diff --git a/sources b/sources
index e14fdce..0574b16 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-2517f811ec4939c0ea602c99a6fdea23  unbound-1.2.0.tar.gz
 5437f2a1e698d8aa73ba19a60662a654  unbound-1.2.1.tar.gz
diff --git a/unbound.init b/unbound.init
index 6d9e766..b20054a 100644
--- a/unbound.init
+++ b/unbound.init
@@ -46,9 +46,19 @@ start() {
     then
 	echo -n $"Generating unbound control key and certificate: "
 	/usr/sbin/unbound-control-setup -d /etc/unbound/ > /dev/null 2> /dev/null
+	chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem
 	[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \
 	    [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*
 	echo
+    else
+	# old init script created these as root instead of unbound.
+	if [ -G /etc/unbound/unbound_control.key ]
+	then
+	    chgrp unbound /etc/unbound/unbound_*key /etc/unbound/unbound_*pem
+	    [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \
+		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*
+	    echo
+	fi
     fi
 
     echo -n $"Starting unbound: "
diff --git a/unbound.spec b/unbound.spec
index e9ad74b..13630f6 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -1,13 +1,14 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.2.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
 Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
 Source1: unbound.init
 Source2: unbound.conf
 Source3: unbound.munin
+Patch0: unbound-iterator.patch
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: flex, openssl-devel >= 0.9.8g-12, ldns-devel >= 1.5.0, 
@@ -62,6 +63,7 @@ Contains libraries used by the unbound server and client applications
 
 %prep
 %setup -q 
+%patch0 
 
 %build
 %configure  --with-ldns= --with-libevent --with-pthreads --with-ssl \
@@ -154,6 +156,9 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6
+- Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793
+
 * Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5
 - Use --nocheck to avoid giving an error on missing unbound-remote certs/keys