* Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1

- Update to 1.5.8 which incorporates rhbz#1294339 fix
- Updated unbound.conf with new upstream options
- Enabled ip-transparent: yes (see rhbz#1291449)

.gitignore

@@ -34,3 +34,4 @@ unbound-1.4.5.tar.gz
 /unbound-1.5.5.tar.gz
 /unbound-1.5.6.tar.gz
 /unbound-1.5.7.tar.gz
+/unbound-1.5.8.tar.gz

sources

@@ -1 +1 @@
-a1253cbbb339dbca03404dcc58365d71  unbound-1.5.7.tar.gz
+1c34282bae0c625b86374ee9caaef6f7  unbound-1.5.8.tar.gz

unbound.conf

@@ -1,7 +1,7 @@
 #
 # Example configuration file.
 #
-# See unbound.conf(5) man page, version 1.5.7.
+# See unbound.conf(5) man page, version 1.5.8.
 #
 # this is a comment.
 
@@ -106,7 +106,8 @@ server:
 
 	# use IP_TRANSPARENT so the interface: addresses can be non-local
 	# and you can config non-existing IPs that are going to work later on
-	# ip-transparent: no
+	# (uses IP_BINDANY on FreeBSD).
+	ip-transparent: yes
 
 	# EDNS reassembly buffer to advertise to UDP peers (the actual buffer
 	# is set with msg-buffer-size). 1480 can solve fragmentation (timeouts).
@@ -192,6 +193,14 @@ server:
 	# useful for tunneling scenarios, default no.
 	# tcp-upstream: no
 
+	# Maximum segment size (MSS) of TCP socket on which the server
+	# responds to queries. Default is 0, system default MSS.
+	# tcp-mss: 0
+
+	# Maximum segment size (MSS) of TCP socket for outgoing queries.
+	# Default is 0, system default MSS.
+	# outgoing-tcp-mss: 0
+
 	# Detach from the terminal, run in background, "yes" or "no".
 	# do-daemonize: yes
 
@@ -324,7 +333,7 @@ server:
 	# Use 0x20-encoded random bits in the query to foil spoof attempts.
 	# This feature is an experimental implementation of draft dns-0x20.
 	# (enabling used to cause some failures, like on GoDaddy customer domains)
-	use-caps-for-id: no
+	# use-caps-for-id: no
 
 	# Domains (and domains in them) without support for dns-0x20 and
 	# the fallback fails because they keep sending different answers.
@@ -506,6 +515,7 @@ server:
 	# local-zone: "localhost." nodefault
 	# local-zone: "127.in-addr.arpa." nodefault
 	# local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
+	# local-zone: "onion." nodefault
 	# local-zone: "10.in-addr.arpa." nodefault
 	# local-zone: "16.172.in-addr.arpa." nodefault
 	# local-zone: "17.172.in-addr.arpa." nodefault
@@ -546,6 +556,10 @@ server:
 	# leakage of local lan information.
 	# unblock-lan-zones: no
 
+	# The insecure-lan-zones option disables validation for
+	# these zones, as if they were all listed as domain-insecure.
+	# insecure-lan-zones: no
+
 	# a number of locally served zones can be configured.
 	# 	local-zone: <zone> <type>
 	# 	local-data: "<resource record string>"

unbound.spec

@@ -20,8 +20,8 @@
 
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
-Version: 1.5.7
+Version: 1.5.8
-Release: 3%{?extra_version:.%{extra_version}}%{?dist}
+Release: 1%{?extra_version:.%{extra_version}}%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
 Source: http://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
@@ -44,8 +44,6 @@ Source15: unbound-anchor.timer
 Source16: unbound-munin.README
 Source17: unbound-anchor.service
 
-Patch0:   unbound-1.5.7-bz1294339.patch
-
 Group: System Environment/Daemons
 BuildRequires: flex, openssl-devel
 BuildRequires: libevent-devel expat-devel
@@ -143,10 +141,6 @@ mv %{pkgname} %{pkgname}_python2
 pushd %{pkgname}_python2
 %endif # with_python
 
-#Add patches here
-%patch0 -p1 -b .bz1294339
-
-
 # only for snapshots
 # autoreconf -iv
 
@@ -433,6 +427,11 @@ popd
 
 
 %changelog
+* Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1
+- Update to 1.5.8 which incorporates rhbz#1294339 fix
+- Updated unbound.conf with new upstream options
+- Enabled ip-transparent: yes (see rhbz#1291449)
+
 * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.7-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild