4 files changed, 59 insertions, 44 deletions
diff --git a/contrib/ios/install_tools.sh b/contrib/ios/install_tools.sh
index 55fef454e852..e2f381425bed 100755
--- a/contrib/ios/install_tools.sh
+++ b/contrib/ios/install_tools.sh
@@ -1,8 +1,10 @@
 #!/usr/bin/env bash
 
 # This step should install tools needed for all packages - OpenSSL, Expat and Unbound
-echo "Updating tools"
-brew update 1>/dev/null
+# brew update hangs, so we try to skip that step.
+#echo "Updating tools"
+#brew update 1>/dev/null
 echo "Installing tools"
 # already installed are: autoconf automake libtool pkg-config
-brew install curl perl 1>/dev/null
+#brew install curl perl 1>/dev/null
+HOMEBREW_NO_AUTO_UPDATE=1 brew install curl perl 1>/dev/null
diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index a4596978dbe2..90ee708ce2c5 100644
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -60,8 +60,12 @@ NoNewPrivileges=true
 PrivateDevices=true
 PrivateTmp=true
 ProtectHome=true
+ProtectClock=true
 ProtectControlGroups=true
+ProtectKernelLogs=true
 ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
 ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound
diff --git a/contrib/unbound.spec b/contrib/unbound.spec
index 6ddc5f18d91f..17be4ccd0ad6 100644
--- a/contrib/unbound.spec
+++ b/contrib/unbound.spec
@@ -1,15 +1,14 @@
 Summary: Validating, recursive, and caching DNS resolver
 Name: unbound
-Version: 1.4.18
+Version: 1.13.1
 Release: 1%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
-Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
+Source: http://www.nlnetlabs.nl/downloads/unbound/%{name}-%{version}.tar.gz
 #Source1: unbound.init
 Group: System Environment/Daemons
-Requires: ldns
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: flex, openssl-devel, expat-devel, ldns-devel
+BuildRequires: flex, openssl-devel, expat-devel
 
 %description
 Unbound is a validating, recursive, and caching DNS resolver.
@@ -42,7 +41,7 @@ install -d 0700 %{buildroot}%{_localstatedir}/%{name}
 install -d 0755 %{buildroot}%{_initrddir}
 install -m 0755 contrib/unbound.init %{buildroot}%{_initrddir}/unbound
 # add symbolic link from /etc/unbound.conf -> /var/unbound/unbound.conf
-ln -s %{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf 
+ln -s ../%{_localstatedir}/unbound/unbound.conf %{buildroot}%{_sysconfdir}/unbound.conf
 # remove static library from install (fedora packaging guidelines)
 rm -f %{buildroot}%{_libdir}/libunbound.a %{buildroot}%{_libdir}/libunbound.la
 
@@ -55,11 +54,12 @@ rm -rf ${RPM_BUILD_ROOT}
 %attr(0755,root,root) %{_initrddir}/%{name}
 %attr(0700,%{name},%{name}) %dir %{_localstatedir}/%{name}
 %attr(0644,%{name},%{name}) %config(noreplace) %{_localstatedir}/%{name}/unbound.conf
-%attr(0644,%{name},%{name}) %config(noreplace) %{_sysconfdir}/unbound.conf
+%config(noreplace) %{_sysconfdir}/unbound.conf
 %{_sbindir}/*
 %{_mandir}/*/*
 %{_includedir}/*
 %{_libdir}/libunbound*
+%{_libdir}/pkgconfig/libunbound*
 
 %pre
 getent group unbound >/dev/null || groupadd -r unbound
@@ -89,7 +89,13 @@ if [ "$1" -ge "1" ]; then
 fi
 
 %changelog
-* Thu Jul 13 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8
+* Thu Jun 10 2021 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.13.1
+- ldns and ldns-devel no longer required. Fixed date. Version to 1.13.1.
+- Removed symlink attr mode, made unbound.conf symlink relative.
+- Added pkgconfig/libunbound.pc to the packaged files.
+- fixed download url to nlnetlabs.nl download.
+
+* Wed Jul 13 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8
 - ldns required and ldns-devel required for build, no more ldns-builtin.
 
 * Thu Mar 17 2011 Wouter Wijngaards <wouter@nlnetlabs.nl> - 1.4.8
diff --git a/contrib/unbound_munin_ b/contrib/unbound_munin_
index defca291c649..5037527580e2 100755
--- a/contrib/unbound_munin_
+++ b/contrib/unbound_munin_
@@ -14,7 +14,6 @@
 # Run the command unbound-control-setup to generate the key files.
 #
 # Environment variables for this script
-#	statefile	- where to put temporary statefile.
 #	unbound_conf	- where the unbound.conf file is located.
 #	unbound_control	- where to find unbound-control executable.
 #	spoof_warn	- what level to warn about spoofing
@@ -24,7 +23,6 @@
 # with:
 # [unbound*]
 # user root
-# env.statefile /usr/local/var/munin/plugin-state/unbound-state
 # env.unbound_conf /usr/local/etc/unbound/unbound.conf
 # env.unbound_control /usr/local/sbin/unbound-control
 # env.spoof_warn 1000
@@ -66,7 +64,6 @@ System with unbound daemon.
 
   [unbound*]
   user root
-  env.statefile /usr/local/var/munin/plugin-state/unbound-state
   env.unbound_conf /usr/local/etc/unbound/unbound.conf
   env.unbound_control /usr/local/sbin/unbound-control
   env.spoof_warn 1000
@@ -98,7 +95,8 @@ BSD
 
 =cut
 
-state=${statefile:-/usr/local/var/munin/plugin-state/unbound-state}
+state="${MUNIN_PLUGSTATE}/unbound.state"
+seentags="${MUNIN_PLUGSTATE}/unbound-seentags.state"
 conf=${unbound_conf:-/usr/local/etc/unbound/unbound.conf}
 ctrl=${unbound_control:-/usr/local/sbin/unbound-control}
 warn=${spoof_warn:-1000}
@@ -121,12 +119,24 @@ get_value ( ) {
 	fi
 }
 
+# Update list of seen query types etc to seentags file. This is run while
+# holding the lock, after the state file is updated.
+update_seentags() {
+    tmplist="$(cat ${seentags} 2> /dev/null)
+num.query.type.A
+num.query.class.IN
+num.query.opcode.QUERY
+num.answer.rcode.NOERROR
+"
+    (echo "${tmplist}"; grep ^num ${state} | sed -e 's/=.*//') | sort -u > ${seentags}
+}
+
 # download the state from the unbound server.
 get_state ( ) {
 	# obtain lock for fetching the state
 	# because there is a race condition in fetching and writing to file
 
-	# see if the lock is stale, if so, take it 
+	# see if the lock is stale, if so, take it
 	if test -f $lock ; then
 		pid="`cat $lock 2>&1`"
 		kill -0 "$pid" >/dev/null 2>&1
@@ -168,6 +178,7 @@ get_state ( ) {
 		rm -f $lock
 		exit 1
 	fi
+	update_seentags
 	rm -f $lock
 }
 
@@ -232,7 +243,7 @@ if test "$1" = "config" ; then
 		echo "graph_args --base 1000 -l 0"
 		echo "graph_vlabel queries / \${graph_period}"
 		echo "graph_scale no"
-		echo "graph_category DNS"
+		echo "graph_category dns"
 		for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state |
 			sed -e 's/=.*//'`; do
 			exist_config $x "queries handled by `basename $x .num.queries`"
@@ -256,7 +267,7 @@ if test "$1" = "config" ; then
 		echo "graph_args --base 1000 -l 0"
 		echo "graph_vlabel number of queries"
 		echo "graph_scale no"
-		echo "graph_category DNS"
+		echo "graph_category dns"
 		p_config "total.requestlist.avg" "Average size of queue on insert" "GAUGE"
 		p_config "total.requestlist.max" "Max size of queue (in 5 min)" "GAUGE"
 		p_config "total.requestlist.overwritten" "Number of queries replaced by new ones" "GAUGE"
@@ -267,7 +278,7 @@ if test "$1" = "config" ; then
 		echo "graph_title Unbound memory usage"
 		echo "graph_args --base 1024 -l 0"
 		echo "graph_vlabel memory used in bytes"
-		echo "graph_category DNS"
+		echo "graph_category dns"
 		p_config "mem.cache.rrset" "RRset cache memory" "GAUGE"
 		p_config "mem.cache.message" "Message cache memory" "GAUGE"
 		p_config "mem.mod.iterator" "Iterator module memory" "GAUGE"
@@ -283,9 +294,8 @@ if test "$1" = "config" ; then
 		echo "graph_args --base 1000 -l 0"
 		echo "graph_vlabel queries / \${graph_period}"
 		echo "graph_scale no"
-		echo "graph_category DNS"
-		for x in `grep "^num.query.type" $state`; do
-			nm=`echo $x | sed -e 's/=.*$//'`
+		echo "graph_category dns"
+		for nm in `grep "^num.query.type" $seentags`; do
 			tp=`echo $nm | sed -e s/num.query.type.//`
 			p_config "$nm" "$tp" "ABSOLUTE"
 		done
@@ -296,9 +306,8 @@ if test "$1" = "config" ; then
 		echo "graph_args --base 1000 -l 0"
 		echo "graph_vlabel queries / \${graph_period}"
 		echo "graph_scale no"
-		echo "graph_category DNS"
-		for x in `grep "^num.query.class" $state`; do
-			nm=`echo $x | sed -e 's/=.*$//'`
+		echo "graph_category dns"
+		for nm in `grep "^num.query.class" $seentags`; do
 			tp=`echo $nm | sed -e s/num.query.class.//`
 			p_config "$nm" "$tp" "ABSOLUTE"
 		done
@@ -309,9 +318,8 @@ if test "$1" = "config" ; then
 		echo "graph_args --base 1000 -l 0"
 		echo "graph_vlabel queries / \${graph_period}"
 		echo "graph_scale no"
-		echo "graph_category DNS"
-		for x in `grep "^num.query.opcode" $state`; do
-			nm=`echo $x | sed -e 's/=.*$//'`
+		echo "graph_category dns"
+		for nm in `grep "^num.query.opcode" $seentags`; do
 			tp=`echo $nm | sed -e s/num.query.opcode.//`
 			p_config "$nm" "$tp" "ABSOLUTE"
 		done
@@ -322,9 +330,8 @@ if test "$1" = "config" ; then
 		echo "graph_args --base 1000 -l 0"
 		echo "graph_vlabel answer packets / \${graph_period}"
 		echo "graph_scale no"
-		echo "graph_category DNS"
-		for x in `grep "^num.answer.rcode" $state`; do
-			nm=`echo $x | sed -e 's/=.*$//'`
+		echo "graph_category dns"
+		for nm in `grep "^num.answer.rcode" $seentags`; do
 			tp=`echo $nm | sed -e s/num.answer.rcode.//`
 			p_config "$nm" "$tp" "ABSOLUTE"
 		done
@@ -338,7 +345,7 @@ if test "$1" = "config" ; then
 		echo "graph_args --base 1000 -l 0"
 		echo "graph_vlabel queries / \${graph_period}"
 		echo "graph_scale no"
-		echo "graph_category DNS"
+		echo "graph_category dns"
 		p_config "num.query.flags.QR" "QR (query reply) flag" "ABSOLUTE"
 		p_config "num.query.flags.AA" "AA (auth answer) flag" "ABSOLUTE"
 		p_config "num.query.flags.TC" "TC (truncated) flag" "ABSOLUTE"
@@ -356,7 +363,7 @@ if test "$1" = "config" ; then
 		echo "graph_args --base 1000 -l 0"
 		echo "graph_vlabel queries / \${graph_period}"
 		echo "graph_scale no"
-		echo "graph_category DNS"
+		echo "graph_category dns"
 		echo hcache.label "cache hits"
 		echo hcache.min 0
 		echo hcache.type ABSOLUTE
@@ -467,27 +474,23 @@ memory)
 	done
 	;;
 by_type)
-	for x in `grep "^num.query.type" $state`; do
-		nm=`echo $x | sed -e 's/=.*$//'`
-		print_value_line $nm $x
+	for nm in `grep "^num.query.type" $seentags`; do
+		print_value $nm
 	done
 	;;
 by_class)
-	for x in `grep "^num.query.class" $state`; do
-		nm=`echo $x | sed -e 's/=.*$//'`
-		print_value_line $nm $x
+	for nm in `grep "^num.query.class" $seentags`; do
+		print_value $nm
 	done
 	;;
 by_opcode)
-	for x in `grep "^num.query.opcode" $state`; do
-		nm=`echo $x | sed -e 's/=.*$//'`
-		print_value_line $nm $x
+	for nm in `grep "^num.query.opcode" $seentags`; do
+		print_value $nm
 	done
 	;;
 by_rcode)
-	for x in `grep "^num.answer.rcode" $state`; do
-		nm=`echo $x | sed -e 's/=.*$//'`
-		print_value_line $nm $x
+	for nm in `grep "^num.answer.rcode" $seentags`; do
+		print_value $nm
 	done
 	print_value "num.answer.secure"
 	print_value "num.answer.bogus"