NhbG9uaWtlZnMgPGdlb3JnZUBubG5ldGxhYnMubmw+iQI9
-BBMBCAAnAhsjBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQJhFXGpBQkM8ovDAAoJ
-EM/zNE2Qh6SQMTkP/j4dP/X1ILrba+X93LszR0gIGconbznZzn9oK4YR4n6Gi63f
-h+vNvVIMEWmJsVsc8tOiN9djUOroIkafLOBuSsi/L7RhRFmNFjLjDIc9mXy60QmJ
-+cohIXgEyHUPYd95cWgQDZqC9BtQ2sXsImU3cKqBwcW5X4ev0HkhkFlT00d0+tcv
-4W0s4EzjzGM4X1N6HXFP+KZOLsam3OaQikyHW5BKLAzn0Iux43YAY0UH9AI/9Jmq
-c/3Zw9frMr6CrWAiVtNA+lVoFu5MxOX3UL+LwBRbo/i7HhMrEiZLP5rIKFlBa8Wa
-SzSDGydijESnuFQhkmf3kjFYhheP7D3+YplQg3rWb4JWrN1QwUsxoRYBuqrOWdQs
-eXwbxhLNrfWegIp6Y7zQZ770Il5BLSToOXvZ++lIXWz/K41IoyszFfKEpd3vCwjX
-gfFi+cvjhNq1oGNg0SAxffujo539fiteiujdGNJ5IDKrYq6ba/oDneqLgevoiLN4
-V39TJRynZCS47TfolqhGkuZ0mXffNPKjdUvPRmIZbA/VxN2Xb4UzuBfo8ySke1E8
-BtvFUuwgIElr6pS8TM/V1CbeOcmX60SbllNO7ta65Wn6NWE898SUPase95rEpyEU
-5cz6RV+NLNU+woeg1Oa4pBnRUzhN/kRNMFxpvn8ZspJMPTpX4V/9eMVPkaudiQI9
-BBMBCAAnAhsjBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQJfLTc9BQkJNkzWAAoJ
-EM/zNE2Qh6SQg8kP/3AzVxcSlYiMrJn+02z07Hc382BWr4E0N9IywMrrFznMVqI1
-xP4Aj4hOKPwuJXB3vS3RnkF+R50/IlyiiiBg7MmrtZsXDeDRUwKC2qrnoYVQBR4m
-RYjIU3tpOKYAwNetclZ/l3y+q+QJq4qlF1x3b1tyBRbNYJL0keD3oouyeHPyidag
-RlWaMvyHsMLy2Nm4yg8DrO7DbySMf6OB05nTcQes26l05qAEsAhHw1R+rhMU5Fk/
-pa+itEY9ABjKIjzu/U5yMM0m2SjTX+Wgp43OYvZhsJiMlEfBQoHRjhuR7PIaZv02
-dxYjWTTMgmWOyis8KY6i4wQ9W5XYxrK3PgsVuySJ/m5hkgh9p1WCEjI37K1At34t
-renUJJr66BWUWmTKdSxwhkbS4uDPk3DWnZVYQi5aCzUfTZ7tqvChlYAYgnYDz6BE
-NDqjHpzKmQ5tMnX/nQUWy/O/+kxgW8/W32pDoxuLtvHCNKPsVU+JdvOiDMGEDDil
-rDEIk+6kJG+E2G65qmil4DXJOu2r4emcitCvtrnTv10S8CpjIa7Vmah6USHui7Vv
-Jvr+KDcyazCHFhTfOszSU0ttJxxlU1tiub5AF/RYDonPLWVa32jDkaDVrtFiFf3M
-jx9J1gFw5Ea5bNuhIxAXTFuoI7Pwe3Kt5DIyUtioerlhgOMkiQzaAxdDFsN6iQI9
-BBMBCAAnBQJX2RCwAhsjBQkFo5qABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJ
-EM/zNE2Qh6SQ3JUP/2G3bRNObS7zsfN3rjkbjLxaDOwNggRdbeXM5rHDVEG9SWes
-CGaIvyQdkSGQoIaKUgNv7Yp8O8pEnD4IwdhNSaXVIB3pBtdOD0UM1wuxRpfqJOUx
-ZEoWT2Jr31Tg2qepp6nT7UmdiF7uCBDy8Jm6k6Q+6UT58cPaesRQdSPi6Go7ho2/
-xVvKVe9ufSTSTdG5+7bJDu6Iv7sydKUEG4jPDqo+jjVLn1X6Rfp+E4JAvOvFrSJH
-W5saA332xV40GeV+aM1ndP7dPkz8+AGB3QD7JF2DLcqvLo0TYOvjnlOGYcNp8gzp
-23g9KFwe2sdbdtVpuWaJUSpXXiUZnFzrrVxDNiEBjqsPa5ysOxzJ+1gUbcrIjUeN
-eAFhus4XL+IidPATnhTIX3X/uPRB87KaTaA8XUqsuSd2DM9mLxdHKC9Jf8D1t+yw
-YrekCp+K80vCtFPWBM4+w8nGugTNKJEGIXZDGFOF/c7r6xKkaOYK0Y+IGJawlV5L
-aADlBmQpPk0ubYclwb07FcegaHSxxIqUo/kbyt1YV5mU+QVymZ+xyvIBrnW8hBuN
-WRvU5acnIZibCERayo8ZuI+r/X3bLHfDx0oh2h+cL3utNZUqmgZNR0Di8P+x0hUY
-sYPOTJaDBSgvxUtY0Ci+OWX38kffGGvhW3CM8V6skdVc8cp7Db7gxase4BxxtC5H
-ZW9yZ2UgVGhlc3NhbG9uaWtlZnMgPGdlb3JnZUBvcGVubmV0bGFicy5jb20+iQI9
-BBMBCAAnAhsjBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQJfLTc8BQkJNkzWAAoJ
-EM/zNE2Qh6SQ1egP/2AbFCOti5egkn+zTGW0ArwbStH7vxTfqEVB0AYJio236kso
-hS0f3t+H+6xG4PZAAmSf5Nsi3iPD9pTzFH+Tj8ioZG9aqCvml0sC5+7dc/26AM09
-xpHPzKo7Q318U2eMS8GmOQt9a7n0AFm2mkWb6qZNEYsBa5qDpgNX4j/XfP/n8mFd
-p+ESB++GATq79QFWoi35kwea9v9tT/ZKTp4tY51Am2okXTKgpuYXyLjEFOkonYZw
-pDBgXfQ7c+ywqhymeb7RHXoehkY+TzkYO13AE2Dp1OczR2DzCJcej0/dM6qqY3xR
-taTreFgKxGKTeBBmkB0rRqmCY+83L3uOMuKA3Qu50rLwkTL4pvkZK6sgPMi+Bkiw
-2zdb3H0W0uoGUX+3B71QCdpj8jfAogjcEgXFGvhA/rZCFwGhWTbhf/7pFRm1wMZi
-ByStEVwNvGKPvdwNqgtzyKilQrwfzj+jDfz6bxHDBHP8BmJXgP7dvWEdTxSL20Xg
-tmf8N0XgsHp5BYEz5FrRS7LL6/g02P2hlz0nCRE5vk6/IyV9zBb5/u+ukVLKsD0p
-74BdOZBYmGBcNhPSRESrkfzKF7WEDnTMN311+Oo56hmXd7KU4uvKv5wDEtD8jaCB
-Kp1hNYJuo1psEZM6rTw+QpCxgsA5NBJ/W7VbrA6m4M0nAemb0H3qQOV+vw/oiQI9
-BBMBCAAnBQJX2RCLAhsjBQkFo5qABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJ
-EM/zNE2Qh6SQ32kP/AjwkDKMkQiNQk0tG4BEMO+kmtCMCj/Tado9wazjLJR3vJGS
-HNUosUu+J/xcgLHEtaToV1PQ8l4oZO9Gh7b5GN5zXis7fSeJHKZaQGLfqINbjoOm
-3snH4tQOFQxg8v7CgpKgeZsEZYtJhcrFoPwX3cCdWz3uc/g9amym/YEWK7AoaxKw
-7LJA8++vuMKKfcfmg8f2oOchXQqicBhvPMQqh3m3RGDOj+dZdkEVdYLnG8p6CHCR
-1P76BhL9OG9Bja5roDVdETwGe3KV0PTzU0+Lc051Zr2by58U4mwQSJZyl1P4RagP
-DknIYBHtTcg5WXcFOjuyF1xgS9FWsMwGlpz4i0Za+iBS/tqUF0daLjxqa9kTTpEj
-+cMn+vGPXdL/g86AwdT75pAjlrUbkfeMG7hx6EfiJPVQqajN/NUR9wdvZ2xoqee4
-XNDGaiXSVm7URPKh/4vG+z7ASs3RBH5UM3B4kQk8xeIRyMBJ0u2sQqAVI/YHnIYb
-O33cL4dsP5VA5Tfn1oCe9WNtMBXPyLO4ymF3oHMjHWr/+rZWbGqONPci/fSEFFfT
-bHYzyCw/97j1dYSWXuy2Qy1tiEFTSwdDYKrMsaGAk3d5ymLawpZWo3wdRk7AkWPp
-/1lfvphIzbfAi6Ad+xwwBUlRe8Gtt3XnVYiyE58UU+jraxga35IQxdZ5FweNuQIN
-BFfYHeYBEAC2h9yjSe2SgtcB0H+E0ndaewaZaQCE7q+RO43dotGH9eFnVwE4/ftc
-K1SN42ihlF5OnTaKPyXvgQ6U8W8VB8eLjeTwA/dSXuJX7kJpEK8saPqJP6zTUmPq
-p/GSzS6YrhKLfpFn4chmywpDFcGNMz0sYXiJgPqKL7W0KuG+ziPToAeWl8ckeXyl
-77/lHVhWYylaQJEASklqCViPXSp9vI7/57UEm4MQPXwsDBOwuVVqcSu3ZM5MtY9X
-lbVPNCYmZIMqmh8HgYwbiq9dTfJi+6v17+uDQGZewWK/WwFM+9dDx7YkTeOBiUdu
-YtJPW64NW/RJ7pskbLAy+OZApTZWg0cISN6GOmPN3F0AiWzUjvSMREHhFHyxj4Y1
-5vuDOFvPGFxr4xBiyMX1JLCKK6OFnyPfoJ9v/o3UgrQgLrfXCmKdvkwBCgJvN3Fs
-xzha6Dtf6RcZ02fr7SCZZhdBrlrflvC1uWZ0g3A87ss7h4Iw3njlO3aX6Bo9R4VO
-LUkiRKi4hmQBxPvXxI2ERmKRomo6lrMaDMzIjD4APSM1vUfZguzQxVYpM8lwy1CO
-eqxsj5p+LH6f/EU+4dXZwooJ1uanBOvG2ntnz8SErE+e7wNYE4a/fb8xYM4j7p6q
-YtnNZPb8sj8bvx8iWXp4A1csVetyVSchBhTVQhhNos6ouYpc4ibrYwARAQABiQIv
-BBgBCAAPAhsMBQJhFXGqBQkM8ovDABQJEM/zNE2Qh6SQCRDP8zRNkIekkF8CD/4z
-StdPS9ipir2X9Jd1KoN0ZndZmEn26zy4+vb3ZAFfQLArrzHAbaEOSvGuL9ApXyvR
-cCzC44RcNBJeFHoyPoz1uIdkdCPLjZmzeSyPvcPhpJw9zC08nq1JGpq+JkY2WztD
-nYOU4xvNTSEBadTPDk4Wgbps205qmGEA49s6baTAAW5+7qna3XzsKCsG7YI7KX9a
-HiBvUx55+cqtUiF80mJ9sInhQxqgQ8npz4aNgiY4dV1r0+6fpw9jP38K5RGKR5p+
-E4+CvZ4YpMaLZr04VqxPl/cExsm4u6ZKHrDLPiTnA+3Tn402VUwN3uGVWr1//Ar6
-5fN1hddEo5GKFWnSe9jCG1KDu8RrSjX0vNSRja0dAgPfay/79FM12QogQ34rX64R
-K+QTjFY6rD+c8xiS5ZF6Ns7vG9A1w82jpn2jRlWQxrxedAtUg6ky/UhJbg7EKMVZ
-WZPuu0vFHPGntBO1aqilg8lJhJ25+PJRLFSAVT85qfewvjvyRYxNHFLyCk704fb8
-hS2Px6vUTgX45MuikufHdvFSQl3dIs7TLQp5pNS0tQ97zYUEvxyyDKJJPhd8ByDd
-PvkuAix4/fwjvo4swNHjIfT1NByijU+HlJ1EtMq1ALa6T8ho8nx+ZlwRyWYmstk1
-xx7RyrHfcscU6cVyHG7g2pIADvGy6s1yTCpLI39P+w==
-=5n+j
+mQINBE2v/RwBEACyQpJlpCeSZBV1QUH7jNEp5xGdo6OnX2h9XoZ4ZPsb+u6OT+xE
+SH45ncnISUh8rPCygbeWOoPR/yOBzh+lYoGxQ5iUHtwRrhHq04sQe/qFpXDO2xs6
+1pTcPU2PnH7Rsr2qp6fZLPHuXLolD7NJfaSib8sVeMM0/ecyl/L2bBg9NpaGDX0x
+TQh95M8o6AFo6UKWApBpgsvEZr2aH/B8b9KnCWFhfJyheEM7DamksdZNsKxXQyq3
+l/ROfdsMLZGF8vPbYV/v11G4keyaLpn8AbBpybIiw9SYDwf2ENk3+e1NFfMaiiyE
+qn9+aaLTKCY87TMUuoN3s3jWOOy5tHXzf6DbKhub4Awsby3DH5YpPhi4N2vj2pAX
+Vpl5+m78cH29JLzT+HAoyZ4tq1r3m0P5QogNqYwqxkKWYOjDilNDBiKiDdgtrLYG
+x+ABovKG/FvToJoaCL4AFaVCzWmL2uHkSgyBN0FPHatCB1UeEkcQit6T8E2NQqmF
+WjUMXSWHHajSMG95+L5PdLHz/Ku0o3Csvlt2pkElYZmzJBfnOM9JevdsmKr/ruJC
+/DCZAn5w2S/9ZF5qfo2F9HUKIwE/dChR29HcN8V4nqZs9oCvEMfFhHmrfwDc5hed
+hvb6mAkvSFFtKIrygLIVeWRj3FE9sGp6sr4VwOLYTFRNk7mAsWD1rZApeQARAQAB
+tCdXLkMuQS4gV2lqbmdhYXJkcyA8d291dGVyQG5sbmV0bGFicy5ubD6JAlUEEwEI
+AD8CGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE7fqj8spObrBWga+On28c
+LX4EX40FAl3uCXUFCRmkDdkACgkQn28cLX4EX40PIBAAnvuPWg0B0bmXQxytVQiS
+s4W/jL33SI75fHkMZY6RvVM+WNewceEln7ixwnhpYdZuiDgFnluIOlqMJtXnNT5F
+Wu/U3a5Cm9DMXy0mreog24rlYw8ctm1qJFtP3D8yfxaFg7RAtB/VEwDG+UBgQ2VG
+y7sF+2Y7zJAIR9ef4TvRo+ER6B9USRiQC0bWc47c7Cai+d5FvxFefVdU+/TaHMsd
+NfIsOdCZ9NpiPMGCWfR2XOQuw/iufb3Ki0WYJKyazm8NLBL92BTgWKf9Q3ph9pxz
+zAUijJjeUQHK99oLlI3eARFn9kOwKPkJ4XYtetVtGCgluCQJjqEOG0NMHxPUOWlC
+BoVBedi/mnPB8u3QcmghMQgP1k6kEP4lT8m5qSUIRaJ1rf35qcWxNsCk4UhDh0zu
+u3uXtyX1G9LzSrLMmaI2qOIdTBeZ72jzSqMm1sCp6TTNDkXMpfmqICsFuxNeUxFN
+ExOf/4ALBcEQ3Ap0hCp5LIDNN9tZte0Q3yWwmoyL+Owxw2BN8r4UWYwiQmsNBqMN
+bA0Vo3ThaZiIsQ+f78ebscqkhz7hgLF5RL5fmd0XXOW0O6QFru1DaUd4ZyT34PCi
+9sajhe+VShvfzYyxPNMo/MHVaAnw774s6wbTl5xyOPYAjAnzamxiG+clYZk3XqO5
+Yvk3vYZSdg6x57oxiZRXvqe5Ag0ETa/9HAEQAKbwynlS4kmsxEnU2PSrElrKqAd/
+KbzrLtuTOPbRI3OU7WOS8CjXJKpHkZSfNzvHRRu1AVbhsCymn/+jkf6XtuLqWdu3
+jjllu7F70Db+Wl5TmHxfpoyIVCDao6uKSg5jtXPSe4eXfmrjlX83IH6LYNwVQmip
+ernI4kCdOfblDH4Fk71ZYm56Ce3XmXILfL+1XCyvY7/j/ECR0yMg8yXfiY3Y7h1
+6gvwN+0+RvWfOMfMGK0GOpmZjiGGjI8CCnYBXjfpy5OYXpwEVM+DExVFuI/YR6bs
+gBaJg0Pd/8JB2fSBAoU8XWZ377Hf/2eOb33F/XUDPrbkfFwmE4VbEnCNU58EeOoY
+uTZH5h6Nx1ccAfP6MCfhWQ7EzQWyXewFctu15OC+YS3uwcCw7RTMjqeJToqQjO//
+5rRQfZk86pzsIkksk0ZcBlASZM0BVkGtGem32MAOvstXZ9fR+dfRluPYq7Zftvlv
+FuDfKC64iIz76q0DsmhCxXEX1ehXy4tPRz4R1W3ozqiBGzrX7jdPpo66xgMKK7X0
+wY38PNDflvdAU77WuCtksox3CU5A2HoXzqP+SDKRrQ7DoL7Amw2hUZzSbmLUqkJr
+1pNSiDyMOgpHSbWWt/qt2AOw+6LzlR9TgUyjXQY3Pl+FvC+UfTAspl1r4Ij/udkr
+9VSHGZrJwga8CuPdABEBAAGJAjwEGAEIACYCGwwWIQTt+qPyyk5usFaBr46fbxwt
+fgRfjQUCXe4JfQUJGaQN4QAKCRCfbxwtfgRfjdNAD/4lXxF4xEkKfcJ+pt7nJwWf
+ynp0hWcmJC6GITK7nLN2lKQrLNxUUk5tByrDuznQUm4tRvF29ty4YhqhO7t2EGhR
+c7m064hACwpN8Z+Cg6B6Umb7+raHrjkScBUg0ZswNeuajj9QUmQ2NQwDpJCL/KJq
+bs3TLnx6gMLiwaYEq43YRbYyhZqGVfDxJLX4Bv2pUGz9GptLLp/Wckvf1o+k8Oa/
+Ik5Ji0ec1IWVhZWGvTMYCLmuezCUUasQIZsemvkVqNQrvNya009uLsXfQrjzF8Xd
+ecMh4gFx6usQFAxo9RlwGV10aGZJVUllT9iFHfkk2A+eanfeA65lpGJb2Vq5kXCw
+xAEgGQuklahS27xAuTILQeYnNVF6nT+zVGTNon7UbUHNdNCJdotpRBYbmHelwwPx
+/Fjmqn0psb/7XRtjSxFtEFeBLqbPt10doG2D8Ty3LacQHUcNcD0cAe7sqUf173qw
+9mPP0LjpmI5d7pkA6TrAFi2zhEbhsJD2kY5En4/YmvanPU1lBuzUCGeMmLFOx9l+
+wZnmUfEYuMjLG10YH+KssSo1Mgx6TbKngJKGZahnA3RXdoZgx7+sLi1Jcbv0h4o3
+AXdV3kwe0H6FwkbarO0G0pC5bb2ttEDls3HBNZ7yyTA4qzFec/1EL3viTReQ9L5X
+CCZWA03V7BL/Sge+YQ/vVA==
+=Sy7Z
 -----END PGP PUBLIC KEY BLOCK-----
--- a/unbound.spec
+++ b/unbound.spec
@ -33,7 +33,7 @@
 %define piddir /run

 Name:           unbound
-Version:        1.21.1
+Version:        1.22.0
 Release:        0
 BuildRequires:  flex
 BuildRequires:  ldns-devel >= %{ldns_version}