From cfcdefa766660525588e97c268f3b2040b9a02bd Mon Sep 17 00:00:00 2001
From: Paul Wouters <pwouters@redhat.com>
Date: Mon, 12 Aug 2013 11:55:20 -0400
Subject: [PATCH] * Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> -
 1.4.20-16 - Change unbound.conf to only use ephemeral ports (32768-65535)

---
 unbound.conf | 2 +-
 unbound.spec | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/unbound.conf b/unbound.conf
index 7dc69d7..d00f21e 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -72,7 +72,7 @@ server:
 
 	# permit unbound to use this port number or port range for
 	# making outgoing queries, using an outgoing interface.
-	# outgoing-port-permit: 32768
+	outgoing-port-permit: 32768-65535
 
 	# deny unbound the use this of port number or port range for
 	# making outgoing queries, using an outgoing interface.
diff --git a/unbound.spec b/unbound.spec
index 36507c1..a8f92a5 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -11,7 +11,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.4.20
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
 Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -277,6 +277,9 @@ exit 0
 /bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
 
 %changelog
+* Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-16
+- Change unbound.conf to only use ephemeral ports (32768-65535)
+
 * Mon Jul 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-15
 - Re-introduce hardening flags for full relro and pie
 - Fixes compilation failure for python module