unbound: Vendor import 1.14.0rc1vendor/unbound/1.14.0rc1

This vendor import was requested by glebius@ as it should fix unbound
crashes.

Reported by:	glebius

3 files changed, 14 insertions, 2 deletions

diff --git a/contrib/Dockerfile.tests b/contrib/Dockerfile.tests
new file mode 100644
index 000000000000..417daccb21f9
--- /dev/null
+++ b/contrib/Dockerfile.tests
@@ -0,0 +1,11 @@
+FROM gcc:latest
+WORKDIR /usr/src/unbound
+RUN apt-get update
+# install semantic parser & lexical analyzer
+RUN apt-get install -y bison flex
+# install packages used in tests
+RUN apt-get install -y ldnsutils dnsutils xxd splint doxygen netcat
+# accept short rsa keys, which are used in tests
+RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf
+
+CMD ["/bin/bash"]
diff --git a/contrib/drop2rpz b/contrib/drop2rpz
index 01602f651166..6ac9b492efe3 100644
--- a/contrib/drop2rpz
+++ b/contrib/drop2rpz
@@ -4,7 +4,7 @@
 #
 # unbound.conf:
 #  rpz:
-#    name: "spamhaus-drop.rpz.local."
+#    name: "drop.spamhaus.org.rpz.local."
 #    zonefile: "/path/tp/spamhaus-drop.rpz.local"
 #    rpz-log: yes
 #    rpz-log-name: "spamhaus-drop"
diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index 90ee708ce2c5..ada5fac9c224 100644
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -64,7 +64,8 @@ ProtectClock=true
 ProtectControlGroups=true
 ProtectKernelLogs=true
 ProtectKernelModules=true
-ProtectKernelTunables=true
+# This breaks using socket options like 'so-rcvbuf'. Explicitly disable for visibility.
+ProtectKernelTunables=false
 ProtectProc=invisible
 ProtectSystem=strict
 RuntimeDirectory=unbound