32 changed files with 715 additions and 665 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,74 +1 @@
-unbound-1.1.1.tar.gz
+SOURCES/unbound-1.16.2.tar.gz
 unbound-1.2.0.tar.gz
 unbound-1.2.1.tar.gz
 unbound-1.3.0.tar.gz
 unbound-1.3.2.tar.gz
 unbound-1.3.1.tar.gz
 unbound-1.3.3.tar.gz
 unbound-1.3.4.tar.gz
 unbound-1.4.1.tar.gz
 unbound-1.4.2.tar.gz
 unbound-1.4.3.tar.gz
 unbound-1.4.4.tar.gz
 unbound-1.4.5.tar.gz
 /unbound-1.4.8.tar.gz
 /unbound-1.4.9.tar.gz
 /unbound-1.4.10.tar.gz
 /unbound-1.4.11.tar.gz
 /unbound-1.4.12.tar.gz
 /unbound-1.4.13.tar.gz
 /unbound-1.4.14.tar.gz
 /unbound-1.4.15.tar.gz
 /unbound-1.4.16.tar.gz
 /unbound-1.4.17.tar.gz
 /unbound-1.4.18.tar.gz
 /unbound-1.4.19.tar.gz
 /unbound-1.4.20.tar.gz
 /unbound-1.4.21.tar.gz
 /unbound-1.4.22.tar.gz
 /unbound-1.5.0.tar.gz
 /unbound-1.5.1rc1.tar.gz
 /unbound-1.5.1.tar.gz
 /unbound-1.5.3.tar.gz
 /unbound-1.5.4.tar.gz
 /unbound-1.5.5.tar.gz
 /unbound-1.5.6.tar.gz
 /unbound-1.5.7.tar.gz
 /unbound-1.5.8.tar.gz
 /unbound-1.5.9.tar.gz
 /unbound-1.5.10.tar.gz
 /unbound-1.6.0.tar.gz
 /unbound-1.6.2.tar.gz
 /unbound-1.6.3.tar.gz
 /unbound-1.6.4rc2.tar.gz
 /unbound-1.6.4.tar.gz
 /unbound-1.6.6.tar.gz
 /unbound-1.6.7.tar.gz
 /unbound-1.6.8.tar.gz
 /unbound-1.7.0.tar.gz
 /unbound-1.7.1.tar.gz
 /unbound-1.7.2.tar.gz
 /unbound-1.7.3.tar.gz
 /unbound-1.8.0.tar.gz
 /unbound-1.8.1.tar.gz
 /unbound-1.8.2.tar.gz
 /unbound-1.8.3.tar.gz
 /unbound-1.9.4.tar.gz
 /unbound-1.9.6.tar.gz
 /unbound-1.10.0.tar.gz
 /unbound-1.10.0.tar.gz.asc
 /unbound-1.10.1.tar.gz
 /unbound-1.10.1.tar.gz.asc
 /unbound-1.12.0.tar.gz
 /unbound-1.12.0.tar.gz.asc
 /unbound-1.13.0.tar.gz
 /unbound-1.13.0.tar.gz.asc
 /unbound-1.13.1.tar.gz
 /unbound-1.13.1.tar.gz.asc
 /unbound-1.13.2.tar.gz
 /unbound-1.13.2.tar.gz.asc
 /unbound-1.15.0.tar.gz
 /unbound-1.15.0.tar.gz.asc
 /unbound-1.16.0.tar.gz
 /unbound-1.16.2.tar.gz
 /unbound-1.16.2.tar.gz.asc
--- a/.unbound.metadata
+++ b/.unbound.metadata
@ -0,0 +1 @@
 9aea0e923b9d6779b5bc360094e24a4017e2bb25 SOURCES/unbound-1.16.2.tar.gz
--- a/SOURCES/block-example.com.conf
+++ b/SOURCES/block-example.com.conf
--- a/SOURCES/example.com.conf
+++ b/SOURCES/example.com.conf
--- a/SOURCES/example.com.key
+++ b/SOURCES/example.com.key
--- a/SOURCES/icannbundle.pem
+++ b/SOURCES/icannbundle.pem
--- a/SOURCES/remote-control.conf
+++ b/SOURCES/remote-control.conf
--- a/SOURCES/root.anchor
+++ b/SOURCES/root.anchor
--- a/SOURCES/root.key
+++ b/SOURCES/root.key
@ -2,5 +2,4 @@
 ; // named, unbound, et. For libunbound, use ub_ctx_trustedkeys() to load this
 trusted-keys {
 "." 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU="; // key id = 20326
 };
--- a/SOURCES/tmpfiles-unbound.conf
+++ b/SOURCES/tmpfiles-unbound.conf
--- a/SOURCES/unbound-1.15-source-compat.patch
+++ b/SOURCES/unbound-1.15-source-compat.patch
@ -0,0 +1,85 @@
 From fbde301c2706a5d0c9c3942fe84693f2b7a6b16c Mon Sep 17 00:00:00 2001
 From: Petr Mensik <pemensik@redhat.com>
 Date: Sat, 7 May 2022 10:05:33 +0200
 Subject: [PATCH] Use reserved RCODE, fake source version
 Use RCODE value assigned for a private use. Previous value were possible
 returned value.
 Fake source version to be still 1.7.x. Hide real version into micro
 version component and export it also in a proper way with _REAL
 suffixes. Should workaround any source code detection to support correct
 callback format. Fixes compilation error in libreswan.
 Use preprocessed unbound.h to prevent failures
 Swig complains about wrong @ variable formats. Make it use preprocessed
 header instead of a template.
 ---
 libunbound/python/libunbound.i |  4 ++--
 libunbound/unbound.h           | 13 ++++++++++---
 services/mesh.h                |  2 +-
 3 files changed, 13 insertions(+), 6 deletions(-)
 diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i
 index c9549bf90..f01e9111e 100644
 --- a/libunbound/python/libunbound.i
 +++ b/libunbound/python/libunbound.i
@@ -53,7 +53,7 @@
    #ifdef HAVE_ARPA_INET_H
    #include <arpa/inet.h>
    #endif
 -   #include "libunbound/unbound.h"
 +   #include "unbound.h"
 %}
 %pythoncode %{
@@ -855,7 +855,7 @@ Result: ['74.125.43.147', '74.125.43.99', '74.125.43.103', '74.125.43.104']
   //printf("resolve_stop()\n");
 %} 
 -%include "libunbound/unbound.h"
 +%include "unbound.h"
 %inline %{
   //SWIG will see the ub_ctx as a class
 diff --git a/libunbound/unbound.h b/libunbound/unbound.h
 index c822d3f89..82660bd51 100644
 --- a/libunbound/unbound.h
 +++ b/libunbound/unbound.h
@@ -102,9 +102,16 @@ extern "C" {
 #endif
 /** the version of this header file */
 -#define UNBOUND_VERSION_MAJOR @UNBOUND_VERSION_MAJOR@
 -#define UNBOUND_VERSION_MINOR @UNBOUND_VERSION_MINOR@
 -#define UNBOUND_VERSION_MICRO @UNBOUND_VERSION_MICRO@
 +/* Because of RHEL compat change, callback type remains at
 + * 1.7.3 version. To prevent source-level incompatibility,
 + * fake still old version. Export real version in _REAL
 + * suffix definitions. */
 +#define UNBOUND_VERSION_MAJOR 1
 +#define UNBOUND_VERSION_MINOR 7
 +#define UNBOUND_VERSION_MICRO @UNBOUND_VERSION_MAJOR@@UNBOUND_VERSION_MINOR@@UNBOUND_VERSION_MICRO@
 +#define UNBOUND_VERSION_MAJOR_REAL @UNBOUND_VERSION_MAJOR@
 +#define UNBOUND_VERSION_MINOR_REAL @UNBOUND_VERSION_MINOR@
 +#define UNBOUND_VERSION_MICRO_REAL @UNBOUND_VERSION_MICRO@
 /**
  * The validation context is created to hold the resolver status,
 diff --git a/services/mesh.h b/services/mesh.h
 index 9c6f958ff..c0cbf355e 100644
 --- a/services/mesh.h
 +++ b/services/mesh.h
@@ -237,7 +237,7 @@ struct mesh_reply {
 /* RHEL 8 compatibility layer.
  * Special rcode to send was_ratelimited to callback without adding
  * extra parameter. It is ORed to the rcode parameter of the callback. */
 -#define LDNS_RCODE_RATELIMITED 0x100
 +#define LDNS_RCODE_RATELIMITED 0xf80
 #define RCODE_IS_RATELIMITED(rcode) ((rcode & LDNS_RCODE_RATELIMITED) != 0)
 #define RCODE_NOT_RATELIMITED(rcode) (rcode & ~LDNS_RCODE_RATELIMITED)
 -- 
 2.34.1
--- a/SOURCES/unbound-1.15-soversion2-compat.patch
+++ b/SOURCES/unbound-1.15-soversion2-compat.patch
@ -0,0 +1,471 @@
 From 605d66f0b6b8f7c308010f455058299d25c1d2ee Mon Sep 17 00:00:00 2001
 From: Petr Mensik <pemensik@redhat.com>
 Date: Fri, 6 May 2022 16:36:39 +0200
 Subject: [PATCH] Rework ABI breaking change to compatible way
 Upstream commit 749d1b9ebc6fcb79824afd0471a1cfc12ca861b1 introduced
 was_ratelimited variable to every async callback. Such change led to ABI
 break and increase of soname of libunbound.
 Use rcode to pass that boolean inside rcode variable. Allows keeping
 original callback prototype, but does not lose data. Extra integer bit
 operations should be very small price. Much better than ABI break.
 Make current version compatible back to .2 version.
 ---
 unbound-1.16.2/configure.ac               |  2 +-
 unbound-1.16.2/daemon/worker.c            |  6 ++--
 unbound-1.16.2/libunbound/libworker.c     | 34 +++++++++++++++--------
 unbound-1.16.2/libunbound/unbound-event.h |  3 +-
 unbound-1.16.2/libunbound/unbound.h       | 13 +++++----
 unbound-1.16.2/libunbound/worker.h        |  6 ++--
 unbound-1.16.2/services/authzone.c        | 11 ++++----
 unbound-1.16.2/services/authzone.h        |  9 ++----
 unbound-1.16.2/services/mesh.c            | 17 ++++++++----
 unbound-1.16.2/services/mesh.h            |  9 +++++-
 unbound-1.16.2/smallapp/worker_cb.c       |  6 ++--
 unbound-1.16.2/validator/autotrust.c      |  2 +-
 unbound-1.16.2/validator/autotrust.h      |  2 +-
 13 files changed, 72 insertions(+), 48 deletions(-)
 diff --git a/unbound-1.16.2/configure.ac b/unbound-1.16.2/configure.ac
 index 224501b..71f066c 100644
 --- a/unbound-1.16.2/configure.ac
 +++ b/unbound-1.16.2/configure.ac
@@ -19,7 +19,7 @@ AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
 LIBUNBOUND_CURRENT=9
 LIBUNBOUND_REVISION=18
 -LIBUNBOUND_AGE=1
 +LIBUNBOUND_AGE=7
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
 # 1.0.2 had 0:14:0
 diff --git a/unbound-1.16.2/daemon/worker.c b/unbound-1.16.2/daemon/worker.c
 index 010c4dc..2b87a41 100644
 --- a/unbound-1.16.2/daemon/worker.c
 +++ b/unbound-1.16.2/daemon/worker.c
@@ -2268,21 +2268,21 @@ void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
 void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode),
 	sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
 -	char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
 +	char* ATTR_UNUSED(why_bogus))
 {
 	log_assert(0);
 }
 void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode),
 	sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
 -	char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
 +	char* ATTR_UNUSED(why_bogus))
 {
 	log_assert(0);
 }
 void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode),
 	sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
 -	char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
 +	char* ATTR_UNUSED(why_bogus))
 {
 	log_assert(0);
 }
 diff --git a/unbound-1.16.2/libunbound/libworker.c b/unbound-1.16.2/libunbound/libworker.c
 index 11bf5f9..6895119 100644
 --- a/unbound-1.16.2/libunbound/libworker.c
 +++ b/unbound-1.16.2/libunbound/libworker.c
@@ -549,9 +549,10 @@ libworker_enter_result(struct ub_result* res, sldns_buffer* buf,
 /** fillup fg results */
 static void
 libworker_fillup_fg(struct ctx_query* q, int rcode, sldns_buffer* buf, 
 -	enum sec_status s, char* why_bogus, int was_ratelimited)
 +	enum sec_status s, char* why_bogus)
 {
 -	q->res->was_ratelimited = was_ratelimited;
 +	q->res->was_ratelimited = RCODE_IS_RATELIMITED(rcode);
 +	rcode = RCODE_NOT_RATELIMITED(rcode);
 	if(why_bogus)
 		q->res->why_bogus = strdup(why_bogus);
 	if(rcode != 0) {
@@ -575,13 +576,13 @@ libworker_fillup_fg(struct ctx_query* q, int rcode, sldns_buffer* buf,
 void
 libworker_fg_done_cb(void* arg, int rcode, sldns_buffer* buf, enum sec_status s,
 -	char* why_bogus, int was_ratelimited)
 +	char* why_bogus)
 {
 	struct ctx_query* q = (struct ctx_query*)arg;
 	/* fg query is done; exit comm base */
 	comm_base_exit(q->w->base);
 -	libworker_fillup_fg(q, rcode, buf, s, why_bogus, was_ratelimited);
 +	libworker_fillup_fg(q, rcode, buf, s, why_bogus);
 }
 /** setup qinfo and edns */
@@ -634,7 +635,7 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
 		NULL, 0, NULL, 0, NULL)) {
 		regional_free_all(w->env->scratch);
 		libworker_fillup_fg(q, LDNS_RCODE_NOERROR, 
 -			w->back->udp_buff, sec_status_insecure, NULL, 0);
 +			w->back->udp_buff, sec_status_insecure, NULL);
 		libworker_delete(w);
 		free(qinfo.qname);
 		return UB_NOERROR;
@@ -643,7 +644,7 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
 		w->env, &qinfo, &edns, NULL, w->back->udp_buff, w->env->scratch)) {
 		regional_free_all(w->env->scratch);
 		libworker_fillup_fg(q, LDNS_RCODE_NOERROR, 
 -			w->back->udp_buff, sec_status_insecure, NULL, 0);
 +			w->back->udp_buff, sec_status_insecure, NULL);
 		libworker_delete(w);
 		free(qinfo.qname);
 		return UB_NOERROR;
@@ -665,7 +666,7 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
 void
 libworker_event_done_cb(void* arg, int rcode, sldns_buffer* buf,
 -	enum sec_status s, char* why_bogus, int was_ratelimited)
 +	enum sec_status s, char* why_bogus)
 {
 	struct ctx_query* q = (struct ctx_query*)arg;
 	ub_event_callback_type cb = q->cb_event;
@@ -688,7 +689,7 @@ libworker_event_done_cb(void* arg, int rcode, sldns_buffer* buf,
 		else if(s == sec_status_secure)
 			sec = 2;
 		(*cb)(cb_arg, rcode, (buf?(void*)sldns_buffer_begin(buf):NULL),
 -			(buf?(int)sldns_buffer_limit(buf):0), sec, why_bogus, was_ratelimited);
 +			(buf?(int)sldns_buffer_limit(buf):0), sec, why_bogus);
 	}
 }
@@ -715,7 +716,7 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q,
 		regional_free_all(w->env->scratch);
 		free(qinfo.qname);
 		libworker_event_done_cb(q, LDNS_RCODE_NOERROR,
 -			w->back->udp_buff, sec_status_insecure, NULL, 0);
 +			w->back->udp_buff, sec_status_insecure, NULL);
 		return UB_NOERROR;
 	}
 	if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones,
@@ -723,7 +724,7 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q,
 		regional_free_all(w->env->scratch);
 		free(qinfo.qname);
 		libworker_event_done_cb(q, LDNS_RCODE_NOERROR,
 -			w->back->udp_buff, sec_status_insecure, NULL, 0);
 +			w->back->udp_buff, sec_status_insecure, NULL);
 		return UB_NOERROR;
 	}
 	/* process new query */
@@ -788,12 +789,23 @@ add_bg_result(struct libworker* w, struct ctx_query* q, sldns_buffer* pkt,
 	}
 }
 +
 +void
 +libworker_bg_done_cb_compat(void* arg, int rcode, sldns_buffer* buf, enum sec_status s,
 +	char* why_bogus)
 +{
 +	rcode = RCODE_NOT_RATELIMITED(rcode);
 +	libworker_bg_done_cb(arg, rcode, buf, s, why_bogus);
 +}
 +
 void
 libworker_bg_done_cb(void* arg, int rcode, sldns_buffer* buf, enum sec_status s,
 -	char* why_bogus, int was_ratelimited)
 +	char* why_bogus)
 {
 +	int was_ratelimited = RCODE_IS_RATELIMITED(rcode);
 	struct ctx_query* q = (struct ctx_query*)arg;
 +	rcode = RCODE_NOT_RATELIMITED(rcode);
 	if(q->cancelled || q->w->back->want_to_quit) {
 		if(q->w->is_bg_thread) {
 			/* delete it now */
 diff --git a/unbound-1.16.2/libunbound/unbound-event.h b/unbound-1.16.2/libunbound/unbound-event.h
 index a5d5c03..70aa4c8 100644
 --- a/unbound-1.16.2/libunbound/unbound-event.h
 +++ b/unbound-1.16.2/libunbound/unbound-event.h
@@ -170,7 +170,8 @@ struct ub_event {
 	struct ub_event_vmt* vmt;
 };
 -typedef void (*ub_event_callback_type)(void*, int, void*, int, int, char*, int);
 +/* Uses define LDNS_RCODE_RATELIMITED from services/mesh.h */
 +typedef void (*ub_event_callback_type)(void*, int, void*, int, int, char*);
 /**
  * Create a resolving and validation context.
 diff --git a/unbound-1.16.2/libunbound/unbound.h b/unbound-1.16.2/libunbound/unbound.h
 index c779d18..f6d5c7c 100644
 --- a/unbound-1.16.2/libunbound/unbound.h
 +++ b/unbound-1.16.2/libunbound/unbound.h
@@ -203,18 +203,19 @@ struct ub_result {
 	 */
 	char* why_bogus;
 +	/**
 +	 * TTL for the result, in seconds.  If the security is bogus, then
 +	 * you also cannot trust this value.
 +	 */
 +	int ttl;
 +
 	/**
 	 * If the query or one of its subqueries was ratelimited.  Useful if
 	 * ratelimiting is enabled and answer to the client is SERVFAIL as a
 	 * result.
 +	 * RHEL8 Change, moved after ttl.
 	 */
 	int was_ratelimited;
 -
 -	/**
 -	 * TTL for the result, in seconds.  If the security is bogus, then
 -	 * you also cannot trust this value.
 -	 */
 -	int ttl;
 };
 /**
 diff --git a/unbound-1.16.2/libunbound/worker.h b/unbound-1.16.2/libunbound/worker.h
 index 0fa5bfa..8b64b4d 100644
 --- a/unbound-1.16.2/libunbound/worker.h
 +++ b/unbound-1.16.2/libunbound/worker.h
@@ -90,15 +90,15 @@ void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
 /** mesh callback with fg results */
 void libworker_fg_done_cb(void* arg, int rcode, sldns_buffer* buf, 
 -	enum sec_status s, char* why_bogus, int was_ratelimited);
 +	enum sec_status s, char* why_bogus);
 /** mesh callback with bg results */
 void libworker_bg_done_cb(void* arg, int rcode, sldns_buffer* buf, 
 -	enum sec_status s, char* why_bogus, int was_ratelimited);
 +	enum sec_status s, char* why_bogus);
 /** mesh callback with event results */
 void libworker_event_done_cb(void* arg, int rcode, struct sldns_buffer* buf, 
 -	enum sec_status s, char* why_bogus, int was_ratelimited);
 +	enum sec_status s, char* why_bogus);
 /**
  * Worker signal handler function. User argument is the worker itself.
 diff --git a/unbound-1.16.2/services/authzone.c b/unbound-1.16.2/services/authzone.c
 index b9e0b11..c72949f 100644
 --- a/unbound-1.16.2/services/authzone.c
 +++ b/unbound-1.16.2/services/authzone.c
@@ -5656,8 +5656,7 @@ xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset,
 /** callback for task_transfer lookup of host name, of A or AAAA */
 void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
 -	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
 -	int ATTR_UNUSED(was_ratelimited))
 +	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus))
 {
 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
 	struct module_env* env;
@@ -5669,6 +5668,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
 		return; /* stop on quit */
 	}
 +	rcode = RCODE_NOT_RATELIMITED(rcode);
 	/* process result */
 	if(rcode == LDNS_RCODE_NOERROR) {
 		uint16_t wanted_qtype = LDNS_RR_TYPE_A;
@@ -6717,8 +6717,7 @@ xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env)
 /** callback for task_probe lookup of host name, of A or AAAA */
 void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
 -	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
 -	int ATTR_UNUSED(was_ratelimited))
 +	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus))
 {
 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
 	struct module_env* env;
@@ -6730,6 +6729,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
 		return; /* stop on quit */
 	}
 +	rcode = RCODE_NOT_RATELIMITED(rcode);
 	/* process result */
 	if(rcode == LDNS_RCODE_NOERROR) {
 		uint16_t wanted_qtype = LDNS_RR_TYPE_A;
@@ -8212,7 +8212,7 @@ auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z,
 /** callback for ZONEMD lookup of DNSKEY */
 void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
 -	enum sec_status sec, char* why_bogus, int ATTR_UNUSED(was_ratelimited))
 +	enum sec_status sec, char* why_bogus)
 {
 	struct auth_zone* z = (struct auth_zone*)arg;
 	struct module_env* env;
@@ -8234,6 +8234,7 @@ void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
 	if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DS)
 		typestr = "DS";
 	downprot = env->cfg->harden_algo_downgrade;
 +	rcode = RCODE_NOT_RATELIMITED(rcode);
 	/* process result */
 	if(sec == sec_status_bogus) {
 diff --git a/unbound-1.16.2/services/authzone.h b/unbound-1.16.2/services/authzone.h
 index 07614ed..b339fc1 100644
 --- a/unbound-1.16.2/services/authzone.h
 +++ b/unbound-1.16.2/services/authzone.h
@@ -690,12 +690,10 @@ void auth_xfer_probe_timer_callback(void* arg);
 void auth_xfer_transfer_timer_callback(void* arg);
 /** mesh callback for task_probe on lookup of host names */
 void auth_xfer_probe_lookup_callback(void* arg, int rcode,
 -	struct sldns_buffer* buf, enum sec_status sec, char* why_bogus,
 -	int was_ratelimited);
 +	struct sldns_buffer* buf, enum sec_status sec, char* why_bogus);
 /** mesh callback for task_transfer on lookup of host names */
 void auth_xfer_transfer_lookup_callback(void* arg, int rcode,
 -	struct sldns_buffer* buf, enum sec_status sec, char* why_bogus,
 -	int was_ratelimited);
 +	struct sldns_buffer* buf, enum sec_status sec, char* why_bogus);
 /*
  * Compares two 32-bit serial numbers as defined in RFC1982.  Returns
@@ -774,8 +772,7 @@ void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env,
 /** mesh callback for zonemd on lookup of dnskey */
 void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode,
 -	struct sldns_buffer* buf, enum sec_status sec, char* why_bogus,
 -	int was_ratelimited);
 +	struct sldns_buffer* buf, enum sec_status sec, char* why_bogus);
 /**
  * Check the ZONEMD records that need online DNSSEC chain lookups,
 diff --git a/unbound-1.16.2/services/mesh.c b/unbound-1.16.2/services/mesh.c
 index 30bcf7c..fc3c690 100644
 --- a/unbound-1.16.2/services/mesh.c
 +++ b/unbound-1.16.2/services/mesh.c
@@ -63,6 +63,7 @@
 #include "util/data/dname.h"
 #include "respip/respip.h"
 #include "services/listen_dnsport.h"
 +#include "libunbound/unbound-event.h"
 #ifdef CLIENT_SUBNET
 #include "edns-subnet/subnetmod.h"
@@ -1012,7 +1013,7 @@ mesh_state_cleanup(struct mesh_state* mstate)
 			mstate->cb_list = cb->next;
 			fptr_ok(fptr_whitelist_mesh_cb(cb->cb));
 			(*cb->cb)(cb->cb_arg, LDNS_RCODE_SERVFAIL, NULL,
 -				sec_status_unchecked, NULL, 0);
 +				sec_status_unchecked, NULL);
 			log_assert(mesh->num_reply_addrs > 0);
 			mesh->num_reply_addrs--;
 		}
@@ -1268,8 +1269,9 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep,
 					r->edns.opt_list_inplace_cb_out = NULL;
 		}
 		fptr_ok(fptr_whitelist_mesh_cb(r->cb));
 -		(*r->cb)(r->cb_arg, rcode, r->buf, sec_status_unchecked, NULL,
 -			was_ratelimited);
 +		if (was_ratelimited)
 +			rcode |= LDNS_RCODE_RATELIMITED;
 +		(*r->cb)(r->cb_arg, rcode, r->buf, sec_status_unchecked, NULL);
 	} else {
 		size_t udp_size = r->edns.udp_size;
 		sldns_buffer_clear(r->buf);
@@ -1287,11 +1289,14 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep,
 		{
 			fptr_ok(fptr_whitelist_mesh_cb(r->cb));
 			(*r->cb)(r->cb_arg, LDNS_RCODE_SERVFAIL, r->buf,
 -				sec_status_unchecked, NULL, 0);
 +				sec_status_unchecked, NULL);
 		} else {
 			fptr_ok(fptr_whitelist_mesh_cb(r->cb));
 -			(*r->cb)(r->cb_arg, LDNS_RCODE_NOERROR, r->buf,
 -				rep->security, reason, was_ratelimited);
 +			rcode = LDNS_RCODE_NOERROR;
 +			if (was_ratelimited)
 +				rcode |= LDNS_RCODE_RATELIMITED;
 +			(*r->cb)(r->cb_arg, rcode, r->buf,
 +				rep->security, reason);
 		}
 	}
 	free(reason);
 diff --git a/unbound-1.16.2/services/mesh.h b/unbound-1.16.2/services/mesh.h
 index 3be9b63..5050d6c 100644
 --- a/unbound-1.16.2/services/mesh.h
 +++ b/unbound-1.16.2/services/mesh.h
@@ -234,13 +234,20 @@ struct mesh_reply {
 	struct http2_stream* h2_stream;
 };
 +/* RHEL 8 compatibility layer.
 + * Special rcode to send was_ratelimited to callback without adding
 + * extra parameter. It is ORed to the rcode parameter of the callback. */
 +#define LDNS_RCODE_RATELIMITED 0x100
 +#define RCODE_IS_RATELIMITED(rcode) ((rcode & LDNS_RCODE_RATELIMITED) != 0)
 +#define RCODE_NOT_RATELIMITED(rcode) (rcode & ~LDNS_RCODE_RATELIMITED)
 +
 /** 
  * Mesh result callback func.
  * called as func(cb_arg, rcode, buffer_with_reply, security, why_bogus,
  *		was_ratelimited);
  */
 typedef void (*mesh_cb_func_type)(void* cb_arg, int rcode, struct sldns_buffer*,
 -	enum sec_status, char* why_bogus, int was_ratelimited);
 +	enum sec_status, char* why_bogus);
 /**
  * Callback to result routine
 diff --git a/unbound-1.16.2/smallapp/worker_cb.c b/unbound-1.16.2/smallapp/worker_cb.c
 index c689817..c7b1653 100644
 --- a/unbound-1.16.2/smallapp/worker_cb.c
 +++ b/unbound-1.16.2/smallapp/worker_cb.c
@@ -159,21 +159,21 @@ void libworker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
 void libworker_fg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 
 	struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
 -	char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
 +	char* ATTR_UNUSED(why_bogus))
 {
 	log_assert(0);
 }
 void libworker_bg_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 
 	struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
 -	char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
 +	char* ATTR_UNUSED(why_bogus))
 {
 	log_assert(0);
 }
 void libworker_event_done_cb(void* ATTR_UNUSED(arg), int ATTR_UNUSED(rcode), 
 	struct sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(s),
 -	char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
 +	char* ATTR_UNUSED(why_bogus))
 {
 	log_assert(0);
 }
 diff --git a/unbound-1.16.2/validator/autotrust.c b/unbound-1.16.2/validator/autotrust.c
 index 3cdf9ce..40b3e35 100644
 --- a/unbound-1.16.2/validator/autotrust.c
 +++ b/unbound-1.16.2/validator/autotrust.c
@@ -2331,7 +2331,7 @@ autr_debug_print(struct val_anchors* anchors)
 void probe_answer_cb(void* arg, int ATTR_UNUSED(rcode), 
 	sldns_buffer* ATTR_UNUSED(buf), enum sec_status ATTR_UNUSED(sec),
 -	char* ATTR_UNUSED(why_bogus), int ATTR_UNUSED(was_ratelimited))
 +	char* ATTR_UNUSED(why_bogus))
 {
 	/* retry was set before the query was done,
 	 * re-querytime is set when query succeeded, but that may not
 diff --git a/unbound-1.16.2/validator/autotrust.h b/unbound-1.16.2/validator/autotrust.h
 index 057f2b6..c549798 100644
 --- a/unbound-1.16.2/validator/autotrust.h
 +++ b/unbound-1.16.2/validator/autotrust.h
@@ -206,6 +206,6 @@ void autr_debug_print(struct val_anchors* anchors);
 /** callback for query answer to 5011 probe */
 void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf, 
 -	enum sec_status sec, char* errinf, int was_ratelimited);
 +	enum sec_status sec, char* errinf);
 #endif /* VALIDATOR_AUTOTRUST_H */
 -- 
 2.37.1
--- a/SOURCES/unbound-1.16-CVE-2022-3204.patch
+++ b/SOURCES/unbound-1.16-CVE-2022-3204.patch
--- a/SOURCES/unbound-1.16-CVE-2023-50387-CVE-2023-50868.patch
+++ b/SOURCES/unbound-1.16-CVE-2023-50387-CVE-2023-50868.patch
--- a/SOURCES/unbound-1.16.2.tar.gz.asc
+++ b/SOURCES/unbound-1.16.2.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmLnudYACgkQn28cLX4E
 X43GmRAAoROXbktLR2AXGEECgPCFlHag9oNZosa3J5yR2vaV4e8eA6AMzPyZbl7P
 LnLon8PZZR+pTW+dDRqakvzJIwXkLeONFgEdvd0cAghWAtPrKCDZIkCyeQj0OOv3
 wt1pRRl2PXUKNZZf0bzpTUIhVsHF/w5f5T/mFAZm49rUDboj77xgokmaFK4kei0I
 Gz4W8Vx3TIwwJc8nea8GtCYIg3UKmR/TMznMFExAoKdMllzKuJnGx5lR/eU0+NRc
 uwWEQhNJrHXZyWethp9swLCrOmDHcgBJOd04TqcDwSIZrw9VuT3/Uza3Tw73N7kr
 PZvF2xSOASL+i91QP6tnkmQD5pAORVpUFN3NePEWV5922iG/pVipaYBbEyV3dfph
 Y4QGwj8G6ppcfjV7gmlxsAOM2gnhD3rDqFmkxau6zB1kktHnV2aqlzIQo396ZBJQ
 hKyIAJlNvpTiFaACD7/cFkE80awJnCD/qvXATN//BWHKytgO8eYg7fZGrxjbpIQk
 XV/vVlOJWRXPyPBnp8MQyCIDe2eq2ELlMfYw62/TNDuj2qKsM/W03cem3GlveOa6
 tw8RVfFFjwZlCLbXSbmsKo+mWJ3jCAvb3/gql52vJDE5FuRz7MvptIVU6DVE1O+J
 mQ3AoQ2Mq9iHsZePfze4sq531DMlWTgBMwqfBTWqMaTC/8VH5rg=
 =Ax9n
 -----END PGP SIGNATURE-----
--- a/SOURCES/unbound-anchor.service
+++ b/SOURCES/unbound-anchor.service
--- a/SOURCES/unbound-anchor.timer
+++ b/SOURCES/unbound-anchor.timer
--- a/SOURCES/unbound-keygen.service
+++ b/SOURCES/unbound-keygen.service
--- a/SOURCES/unbound-munin.README
+++ b/SOURCES/unbound-munin.README
--- a/SOURCES/unbound.conf
+++ b/SOURCES/unbound.conf
--- a/SOURCES/unbound.munin
+++ b/SOURCES/unbound.munin
--- a/SOURCES/unbound.service
+++ b/SOURCES/unbound.service
--- a/SOURCES/unbound.sysconfig
+++ b/SOURCES/unbound.sysconfig
--- a/SOURCES/unbound_munin_
+++ b/SOURCES/unbound_munin_
--- a/SPECS/unbound.spec
+++ b/SPECS/unbound.spec
@ -1,39 +1,43 @@
 %{?!with_python2:     %global with_python2     0}
 %{?!with_python3:     %global with_python3     1}
 %{?!with_munin:       %global with_munin       1}
 %bcond_without dnstap
 %bcond_with    systemd
 %bcond_without doh
 %global _hardened_build 1
-#%%global extra_version rc1
+#global extra_version rc1
 %if 0%{with_python2}
 %global python_primary %{__python2}
-%endif
+%endif # with_python2
 %if 0%{with_python3}
 %global python_primary %{__python3}
-%endif
+%endif # with_python3
 %if 0%{?rhel}
 %global with_munin   0
 %if 0%{?with_python2} && 0%{?rhel} <= 6
 # needed just for EPEL
 %{!?__python2: %global __python2 /usr/bin/python2}
 %{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
 %{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 %endif # with_python2 && rhel <= 6
 %if 0%{?rhel} <= 7
 %global with_python3 0
 %else
 %global with_python2 0
-%endif
+%endif # rhel <= 7
-%endif
+%endif # rhel
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.16.2
-Release: 8%{?extra_version:.%{extra_version}}%{?dist}
+Release: 5%{?extra_version:.%{extra_version}}%{?dist}.6
 License: BSD
-Url: https://nlnetlabs.nl/projects/unbound/
+Url: https://www.unbound.net/
-Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
+Source: https://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
 Source1: unbound.service
 Source2: unbound.conf
 Source3: unbound.munin
@ -51,45 +55,34 @@ Source15: unbound-anchor.timer
 Source16: unbound-munin.README
 Source17: unbound-anchor.service
 Source18: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz.asc
 Source19: http://keys.gnupg.net/pks/lookup?op=get&search=0x9F6F1C2D7E045F8D#/wouter.nlnetlabs.nl.key
 Source21: remote-control.conf
 # Reverts ABI change done in version 1.8.0 (bz#2027735)
 # Makes possible backward binary compatibility with a new features
 Patch1:   unbound-1.15-soversion2-compat.patch
 Patch2:   unbound-1.15-source-compat.patch
 # https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554
-Patch1: unbound-1.16-CVE-2022-3204.patch
+Patch3:   unbound-1.16-CVE-2022-3204.patch
 # https://nlnetlabs.nl/downloads/unbound/patch_CVE-2023-50387_CVE-2023-50868.diff
 Patch4: unbound-1.16-CVE-2023-50387-CVE-2023-50868.patch
 BuildRequires: gdb
 BuildRequires: gcc, make
-BuildRequires: flex, openssl-devel
+BuildRequires: byacc, flex, openssl-devel
 BuildRequires: libevent-devel expat-devel
 BuildRequires: pkgconfig
 %if 0%{?fedora}
 BuildRequires: gnupg2
 %endif
 %if 0%{with_python2}
 BuildRequires: python2-devel swig
-%endif
+%endif # with_python
 %if 0%{with_python3}
 BuildRequires: python3-devel swig
-%endif
+%endif # with_python3
 %if %{with dnstap}
 BuildRequires: fstrm-devel protobuf-c-devel
 %endif
 %if %{with systemd}
 BuildRequires: systemd-devel
 %endif
 %if %{with doh}
 BuildRequires: libnghttp2-devel
 %endif
 %if 0%{?fedora} >= 30
 BuildRequires: systemd-rpm-macros
 %else
 BuildRequires: systemd
-%endif
+# Required for SVN versions
 # Required for SVN versions or modified configure.ac
 BuildRequires: bison
 BuildRequires: automake autoconf libtool
 %{?systemd_requires}
 # Needed because /usr/sbin/unbound links unbound libs staticly
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 # unbound-keygen.service requires it, bug #2116790
@ -127,11 +120,8 @@ The devel package contains the unbound library and the include files
 %package libs
 Summary: Libraries used by the unbound server and client applications
 %{?systemd_requires}
 Requires(pre): shadow-utils
 %if ! 0%{with_python2}
 # Make explicit conflict with no longer provided python package
 Obsoletes: python2-unbound < 1.9.3
 %endif
 %description libs
 Contains libraries used by the unbound server and client applications
@ -146,26 +136,19 @@ Obsoletes: unbound-python < %{version}-%{release}
 %description -n python2-unbound
 Python 2 modules and extensions for unbound
-%endif
+%endif # with_python
 %if 0%{with_python3}
 %package -n python3-unbound
 Summary: Python 3 modules and extensions for unbound
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %if ! 0%{with_python2}
 # Make explicit conflict with no longer provided python package
 Conflicts: python2-unbound < 1.9.3
 %endif
 %description -n python3-unbound
 Python 3 modules and extensions for unbound
-%endif
+%endif # with_python3
 %prep
 %if 0%{?fedora}
 %gpgverify -k 19 -s 18 -d 0
 %endif
 %global pkgname %{name}-%{version}%{?extra_version}
 %if 0%{with_python2} && 0%{with_python3}
@ -175,16 +158,17 @@ Python 3 modules and extensions for unbound
 %global python_secondary %{__python2}
 %else
 %global dir_primary %{pkgname}
-%endif
+%endif # with_python2 && with_python3
-%autosetup -c -N -n %{pkgname}
+%setup -qcn %{pkgname}
 pushd %{pkgname}
 # patches go here
 %autopatch -p2
-# only for snapshots
+%patch1 -p2 -b .solib2-compat
-autoreconf -iv
+%patch2 -p1 -b .srccompat
 %patch3 -p2 -b .CVE-2022-3204
 %patch4 -p2 -b .CVE-2023-50387-CVE-2023-50868
 # copy common doc files - after here, since it may be patched
 cp -pr doc pythonmod libunbound ../
@ -196,39 +180,30 @@ cp -a %{dir_primary} %{dir_secondary}
 %endif
 %build
 # This is needed to rebuild the configure script to support Python 3.x
 # autoreconf -iv
 # ./configure script common arguments
 %global configure_args --with-libevent --with-pthreads --with-ssl \\\
            --disable-rpath --disable-static \\\
            --enable-relro-now --enable-pie \\\
            --enable-subnet --enable-ipsecmod \\\
            --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \\\
-            --with-pidfile=%{_rundir}/%{name}/%{name}.pid \\\
+            --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid \\\
            --enable-sha2 --disable-gost --enable-ecdsa \\\
            --with-rootkey-file=%{_sharedstatedir}/unbound/root.key \\\
-            --enable-linux-ip-local-port-range --disable-sha1
+            --enable-linux-ip-local-port-range
 pushd %{dir_primary}
 # configure.ac is modified, force refresh
 autoreconf -fiv
 %configure  \
 %if 0%{?python_primary:1}
            --with-pythonmodule --with-pyunbound PYTHON=%{python_primary} \
-%endif
+%endif # python_primary
 %if %{with dnstap}
            --enable-dnstap \
 %endif
 %if %{with systemd}
            --enable-systemd \
 %endif
 %if %{with doh}
            --with-libnghttp2 \
 %endif
            %{configure_args}
-%make_build
+%{__make} %{?_smp_mflags}
-%make_build streamtcp
+%{__make} %{?_smp_mflags} streamtcp
 popd
@ -236,17 +211,11 @@ popd
 pushd %{dir_secondary}
 %configure  \
            --with-pythonmodule --with-pyunbound PYTHON=%{python_secondary} \
 %if %{with dnstap}
            --enable-dnstap \
 %endif
 %if %{with systemd}
            --enable-systemd \
 %endif
            %{configure_args}
-%make_build
+%{__make} %{?_smp_mflags}
 popd
-%endif
+%endif # python_secondary
 %install
@ -255,12 +224,12 @@ install -p -m 0644 %{SOURCE16} .
 %if 0%{?python_secondary:1}
 # install first secondary build. It will be overwritten by primary
 pushd %{dir_secondary}
-%make_install unbound-event-install
+%{__make} DESTDIR=%{buildroot} unbound-event-install install
 popd
-%endif
+%endif # python_secondary
 pushd %{dir_primary}
-%make_install unbound-event-install
+%{__make} DESTDIR=%{buildroot} unbound-event-install install
 install -m 0755 streamtcp %{buildroot}%{_sbindir}/unbound-streamtcp
 popd
@ -304,13 +273,13 @@ rm %{buildroot}%{_libdir}/*.la
 %if 0%{with_python2}
 rm %{buildroot}%{python2_sitearch}/*.la
-%endif
+%endif # with_python
 %if 0%{with_python3}
 rm %{buildroot}%{python3_sitearch}/*.la
-%endif
+%endif # with_python3
-mkdir -p %{buildroot}%{_rundir}/unbound
+mkdir -p %{buildroot}%{_localstatedir}/run/unbound
 # Install directories for easier config file drop in
@ -335,6 +304,7 @@ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
 %systemd_post unbound-keygen.service
 %post libs
 %{?ldconfig}
 %systemd_post unbound-anchor.timer
 # start the timer only if installing the package to prevent starting it, if it was stopped on purpose
 if [ "$1" -eq 1 ]; then
@ -354,8 +324,20 @@ fi
 %systemd_postun unbound-keygen.service
 %postun libs
 %{?ldconfig}
 %systemd_postun_with_restart unbound-anchor.timer
 %triggerun -- unbound < 1.4.12-4
 # Save the current service runlevel info
 # User must manually run systemd-sysv-convert --apply unbound
 # to migrate them to systemd targets
 /usr/bin/systemd-sysv-convert --save unbound >/dev/null 2>&1 ||:
 # Run these because the SysV package being removed won't do them
 /sbin/chkconfig --del unbound >/dev/null 2>&1 || :
 /bin/systemctl try-restart unbound.service >/dev/null 2>&1 || :
 /bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
 %check
 pushd %{dir_primary}
 #pushd pythonmod
@ -373,14 +355,14 @@ pushd %{dir_secondary}
 #popd
 make check
 popd
-%endif
+%endif # python_secondary
 %files
 %doc doc/CREDITS doc/FEATURES
 %{_unitdir}/%{name}.service
 %{_unitdir}/%{name}-keygen.service
-%attr(0755,unbound,unbound) %dir %{_rundir}/%{name}
+%attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name}
 %attr(0644,root,root) %{_tmpfilesdir}/unbound.conf
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
@ -442,215 +424,115 @@ popd
 %{_sbindir}/unbound-anchor
 %{_libdir}/libunbound.so.*
 %{_mandir}/man8/unbound-anchor*
-# icannbundle and root.key(s) should be replaced from package
+%{_sysconfdir}/%{name}/icannbundle.pem
 # intentionally not using noreplace
 %config %{_sysconfdir}/%{name}/icannbundle.pem
 %{_unitdir}/unbound-anchor.timer
 %{_unitdir}/unbound-anchor.service
 %dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
 %attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
 # just left for backwards compat with user changed unbound.conf files - format is different!
 %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
 # modification of root.key is maintained by unbound-achor.service and is intentional, so let rpm know
 %verify(not md5 size mtime) %{_sharedstatedir}/%{name}/root.key
 %changelog
-* Mon Mar 11 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-8
+* Wed Apr 03 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.6
 - Rebuilt again with z-stream target
 * Wed Apr 03 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.5
 - Correct typo in new config file
 * Mon Mar 11 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.4
 - Ensure group access correction reaches also updated configs (CVE-2024-1488)
-* Wed Feb 28 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-7
+* Wed Feb 28 2024 Petr Menšík <pemensik@redhat.com> - 1.16.2-5.3
 - Ensure only unbound group can change configuration (CVE-2024-1488)
-* Fri Feb 16 2024 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-6
+* Mon Feb 19 2024 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-5.2
 - Fix wrong entry in changelog
 - Resolves: RHEL-25634
 * Fri Feb 16 2024 Tomas Korbar <tkorbar@redhat.com> - 1.16.2-5.1
 - Fix KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387
 - Fix Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868
- Resolves: RHEL-25671
+- Resolves: RHEL-25660
- Resolves: RHEL-25643
+- Resolves: RHEL-25634
 * Sat Oct 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-5
 - Stop creating wrong devel manual pages (#2135322)
 * Sat Oct 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-4
 - Apply correctly previous change (CVE-2022-3204)
 * Tue Oct 11 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-3
 - Fix NRDelegation attack leading to uncontrolled resource consumption
  (CVE-2022-3204)
 * Tue Aug 09 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-2
- Require openssl tool for unbound-keygen (#2116802)
+- Require openssl tool for unbound-keygen (#2018806)
 * Wed Aug 03 2022 Petr Menšík <pemensik@redhat.com> - 1.16.2-1
- Update to 1.16.2 (#2087120)
+- Update to 1.16.2 (#2027735)
-* Fri Jul 08 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-3
+* Wed Jun 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-2
- Disable ED25519 and ED448 in FIPS mode (#2079548)
+- Restart keygen service before every unbound start (#1959468)
-* Tue Jun 07 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-2
+* Wed Jun 15 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1
- Restart keygen service before every unbound start (#2094336)
+- Upgrade to 9.16.0 (#2027735)
 - Update to recent version with compatibility with RHEL8 (#2027735)
 - Ensure also source level compatibility with previous version
-* Sat Jun 04 2022 Petr Menšík <pemensik@redhat.com> - 1.16.0-1
+* Thu May 19 2022 Richard Lescak <rlescak@gmail.com> - 1.7.3-18
- Update to 1.16.0 (#2087120)
+- Change file mode before owner when configuring remote control unix socket to avoid AVC denials
 - Resolves: rhbz#2038251
-* Mon May 02 2022 Petr Menšík <pemensik@redhat.com> - 1.15.0-1
+* Mon Apr 26 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.7.3-17
 - Update to 1.15.0 (#2030608)
 - Update icannbundle.pem
 * Mon May 02 2022 Paul Wouters <paul.wouters@aiven.io> - 1.13.2-1
 - Resolves: rhbz#1992985 unbound-1.13.2 is available
 - Use system-wide crypto policies
 * Mon May 02 2022 Petr Menšík <pemensik@redhat.com> - 1.13.1-15
 - Export unbound-devel to CRB repository (#2056116)
 * Tue Apr 26 2022 Petr Menšík <pemensik@redhat.com> - 1.13.1-14
 - Stop creating wrong devel manual pages (#2071943)
 * Thu Mar 31 2022 Petr Menšík <pemensik@redhat.com> - 1.13.1-13
 - Disable SHA-1 support (#2070495)
 * Fri Feb 11 2022 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-12
 - Fixed error in the patch
 - Resolves: rhbz#1977401
 * Thu Feb 10 2022 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-11
 - regional_alloc() failure handled
 - Resolves: rhbz#1977401
 * Thu Feb 10 2022 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-10
 - RESOURCE_LEAK fixed
 - Resolves: rhbz#1977400
 * Tue Aug 10 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-9
 - Don't use delted OpenSSL macroses
 - Resolves: rhbz#1991005
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.13.1-8
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.13.1-7
 - Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
 * Tue Jun 08 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-6
 - Changelog date fixed
 - Rebuild for new gating.yaml
 - Resolves: rhbz#1951923
 * Mon Apr 26 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-5
 - Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux
- Resolves: rhbz#1952814
+- Resolves: rhbz#1830625
-* Tue Apr 20 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.13.1-4
+* Tue Apr 06 2021 Artem Egorenkov <aegorenk@redhat.com> - 1.7.3-16
 - Don't start unbound-anchor before unbound service if DISABLE_UNBOUND_ANCHOR
  environment variable equals to "yes"
- Resolves: rhbz#1951923
+- Resolves: rhbz#1922448
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.13.1-2
+* Tue Sep 01 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-15
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Fix SPEC file to not check md5 mtime and size of /var/lib/unbound/root.key
 - Resolves: rhbz#1714175
 - Use system-wide crypto policy setting (PROFILE=SYSTEM) instead of custom setting
 - Resolves: rhbz#1842837
 - Enable additional logging in unbound
 - Resolves: rhbz#1850460
 - security hardening from x41 report
 - Resolves: rhbz#1859933
 - symbolic link traversal when writing PID file
 - Resolves: rhbz#1899058
-* Wed Feb 10 2021 Paul Wouters <pwouters@redhat.com> - 1.13.1-1
+* Thu May 28 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-14
- Resolves rhbz#1860887 unbound-1.13.1 is available
+- Fix unbound-1.7.3-amplifying-an-incoming-query.patch patch
- Fixup unbound.conf
+- Resolves: rhbz#1839178 (CVE-2020-12662)
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-2
+* Mon May 25 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+- Fix two previous patches and add missing patch lines to %%prep
 - Fix amplifying an incoming query into a large number of queries directed to a target
 - Resolves: rhbz#1839178 (CVE-2020-12662)
-* Thu Dec 10 2020 Petr Menšík <pemensik@redhat.com> - 1.13.0-1
+* Tue Apr 21 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.7.3-12
- Update to 1.13.0
+- Remove KSK-2010 from configuration files
 - Resolves: rhbz#1665502
 - Replace legacy directory /var/run/ with /run
 - Resolves: rhbz#1766463
 - Resolves: rhbz#1805978
 - Fix memory leak when DNS over TLS forwarding is configured
 - Resolves: rhbz#1819870
-* Tue Oct 13 2020 Petr Menšík <pemensik@redhat.com> - 1.12.0-1
+* Thu Apr 16 2020 Artem Egorenkov <aegorenk@redhat.com> - 1.7.3-11
- Update to 1.12.0 (#1860887)
+- Resolves bz1818761. unbound crash fixed.
-* Tue Sep 15 2020 Petr Menšík <pemensik@redhat.com> - 1.10.1-5
+* Tue Dec 10 2019 Tomas Korbar <tkorbar@redhat.com> - 1.7.3-10
- Move command line tools to utils subpackage
+- Secure ipsec mode (#1772061)
 - CVE-2019-18934
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-4
+* Tue Dec 10 2019 Tomas Korbar <tkorbar@redhat.com> - 1.7.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+- Use pthread_mutex_t locks when dealing with I/O operations (#1775708)
 * Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 1.10.1-3
 - Use make macros
 - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 * Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 1.10.1-2
 - Rebuilt for Python 3.9
 * Tue May 19 2020 Paul Wouters <pwouters@redhat.com> - 1.10.1-1
 - Resolves: rhbz#1837279 unbound-1.10.1 is available
 - Resolves: rhbz#1837598 CVE-2020-12662 unbound: insufficient control of network message volume leads to DoS
 - Resolves: rhbz#1837609 CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
 - Updated unbound.conf for new options in 1.10.1
 * Wed Apr 29 2020 Paul Wouters <pwouters@redhat.com> - 1.10.0-3
 - Resolves: rhbz#1667742 SELinux is preventing unbound from 'name_bind' accesses on the udp_socket port 61000.
 * Thu Apr 16 2020 Artem Egorenkov <aegorenk@redhat.com> - 1.10.0-2
 - Resolves: rhbz#1824536 unbound crash
 * Thu Mar 19 2020 Petr Menšík <pemensik@redhat.com> - 1.10.0-1
 - Update to 1.10.0 (#1805199)
 * Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.6-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Fri Dec 13 2019 Paul Wouters <pwouters@redhat.com> - 1.9.6-1
 - Resolves: rhbz#1758107 unbound-1.9.5 is available
 - Resolves: CVE-2019-18934
 * Fri Nov 01 2019 Paul Wouters <pwouters@redhat.com> - 1.9.4-1
 - Fix build on rhel/centos systems
 - Resolves: rhbz#1767955 (CVE-2019-16866) uninitialized memory accesses leads to crash via a crafted NOTIFY query
 * Thu Sep 26 2019 Petr Menšík <pihhan@gmail.com> - 1.9.3-2
 - Obsolete no longer provided python2 subpackage (#1749400)
 * Tue Aug 27 2019 Paul Wouters <pwouters@redhat.com> - 1.9.3-1
 - Updated to 1.9.3
 - Resolves: rhbz#1672578 unbound-1.9.2 is available
 - Resolves: rhbz#1694831 [/usr/lib/tmpfiles.d/unbound.conf:1] Line references path below legacy directory /var/run/
 - Resolves: rhbz# 1667387 [abrt] unbound: memmove(): unbound killed by SIGABRT
 * Thu Aug 22 2019 Miro Hrončok <mhroncok@redhat.com> - 1.8.3-8
 - Subpackage python2-unbound has been removed
  See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
 * Thu Aug 15 2019 Miro Hrončok <mhroncok@redhat.com> - 1.8.3-7
 - Rebuilt for Python 3.8
 * Mon Aug  5 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.8.3-6
 - Drop install-time requirements on systemd (#1723777)
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Fri Jan 11 2019 Paul Wouters <pwouters@redhat.com> - 1.8.3-3
 - Remove KSK-2010 from configs - it has been revoked
 * Wed Dec 12 2018 Paul Wouters <pwouters@redhat.com> - 1.8.3-2
 - Another dns64 fixup
 * Wed Dec 12 2018 Paul Wouters <pwouters@redhat.com> - 1.8.3-1
 - Updated to 1.8.3 with fixes the dns64 bug and has some other minor fixes
 * Mon Dec 10 2018 Paul Wouters <pwouters@redhat.com> - 1.8.2-2
 - Fix dns64 allocation in wrong region for returned internal queries.
 * Tue Dec 04 2018 Paul Wouters <pwouters@redhat.com> - 1.8.2-1
 - Updated to 1.8.2.
 - Enabled deny ANY query support and edns-tcp-keepalive
 - Set serve-stale timeout to 4h
 - Updated unbound.conf for latest options
 * Mon Oct 22 2018 Petr Menšík <pemensik@redhat.com> - 1.8.1-2
 - Allow group by default to unbound-control (#1640259)
 * Mon Oct 08 2018 Petr Menšík <pemensik@redhat.com> - 1.8.1-1
 - Update to 1.8.1
 * Mon Oct 01 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-2
 - Skip ipv6 forwarders without ipv6 support (#1633874)
 * Wed Sep 19 2018 Petr Menšík <pemensik@redhat.com> - 1.8.0-1
 - Rebase to 1.8.0
 * Tue Aug 14 2018 Paul Wouters <pwouters@redhat.com> - 1.7.3-9
 - Fix for restarting unbound service after deleting key/pem files for remote control
 * Tue Jul 31 2018 Petr Menšík <pemensik@redhat.com> - 1.7.3-8
 - Release memory in unbound-host
@ -679,16 +561,8 @@ popd
 * Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 1.7.2-3
 - Remove last python2 dependency from python3 build
-* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.7.2-2
+* Mon Jun 25 2018 Tomas Hozza <thozza@redhat.com> - 1.7.0-6
- Rebuilt for Python 3.7
+- Disable Python2 support
 * Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
 - Resolves rhbz#1589807 unbound-1.7.2 is available
 - Add patch to fix stub/forward zone not returning ServFail when TTL expires
 - Enabled the new root-key-sentinel option
 * Wed May 30 2018 Petr Menšík <pemensik@redhat.com> - 1.7.1-1
 - Update to 1.7.1 (#1574495)
 * Mon Apr 09 2018 Petr Menšík <pemensik@redhat.com> - 1.7.0-5
 - Require gcc and make on build
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
 --- !Policy
 product_versions:
  - rhel-9
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/2
+++ b/2
@ -1,2 +0,0 @@
 SHA512 (unbound-1.16.2.tar.gz) = 0ea65ea63265be677441bd2a28df12098ec5e86c3372240c2874f9bd13752b8b818da81ae6076cf02cbeba3d36e397698a4c2b50570be1a6a8e47f57a0251572
 SHA512 (unbound-1.16.2.tar.gz.asc) = bc5241c86f90be76886209c81d6f1c025d4774fa00d114180b99d43999f31b1b4c8d123717b8a79a60bc3acfcbe9f46678b80b3d961431c7bfd05ff48c69ef4f
--- a/unbound-1.8.0-rh1633874.patch
+++ b/unbound-1.8.0-rh1633874.patch
@ -1,39 +0,0 @@
 From 9be04e6fac3f4ee8fa08d3671dac41d2156d2ced Mon Sep 17 00:00:00 2001
 From: Wouter Wijngaards <wouter@nlnetlabs.nl>
 Date: Thu, 27 Sep 2018 08:19:29 +0000
 Subject: [PATCH] - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL,
 fixes   qname minimisation with a forwarder when connectivity has issues  
 from rejecting responses.
 git-svn-id: file:///svn/unbound/trunk@4916 be551aaa-1e26-0410-a405-d3ace91eadb9
 ---
 iterator/iterator.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/iterator/iterator.c b/iterator/iterator.c
 index 7baf92b7..2f26bd33 100644
 --- a/iterator/iterator.c
 +++ b/iterator/iterator.c
@@ -2174,7 +2174,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 		return 0;
 	}
 -	if(iq->minimisation_state == INIT_MINIMISE_STATE) {
 +	if(iq->minimisation_state == INIT_MINIMISE_STATE
 +		&& !(iq->chase_flags & BIT_RD)) {
 		/* (Re)set qinfo_out to (new) delegation point, except when
 		 * qinfo_out is already a subdomain of dp. This happens when
 		 * increasing by more than one label at once (QNAMEs with more
@@ -2715,7 +2716,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 			sock_list_insert(&qstate->reply_origin, 
 				&qstate->reply->addr, qstate->reply->addrlen, 
 				qstate->region);
 -		if(iq->minimisation_state != DONOT_MINIMISE_STATE) {
 +		if(iq->minimisation_state != DONOT_MINIMISE_STATE
 +			&& !(iq->chase_flags & BIT_RD)) {
 			if(FLAGS_GET_RCODE(iq->response->rep->flags) != 
 				LDNS_RCODE_NOERROR) {
 				if(qstate->env->cfg->qname_minimisation_strict)
 -- 
 2.14.4
--- a/unbound-1.8.1-keygen-group-rights.patch
+++ b/unbound-1.8.1-keygen-group-rights.patch
@ -1,29 +0,0 @@
 From 6429b5c298b10b96feb6b90c111948df97269f40 Mon Sep 17 00:00:00 2001
 From: Wouter Wijngaards <wouter@nlnetlabs.nl>
 Date: Mon, 22 Oct 2018 10:07:13 +0000
 Subject: [PATCH] - Fix #4192: unbound-control-setup generates keys not
 readable by   group.
 git-svn-id: file:///svn/unbound/trunk@4942 be551aaa-1e26-0410-a405-d3ace91eadb9
 ---
 smallapp/unbound-control-setup.sh.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/smallapp/unbound-control-setup.sh.in b/smallapp/unbound-control-setup.sh.in
 index 0d759f44..f4024b43 100644
 --- a/smallapp/unbound-control-setup.sh.in
 +++ b/smallapp/unbound-control-setup.sh.in
@@ -148,8 +148,8 @@ test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem"
 # echo "empty password is used, simply click OK on the password dialog box."
 # openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" || error "could not create browser certificate"
 -# remove unused permissions
 -chmod o-rw $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
 +# set desired permissions
 +chmod 0640 $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
 # remove crap
 rm -f request.cfg
 -- 
 2.14.4
--- a/unbound-1.8.2-dns64.patch
+++ b/unbound-1.8.2-dns64.patch
@ -1,13 +0,0 @@
 diff --git a/dns64/dns64.c b/dns64/dns64.c
 index 6c81192..77e6890 100644
 --- a/dns64/dns64.c
 +++ b/dns64/dns64.c
@@ -925,7 +925,7 @@ dns64_inform_super(struct module_qstate* qstate, int id,
 	 * successful or not. This lets the state machine terminate.
 	 */
 	if(!super_dq) {
 -		super_dq = (struct dns64_qstate*)regional_alloc(qstate->region,
 +		super_dq = (struct dns64_qstate*)regional_alloc(super->region,
 			sizeof(*super_dq));
 		super->minfo[id] = super_dq;
 		memset(super_dq, 0, sizeof(*super_dq));
--- a/unbound-aarch64.patch
+++ b/unbound-aarch64.patch
@ -1,22 +0,0 @@
 Index: unbound-1.5.0/compat/getentropy_linux.c
 ===================================================================
 --- unbound-1.5.0.orig/compat/getentropy_linux.c
 +++ unbound-1.5.0/compat/getentropy_linux.c
@@ -102,7 +102,7 @@ getentropy(void *buf, size_t len)
 	if (ret != -1)
 		return (ret);
 -#ifdef CTL_MAXNAME
 +#ifdef SYS__sysctl
 	/*
 	 * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
 	 * sysctl is a failsafe API, so it guarantees a result.  This
@@ -235,7 +235,7 @@ nodevrandom:
 	return -1;
 }
 -#ifdef CTL_MAXNAME
 +#ifdef SYS__sysctl
 static int
 getentropy_sysctl(void *buf, size_t len)
 {
--- a/wouter.nlnetlabs.nl.key
+++ b/wouter.nlnetlabs.nl.key
@ -1,212 +0,0 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>Public Key Server -- Get "0x9f6f1c2d7e045f8d "</title>
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <style type="text/css">
 /*<![CDATA[*/
 .uid { color: green; text-decoration: underline; }
 .warn { color: red; font-weight: bold; }
 /*]]>*/
 </style></head><body><h1>Public Key Server -- Get "0x9f6f1c2d7e045f8d "</h1>
 <pre>
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: SKS 1.1.6
 Comment: Hostname: sks.pod02.fleetstreetops.com
 mQINBE2v/RwBEACyQpJlpCeSZBV1QUH7jNEp5xGdo6OnX2h9XoZ4ZPsb+u6OT+xESH45ncnI
 SUh8rPCygbeWOoPR/yOBzh+lYoGxQ5iUHtwRrhHq04sQe/qFpXDO2xs61pTcPU2PnH7Rsr2q
 p6fZLPHuXLolD7NJfaSib8sVeMM0/ecyl/L2bBg9NpaGDX0xTQh95M8o6AFo6UKWApBpgsvE
 Zr2aH/B8b9KnCWFhfJyheEM7DamksdZNsKxXQyq3l/ROfdsMLZGF8vPbYV/v11G4keyaLpn8
 AbBpybIiw9SYDwf2ENk3+e1NFfMaiiyEqn9+aaLTKCY87TMUuoN3s3jWOOy5tHXzf6DbKhub
 4Awsby3DH5YpPhi4N2vj2pAXVpl5+m78cH29JLzT+HAoyZ4tq1r3m0P5QogNqYwqxkKWYOjD
 ilNDBiKiDdgtrLYGx+ABovKG/FvToJoaCL4AFaVCzWmL2uHkSgyBN0FPHatCB1UeEkcQit6T
 8E2NQqmFWjUMXSWHHajSMG95+L5PdLHz/Ku0o3Csvlt2pkElYZmzJBfnOM9JevdsmKr/ruJC
 /DCZAn5w2S/9ZF5qfo2F9HUKIwE/dChR29HcN8V4nqZs9oCvEMfFhHmrfwDc5hedhvb6mAkv
 SFFtKIrygLIVeWRj3FE9sGp6sr4VwOLYTFRNk7mAsWD1rZApeQARAQABtCdXLkMuQS4gV2lq
 bmdhYXJkcyA8d291dGVyQG5sbmV0bGFicy5ubD6IRgQQEQIABgUCThRSKQAKCRD5yv3rOc/E
 3iiwAJ0SIjqFSwBm7sEZf2nn4JhkWKoG0gCfTD0g9RhtJFZa+0rdtMGUpYtDA1aIRgQQEQIA
 BgUCT/FYZQAKCRDidkIqx06dxeI6AJ9JZvcA78yRPDAMS+TklrNhFbEixgCgwiltuquOD4Qw
 vTS+NZr1ECUit8+IRgQTEQIABgUCTa///wAKCRCQMuo3A6Gk+Ot2AKCi4IvI/AT2kSzy0pWH
 Zfrpl93zlACZAaBqkUKcA1jxk8HtqDYtuCRhSfiIRgQTEQIABgUCTb7dfwAKCRCL5TxDRLCU
 K/4yAJ9Zgx/YRiu/X+KLDTQoYXTxNNbCHACfcBLrfl5uABiyOzBC+/R5rXnoRaqIRgQTEQIA
 BgUCV+zVuQAKCRAjc9NHiaFq+OY4AKC6GV6dlBdvo4bEaJpWPHh9WShqIwCgjJi+haVoUR52
 ovPF0zsXx6/um+GITAQTEQIADAUCTbAJsgWDCWX06gAKCRC039xrdgkihyx4AJ9iuMMszOpC
 jRYkVjTgmDyVmAA5uACg7qmMbKb03FbTFdd5VG5/6RTiPtSJARwEEAECAAYFAlTvL9UACgkQ
 lumWUDlMmaxLZgf/WeQK3FqemgsgcNCfkPuE9XpSdyJhQ+n1Yb6tAK4osry7H3lFBQIKTpmX
 SxauZDazYt6G4BYWsA0ARBwZVOaEaIbFRHFWs3/SLynNf9ZGBw8FumIMlEw3+tUdZck6u7pU
 q1OFeL1HWRLEC/njyLe7zAFHHWwMUIL9ZAZGiknADbqiiyF/JTcv4cpfNhdRAFzRriUJ2zYf
 0r6vKnf8pjc9QfDricAq/WzfANycfaSqx5GEBokxZY3lq/oLe4dGpZmrGecvBMtmTRHAG0Ln
 sNwXVujej3sU0vfhkZ1A0lnKoZCOTwGTPkL3dkOwbUdoYiYakTjM8NKav/TxNDxdaG/QbYkB
 HAQQAQgABgUCVnyBkgAKCRAIbcKm1AudBFrsB/9oKXW7oiQ7eJJ036fsfM5UODQGoXc1XO0R
 TEV/8pBRSDhqOVwRUsPqgtU6p2UWJbwxgB7MmPt3Z4cXs+ff1jkTzn/iefMyB7W6NogotrTt
 Nlj8x30Y9dVJB4KSHnQW2Gsf/OmZM9cDBAuyK3j3yLWkn65FRKVoH/4sYil1Tm/ogEC8vdvX
 RpwsCaZG8HOLDphjjU0JErE1jWk2L+P0TeGCmbrsfhORxTaCROjvcJ0fQsdX7kcA262iRrU0
 xDlBBYZA9wyGfd4wf+zIt7LcVBjNNvIUdUC3Uf0prYJawaG2/YV6R7eY4ooJxTutadugLmZp
 fBRiITflLZssO3YAW9RxiQEcBBMBCgAGBQJU7y/ZAAoJEMFDUWYtzEe6MyQIALSGlZ4X0LJw
 6zNoHGVxC0P911NBtDRO2/Hfg38UMT8KjQ1jOynm1KZm67viNOVGRGWar23PNppofpViZSlQ
 xUXUyLXVajcV9klg7RV7GC/3P2dvrCjELHXJ6w8qrcUKDighjbdctHXiQ9W5nU1IWPTLdg+z
 cvTbSVybvLwcbu5kzUzlYvesetJjSWnU9PXswed2cN9sqN3ikrWlYv4qHp6RwrLBN/VjZQov
 AxXN68PHxLz8GNxZTO9Aa4j4CheejXPVHDhqqw/K0XI86hnvZX7kwy4KBq/o4Kl+fstaOM6T
 571D2fljTVztmsKZBhiuKm1t8/Ltoifch+bpFx5AZkaJAhwEEAECAAYFAk2+3aIACgkQi0GC
 sRlrLScyHw//accdcVbHGYLwS0imk5SMEJX2bdu87uXqseeMU5OhnYip4ySQ727VihGYkhmL
 c/o1dIEznvFudWc/fMEi0x3R5J53Qbt3XQEUjOgZUoeomQJCItoJsDRoItvgdUvj3o6hVWhu
 +8PL6oC2J/JAHvfsMKiaTBHrUcNdgovLPGo5bcZCJwOxqPLYPLW2fCkanY9EhbyVAsFIiuH4
 +8tSDnqrgZFATyDqhqAYP96CanJrSalB6l/2r10q3V/OxcyCwys5w54FExhQAhpwThpbpFcK
 kBrM647ak7x8dZha4C/RltwkFn6jFp2sNUSEa0USTOTyDw7WkqgZZOWvauQ+fKgSOJwWU+MR
 cs11bNEGtwBu+wPheeyAlITu7A9PIrMZTmmJKy124I7ZvfXF3NZrHVm2KanLaWqHrso8tYg4
 9C7ptSCEZlgLHaeOl1wOOLbH6OneB3mQqf2u0elWYv64sbEqmFwd0C4rFeT7VSFSDLc1AsZB
 zc4WveDPnjzMXE2KLIwP+/x+betpntuYKYzYov0fryS79fjwu5JGh0gfEDITSta+tPRAYqKf
 mCt/jpeZxUQBfI6SW6LyP2Go8uYlbplV5IJuZ04c2Pr/9G/e3vh4O/kJmDZo4EX9op9TKJpg
 w/shReVuUAP9E24rD0oEyiWnHu/ZsgMtaVKQc2SsIghSG8eJAhwEEAEKAAYFAlTvL+sACgkQ
 V0EnLQMH4n8IuA//cZqhGvBiSNpRkSjjZWu5BY7fhMOdshiVPkEZmILRytnXnxVcu+PuuIk0
 kXfgt/jcS762dBZK3UOVAAsGsLfkisLN18UGWKhokNUWybSmdmhTb6Ns5tJbZfnFTaSjA3Gk
 Z+R/U8O1tNHTmqBfYHTSq8utpIi1JEJRf5itUYytP75nt0rnjpYTFEbvKgukgZldLDk581Zc
 x4Y6pj1ILrxtqF369yBtYIEkHFcYDuXsApTIXY1G4V5mq4t9QCk07E2ZKZ2aJjaCA7VeD+vR
 8Z50oyu4kuc1RdFnP8TfQUAr/tYIFinuzKSqELu9b+JSPO3qawXaq9Y+X42XWkeQSeu7SNl2
 xqe1uVhHd8qduf8U438fUOBeY+gpae9e2IPbErU+itmd+m+WlHp8FUH2pS6VlXXhBrBPEZ3+
 8ph9wUtSAenFVyT1leu21pMuP2nNpD2nTsNlYcX9gA/vkA7bQyOtaEOC+8zNHtZYhx4u/nmI
 +yZ4Cc95CmfwTE0/fRX+T+jK2x5ZGRZMudygnKRbnod+OgnNVBWIykGSzULKgLY9i5PlxCA2
 a7FUoLpIOW4OJSgo6WNsBc3j48RjqNm3cUcLco1kDcoGaQ43dGyLVGMlB332u6m2W+g+AwGm
 vhJQh3yy5XYvRXRzfiHvWUok8ess1/0qSRua22JY14KBxJF80EeJAhwEEwECAAYFAk2wI04A
 CgkQ5fj4IS93pJjaOw/8DG4fn6z4LYmY3MsLNu2Efg9YflaWPkD+z0iLPGUHhrzObIIMfGL0
 kpqYJSbvYqYUSIR8AjQGwRrJVidBqOX9bK7ZVPPvsX61hjt6e0T0O2Q6JuDMCfseiseLBo/a
 6DJu2P7LfDNGaath0WMonOxnqs+kRG8SVyTqmbnyC0AwthgYB57CIyNuz3MPkQr7pJNmyWFv
 kUYs7Z2Awq0hyD9M1KAV8igqFGYjrZAJoSv1nX6OzGRCSFmxqKwmCd7OtHLpqdNHos5CLhrj
 ouLJwiNt8gv7w06owYFxEsctAGqjVjvvtD0L19Skp3jgLAro6x53UFUtxm+Z/8YLLh+lNHJx
 JMDQu5CpSn3zLwRkF/cYgINOa1CS1yceynlbRGxrIb2vSfmnZeNZ2cTwedM/+9C044DfIB1y
 9FmmZBaXOaA4ITjvcEf2FpFn9MdF+zN8N8AN5m1y/qftFqgG0P40AQ0hQAhk+F8JxD7wVh65
 jcj62f287L1h8EDo/NE1JH8dAb9dUlJQeohAkiIMurDYLYRop9u+ogtUtRpMKXTwgNUanIq7
 oTYpNunbI1NUXc9Fdi9Z8OYZagHlo4v6T3fqvaRbGElncoF6faz7les2zh2S8etACX7mNsxV
 c6kXIpdHqoHKGShdxtb+PhRirbIxdCzlFstk5c9zpsCJCr/yu+pCL6KJAiIEEAECAAwFAk2w
 CcoFgwll9NIACgkQVGoRHjtqqmQGaRAAuHuKIupTerS7qrEIkyOvECN06fg+U/caYv3Qpue0
 4ZC2aIk4oK/7wsuhEsMLCL3J1JFYCCmbc0QfYBtzIM5lu9SX7/1R8/+VnCvYvME8tKdMdQAM
 BWq4ZG5Bi9rH8j+450mjgmPRC0s8tmmfp62gB9zBAd/poVZQOVSUV43HE3n6Vkxj0ediGEmw
 GakB2pPtAY7HAaLxRdXidwjNTzpAz7JPinoZgpz/MYseuxSSyhIqqREYn/ynX1+YQhu1l4X6
 rpIsVWawMv93PhO42Y3Ny6SvC/hnZ1J+Y359quClHTQ/ogrbZrbhlKtpJNeNOCBKUzgIuT3/
 PSy1XheYQR2m8SbOmOMpgInr16i3ijsYBKI6qdoxB//YCkFCJmxfCUqRGPe6sAW2n9ow4VmE
 rAUDEqYTPDzkRA5zBY6C6cMugoClY8LidDwKHGXjbPMLz+CnWIVsC8BedjQcfPkuQs/P4QtQ
 +UYwt6UiFywYe4Na9JfJsYDwkUaKgZadva/JFxGkm7ApMpeMBuZUDIl9qptKipdmRrMnBx9l
 fvBqrrXYKPEzVMW0FpX9D5F1L4k5u3x4B0VDZ9WPJgkSKFQIMatDxFsyJNWZmh/0dODC/LKF
 mZZCk3B34rr91He99MzKNrrq3vZSlbMKoCQYjDGQDWVXCplwjq1zCt/JSZUJYVhwbcyJAiIE
 EQECAAwFAlRgbtMFgwK1j8kACgkQBhyEc3tNEByR3A/+MKwW1tgIspbnE8WEGjdNJtXUHQUv
 UJHFTuoBNKZA/uAYxe7FLoSKQI8lH5PgJrLnu8lq0Z7h4BObnx7F4NrB1ixTtMGgRXD1amVY
 Gw6STlXH6Fhr/0RvBTg/wbdm/nFFdaEEhclMNHY/mW69bcqGjHjcnk6nOmlVrYegWRGjGgTI
 JBqHUhoX2+VixkMrBDSESBpHHQHlwsOlT9T0v3pCVHQz9I/WygQpn0bjgWEISyZkWbLcmJVZ
 yYYmWU9WWw8n16qFChdO6BTEjChuzVupLS5LoBgxCJkh9gl4F6VGRg2kVvsQoxE0CKbM+4qy
 qAAK2jrgQZRg4ihC2WmOpr9X0mrjO38Bz/tmZL389ZBzj9S3VO8otgBRgDbJvNHm8EjWdQHj
 SOE2x5/F2T69g8IK3S/vkkKrySsjSlD/NJpWwldkUh1RtO7wFO2Zk+2+vr55joOjKApXKQgO
 7PKw2awkL91UWWHAvJ3tTq/16FUypnY9RHM9rHtU8XDLCp4iEzE7rzIywEwX4fUAut4CRf8m
 u3czrhdPh+oQyOyQHZJMdX0mCKZREPgKo2ca5iAFtzOzrgD5OTCD/Pz4+99+gLEMOML1bWQ4
 R43L4YyrB1UIQUAvVmLDhn19bUcIS+wZ3kKI0et24wqjkaIsLSSounGBPxB4jOLhG0BBojzV
 dvqUElOJAiIEEwECAAwFAk2wAP4Fgwll/Z4ACgkQrImYjct//fHn8Q/+JdXKAXtSq5ReGTDR
 F3PcpsQK9q0LGvdyNPZ91oSkGl2UpcRhQ2KqTY0RJa7CZdk/3jG9G8aRuAmC6O5MhcsVU36j
 zBTanDgiSqFEpJCLXWWkPbwWIXdL3/FVm/1iYkDNqOZkWsYxU6BixgrDJoKcIZctt2igZqqa
 qdJYJ8tdbEXfW67rx+cu+DTXuZIuBwFETNix8zL7XpCQZAOG79IvBNaSaJr0x90tn+6rlLrk
 w6+NCXFjzm9aDNGyyWTs7s4kLfDR1LbBGpJNL+kmWmF9hkQTFHDxwNmHPyhjZcHVXaRfdl86
 ahClxBT6hitmurAGDIjjqy0d3Rs41Q3rcm9AZUWH4YbtRn2hXC/VCzsDvZvsjFB258mj4oDl
 jcgeuoY4uJEK8EJa9RJ6z3+UATcDaZTmlWhmb3UhG6suhz4hjmC4Y+JcovSVvq9AJksLJA74
 m6TxExiKzCGwy9xw1gcgJlFD4iVarfV4+jv5YGuPipPwz1ho6+P4uUOOtLFVHesSQ7S0W8eX
 rMdbu1Plw+m+fad/Asb8SoUm4ckfCwgoDMZsrGHBLhMa9D7AW/4z478DWqM6aZnZlpK4pNk+
 /jyW8cPDfjRePFKC/zH2Vm679JGgT13qQUJF1fja4KOSEi0lIKegPCRVJ1h0MseVgd2Qa9vX
 2VJwbZkrnoBa6VZH8dqJAj4EEwECACgCGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW
 76tkBQkNAhVIAAoJEJ9vHC1+BF+N2tYQAIxArTFi1m0C8sv/wIJwKL3Y6LWu1dEZadHLslfT
 bSF+2ZaWIyrg/QXcIkpUuGBn+V2nw46qZ8N+bAsxVJoJDzpRuqfs5+t/wq7xIZC4gzFjY4MH
 3uGi5jhucMdozYKqLomQE34bW2B3Co3+Rx5wXa2reqXaTt5f3X74D4XkCki7WyKXMk8vhnxb
 oxU50qu3MQzu3rWFGWxukQ+Pva9tUFnWGZOIgvhVbB3FBhqbEGg56d6yTIMMb6IwIjc/UYbc
 RCST70B5y3+If26u4TSbGfZoo3xx+6hH3dw8X+jMLFLki3ABWc17f1ZE7UZPbNhoWBibSV/1
 zNylGxHM1sbD3fyVneI9SJl77JsqAsqRWa+uQzn2WMdP31KsLXhVfGBDBKziBLet3Ntj20+m
 zrZnWr7EJV9PHUhjk/ie3n3HBBXQjD6lX1L+ZVw6c9eXVQpvS2051gkSuurdGkX8PaD80O0v
 Q5aohrwu+sGXJBiZY8q8rDvq+3hsnc1TfWNJzSjD+PsQ5WM6y3zqzrb3Oa2dsmNZWvos7LkQ
 NQ+6yaoe/W3hnhEyN/w6sl01sUmhFdm/wVtbg3Nd4a0x/yTq8p56Ol0wfj54u6hkbt1yFTUl
 xx+Cp/BanLSiOZvn12slxpCBULom/D2XROYY80iwThSshahxoWC/h04q8cDaFycwMzyuiQI+
 BBMBAgAoBQJNr/0cAhsjBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCfbxwt
 fgRfjd8qEACMp3672f/ETQL/ZS3EnNj1937xu6ESRCUsvbjMiGzLW/2tQVQnoV40fBoRyeQ/
 2d40VgUCsNayy7zqm7gRpKSjEddNGVReM//HuglrUwDhctvH9SUMNvJIpTeyur456NtUtSSd
 VyQHaBXYnMm9Ultq/imKHen40shdJW+9aHfrHZ0hPTv8XQqssrunF/gMHw3LiemPIjlrvAnl
 gM+NS0dUAVEJAm/9PJlXwhLvgo/jN9Y4zw2RMlAMNtfb6+EBXtKN7fjLL9AFGb3EZFuvvKj+
 ZTuiOcHv991gS2R+9JYRb2LaGzOxzjAo4XkWYLks70ahBE3044mtblYt2M9qjOAhXSSGRehK
 +/cinAd42Krrpba55R3V2fyGbB1UZOiX4qhZM/btU/T5LzKEOOdmlKJhk4PcUHIZyqXtRPKL
 CoC7pWmPos0xKmfKR/x1lif2E9d/5/KcSvRGwv/EpFYclzXoTkgBg2Wq/rY1QaH4M0vK/hg8
 r/qQU0po4rSK1V2TboYoC6daO077OJIypXBZy4Xwxyfsm+ScomXdNW1b2qp30YQAql31paAt
 LrJUW3oKGMCVIF9ATq7Drhxh9knxo3f0JwNG3BFzNpKdQ6dYKrXBHeUIrZuuO2M/pXlpIa5j
 JrU8Krpl6AHL4M7YSRVD3AM7oV2TX6kCTDhkcQBlSND/e4kCVQQTAQIAPwIbIwYLCQgHAwIG
 FQgCCQoLBBYCAwECHgECF4AWIQTt+qPyyk5usFaBr46fbxwtfgRfjQUCWaU4BQUJEZjVaQAK
 CRCfbxwtfgRfjb1YEACjkhtkyZkYURUmSZNL2IK/Zencv7DZGRfFrzijROFtHbe//H8o2Zhl
 yiaFSA/dT1ehjsukkR0oFkYadA+qUi06WpxGmd/jf8hP4yTUZkwOhQAesWoNmnhKePNaVMKY
 8DP57bA+N2pdCcGu7gUtYzq2JoTAtV+P/PE2w+H9eyBAulv6iUckM5/qvGfJPl8HB9BtgOpG
 N79otVWO6ebM4TQ3cZYI9BDQnt9cF2pviex+z1iLZVJ8UeRxSxYhrBKPJioi0Q1OgcKyO56t
 7EotzxKl5TzprgvdX4cdls+lehD8StlE2Xv/TScHvdOhJuVBrn3a3QjZPb4qSsz74leW5/EI
 QmozBy+qf8AHcCmTXwb2U7oHOct7cVyS5+bFx+ThpV5OK0rjTH1LMNiuTeAN46c1y3prjZRp
 QUlgVwj06q3Zz/fzDyueUS/r4lW4nAf/VNZy/rTS2HYPoZbHZVCtGpDIfag6fV6V97Pd3zfh
 Tf2wmsJsw9Xhktp/o7rMBRSMhvL4oevOXb0JSG2583Q/JnCCceB4NxRRxsgkRYHwdnXN9FnO
 PSa4NyvF4rzpPksLGZrhvm+lBvzVn/e40Q/KlxvSlnn2vW/WBM4pBq1jsoJrd/JkTdijZV7m
 t7HQ2bCLXAPgfZjy7n79WiCQVHg7iYnNikiNWR5TR7JcvdkxOdiA/4kCVQQTAQgAPwIbIwYL
 CQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQTt+qPyyk5usFaBr46fbxwtfgRfjQUCXe4JdQUJ
 GaQN2QAKCRCfbxwtfgRfjQ8gEACe+49aDQHRuZdDHK1VCJKzhb+MvfdIjvl8eQxljpG9Uz5Y
 17Bx4SWfuLHCeGlh1m6IOAWeW4g6Wowm1ec1PkVa79TdrkKb0MxfLSat6iDbiuVjDxy2bWok
 W0/cPzJ/FoWDtEC0H9UTAMb5QGBDZUbLuwX7ZjvMkAhH15/hO9Gj4RHoH1RJGJALRtZzjtzs
 JqL53kW/EV59V1T79Nocyx018iw50Jn02mI8wYJZ9HZc5C7D+K59vcqLRZgkrJrObw0sEv3Y
 FOBYp/1DemH2nHPMBSKMmN5RAcr32guUjd4BEWf2Q7Ao+Qnhdi161W0YKCW4JAmOoQ4bQ0wf
 E9Q5aUIGhUF52L+ac8Hy7dByaCExCA/WTqQQ/iVPybmpJQhFonWt/fmpxbE2wKThSEOHTO67
 e5e3JfUb0vNKssyZojao4h1MF5nvaPNKoybWwKnpNM0ORcyl+aogKwW7E15TEU0TE5//gAsF
 wRDcCnSEKnksgM0321m17RDfJbCajIv47DHDYE3yvhRZjCJCaw0Gow1sDRWjdOFpmIixD5/v
 x5uxyqSHPuGAsXlEvl+Z3Rdc5bQ7pAWu7UNpR3hnJPfg8KL2xqOF75VKG9/NjLE80yj8wdVo
 CfDvvizrBtOXnHI49gCMCfNqbGIb5yVhmTdeo7li+Te9hlJ2DrHnujGJlFe+p7kCDQRNr/0c
 ARAApvDKeVLiSazESdTY9KsSWsqoB38pvOsu25M49tEjc5TtY5LwKNckqkeRlJ83O8dFG7UB
 VuGwLKaf/6OR/pe24upZ27eOOWW7sXvQNv5aXlOYfF+mjIhUINqjq4pKDmO1c9J7h5d+auOV
 fzcgfotg3BVCaKn56ucjiQJ059uUMfgWTvVlibnoJ7deZcgt8v7VcLK9jv+P8QJHTIyDzJd+
 JjdjuHXqC/A37T5G9Z84x8wYrQY6mZmOIYaMjwIKdgFeN+nLk5henARUz4MTFUW4j9hHpuyA
 FomDQ93/wkHZ9IEChTxdZnfvsd//Z45vfcX9dQM+tuR8XCYThVsScI1TnwR46hi5NkfmHo3H
 VxwB8/owJ+FZDsTNBbJd7AVy27Xk4L5hLe7BwLDtFMyOp4lOipCM7//mtFB9mTzqnOwiSSyT
 RlwGUBJkzQFWQa0Z6bfYwA6+y1dn19H519GW49irtl+2+W8W4N8oLriIjPvqrQOyaELFcRfV
 6FfLi09HPhHVbejOqIEbOtfuN0+mjrrGAwortfTBjfw80N+W90BTvta4K2SyjHcJTkDYehfO
 o/5IMpGtDsOgvsCbDaFRnNJuYtSqQmvWk1KIPIw6CkdJtZa3+q3YA7D7ovOVH1OBTKNdBjc+
 X4W8L5R9MCymXWvgiP+52Sv1VIcZmsnCBrwK490AEQEAAYkCJQQYAQIADwIbDAUCVu+raQUJ
 DQIVTQAKCRCfbxwtfgRfjVnYEACZ1E/FfLDi4vLUd9diImmNN/zWDHxTsO/VG3lt50rSoJM5
 NGB4RlwcbUKhah2fD44FFiIqGIvKD9hRgB51dVRIkaR3ozVtXRBKxJJqWj38wf2FDLtUXC5/
 JHYb0sjAc3ad2sA9xEmEBVO1lWK3J6h4gKZiAGlWz3oeOSve3vrTKsBlP0CurUeb4WTVpw4d
 rBJD7cDh8SJ4/Cq76UFx8lW0xR+pHZHcd0/Ir5v5HnnEgbnut4IxeY3/CGBfQfSQHylK7ifm
 PWq+dflC/ZdfHY1V96EHKPM44ZLwiczoY3qp5nkmEc3BY6+P8Ch5gddOYaY18wpedarswnpO
 LQD2Xbsj66Eh0IZuuuZGyfOqJNaWbP33L27eg35XQNTgyhuZmDyRKL6yAbhU74TXCCvze/kk
 fqDn2ouCtM8/kqLX1v0+NkBxlhZUkTTVDyclZtwu6Vypus3+j2Zqk8sXeUZI64sjXpzwOcMZ
 xdl3QuyxMktExWzk9Q5DYqO+pj/YGt1vp2M0YgSUWNWCvfBcjEPFgaljyqz3BdvR/LYohnXu
 QL9SWObF+sIFc9D0w/yORYQcKP5kSWVC/qwFdC61OGeSDnQ/0o0T5PefhYS82gsIrjQ+HIJ7
 CLUTk7kBNljvtfpoWegH02feR0kSRoCXA6x+YHT4fmB41pW8S1V5a5dEltA/JIkCJQQYAQIA
 DwUCTa/9HAIbDAUJCWYBgAAKCRCfbxwtfgRfjTY/D/9+kX8LeqBhwDdwy3udV67KmVmytwGM
 fzBHbAyBdy84X06ip/If/VkjL+2Sv5Uml/cOOzGZT7y/KEt0uXQzgOZhGP5Y0OREf4kSzfb7
 tsGu3ZjTp5uJe7HiJr8uqYGfx94TQG/A3x1C7MlxOGmWDK/Eh/eNVeNd+3yyDEzl2p7a0yUh
 I8LtzllVrEDX+G4rz+mdDw4tfPDqzRPzPvVtPfqnfofHP5r2dshGe7+pCTC+o0jHWpaiFkEi
 IrR3PbZ9tV6+F5LzCUJJP5nepz6CShpLHq9ST6qZiw5ZpdznHW0kVl96YxgynJq9Y4dqD/8n
 OfTzdHhXXEogGvRfcxatxeZF7YNFhUU2p+CswAjRKCUzZAz0hDAu+dJ+fw4Odx7ii8uiwhEn
 EHoo8rPETkXwUK1je4MCzMRSy0Gippzk/oZ7noIml+Njas/UygavUOQm8bcPqGfWeFqvM2C7
 ZobL2iV0fX/bhEmQyosiWJ0nHuKdwDYygYs/4LtZLxwiKli/lm6IDz1028j6/98Z81gGoltX
 WokTYAPEgcBuhyiSLSQ1wojTVMYt9rPKMBakTzP+0FoWqoNafWOlHovP6iUB2Igll2ZT3Avr
 BQ8jAbRbuUl46QpBaKsl+pBo86az0fRkMxv0N4dQv4Q7Z0g71u9NTpaq1vtAZOwc0kl3uGNK
 18PnV4kCPAQYAQIAJgIbDBYhBO36o/LKTm6wVoGvjp9vHC1+BF+NBQJZpTgKBQkRmNVuAAoJ
 EJ9vHC1+BF+NyNQP/A3h+cOOkYUxyKpNHdtlIfCn8db5tHXSCbE19Qi7EK1SiK5atjo+VoRt
 B+L01kH6GCx5oZjeIhUdzYFwEUsdCDgwD6r0dKFwKIGa4TFcfnx+Z5B+HZgLYc6ac5PEHF1q
 ZVXZH9GSGeNw5h2yyqf4yhvetSN6L2id14m5XXJV5e7NfOgmaSnG0Z+wQvPSiu+Q00XpENT8
 HFSTSCjRATjk12rpy6TPeeC52NK1gLhGDRHN0k6m+vm4yoC+Nd6iPQpnc+5xs7NDnq2dFuST
 p7UTGebzPhhdSQgujEFuYLwzQMZu1h5amtA+v9j7BYEJkOMC7bm1PNNA2QQ6QfH8Hf+mJeIN
 yJO8A5KS3ceP+eo3SLR8T0hPzu9gZuZ22Hn3DXQh1VNRshaLKgNvoXpL3dQ48d1SFFKhEDpy
 2HSXUq2fs5rH0uszFGesG7K6EQRAYRcDrCkt9fdfkvCSxAFw9d+472xThzgKcN+MkOec+SaY
 +xlVULjEfCWyRVC8Opam4mTm/XT4mVLxP/qnsy7kEhLoc/ouB+lY/ks06LpZJvCXL6WfA9Yo
 u1Fi1Mg7GhSh9JKg6X6E8Trm+N4dxJGut1xbbGmmKXqfi4pej9KlkdeM9t1df/vWKlPa7Hzd
 8H0btgJx066wC4yt0ghxtsJXBsCDxWLfzaSRZ2/eP16mHqxDjsQQiQI8BBgBCAAmAhsMFiEE
 7fqj8spObrBWga+On28cLX4EX40FAl3uCX0FCRmkDeEACgkQn28cLX4EX43TQA/+JV8ReMRJ
 Cn3Cfqbe5ycFn8p6dIVnJiQuhiEyu5yzdpSkKyzcVFJObQcqw7s50FJuLUbxdvbcuGIaoTu7
 dhBoUXO5tOuIQAsKTfGfgoOgelJm+/q2h645EnAVINGbMDXrmo4/UFJkNjUMA6SQi/yiam7N
 0y58eoDC4sGmBKuN2EW2MoWahlXw8SS1+Ab9qVBs/RqbSy6f1nJL39aPpPDmvyJOSYtHnNSF
 lYWVhr0zGAi5rnswlFGrECGbHpr5FajUK7zcmtNPbi7F30K48xfF3XnDIeIBcerrEBQMaPUZ
 cBlddGhmSVVJZU/YhR35JNgPnmp33gOuZaRiW9lauZFwsMQBIBkLpJWoUtu8QLkyC0HmJzVR
 ep0/s1RkzaJ+1G1BzXTQiXaLaUQWG5h3pcMD8fxY5qp9KbG/+10bY0sRbRBXgS6mz7ddHaBt
 g/E8ty2nEB1HDXA9HAHu7KlH9e96sPZjz9C46ZiOXe6ZAOk6wBYts4RG4bCQ9pGORJ+P2Jr2
 pz1NZQbs1AhnjJixTsfZfsGZ5lHxGLjIyxtdGB/irLEqNTIMek2yp4CShmWoZwN0V3aGYMe/
 rC4tSXG79IeKNwF3Vd5MHtB+hcJG2qztBtKQuW29rbRA5bNxwTWe8skwOKsxXnP9RC974k0X
 kPS+VwgmVgNN1ewS/0oHvmEP71Q=
 =ZSkT
 -----END PGP PUBLIC KEY BLOCK-----
 </pre>
 </body></html>
		`@ -0,0 +1 @@`
							`9aea0e923b9d6779b5bc360094e24a4017e2bb25 SOURCES/unbound-1.16.2.tar.gz`
		`@ -1,2 +0,0 @@`
			`SHA512 (unbound-1.16.2.tar.gz) = 0ea65ea63265be677441bd2a28df12098ec5e86c3372240c2874f9bd13752b8b818da81ae6076cf02cbeba3d36e397698a4c2b50570be1a6a8e47f57a0251572`
			`SHA512 (unbound-1.16.2.tar.gz.asc) = bc5241c86f90be76886209c81d6f1c025d4774fa00d114180b99d43999f31b1b4c8d123717b8a79a60bc3acfcbe9f46678b80b3d961431c7bfd05ff48c69ef4f`