From 6b9d2efcb1915141cdddc816cc235ce8f98ae127 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Mon, 20 Apr 2015 17:50:39 -0700
Subject: [PATCH] unbound: 1.5.1 -> 1.5.3

---
 pkgs/tools/networking/unbound/default.nix     | 18 ++---
 .../linux-pre-3.15-unbound-1.5.1.patch        | 66 -------------------
 2 files changed, 6 insertions(+), 78 deletions(-)
 delete mode 100644 pkgs/tools/networking/unbound/linux-pre-3.15-unbound-1.5.1.patch

diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix
index e1594733268..e356d6d6537 100644
--- a/pkgs/tools/networking/unbound/default.nix
+++ b/pkgs/tools/networking/unbound/default.nix
@@ -2,31 +2,25 @@
 
 stdenv.mkDerivation rec {
   name = "unbound-${version}";
-  version = "1.5.1";
+  version = "1.5.3";
 
   src = fetchurl {
     url = "http://unbound.net/downloads/${name}.tar.gz";
-    sha256 = "1v00k4b6m9wk0533s2jpg4rv9lhplh7zdp6vx2yyrmrbzc4jgy0g";
+    sha256 = "1jly2apag4yg649w3flaq73wdrcfyxnhx5py9j73y7adxmswigbn";
   };
 
-  buildInputs = [openssl expat libevent];
-
-  patches = [
-    # This patch fixes unbound 1.5.1 on linux versions previous to 3.15 which
-    # do not implement IP_PMTUDISC_OMIT.
-    #
-    # It should be discarded when this support makes it into a released
-    # version.
-    ./linux-pre-3.15-unbound-1.5.1.patch
-  ];
+  buildInputs = [ openssl expat libevent ];
 
   configureFlags = [
     "--with-ssl=${openssl}"
     "--with-libexpat=${expat}"
     "--with-libevent=${libevent}"
     "--localstatedir=/var"
+    "--sysconfdir=/etc"
   ];
 
+  installFlags = [ "configfile=\${out}/etc/unbound/unbound.conf" ];
+
   meta = {
     description = "Validating, recursive, and caching DNS resolver";
     license = stdenv.lib.licenses.bsd3;
diff --git a/pkgs/tools/networking/unbound/linux-pre-3.15-unbound-1.5.1.patch b/pkgs/tools/networking/unbound/linux-pre-3.15-unbound-1.5.1.patch
deleted file mode 100644
index 61956807899..00000000000
--- a/pkgs/tools/networking/unbound/linux-pre-3.15-unbound-1.5.1.patch
+++ /dev/null
@@ -1,66 +0,0 @@
---- ./services/listen_dnsport.c	2014-12-10 10:59:31.726514857 +0100
-+++ ./services/listen_dnsport.c	2014-12-10 11:08:45.009071300 +0100
-@@ -368,29 +368,47 @@
-  * (and also uses the interface mtu to determine the size of the packets).
-  * So there won't be any EMSGSIZE error.  Against DNS fragmentation attacks.
-  * FreeBSD already has same semantics without setting the option. */
--#    if defined(IP_PMTUDISC_OMIT)
--		int action = IP_PMTUDISC_OMIT;
--#    else
--		int action = IP_PMTUDISC_DONT;
--#    endif
-+		int omit_set = 0;
-+		int action;
-+#   if defined(IP_PMTUDISC_OMIT)
-+		action = IP_PMTUDISC_OMIT;
- 		if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER, 
- 			&action, (socklen_t)sizeof(action)) < 0) {
--			log_err("setsockopt(..., IP_MTU_DISCOVER, "
--#    if defined(IP_PMTUDISC_OMIT)
--				"IP_PMTUDISC_OMIT"
-+
-+			if (errno != EINVAL) {
-+				log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s",
-+					strerror(errno));
-+
-+#    ifndef USE_WINSOCK
-+				close(s);
- #    else
--				"IP_PMTUDISC_DONT"
-+				closesocket(s);
- #    endif
--				"...) failed: %s",
--				strerror(errno));
-+				*noproto = 0;
-+				*inuse = 0;
-+				return -1;
-+			}
-+		}
-+		else
-+		{
-+		    omit_set = 1;
-+		}
-+#   endif
-+		if (omit_set == 0) {
-+   			action = IP_PMTUDISC_DONT;
-+			if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
-+				&action, (socklen_t)sizeof(action)) < 0) {
-+				log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s",
-+					strerror(errno));
- #    ifndef USE_WINSOCK
--			close(s);
-+				close(s);
- #    else
--			closesocket(s);
-+				closesocket(s);
- #    endif
--			*noproto = 0;
--			*inuse = 0;
--			return -1;
-+				*noproto = 0;
-+				*inuse = 0;
-+				return -1;
-+			}
- 		}
- #  elif defined(IP_DONTFRAG)
- 		int off = 0;