pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/net/bind914



Module Name:    pkgsrc
Committed By:   taca
Date:           Tue Apr 30 03:34:34 UTC 2019

Added Files:
        pkgsrc/net/bind914: DESCR MESSAGE Makefile PLIST buildlink3.mk
            builtin.mk distinfo options.mk
        pkgsrc/net/bind914/files: named9.sh
        pkgsrc/net/bind914/files/smf: manifest.xml named.sh
        pkgsrc/net/bind914/patches: patch-bin_named_Makefile.in
            patch-bin_named_main.c patch-bin_named_pfilter.c
            patch-bin_named_pfilter.h patch-bin_named_server.c
            patch-bin_nsupdate_nsupdate.c patch-bin_pkcs11_pkcs11-keygen.c
            patch-bin_tests_system_metadata_tests.sh
            patch-bin_tests_system_rpz_tests.sh patch-bin_tools_arpaname.c
            patch-bin_tools_nsec3hash.c patch-config.h.in
            patch-config.threads.in patch-configure patch-configure.orig
            patch-contrib_dlz_config.dlz.in patch-lib_dns_byaddr.c
            patch-lib_dns_dnsrps.c patch-lib_dns_gssapi__link.c
            patch-lib_dns_keytable.c patch-lib_dns_lookup.c
            patch-lib_dns_message.c patch-lib_dns_rbt.c patch-lib_dns_rbtdb.c
            patch-lib_dns_request.c patch-lib_dns_sdb.c patch-lib_dns_sdlz.c
            patch-lib_dns_spnego.c patch-lib_dns_validator.c
            patch-lib_dns_view.c patch-lib_isc_backtrace.c
            patch-lib_isc_include_isc_socket.h
            patch-lib_isc_include_isc_types.h patch-lib_isc_rwlock.c
            patch-lib_isc_stats.c patch-lib_isc_unix_socket.c
            patch-lib_isc_unix_time.c

Log Message:
net/bind914: add version 9.14.1

Add bind914 version 9.14.1 package (BIND 9.14.1).

pkgsrc chagnes:

* Add blacklist support from NetBSD base system.
* Note about required directories.

BIND, the Berkeley Internet Name Daemon.  This package contains the BIND
9.14 release.

  * A new "plugin" mechanism has been added to allow query functionality
    to be extended using dynamically loadable libraries. The "filter-aaaa"
    feature has been removed from named and is now implemented as a
    plugin.
  * QNAME minimization, as described in RFC 7816, is now supported.
  * Socket and task code has been refactored to improve performance on
    most modern machines.
  * "Root key sentinel" support, enabling validating resolvers to indicate
    via a special query which trust anchors are configured for the root
    zone.
  * Secondary zones can now be configured as "mirror" zones; their
    contents are transferred in as with traditional slave zones, but are
    subject to DNSSEC validation and are not treated as authoritative data
    when answering. This makes it easier to configure a local copy of the
    root zone as described in RFC 7706.
  * The "validate-except" option allows configuration of domains below
    which DNSSEC validation should not be performed.
  * The default value of "dnssec-validation" is now "auto".
  * IDNA2008 is now supported when linking with libidn2.
  * "named -V" now outputs the default paths for files used by named and
    other tools.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/net/bind914/DESCR pkgsrc/net/bind914/MESSAGE \
    pkgsrc/net/bind914/Makefile pkgsrc/net/bind914/PLIST \
    pkgsrc/net/bind914/buildlink3.mk pkgsrc/net/bind914/builtin.mk \
    pkgsrc/net/bind914/distinfo pkgsrc/net/bind914/options.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/net/bind914/files/named9.sh
cvs rdiff -u -r0 -r1.1 pkgsrc/net/bind914/files/smf/manifest.xml \
    pkgsrc/net/bind914/files/smf/named.sh
cvs rdiff -u -r0 -r1.1 pkgsrc/net/bind914/patches/patch-bin_named_Makefile.in \
    pkgsrc/net/bind914/patches/patch-bin_named_main.c \
    pkgsrc/net/bind914/patches/patch-bin_named_pfilter.c \
    pkgsrc/net/bind914/patches/patch-bin_named_pfilter.h \
    pkgsrc/net/bind914/patches/patch-bin_named_server.c \
    pkgsrc/net/bind914/patches/patch-bin_nsupdate_nsupdate.c \
    pkgsrc/net/bind914/patches/patch-bin_pkcs11_pkcs11-keygen.c \
    pkgsrc/net/bind914/patches/patch-bin_tests_system_metadata_tests.sh \
    pkgsrc/net/bind914/patches/patch-bin_tests_system_rpz_tests.sh \
    pkgsrc/net/bind914/patches/patch-bin_tools_arpaname.c \
    pkgsrc/net/bind914/patches/patch-bin_tools_nsec3hash.c \
    pkgsrc/net/bind914/patches/patch-config.h.in \
    pkgsrc/net/bind914/patches/patch-config.threads.in \
    pkgsrc/net/bind914/patches/patch-configure \
    pkgsrc/net/bind914/patches/patch-configure.orig \
    pkgsrc/net/bind914/patches/patch-contrib_dlz_config.dlz.in \
    pkgsrc/net/bind914/patches/patch-lib_dns_byaddr.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_dnsrps.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_gssapi__link.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_keytable.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_lookup.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_message.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_rbt.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_rbtdb.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_request.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_sdb.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_sdlz.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_spnego.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_validator.c \
    pkgsrc/net/bind914/patches/patch-lib_dns_view.c \
    pkgsrc/net/bind914/patches/patch-lib_isc_backtrace.c \
    pkgsrc/net/bind914/patches/patch-lib_isc_include_isc_socket.h \
    pkgsrc/net/bind914/patches/patch-lib_isc_include_isc_types.h \
    pkgsrc/net/bind914/patches/patch-lib_isc_rwlock.c \
    pkgsrc/net/bind914/patches/patch-lib_isc_stats.c \
    pkgsrc/net/bind914/patches/patch-lib_isc_unix_socket.c \
    pkgsrc/net/bind914/patches/patch-lib_isc_unix_time.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: pkgsrc/net/bind914/DESCR
diff -u /dev/null pkgsrc/net/bind914/DESCR:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/DESCR    Tue Apr 30 03:34:34 2019
@@ -0,0 +1,24 @@
+BIND, the Berkeley Internet Name Daemon.  This package contains the BIND
+9.14 release.
+
+  * A new "plugin" mechanism has been added to allow query functionality
+    to be extended using dynamically loadable libraries. The "filter-aaaa"
+    feature has been removed from named and is now implemented as a
+    plugin.
+  * QNAME minimization, as described in RFC 7816, is now supported.
+  * Socket and task code has been refactored to improve performance on
+    most modern machines.
+  * "Root key sentinel" support, enabling validating resolvers to indicate
+    via a special query which trust anchors are configured for the root
+    zone.
+  * Secondary zones can now be configured as "mirror" zones; their
+    contents are transferred in as with traditional slave zones, but are
+    subject to DNSSEC validation and are not treated as authoritative data
+    when answering. This makes it easier to configure a local copy of the
+    root zone as described in RFC 7706.
+  * The "validate-except" option allows configuration of domains below
+    which DNSSEC validation should not be performed.
+  * The default value of "dnssec-validation" is now "auto".
+  * IDNA2008 is now supported when linking with libidn2.
+  * "named -V" now outputs the default paths for files used by named and
+    other tools.
Index: pkgsrc/net/bind914/MESSAGE
diff -u /dev/null pkgsrc/net/bind914/MESSAGE:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/MESSAGE  Tue Apr 30 03:34:34 2019
@@ -0,0 +1,19 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+Please consider running BIND under the pseudo user account "${BIND_USER}"
+in a chroot environment for security reasons.
+
+To achieve this, set the variable "named_chrootdir" in /etc/rc.conf to
+the directory with the chroot environment e.g. "${BIND_DIR}".
+
+Note: named(8) requires writable directories under "/etc/namedb" which 
+specified by "directory" in "options" statement:
+
+       cache
+       keys
+       nta
+
+Make sure to these directories exists with writable by "${BIND_USER}" user.
+
+===========================================================================
Index: pkgsrc/net/bind914/Makefile
diff -u /dev/null pkgsrc/net/bind914/Makefile:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/Makefile Tue Apr 30 03:34:34 2019
@@ -0,0 +1,76 @@
+# $NetBSD: Makefile,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+DISTNAME=      bind-${BIND_VERSION}
+PKGNAME=       ${DISTNAME:S/-P/pl/}
+CATEGORIES=    net
+MASTER_SITES=  ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/
+
+MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=      http://www.isc.org/software/bind/
+COMMENT=       Berkeley Internet Name Daemon implementation of DNS, version 9.12
+LICENSE=       mpl-2.0
+
+CONFLICTS+=    host-[0-9]*
+
+MAKE_JOBS_SAFE=        no
+USE_CWRAPPERS= no
+
+BIND_VERSION=  9.14.1
+
+.include "../../mk/bsd.prefs.mk"
+
+BUILD_DEFS+=   BIND_DIR VARBASE
+
+.include "options.mk"
+
+USE_TOOLS+=            pax perl
+USE_LIBTOOL=           yes
+GNU_CONFIGURE=         yes
+
+CONFIGURE_ARGS+=       --with-libtool
+CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR}
+CONFIGURE_ARGS+=       --localstatedir=${VARBASE}
+CONFIGURE_ARGS+=       --with-openssl=${SSLBASE:Q}
+CONFIGURE_ARGS+=       --with-python=no
+.if !empty(MACHINE_PLATFORM:MNetBSD-*-m68k) || \
+    !empty(MACHINE_PLATFORM:MNetBSD-*-mipsel) || \
+    !empty(MACHINE_PLATFORM:MNetBSD-*-vax)
+CONFIGURE_ARGS+=       --disable-atomic
+.endif
+CONFIGURE_ARGS.DragonFly+=     --disable-kqueue
+
+PKG_GROUPS_VARS+=      BIND_GROUP
+PKG_USERS_VARS=                BIND_USER
+
+PKG_GROUPS=            ${BIND_GROUP}
+PKG_USERS=             ${BIND_USER}:${BIND_GROUP}
+
+PKG_GECOS.${BIND_USER}=        Named pseudo-user
+PKG_HOME.${BIND_USER}= ${BIND_DIR}
+
+DOCS=                  CHANGES HISTORY OPTIONS README
+
+FILES_SUBST+=          BIND_GROUP=${BIND_GROUP} \
+                       BIND_USER=${BIND_USER} PAX=${PAX:Q} \
+                       SSLBASE=${SSLBASE}
+MESSAGE_SUBST+=                BIND_DIR=${BIND_DIR} BIND_USER=${BIND_USER}
+
+DOCDIR=                        share/doc/bind9
+
+RCD_SCRIPTS=           named9
+SMF_METHODS=           named
+
+INSTALL_MAKE_FLAGS+=   sysconfdir=${PREFIX}/share/examples/bind9
+CONF_FILES+=           share/examples/bind9/bind.keys \
+                       ${PKG_SYSCONFDIR}/bind.keys
+
+INSTALLATION_DIRS+=    ${DOCDIR} ${DOCDIR}/arm
+
+post-install:
+.for f in ${DOCS}
+       ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR}
+.endfor
+       ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${DESTDIR}${PREFIX}/${DOCDIR}/arm
+
+.include "../../security/openssl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/net/bind914/PLIST
diff -u /dev/null pkgsrc/net/bind914/PLIST:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/PLIST    Tue Apr 30 03:34:34 2019
@@ -0,0 +1,387 @@
+@comment $NetBSD: PLIST,v 1.1 2019/04/30 03:34:34 taca Exp $
+bin/arpaname
+bin/bind9-config
+bin/delv
+bin/dig
+${PLIST.dnstap}bin/dnstap-read
+bin/host
+bin/isc-config.sh
+bin/mdig
+bin/named-rrchecker
+bin/nslookup
+bin/nsupdate
+include/bind9/check.h
+include/bind9/getaddresses.h
+include/bind9/version.h
+include/dns/acl.h
+include/dns/adb.h
+include/dns/badcache.h
+include/dns/bit.h
+include/dns/byaddr.h
+include/dns/cache.h
+include/dns/callbacks.h
+include/dns/catz.h
+include/dns/cert.h
+include/dns/client.h
+include/dns/clientinfo.h
+include/dns/compress.h
+include/dns/db.h
+include/dns/dbiterator.h
+include/dns/dbtable.h
+include/dns/diff.h
+include/dns/dispatch.h
+include/dns/dlz.h
+include/dns/dlz_dlopen.h
+include/dns/dns64.h
+include/dns/dnsrps.h
+include/dns/dnssec.h
+include/dns/dnstap.h
+include/dns/ds.h
+include/dns/dsdigest.h
+include/dns/dyndb.h
+include/dns/ecdb.h
+include/dns/ecs.h
+include/dns/edns.h
+include/dns/enumclass.h
+include/dns/enumtype.h
+include/dns/events.h
+include/dns/fixedname.h
+include/dns/forward.h
+include/dns/geoip.h
+include/dns/ipkeylist.h
+include/dns/iptable.h
+include/dns/journal.h
+include/dns/keydata.h
+include/dns/keyflags.h
+include/dns/keytable.h
+include/dns/keyvalues.h
+include/dns/lib.h
+include/dns/librpz.h
+include/dns/log.h
+include/dns/lookup.h
+include/dns/master.h
+include/dns/masterdump.h
+include/dns/message.h
+include/dns/name.h
+include/dns/ncache.h
+include/dns/nsec.h
+include/dns/nsec3.h
+include/dns/nta.h
+include/dns/opcode.h
+include/dns/order.h
+include/dns/peer.h
+include/dns/portlist.h
+include/dns/private.h
+include/dns/rbt.h
+include/dns/rcode.h
+include/dns/rdata.h
+include/dns/rdataclass.h
+include/dns/rdatalist.h
+include/dns/rdataset.h
+include/dns/rdatasetiter.h
+include/dns/rdataslab.h
+include/dns/rdatastruct.h
+include/dns/rdatatype.h
+include/dns/request.h
+include/dns/resolver.h
+include/dns/result.h
+include/dns/rootns.h
+include/dns/rpz.h
+include/dns/rriterator.h
+include/dns/rrl.h
+include/dns/sdb.h
+include/dns/sdlz.h
+include/dns/secalg.h
+include/dns/secproto.h
+include/dns/soa.h
+include/dns/ssu.h
+include/dns/stats.h
+include/dns/tcpmsg.h
+include/dns/time.h
+include/dns/timer.h
+include/dns/tkey.h
+include/dns/tsec.h
+include/dns/tsig.h
+include/dns/ttl.h
+include/dns/types.h
+include/dns/update.h
+include/dns/validator.h
+include/dns/version.h
+include/dns/view.h
+include/dns/xfrin.h
+include/dns/zone.h
+include/dns/zonekey.h
+include/dns/zoneverify.h
+include/dns/zt.h
+include/dst/dst.h
+include/dst/gssapi.h
+include/dst/result.h
+include/irs/context.h
+include/irs/dnsconf.h
+include/irs/netdb.h
+include/irs/platform.h
+include/irs/resconf.h
+include/irs/types.h
+include/irs/version.h
+include/isc/aes.h
+include/isc/app.h
+include/isc/assertions.h
+include/isc/atomic.h
+include/isc/backtrace.h
+include/isc/base32.h
+include/isc/base64.h
+include/isc/bind9.h
+include/isc/buffer.h
+include/isc/bufferlist.h
+include/isc/commandline.h
+include/isc/condition.h
+include/isc/counter.h
+include/isc/crc64.h
+include/isc/deprecated.h
+include/isc/dir.h
+include/isc/errno.h
+include/isc/error.h
+include/isc/event.h
+include/isc/eventclass.h
+include/isc/file.h
+include/isc/formatcheck.h
+include/isc/fsaccess.h
+include/isc/fuzz.h
+include/isc/hash.h
+include/isc/heap.h
+include/isc/hex.h
+include/isc/hmac.h
+include/isc/ht.h
+include/isc/httpd.h
+include/isc/interfaceiter.h
+include/isc/iterated_hash.h
+include/isc/json.h
+include/isc/lang.h
+include/isc/lex.h
+include/isc/lfsr.h
+include/isc/lib.h
+include/isc/likely.h
+include/isc/list.h
+include/isc/log.h
+include/isc/magic.h
+include/isc/md.h
+include/isc/mem.h
+include/isc/meminfo.h
+include/isc/mutex.h
+include/isc/mutexblock.h
+include/isc/net.h
+include/isc/netaddr.h
+include/isc/netdb.h
+include/isc/netscope.h
+include/isc/nonce.h
+include/isc/offset.h
+include/isc/once.h
+include/isc/os.h
+include/isc/parseint.h
+include/isc/platform.h
+include/isc/pool.h
+include/isc/portset.h
+include/isc/print.h
+include/isc/queue.h
+include/isc/quota.h
+include/isc/radix.h
+include/isc/random.h
+include/isc/ratelimiter.h
+include/isc/refcount.h
+include/isc/regex.h
+include/isc/region.h
+include/isc/resource.h
+include/isc/result.h
+include/isc/resultclass.h
+include/isc/rwlock.h
+include/isc/safe.h
+include/isc/serial.h
+include/isc/sockaddr.h
+include/isc/socket.h
+include/isc/stat.h
+include/isc/stats.h
+include/isc/stdatomic.h
+include/isc/stdio.h
+include/isc/stdtime.h
+include/isc/strerr.h
+include/isc/string.h
+include/isc/symtab.h
+include/isc/syslog.h
+include/isc/task.h
+include/isc/taskpool.h
+include/isc/thread.h
+include/isc/time.h
+include/isc/timer.h
+include/isc/tm.h
+include/isc/types.h
+include/isc/util.h
+include/isc/version.h
+include/isc/xml.h
+include/isccc/alist.h
+include/isccc/base64.h
+include/isccc/cc.h
+include/isccc/ccmsg.h
+include/isccc/events.h
+include/isccc/result.h
+include/isccc/sexpr.h
+include/isccc/symtab.h
+include/isccc/symtype.h
+include/isccc/types.h
+include/isccc/util.h
+include/isccc/version.h
+include/isccfg/aclconf.h
+include/isccfg/cfg.h
+include/isccfg/dnsconf.h
+include/isccfg/grammar.h
+include/isccfg/log.h
+include/isccfg/namedconf.h
+include/isccfg/version.h
+include/ns/client.h
+include/ns/hooks.h
+include/ns/interfacemgr.h
+include/ns/lib.h
+include/ns/listenlist.h
+include/ns/log.h
+include/ns/notify.h
+include/ns/query.h
+include/ns/server.h
+include/ns/sortlist.h
+include/ns/stats.h
+include/ns/types.h
+include/ns/update.h
+include/ns/version.h
+include/ns/xfrout.h
+include/pk11/constants.h
+include/pk11/internal.h
+include/pk11/pk11.h
+include/pk11/result.h
+include/pk11/site.h
+include/pkcs11/cryptoki.h
+include/pkcs11/eddsa.h
+include/pkcs11/pkcs11.h
+include/pkcs11/pkcs11f.h
+include/pkcs11/pkcs11t.h
+lib/libbind9.la
+lib/libdns.la
+lib/libirs.la
+lib/libisc.la
+lib/libisccc.la
+lib/libisccfg.la
+lib/libns.la
+lib/named/filter-aaaa.so
+man/man1/arpaname.1
+man/man1/bind9-config.1
+man/man1/delv.1
+man/man1/dig.1
+${PLIST.dnstap}man/man1/dnstap-read.1
+man/man1/host.1
+man/man1/isc-config.sh.1
+man/man1/mdig.1
+man/man1/named-rrchecker.1
+man/man1/nslookup.1
+man/man1/nsupdate.1
+man/man5/named.conf.5
+man/man5/rndc.conf.5
+man/man8/ddns-confgen.8
+man/man8/dnssec-cds.8
+man/man8/dnssec-dsfromkey.8
+man/man8/dnssec-importkey.8
+man/man8/dnssec-keyfromlabel.8
+man/man8/dnssec-keygen.8
+man/man8/dnssec-revoke.8
+man/man8/dnssec-settime.8
+man/man8/dnssec-signzone.8
+man/man8/dnssec-verify.8
+man/man8/filter-aaaa.8
+man/man8/named-checkconf.8
+man/man8/named-checkzone.8
+man/man8/named-compilezone.8
+man/man8/named-journalprint.8
+man/man8/named.8
+man/man8/nsec3hash.8
+${PLIST.pkcs11}man/man8/pkcs11-destroy.8
+${PLIST.pkcs11}man/man8/pkcs11-keygen.8
+${PLIST.pkcs11}man/man8/pkcs11-list.8
+${PLIST.pkcs11}man/man8/pkcs11-tokens.8
+man/man8/rndc-confgen.8
+man/man8/rndc.8
+man/man8/tsig-keygen.8
+sbin/ddns-confgen
+sbin/dnssec-cds
+sbin/dnssec-dsfromkey
+sbin/dnssec-importkey
+sbin/dnssec-keyfromlabel
+sbin/dnssec-keygen
+sbin/dnssec-revoke
+sbin/dnssec-settime
+sbin/dnssec-signzone
+sbin/dnssec-verify
+sbin/named
+sbin/named-checkconf
+sbin/named-checkzone
+sbin/named-compilezone
+sbin/named-journalprint
+sbin/nsec3hash
+${PLIST.pkcs11}sbin/pkcs11-destroy
+${PLIST.pkcs11}sbin/pkcs11-keygen
+${PLIST.pkcs11}sbin/pkcs11-list
+${PLIST.pkcs11}sbin/pkcs11-tokens
+sbin/rndc
+sbin/rndc-confgen
+sbin/tsig-keygen
+share/doc/bind9/CHANGES
+share/doc/bind9/HISTORY
+share/doc/bind9/OPTIONS
+share/doc/bind9/README
+share/doc/bind9/arm/Bv9ARM.ch01.html
+share/doc/bind9/arm/Bv9ARM.ch02.html
+share/doc/bind9/arm/Bv9ARM.ch03.html
+share/doc/bind9/arm/Bv9ARM.ch04.html
+share/doc/bind9/arm/Bv9ARM.ch05.html
+share/doc/bind9/arm/Bv9ARM.ch06.html
+share/doc/bind9/arm/Bv9ARM.ch07.html
+share/doc/bind9/arm/Bv9ARM.ch08.html
+share/doc/bind9/arm/Bv9ARM.ch09.html
+share/doc/bind9/arm/Bv9ARM.ch10.html
+share/doc/bind9/arm/Bv9ARM.ch11.html
+share/doc/bind9/arm/Bv9ARM.ch12.html
+share/doc/bind9/arm/Bv9ARM.html
+share/doc/bind9/arm/man.arpaname.html
+share/doc/bind9/arm/man.ddns-confgen.html
+share/doc/bind9/arm/man.delv.html
+share/doc/bind9/arm/man.dig.html
+share/doc/bind9/arm/man.dnssec-cds.html
+share/doc/bind9/arm/man.dnssec-checkds.html
+share/doc/bind9/arm/man.dnssec-coverage.html
+share/doc/bind9/arm/man.dnssec-dsfromkey.html
+share/doc/bind9/arm/man.dnssec-importkey.html
+share/doc/bind9/arm/man.dnssec-keyfromlabel.html
+share/doc/bind9/arm/man.dnssec-keygen.html
+share/doc/bind9/arm/man.dnssec-keymgr.html
+share/doc/bind9/arm/man.dnssec-revoke.html
+share/doc/bind9/arm/man.dnssec-settime.html
+share/doc/bind9/arm/man.dnssec-signzone.html
+share/doc/bind9/arm/man.dnssec-verify.html
+share/doc/bind9/arm/man.dnstap-read.html
+share/doc/bind9/arm/man.filter-aaaa.html
+share/doc/bind9/arm/man.host.html
+share/doc/bind9/arm/man.mdig.html
+share/doc/bind9/arm/man.named-checkconf.html
+share/doc/bind9/arm/man.named-checkzone.html
+share/doc/bind9/arm/man.named-journalprint.html
+share/doc/bind9/arm/man.named-nzd2nzf.html
+share/doc/bind9/arm/man.named-rrchecker.html
+share/doc/bind9/arm/man.named.conf.html
+share/doc/bind9/arm/man.named.html
+share/doc/bind9/arm/man.nsec3hash.html
+share/doc/bind9/arm/man.nslookup.html
+share/doc/bind9/arm/man.nsupdate.html
+share/doc/bind9/arm/man.pkcs11-destroy.html
+share/doc/bind9/arm/man.pkcs11-keygen.html
+share/doc/bind9/arm/man.pkcs11-list.html
+share/doc/bind9/arm/man.pkcs11-tokens.html
+share/doc/bind9/arm/man.rndc-confgen.html
+share/doc/bind9/arm/man.rndc.conf.html
+share/doc/bind9/arm/man.rndc.html
+share/doc/bind9/arm/notes.html
+share/examples/bind9/bind.keys
Index: pkgsrc/net/bind914/buildlink3.mk
diff -u /dev/null pkgsrc/net/bind914/buildlink3.mk:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/buildlink3.mk    Tue Apr 30 03:34:34 2019
@@ -0,0 +1,12 @@
+# $NetBSD: buildlink3.mk,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+BUILDLINK_TREE+=       bind
+
+.if !defined(BIND_BUILDLINK3_MK)
+BIND_BUILDLINK3_MK:=
+
+BUILDLINK_API_DEPENDS.bind+=   bind>=9.14.0
+BUILDLINK_PKGSRCDIR.bind?=     ../../net/bind914
+.endif # BIND_BUILDLINK3_MK
+
+BUILDLINK_TREE+=       -bind
Index: pkgsrc/net/bind914/builtin.mk
diff -u /dev/null pkgsrc/net/bind914/builtin.mk:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/builtin.mk       Tue Apr 30 03:34:34 2019
@@ -0,0 +1,92 @@
+# $NetBSD: builtin.mk,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+BUILTIN_PKG:=  bind
+
+BUILTIN_FIND_FILES_VAR:=       EXE_NAMED
+BUILTIN_FIND_FILES.EXE_NAMED=  /usr/sbin/named
+BUILTIN_FIND_LIBS:=            bind
+
+.include "../../mk/buildlink3/bsd.builtin.mk"
+
+###
+### Figure out the version of BIND if an ISC BIND named exists on the
+### system.
+###
+.if !defined(BUILTIN_VERSION.bind) && \
+    empty(EXE_NAMED:M__nonexistent__) && \
+    empty(EXE_NAMED:M${LOCALBASE}/*)
+BUILTIN_VERSION.bind!= \
+       ${EXE_NAMED} -v 2>/dev/null | ${HEAD} -1 |                      \
+       ${AWK} 'BEGIN { v = "4.9.11"; }                                 \
+               /^BIND / { v = $$2; sub("-.*", "", v); }                \
+               /^named / { v = $$2; sub("-.*", "", v); }               \
+               END { print v; }'
+.endif
+MAKEVARS+=     BUILTIN_VERSION.bind
+
+###
+### Determine if there is a built-in implementation of the package and
+### set IS_BUILTIN.<pkg> appropriately ("yes" or "no").
+###
+.if !defined(IS_BUILTIN.bind)
+IS_BUILTIN.bind=       no
+.  if defined(BUILTIN_VERSION.bind)
+IS_BUILTIN.bind=       yes
+.  endif
+.endif
+MAKEVARS+=     IS_BUILTIN.bind
+
+###
+### If there is a built-in implementation, then set BUILTIN_PKG.<pkg> to
+### a package name to represent the built-in package.
+###
+.if !defined(BUILTIN_PKG.bind) && \
+    !empty(IS_BUILTIN.bind:M[yY][eE][sS]) && \
+    defined(BUILTIN_VERSION.bind)
+BUILTIN_PKG.bind=      bind-${BUILTIN_VERSION.bind}
+.endif
+MAKEVARS+=     BUILTIN_PKG.bind
+
+###
+### Determine whether we should use the built-in implementation if it
+### exists, and set USE_BUILTIN.<pkg> appropriate ("yes" or "no").
+###
+.if !defined(USE_BUILTIN.bind)
+.  if ${PREFER.bind} == "pkgsrc"
+USE_BUILTIN.bind=      no
+.  else
+USE_BUILTIN.bind=      ${IS_BUILTIN.bind}
+.    if defined(BUILTIN_PKG.bind) && \
+        !empty(IS_BUILTIN.bind:M[yY][eE][sS])
+USE_BUILTIN.bind=      yes
+.      for dep in ${BUILDLINK_API_DEPENDS.bind}
+.        if !empty(USE_BUILTIN.bind:M[yY][eE][sS])
+USE_BUILTIN.bind!=                                                     \
+       if ${PKG_ADMIN} pmatch ${dep:Q} ${BUILTIN_PKG.bind:Q}; then     \
+               ${ECHO} yes;                                            \
+       else                                                            \
+               ${ECHO} no;                                             \
+       fi
+.        endif
+.      endfor
+.    endif
+.  endif  # PREFER.bind
+.endif
+MAKEVARS+=     USE_BUILTIN.bind
+
+###
+### The section below only applies if we are not including this file
+### solely to determine whether a built-in implementation exists.
+###
+CHECK_BUILTIN.bind?=   no
+.if !empty(CHECK_BUILTIN.bind:M[nN][oO])
+
+.  if !empty(USE_BUILTIN.bind:M[yY][eE][sS])
+.    if !empty(BUILTIN_LIB_FOUND.bind:M[yY][eE][sS])
+BUILDLINK_LDADD.bind?= -lbind
+.    endif
+.  elif !empty(USE_BUILTIN.bind:M[nN][oO])
+BUILDLINK_LDADD.bind?= -lbind
+.  endif
+
+.endif # CHECK_BUILTIN.bind
Index: pkgsrc/net/bind914/distinfo
diff -u /dev/null pkgsrc/net/bind914/distinfo:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/distinfo Tue Apr 30 03:34:34 2019
@@ -0,0 +1,42 @@
+$NetBSD: distinfo,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+SHA1 (bind-9.14.1.tar.gz) = 29e43a99c059c5458822833b2267f237361feca6
+RMD160 (bind-9.14.1.tar.gz) = 12e8bec5d7eb29d588596a204220edfe12bbc743
+SHA512 (bind-9.14.1.tar.gz) = 560944951b6c6a2801967813597440f7ffb3687adf455ea27751d5976954643b9ea86d0da4661caf4fa9673c1d5c1ce7f34cce94a8edfa95eb60dd1cf7839c56
+Size (bind-9.14.1.tar.gz) = 6235968 bytes
+SHA1 (patch-bin_named_Makefile.in) = 12e071c61e0f326d0fd7613c6b8884ad0da35214
+SHA1 (patch-bin_named_main.c) = 51c8ab464a009575b6513c7ed4b79f89446eb7d0
+SHA1 (patch-bin_named_pfilter.c) = b54f872c883c8fbc2d9c04df65c185dc057cc36b
+SHA1 (patch-bin_named_pfilter.h) = c14617cb266a4b5d33ba6e5db98562e806792833
+SHA1 (patch-bin_named_server.c) = 8f981649ba318de1acc4e4eaf76d9ff647de38ef
+SHA1 (patch-bin_nsupdate_nsupdate.c) = f71213385ec7c78243c1f93a6940caa111cb5072
+SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e
+SHA1 (patch-bin_tests_system_metadata_tests.sh) = d01a492d0b7738760bdbff714248e279a78fef28
+SHA1 (patch-bin_tests_system_rpz_tests.sh) = 1bc5e0d5c0cc50608e6314c2d2664bd1dc3f6e34
+SHA1 (patch-bin_tools_arpaname.c) = 2bf3ccf81a0f89ced34f5e32419dee314601e0c0
+SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3
+SHA1 (patch-config.h.in) = 82b1d79646872a08b2029e74f1fdcbfac7d83d42
+SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5
+SHA1 (patch-configure) = e4105ed668aa7c5bd83dd82e8639524453162d13
+SHA1 (patch-contrib_dlz_config.dlz.in) = 6c53d61aaaf1a952a867e4c4da0194db94f511d7
+SHA1 (patch-lib_dns_byaddr.c) = 75668b9bf31cd0175eab3dd74f99f4edf410fcce
+SHA1 (patch-lib_dns_dnsrps.c) = bddd1e3ec6efada581ee8865ee429d283fb7a957
+SHA1 (patch-lib_dns_gssapi__link.c) = d3ab9b8421f64f6bfbd3b94620e816f3e23f0d49
+SHA1 (patch-lib_dns_keytable.c) = 4369b07b75201d2f7384f05d8a3140a809d303ae
+SHA1 (patch-lib_dns_lookup.c) = 8e8e78e20a8e78692772d488e842df230e121203
+SHA1 (patch-lib_dns_message.c) = 0be413cf8b56ce21bcceb451191cacf9d044fa06
+SHA1 (patch-lib_dns_rbt.c) = 5b20fe8adf2fdf5b28822d0b5229845494c9639f
+SHA1 (patch-lib_dns_rbtdb.c) = 389a83f425050733cb90652ffcb515d7a53d76f2
+SHA1 (patch-lib_dns_request.c) = 211e349ddda1e5a2bbafab7ddab48cca4b553822
+SHA1 (patch-lib_dns_sdb.c) = 0e5ab9fadcdd20adeb6d5d3234b69087ab7439c8
+SHA1 (patch-lib_dns_sdlz.c) = 84cc9539cb8fab3581feec2184be2dbebfc6fd67
+SHA1 (patch-lib_dns_spnego.c) = 2867212608ebdb949c65d1d6a3db21742c1128f6
+SHA1 (patch-lib_dns_validator.c) = 7d7471efe5109f5b2d6f9e99fe15fa314fdd217d
+SHA1 (patch-lib_dns_view.c) = 25095827adbc75dc629b0f435dbd711b599c86c9
+SHA1 (patch-lib_isc_backtrace.c) = 5fa1dd0f18ae757233d9cc21e36a5f6a84990db1
+SHA1 (patch-lib_isc_include_isc_socket.h) = 956beab8ea6a1a004b1d1682600ead6863ba05c9
+SHA1 (patch-lib_isc_include_isc_types.h) = 985874069eee13504da4dca020d6fc964e8a1f83
+SHA1 (patch-lib_isc_rwlock.c) = 7eb832915528d00e616b6c7503ec346143946876
+SHA1 (patch-lib_isc_stats.c) = ee363394c8f3f10e514ac390152302e7093aa249
+SHA1 (patch-lib_isc_unix_socket.c) = 8f6ac08539fb4c9b3eb1aa5fe4c3811f010aa87b
+SHA1 (patch-lib_isc_unix_time.c) = 04312e043601688aa2b0a09dad1bcb51d9273e9d
Index: pkgsrc/net/bind914/options.mk
diff -u /dev/null pkgsrc/net/bind914/options.mk:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/options.mk       Tue Apr 30 03:34:34 2019
@@ -0,0 +1,141 @@
+# $NetBSD: options.mk,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+PKG_OPTIONS_VAR=       PKG_OPTIONS.bind914
+PKG_SUPPORTED_OPTIONS= bind-dig-sigchase bind-xml-statistics-server
+PKG_SUPPORTED_OPTIONS+=        bind-json-statistics-server blacklist
+PKG_SUPPORTED_OPTIONS+=        threads readline mysql pgsql ldap dlz-filesystem
+PKG_SUPPORTED_OPTIONS+=        geoip pkcs11 tuning dnstap
+PKG_SUGGESTED_OPTIONS+=        readline
+
+PLIST_VARS+=   dnstap pkcs11
+
+PTHREAD_OPTS+=         native
+.include "../../mk/pthread.buildlink3.mk"
+
+.if defined(PTHREAD_TYPE) && (${PTHREAD_TYPE} == "none") || \
+       !empty(MACHINE_PLATFORM:MNetBSD-*-vax) || \
+       !empty(MACHINE_PLATFORM:MNetBSD-*-sparc) || \
+       !empty(MACHINE_PLATFORM:MNetBSD-*-sparc64) || \
+       !empty(MACHINE_PLATFORM:MNetBSD-*-m68k)
+# don't touch PKG_SUGGESTED_OPTIONS
+.else
+PKG_SUGGESTED_OPTIONS+=        threads
+.endif
+
+.if ${OPSYS} == "NetBSD"
+.if !empty(OS_VERSION:M[8-9].*)
+PKG_SUGGESTED_OPTIONS+=        blacklist
+.endif
+.endif
+
+.include "../../mk/bsd.options.mk"
+
+###
+### The mysql pgsql ldap dlz-filesystem options are all for BIND
+### DLZ (Dynamically Loadable Zones) functionality
+###
+### NOTE: bdb is excluded on purpose as pkgsrc does not contain
+###       a bdb v4.1 or 4.2 package which is what BIND needs.
+###       The majority of these are compile tested only
+###
+
+.if !empty(PKG_OPTIONS:Mmysql)
+.include "../../mk/mysql.buildlink3.mk"
+CONFIGURE_ARGS+=       --with-dlz-mysql=${BUILDLINK_PREFIX.mysql-client}
+.endif
+
+.if !empty(PKG_OPTIONS:Mpgsql)
+.include "../../mk/pgsql.buildlink3.mk"
+CONFIGURE_ARGS+=       --with-dlz-postgres=${BUILDLINK_PREFIX.${PGSQL_TYPE}}
+CONFIGURE_ENV+=                ac_cv_path_PG_CONFIG=${PREFIX}/bin/pg_config
+.endif
+
+.if !empty(PKG_OPTIONS:Mldap)
+.include "../../databases/openldap-client/buildlink3.mk"
+CONFIGURE_ARGS+=       --with-dlz-ldap=${BUILDLINK_PREFIX.openldap-client}
+.endif
+
+.if !empty(PKG_OPTIONS:Mdlz-filesystem)
+CONFIGURE_ARGS+=       --with-dlz-filesystem
+.endif
+
+.if !empty(PKG_OPTIONS:Mblacklist)
+CONFIGURE_ARGS+=       --with-blacklist=yes
+.else
+CONFIGURE_ARGS+=       --with-blacklist=no
+.endif
+
+.if !empty(PKG_OPTIONS:Mgeoip)
+CONFIGURE_ARGS+=       --with-geoip=${PREFIX}
+LDFLAGS+=              -lGeoIP
+.include "../../net/GeoIP/buildlink3.mk"
+.endif
+
+.if !empty(PKG_OPTIONS:Mpkcs11)
+CONFIGURE_ARGS+=       --enable-native-pkcs11
+PLIST.pkcs11=          yes
+.else
+CONFIGURE_ARGS+=       --disable-native-pkcs11
+.endif
+
+.if !empty(PKG_OPTIONS:Mtuning)
+CONFIGURE_ARGS+=       --with-tuning=large
+.endif
+
+.if !empty(PKG_OPTIONS:Mdnstap)
+CONFIGURE_ARGS+=       --enable-dnstap
+PLIST.dnstap=          yes
+.include "../../net/fstrm/buildlink3.mk"
+.include "../../devel/protobuf/buildlink3.mk"
+.include "../../devel/protobuf-c/buildlink3.mk"
+.endif
+
+###
+### The statistics server in bind99 and later needs libxml2
+###
+.if !empty(PKG_OPTIONS:Mbind-xml-statistics-server)
+.include "../../textproc/libxml2/buildlink3.mk"
+CONFIGURE_ARGS+=       --with-libxml2
+LDFLAGS+=              -lxml2
+.else
+CONFIGURE_ARGS+=       --without-libxml2
+.endif
+
+###
+### The statistics server in bind911 and later supports json
+###
+.if !empty(PKG_OPTIONS:Mbind-json-statistics-server)
+.include "../../textproc/json-c/buildlink3.mk"
+CONFIGURE_ARGS+=       --with-libjson
+.else
+CONFIGURE_ARGS+=       --without-libjson
+.endif
+
+###
+### pthreads support (also see magic above)
+###
+.if !empty(PKG_OPTIONS:Mthreads)
+PTHREAD_AUTO_VARS=     yes
+CONFIGURE_ARGS+=       --enable-threads
+.else
+CONFIGURE_ARGS+=       --disable-threads
+.endif
+
+###
+### readline support in dig(1) and nsupdate(1).
+###
+.if !empty(PKG_OPTIONS:Mreadline)
+.include "../../mk/readline.buildlink3.mk"
+CONFIGURE_ARGS+=       --with-readline
+.else
+CONFIGURE_ARGS+=       --without-readline
+.endif
+
+###
+### dig(1) option +sigchase for DNSSEC signature chasing
+###
+.if !empty(PKG_OPTIONS:Mbind-dig-sigchase)
+# If anything else needs to add entries to STD_CDEFINES, this will need
+# to be changed so that the two can cooperate.
+CONFIGURE_ENV+=                STD_CDEFINES=-DDIG_SIGCHASE=1
+.endif

Index: pkgsrc/net/bind914/files/named9.sh
diff -u /dev/null pkgsrc/net/bind914/files/named9.sh:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/files/named9.sh  Tue Apr 30 03:34:34 2019
@@ -0,0 +1,74 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: named9.sh,v 1.1 2019/04/30 03:34:34 taca Exp $
+#
+
+# PROVIDE: named
+# REQUIRE: NETWORKING mountcritremote syslogd
+# BEFORE:  DAEMON
+# KEYWORD: chrootdir
+
+. /etc/rc.subr
+
+name="named"
+rcvar="${name}9"
+command="@PREFIX@/sbin/${name}"
+pidfile="@VARBASE@/run/named/${name}.pid"
+start_precmd="named_precmd"
+extra_commands="reload"
+required_dirs="$named_chrootdir"       # if it is set, it must exist
+
+named_precmd()
+{
+       # Die if $named is also set (i.e. the system's named is not disabled
+       if checkyesno named ; then
+               warn \
+       "disable 'named' when setting 'named9'!"
+               return 1
+       fi
+
+               if [ ! -d @VARBASE@/run/named ]; then 
+               @MKDIR@ @VARBASE@/run/named 
+               fi      
+
+       if [ -z "$named_chrootdir" ]; then
+               return 0;
+       fi
+
+       for i in crypto null random urandom
+       do
+               if [ ! -c "${named_chrootdir}/dev/$i" ]; then
+                       @RM@ -f "${named_chrootdir}/dev/$i"
+                       (cd /dev &&
+                               @PAX@ -rw -pe "$i" "${named_chrootdir}/dev")
+               fi
+       done
+
+       if [ -f /etc/localtime ]; then
+               @CMP@ -s /etc/localtime "${named_chrootdir}/etc/localtime" || \
+                   @CP@ -p /etc/localtime "${named_chrootdir}/etc/localtime"
+       fi
+
+       if [ -f @SSLBASE@/lib/engines/libgost.so ]; then
+               if [ ! -d ${named_chrootdir}@SSLBASE@/lib/engines ]; then
+                       @MKDIR@ ${named_chrootdir}@SSLBASE@/lib/engines
+               fi
+               @CMP@ -s @SSLBASE@/lib/engines/libgost.so "${named_chrootdir}@SSLBASE@/lib/engines/libgost.so" || \
+                   @CP@ -p @SSLBASE@/lib/engines/libgost.so "${named_chrootdir}@SSLBASE@/lib/engines/libgost.so"
+       fi
+
+               if [ ! -d ${named_chrootdir}@VARBASE@/run/named ]; then 
+               @MKDIR@ ${named_chrootdir}@VARBASE@/run/named 
+               @CHOWN@ @BIND_USER@ ${named_chrootdir}@VARBASE@/run/named
+               fi      
+
+       @RM@ -f ${pidfile}
+       @LN@ -s "${named_chrootdir}${pidfile}" ${pidfile}
+
+       #       Change run_rc_commands()'s internal copy of $named_flags
+       #
+       rc_flags="-u @BIND_USER@ -t ${named_chrootdir} $rc_flags"
+}
+
+load_rc_config "$rcvar"
+run_rc_command "$1"

Index: pkgsrc/net/bind914/files/smf/manifest.xml
diff -u /dev/null pkgsrc/net/bind914/files/smf/manifest.xml:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/files/smf/manifest.xml   Tue Apr 30 03:34:34 2019
@@ -0,0 +1,138 @@
+<?xml version="1.0"?>
+<!--
+CDDL HEADER START
+
+The contents of this file are subject to the terms of the
+Common Development and Distribution License (the "License").
+You may not use this file except in compliance with the License.
+
+You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+or http://www.opensolaris.org/os/licensing.
+See the License for the specific language governing permissions
+and limitations under the License.
+
+When distributing Covered Code, include this CDDL HEADER in each
+file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+If applicable, add the following below this CDDL HEADER, with the
+fields enclosed by brackets "[]" replaced with your own identifying
+information: Portions Copyright [yyyy] [name of copyright owner]
+
+CDDL HEADER END
+-->
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<!--
+        Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+        Use is subject to license terms.
+
+        ident   "@(#)server.xml 1.8     07/06/19 SMI"
+-->
+<!-- Portions Copyright 2007 Vedran Bender -->
+<service_bundle type='manifest' name='export'>
+  <service name='@SMF_PREFIX@/@SMF_NAME@' type='service' version='1'>
+    <dependency name='filesystem_minimal' grouping='require_all' restart_on='none' type='service'>
+      <service_fmri value='svc:/system/filesystem/local' />
+    </dependency>
+    <dependency name='loopback' grouping='require_any' restart_on='error' type='service'>
+      <service_fmri value='svc:/network/loopback' />
+    </dependency>
+    <dependency name='network' grouping='optional_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/milestone/network' />
+    </dependency>
+    <dependency name='config-files' grouping='require_any' restart_on='refresh' type='path'>
+      <service_fmri value='file://localhost@PKG_SYSCONFDIR@/named.conf' />
+    </dependency>
+    <!--
+        In order to run multiple named(1M) processes with their own
+        configuration file or properties each must have a unique
+        instance.
+    -->
+    <instance name='default' enabled='false'>
+      <exec_method type='method' name='start' exec='@PREFIX@/@SMF_METHOD_FILE.named@ %m %i' timeout_seconds='60'>
+        <method_context>
+          <method_credential user='root' group='root' />
+        </method_context>
+      </exec_method>
+      <exec_method type='method' name='stop' exec='@PREFIX@/@SMF_METHOD_FILE.named@ %m %i %{restarter/contract}' timeout_seconds='60'>
+        <method_context>
+          <method_credential user='root' group='root' />
+        </method_context>
+
+      </exec_method>
+      <!--
+              SIGHUP causes named to reread its configuration file, but not any
+              of the properties below.
+      -->
+      <exec_method type='method' name='refresh' exec=':kill -HUP' timeout_seconds='60'>
+        <method_context />
+      </exec_method>
+      <property_group name='general' type='framework'>
+        <!-- manage DNS server state -->
+        <propval name='action_authorization' type='astring' value='solaris.smf.manage.bind' />
+        <propval name='value_authorization' type='astring' value='solaris.smf.manage.bind' />
+      </property_group>
+      <!-- Default property settings for named(1M) instance. -->
+      <property_group name='options' type='application'>
+        <!--
+                server: specifies an alternative server command.  If
+                not specified the default /usr/sbin/named is used.
+        -->
+        <propval name='server' type='astring' value='' />
+        <!--
+                configuration_file: specifies an alternative
+                configuration file to be used. The property is similar
+                to named(1M) command line option '-c'
+        -->
+        <propval name='configuration_file' type='astring' value='' />
+        <!--
+                ip_interfaces: specifies which IP transport BIND will
+                transmit on. Possible values are 'IPv4' or 'IPv6'. Any
+                other setting assumes 'all', the default.
+                Equivalent command line option '-4' or '-6'.
+        -->
+        <propval name='ip_interfaces' type='astring' value='all' />
+        <!--
+                listen_on_port: Specifies the default UDP and TCP port
+                which will be used to listen for DNS requests.
+                Equivalent command line option '-p <integer>'.
+        -->
+        <propval name='listen_on_port' type='integer' value='0' />
+        <!--
+                debug_level: Specifies the default debug level.  The
+                default is 0; no debugging. The Higher the number the
+                more verbose debug information becomes.
+                Equivalent command line option '-d <integer>'.
+        -->
+        <propval name='debug_level' type='integer' value='0' />
+        <!--
+                threads: Specifies the number of cpu worker threads to
+                create.  The default of 0 causes named to try and
+                determine the number of CPUs present and create one
+                thread per CPU.
+                Equivalent command line option '-n <integer>'.
+        -->
+        <propval name='threads' type='integer' value='0' />
+        <!--
+                chroot_dir: Change the root directory using chroot(2)
+                to directory after processing the command line
+                arguments, but before reading the configuration file.
+                Equivalent command line option '-t <pathname>'.
+        -->
+        <propval name='chroot_dir' type='astring' value='' />
+       <!--
+               user: Change the user id after processing command line
+               arguments, but before reading the configuration file.
+               Equivalent command line option '-u <user>'.
+       -->
+        <propval name='user' type='astring' value='named' />
+      </property_group>
+    </instance>
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>BIND DNS server</loctext>
+      </common_name>
+      <documentation>
+        <manpage title='named' section='1M' manpath='@PREFIX@/@PKGMANDIR@' />
+      </documentation>
+    </template>
+  </service>
+</service_bundle>
Index: pkgsrc/net/bind914/files/smf/named.sh
diff -u /dev/null pkgsrc/net/bind914/files/smf/named.sh:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/files/smf/named.sh       Tue Apr 30 03:34:34 2019
@@ -0,0 +1,262 @@
+#!@SMF_METHOD_SHELL@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+#pragma ident  "@(#)dns-server.sh      1.1     07/03/26 SMI"
+
+# smf_method(5) start/stop script required for server DNS
+
+. /lib/svc/share/smf_include.sh
+
+mount_chroot ()
+{
+    c=$1
+    shift
+    for f in $*; do
+        if [ -z "${f}" -o ! -f "${f}" -o \
+             -z "${c}" -o ! -d "${c}" ]; then
+             exit ${SMF_EXIT_ERR_CONFIG}
+        fi
+
+        umount ${c}/${f} >/dev/null 2>&1
+        mkdir -p `dirname ${c}/${f}`
+        touch ${c}/${f}
+        mount -Flofs ${f} ${c}/${f}
+    done
+}
+
+umount_chroot ()
+{
+    c=$1
+    shift
+    for f in $*; do
+        umount ${c}/${f} >/dev/null 2>&1
+    done
+}
+
+get_config ()
+{   
+    configuration_file=@PKG_SYSCONFDIR@/named.conf
+    rndc_config_file=@PKG_SYSCONFDIR@/rndc.conf
+    rndc_key_file=@PKG_SYSCONFDIR@/rndc.key
+    rndc_cmd_opts="-a"
+    libraries="/usr/pkg/lib/engines/libgost.so"
+    cmdopts=""
+    checkopts=""
+    properties="debug_level ip_interfaces listen_on_port
+        threads chroot_dir configuration_file server user"
+
+    for prop in $properties
+    do
+        value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}`
+        if [ -z "${value}" -o "${value}" = '""' ]; then
+            continue;
+        fi
+
+        case $prop in
+        'debug_level')
+            if [ ${value} -gt 0 ]; then
+                cmdopts="${cmdopts} -d ${value}"
+            fi
+            ;;
+        'ip_interfaces')
+            case ${value} in
+                'IPv4')
+                    cmdopts="${cmdopts} -4";;
+                'IPv6')
+                    cmdopts="${cmdopts} -6";;
+                'all')
+                    :   # Default is all, therefore ignore.
+                    ;;
+                *)  
+                    echo "$I: Unrecognised value in service instance property" >&2
+                    echo "$I: options/${prop} : ${value}" >&2
+                    ;;
+            esac
+            ;;
+        'listen_on_port')
+            if [ ${value} -gt 0 ]; then
+                cmdopts="${cmdopts} -p ${value}"
+            fi
+            ;;
+        'threads')
+            if [ ${value} -gt 0 ]; then
+                cmdopts="${cmdopts} -n ${value}"
+            fi
+            ;;
+        'chroot_dir')
+            cmdopts="${cmdopts} -t ${value}"
+            checkopts="${checkopts} -t ${value}"
+            chroot_dir=${value};
+            ;;
+        'configuration_file')
+            cmdopts="${cmdopts} -c ${value}"
+            checkopts="${checkopts} -t ${value}"
+            configuration_file=${value};
+            ;;
+        'server')
+            set -- `echo ${value} | /usr/bin/sed -e  's/\\\\//g'`
+            server=$@
+            ;;
+        'user')
+            cmdopts="${cmdopts} -u ${value}"
+            cmduser=${value};
+            ;;
+        esac
+    done
+
+    configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \
+        ${configuration_file})
+    [ "${configuration_dir}" == "" ] && configuration_dir=@PKG_SYSCONFDIR@/namedb
+
+    configuration_files=$(sed -n -e \
+        "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \
+        ${configuration_file} | sort -u)
+    configuration_files="${configuration_files} ${configuration_file}"    
+}
+
+result=${SMF_EXIT_OK}
+
+# Read command line arguments
+method="$1"            # %m
+instance="$2"          # %i
+contract="$3"          # %{restarter/contract}
+
+# Set defaults; SMF_FMRI should have been set, but just in case.
+if [ -z "$SMF_FMRI" ]; then
+    SMF_FMRI="svc:/@SMF_PREFIX@/@SMF_NAME@:${instance}"
+fi
+server="@PREFIX@/sbin/named"
+checkconf="@PREFIX@/sbin/named-checkconf"
+I=`/usr/bin/basename $0`
+
+case "$method" in
+'start')
+    get_config
+
+    # If chroot option is set, note zones(5) are preferred, then
+    # configuration file lives under chroot directory.
+    if [ "${chroot_dir}" != "" ]; then
+        if [ "${chroot_dir}" = "/" ]; then
+            msg="$I: chroot_dir must not be /"
+            echo ${msg} >&2
+            /usr/bin/logger -p daemon.error ${msg}
+            # dns-server should be placed in maintenance state.
+            exit ${SMF_EXIT_ERR_CONFIG}
+        fi
+
+        server="env LD_NOLAZYLOAD=1 ${server}"
+        checkconf="env LD_NOLAZYLOAD=1 ${checkconf}"
+
+        mkdir -p ${chroot_dir}
+
+        if [ "${SMF_ZONENAME}" = "global" ]; then
+            for dev in crypto log null poll random urandom; do
+                rm -f ${chroot_dir}/dev/${dev}
+                pax -rw -H -pe /dev/${dev} ${chroot_dir}
+            done
+        fi
+
+       missing=""
+        for dev in crypto null poll random urandom; do
+           if [ ! -e "${chroot_dir}/dev/${dev}" ]; then
+               missing="${missing} ${dev}"
+           fi
+        done
+
+        if [ ! -z "${missing}" ]; then
+            msg="$I: missing device nodes in ${chroot_dir}: ${missing}"
+            echo ${msg} >&2
+            /usr/bin/logger -p daemon.err ${msg}
+            # dns-server should be placed in maintenance state.
+            exit ${SMF_EXIT_ERR_CONFIG}
+        fi
+
+        mount_chroot ${chroot_dir} ${configuration_files} ${libraries}
+
+        mkdir -p ${chroot_dir}/var/run/named
+        chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named
+
+        configuration_file=${chroot_dir}${configuration_file}
+        rndc_config_file=${chroot_dir}${rndc_config_file}
+        rndc_key_file=${chroot_dir}${rndc_key_file}
+        rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}"
+    else
+        mkdir -p @VARBASE@/run/named
+        chown ${cmduser}:${cmduser} @VARBASE@/run/named
+    fi
+
+    # Check if the rndc config file exists.
+    if [ ! -f ${rndc_config_file} ]; then
+        # If not, check if the default rndc key file exists.
+        if [ ! -f ${rndc_key_file} ]; then
+            echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2
+            @PREFIX@/sbin/rndc-confgen ${rndc_cmd_opts}
+            if [ $? -ne 0 ]; then
+                echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \
+                    "control 'named' may fail and 'named' may report further error" \
+                    "messages to the system log. This is not fatal. For more" \
+                    "information see rndc(1M) and rndc-confgen(1M)." >&2
+            fi
+        fi
+    fi
+
+    if [ ${result} = ${SMF_EXIT_OK} ]; then
+        ${checkconf} -z ${checkopts}
+        result=$?
+        if [ $result -ne 0 ]; then
+            msg="$I: named-checkconf failed to verify configuration"
+            echo ${msg} >&2
+            /usr/bin/logger -p daemon.error ${msg}
+            if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
+                umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
+            fi
+            # dns-server should be placed in maintenance state.
+            exit ${SMF_EXIT_ERR_CONFIG}
+        fi
+    fi
+
+    if [ ${result} = ${SMF_EXIT_OK} ]; then
+       echo "$I: Executing: ${server} ${cmdopts}"
+       # Execute named(1M) with relevant command line options.
+       ppriv -s A-all -s A+basic,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot,proc_setid -e ${server} ${cmdopts}
+       result=$?
+    fi
+    ;;
+'stop')
+    get_config
+
+    smf_kill_contract ${contract} TERM 1
+    [ $? -ne 0 ] && exit 1
+
+    if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
+        umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
+    fi
+
+    ;;
+*)
+    echo "Usage: $I [stop|start] <instance>" >&2
+    exit 1
+    ;;
+esac
+exit ${result}

Index: pkgsrc/net/bind914/patches/patch-bin_named_Makefile.in
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_named_Makefile.in:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_named_Makefile.in      Tue Apr 30 03:34:34 2019
@@ -0,0 +1,38 @@
+$NetBSD: patch-bin_named_Makefile.in,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Add support for blacklistd.
+
+--- bin/named/Makefile.in.orig 2019-04-06 20:09:59.000000000 +0000
++++ bin/named/Makefile.in
+@@ -84,6 +84,7 @@ SUBDIRS =    unix
+ 
+ TARGETS =     named@EXEEXT@
+ 
++BLACKLISTLINKOBJS= pfilter.@O@
+ GEOIPLINKOBJS = geoip.@O@
+ 
+ OBJS =                builtin.@O@ config.@O@ control.@O@ \
+@@ -91,12 +92,13 @@ OBJS =             builtin.@O@ config.@O@ control.@
+               log.@O@ logconf.@O@ main.@O@ \
+               server.@O@ statschannel.@O@ \
+               tkeyconf.@O@ tsigconf.@O@ zoneconf.@O@ \
+-              ${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
++              ${BLACKLISTLINKOBJS} ${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
+ 
+ UOBJS =               unix/os.@O@ unix/dlz_dlopen_driver.@O@
+ 
+ SYMOBJS =     symtbl.@O@
+ 
++BLACKLISTLINKSRCS= pfilter.c
+ GEOIPLINKSRCS = geoip.c
+ 
+ SRCS =                builtin.c config.c control.c \
+@@ -104,7 +106,7 @@ SRCS =             builtin.c config.c control.c \
+               log.c logconf.c main.c \
+               server.c statschannel.c \
+               tkeyconf.c tsigconf.c zoneconf.c \
+-              ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
++              ${BLACKLISTLINKSRCS} ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
+ 
+ MANPAGES =    named.8 named.conf.5
+ 
Index: pkgsrc/net/bind914/patches/patch-bin_named_main.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_named_main.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_named_main.c   Tue Apr 30 03:34:34 2019
@@ -0,0 +1,27 @@
+$NetBSD: patch-bin_named_main.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Add support for blacklistd.
+
+--- bin/named/main.c.orig      2019-04-06 20:09:59.000000000 +0000
++++ bin/named/main.c
+@@ -85,6 +85,9 @@
+ #ifdef HAVE_ZLIB
+ #include <zlib.h>
+ #endif
++#ifdef HAVE_BLACKLIST
++#include "pfilter.h"
++#endif
+ /*
+  * Include header files for database drivers here.
+  */
+@@ -1399,6 +1402,10 @@ main(int argc, char *argv[]) {
+ 
+       parse_command_line(argc, argv);
+ 
++#ifdef HAVE_BLACKLIST
++      pfilter_open();
++#endif
++
+ #ifdef ENABLE_AFL
+       if (named_g_fuzz_type != isc_fuzz_none) {
+               named_fuzz_setup();
Index: pkgsrc/net/bind914/patches/patch-bin_named_pfilter.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_named_pfilter.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_named_pfilter.c        Tue Apr 30 03:34:34 2019
@@ -0,0 +1,58 @@
+$NetBSD: patch-bin_named_pfilter.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Add support for blacklistd.
+
+--- bin/named/pfilter.c.orig   2019-04-29 08:47:44.504984633 +0000
++++ bin/named/pfilter.c
+@@ -0,0 +1,51 @@
++#include <config.h>
++
++#include <isc/platform.h>
++#include <isc/util.h>
++#include <named/types.h>
++#include <ns/client.h>
++
++#ifdef HAVE_BLACKLIST
++
++#include <blacklist.h>
++
++#include "pfilter.h"
++
++static struct blacklist *blstate;
++
++void
++pfilter_open(void)
++{
++      if (blstate == NULL)
++              blstate = blacklist_open();
++}
++
++#define TCP_CLIENT(c)  (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
++
++void
++pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg)
++{
++      isc_socket_t *socket;
++
++      pfilter_open();
++
++      if (TCP_CLIENT(client))
++              socket = client->tcpsocket;
++      else {
++              socket = client->udpsocket;
++              if (!client->peeraddr_valid)
++                      return;
++      }
++
++      if (socket == NULL)
++              return;
++
++      if (blstate == NULL)
++              return;
++
++      blacklist_sa_r(blstate, 
++          res != ISC_R_SUCCESS, isc_socket_getfd(socket),
++          &client->peeraddr.type.sa, client->peeraddr.length, msg);
++}
++
++#endif /* HAVE_BLACKLIST */
Index: pkgsrc/net/bind914/patches/patch-bin_named_pfilter.h
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_named_pfilter.h:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_named_pfilter.h        Tue Apr 30 03:34:34 2019
@@ -0,0 +1,9 @@
+$NetBSD: patch-bin_named_pfilter.h,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Add support for blacklistd.
+
+--- bin/named/pfilter.h.orig   2019-04-29 06:38:25.989360716 +0000
++++ bin/named/pfilter.h
+@@ -0,0 +1,2 @@
++void pfilter_open(void);
++void pfilter_notify(isc_result_t, ns_client_t *, const char *);
Index: pkgsrc/net/bind914/patches/patch-bin_named_server.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_named_server.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_named_server.c Tue Apr 30 03:34:34 2019
@@ -0,0 +1,23 @@
+$NetBSD: patch-bin_named_server.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Disable checking working directory is writable as BIND_USER in NetBSD
+  base system.
+
+--- bin/named/server.c.orig    2019-04-06 20:09:59.000000000 +0000
++++ bin/named/server.c
+@@ -8864,6 +8864,7 @@ load_configuration(const char *filename,
+               named_os_changeuser();
+       }
+ 
++#if 0
+       /*
+        * Check that the working directory is writable.
+        */
+@@ -8874,6 +8875,7 @@ load_configuration(const char *filename,
+               result = ISC_R_NOPERM;
+               goto cleanup;
+       }
++#endif
+ 
+ #ifdef HAVE_LMDB
+       /*
Index: pkgsrc/net/bind914/patches/patch-bin_nsupdate_nsupdate.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_nsupdate_nsupdate.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_nsupdate_nsupdate.c    Tue Apr 30 03:34:34 2019
@@ -0,0 +1,24 @@
+$NetBSD: patch-bin_nsupdate_nsupdate.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- bin/nsupdate/nsupdate.c.orig       2019-04-06 20:09:59.000000000 +0000
++++ bin/nsupdate/nsupdate.c
+@@ -214,7 +214,7 @@ typedef struct nsu_gssinfo {
+ } nsu_gssinfo_t;
+ 
+ static void
+-failed_gssrequest();
++failed_gssrequest(void);
+ static void
+ start_gssrequest(dns_name_t *master);
+ static void
+@@ -2797,7 +2797,7 @@ get_ticket_realm(isc_mem_t *mctx) {
+ }
+ 
+ static void
+-failed_gssrequest() {
++failed_gssrequest(void) {
+       seenerror = true;
+ 
+       dns_name_free(&tmpzonename, gmctx);
Index: pkgsrc/net/bind914/patches/patch-bin_pkcs11_pkcs11-keygen.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_pkcs11_pkcs11-keygen.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_pkcs11_pkcs11-keygen.c Tue Apr 30 03:34:34 2019
@@ -0,0 +1,30 @@
+$NetBSD: patch-bin_pkcs11_pkcs11-keygen.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Honor HAVE_PKCS11_ECDSA.
+
+--- bin/pkcs11/pkcs11-keygen.c.orig    2019-02-27 23:42:04.000000000 +0000
++++ bin/pkcs11/pkcs11-keygen.c
+@@ -421,13 +421,23 @@ main(int argc, char *argv[]) {
+               id_offset = ECC_ID;
+ 
+               if (bits == 256) {
++#if HAVE_PKCS11_ECDSA
+                       public_template[4].pValue = pk11_ecc_prime256v1;
+                       public_template[4].ulValueLen =
+                               sizeof(pk11_ecc_prime256v1);
++#else
++                      fprintf(stderr, "PRIME256v1 is not supported\n");
++                      usage();
++#endif
+               } else {
++#if HAVE_PKCS11_ECDSA
+                       public_template[4].pValue = pk11_ecc_secp384r1;
+                       public_template[4].ulValueLen =
+                               sizeof(pk11_ecc_secp384r1);
++#else
++                      fprintf(stderr, "SEP384r1 is not supported\n");
++                      usage();
++#endif
+               }
+ 
+               break;
Index: pkgsrc/net/bind914/patches/patch-bin_tests_system_metadata_tests.sh
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_tests_system_metadata_tests.sh:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_tests_system_metadata_tests.sh Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-bin_tests_system_metadata_tests.sh,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Avoid using "==" for argument of test(1).
+
+--- bin/tests/system/metadata/tests.sh.orig    2018-07-03 06:56:55.000000000 +0000
++++ bin/tests/system/metadata/tests.sh
+@@ -139,7 +139,7 @@ status=`expr $status + $ret`
+ 
+ echo_i "checking warning about permissions change on key with dnssec-settime ($n)"
+ uname=`uname -o 2> /dev/null`
+-if [ Cygwin == "$uname"  ]; then
++if [ Cygwin = "$uname"  ]; then
+       echo_i "Cygwin detected, skipping"
+ else
+       ret=0
Index: pkgsrc/net/bind914/patches/patch-bin_tests_system_rpz_tests.sh
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_tests_system_rpz_tests.sh:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_tests_system_rpz_tests.sh      Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-bin_tests_system_rpz_tests.sh,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Avoid using "==" for argument of test(1).
+
+--- bin/tests/system/rpz/tests.sh.orig 2019-04-06 20:09:59.000000000 +0000
++++ bin/tests/system/rpz/tests.sh
+@@ -209,7 +209,7 @@ restart () {
+       fi
+     fi
+     rm -f ns$1/*.jnl
+-    if [ "$2" == "rebuild-bl-rpz" ]; then
++    if [ "$2" = "rebuild-bl-rpz" ]; then
+         if test -f ns$1/base.db; then
+           for NM in ns$1/bl*.db; do
+               cp -f ns$1/base.db $NM
Index: pkgsrc/net/bind914/patches/patch-bin_tools_arpaname.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_tools_arpaname.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_tools_arpaname.c       Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-bin_tools_arpaname.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- bin/tools/arpaname.c.orig  2019-04-06 20:09:59.000000000 +0000
++++ bin/tools/arpaname.c
+@@ -17,7 +17,7 @@
+ 
+ #include <stdio.h>
+ 
+-#define UNUSED(x) (void)(x)
++#define UNUSED(x) (void)&(x)
+ 
+ int
+ main(int argc, char *argv[]) {
Index: pkgsrc/net/bind914/patches/patch-bin_tools_nsec3hash.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-bin_tools_nsec3hash.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-bin_tools_nsec3hash.c      Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-bin_tools_nsec3hash.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- bin/tools/nsec3hash.c.orig 2019-04-06 20:09:59.000000000 +0000
++++ bin/tools/nsec3hash.c
+@@ -56,7 +56,7 @@ check_result(isc_result_t result, const 
+ }
+ 
+ static void
+-usage() {
++usage(void) {
+       fprintf(stderr, "Usage: %s salt algorithm iterations domain\n",
+               program);
+       fprintf(stderr, "       %s -r algorithm flags iterations salt domain\n",
Index: pkgsrc/net/bind914/patches/patch-config.h.in
diff -u /dev/null pkgsrc/net/bind914/patches/patch-config.h.in:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-config.h.in        Tue Apr 30 03:34:34 2019
@@ -0,0 +1,16 @@
+$NetBSD: patch-config.h.in,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Add support for blacklistd.
+
+--- config.h.in.orig   2019-04-06 20:09:59.000000000 +0000
++++ config.h.in
+@@ -45,6 +45,9 @@
+ /* Define to 1 if you have the `arc4random_uniform' function. */
+ #undef HAVE_ARC4RANDOM_UNIFORM
+ 
++/* Define to 1 if blacklist is supported. */
++#undef HAVE_BLACKLIST
++
+ /* Define to 1 if the compiler supports __builtin_clz. */
+ #undef HAVE_BUILTIN_CLZ
+ 
Index: pkgsrc/net/bind914/patches/patch-config.threads.in
diff -u /dev/null pkgsrc/net/bind914/patches/patch-config.threads.in:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-config.threads.in  Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-config.threads.in,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Add DragonFly support.
+
+--- config.threads.in.orig     2019-04-06 20:09:59.000000000 +0000
++++ config.threads.in
+@@ -48,6 +48,8 @@ case $host in
+       use_threads=false ;;
+ *-freebsd*)
+       use_threads=true ;;
++*-dragonfly*)
++      use_threads=false ;;
+ *-linux*)
+       use_threads=true ;;
+ *-darwin[[123456789]].*)
Index: pkgsrc/net/bind914/patches/patch-configure
diff -u /dev/null pkgsrc/net/bind914/patches/patch-configure:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-configure  Tue Apr 30 03:34:34 2019
@@ -0,0 +1,265 @@
+$NetBSD: patch-configure,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Add DragonFly support.
+* Use proper link options for NetBSD.
+* Link proper postgresql library.
+* Add support for blacklistd.
+
+--- configure.orig     2019-04-06 20:09:59.000000000 +0000
++++ configure
+@@ -725,6 +725,9 @@ purify_path
+ MKDEPPROG
+ MKDEPCFLAGS
+ MKDEPCC
++BLACKLIST
++BLACKLISTLINKOBJS
++BLACKLISTLINKSRCS
+ ZLIB
+ JSONSTATS
+ XMLSTATS
+@@ -879,6 +882,7 @@ with_pic
+ enable_fast_install
+ with_aix_soname
+ with_gnu_ld
++with_blacklist
+ with_sysroot
+ enable_libtool_lock
+ enable_libbind
+@@ -1672,6 +1676,7 @@ Optional Packages:
+   --with-dlz-stub=ARG     Build with stub DLZ driver [yes|no]. (Required to
+                           use stub driver with DLZ)
+   --with-make-clean       run "make clean" at end of configure [yes|no]
++  --with-blacklist      Build with blacklist
+ 
+ Some influential environment variables:
+   CC          C compiler command
+@@ -3818,7 +3823,7 @@ fi
+ 
+ # On IRIX 5.3, sys/types and inttypes.h are conflicting.
+ for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+-                inttypes.h stdint.h unistd.h
++                inttypes.h stdint.h unistd.h blacklist.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+@@ -16679,27 +16684,10 @@ case "$use_libjson" in
+               libjson_libs=""
+               ;;
+       auto|yes)
+-              for d in /usr /usr/local /opt/local
+-              do
+-                      if test -f "${d}/include/json/json.h"
+-                      then
+-                              if test ${d} != /usr
+-                              then
+-                                      libjson_cflags="-I ${d}/include"
+-                                      LIBS="$LIBS -L${d}/lib"
+-                              fi
+-                              have_libjson="yes"
+-                      elif test -f "${d}/include/json-c/json.h"
+-                      then
+-                              if test ${d} != /usr
+-                              then
+-                                      libjson_cflags="-I ${d}/include"
+-                                      LIBS="$LIBS -L${d}/lib"
+-                              fi
+-                              have_libjson="yes"
+-                              have_libjson_c="yes"
+-                      fi
+-              done
++              libjson_cflags="`pkg-config --cflags json-c`"
++              LIBS="`pkg-config --libs json-c`"
++              have_libjson="yes"
++              have_libjson_c="yes"
+               ;;
+       *)
+               if test -f "${use_libjson}/include/json/json.h"
+@@ -16805,6 +16793,139 @@ $as_echo "#define HAVE_JSON_C 1" >>confd
+       JSONSTATS=1
+ fi
+ 
++#
++# was --with-blacklist specified?
++#
++BLACKLISTLINKOBJS=
++BLACKLISTLINKSRCS=
++
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for blacklist library" >&5
++$as_echo_n "checking for blacklist library... " >&6; }
++
++# Check whether --with-blacklist was given.
++if test "${with_blacklist+set}" = set; then :
++  withval=$with_blacklist; with_blacklist="$withval"
++else
++  with_blacklist="auto"
++fi
++
++
++have_blacklist=""
++case "$with_blacklist" in
++      no)
++              blacklist_libs=""
++              ;;
++      auto|yes)
++              for d in /usr /usr/local /opt/local
++              do
++                      if test -f "${d}/include/blacklist.h"
++                      then
++                              if test ${d} != /usr
++                              then
++                                      blacklist_cflags="-I ${d}/include"
++                                      LIBS="$LIBS -L${d}/lib"
++                              fi
++                              have_blacklist="yes"
++                      fi
++              done
++              ;;
++      *)
++              if test -f "${with_blacklist}/include/blacklist.h"
++              then
++                      blacklist_cflags="-I${with_blacklist}/include"
++                      LIBS="$LIBS -L${with_blacklist}/lib"
++                      have_blacklist="yes"
++              else
++                      as_fn_error $? "$with_blacklist/include/blacklist.h not found." "$LINENO" 5
++              fi
++              ;;
++esac
++
++if test "X${have_blacklist}" != "X"
++then
++      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing blacklist" >&5
++$as_echo_n "checking for library containing blacklist... " >&6; }
++if ${ac_cv_search_blacklist+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  ac_func_search_save_LIBS=$LIBS
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char blacklist_open(void);
++int
++main ()
++{
++return blacklist_open();
++  ;
++  return 0;
++}
++_ACEOF
++for ac_lib in '' blacklist; do
++  if test -z "$ac_lib"; then
++    ac_res="none required"
++  else
++    ac_res=-l$ac_lib
++    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
++  fi
++  if ac_fn_c_try_link "$LINENO"; then :
++  ac_cv_search_blacklist=$ac_res
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext
++  if ${ac_cv_search_blacklist+:} false; then :
++  break
++fi
++done
++if ${ac_cv_search_blacklist+:} false; then :
++
++else
++  ac_cv_search_blacklist=no
++fi
++rm conftest.$ac_ext
++LIBS=$ac_func_search_save_LIBS
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_blacklist" >&5
++$as_echo "$ac_cv_search_blacklist" >&6; }
++ac_res=$ac_cv_search_blacklist
++if test "$ac_res" != no; then :
++  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
++
++else
++  as_fn_error $? "found blacklist include but not library." "$LINENO" 5
++                      have_blacklist=""
++fi
++
++elif test "X$with_blacklist" = Xyes
++then
++      as_fn_error $? "include/blacklist.h not found." "$LINENO" 5
++else
++      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++fi
++
++BLACKLIST=
++if test "X${have_blacklist}" != "X"
++then
++      CFLAGS="$CFLAGS $blacklist_cflags"
++
++$as_echo "#define HAVE_BLACKLIST 1" >>confdefs.h
++
++      BLACKLIST=1
++fi
++if  test "X${blacklist_libs}" != "X"
++then
++      BLACKLISTLINKSRCS='${BLACKLISTLINKSRCS}'
++      BLACKLISTLINKOBJS='${BLACKLISTLINKOBJS}'
++fi
+ 
+ #
+ # was --with-zlib specified?
+@@ -20234,7 +20355,7 @@ else
+ 
+ fi
+               ;; #(
+-  *-freebsd*|*-openbsd*|*-netbsd*) :
++  *-dragonfly*|*-freebsd*|*-openbsd*|*-netbsd*) :
+ 
+                LDFLAGS="${LDFLAGS} -Wl,-E"
+                SO_CFLAGS="-fpic"
+@@ -20266,9 +20387,9 @@ fi
+               ;; #(
+   *-solaris*) :
+ 
+-               SO_CFLAGS="-KPIC"
+-               SO_LDFLAGS="-G -z text"
+-               SO_LD="ld"
++               SO_CFLAGS="-fPIC"
++               SO_LDFLAGS="-Xcompiler -shared -Wl,-z -Wl,text"
++               SO_LD="${CC}"
+               ;; #(
+   *) :
+ 
+@@ -20691,8 +20812,8 @@ $as_echo "no" >&6; }
+       fi
+       if test -n "-L$use_dlz_postgres_lib -lpq"
+       then
+-              DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L$use_dlz_postgres_lib -lpq"
+-              DLZ_DRIVER_POSTGRES_LIBS="-L$use_dlz_postgres_lib -lpq"
++              DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L${PREFIX}/lib -lpq"
++              DLZ_DRIVER_POSTGRES_LIBS="-L${PREFIX}/lib -lpq"
+       fi
+ 
+ 
+@@ -23892,6 +24013,7 @@ report() {
+       test "X$PYTHON" = "X" || echo "    Python tools (--with-python)"
+       test "X$XMLSTATS" = "X" || echo "    XML statistics (--with-libxml2)"
+       test "X$JSONSTATS" = "X" || echo "    JSON statistics (--with-libjson)"
++      test "X$BLACKLIST" = "X" || echo "    blacklist support (--with-blacklist)"
+       test "X$ZLIB" = "X" || echo "    HTTP zlib compression (--with-zlib)"
+       test "X$NZD_TOOLS" = "X" || echo "    LMDB database to store configuration for 'addzone' zones (--with-lmdb)"
+       test "no" = "$with_libidn2" || echo "    IDN support (--with-libidn2)"
+@@ -23970,6 +24092,7 @@ report() {
+     test "X$PYTHON" = "X" && echo "    Python tools (--with-python)"
+     test "X$XMLSTATS" = "X" && echo "    XML statistics (--with-libxml2)"
+     test "X$JSONSTATS" = "X" && echo "    JSON statistics (--with-libjson)"
++    test "X$BLACKLIST" = "X" && echo "    blacklist support (--with-blacklist)"
+     test "X$ZLIB" = "X" && echo "    HTTP zlib compression (--with-zlib)"
+     test "X$NZD_TOOLS" = "X" && echo "    LMDB database to store configuration for 'addzone' zones (--with-lmdb)"
+     test "no" = "$with_libidn2" && echo "    IDN support (--with-libidn2)"
Index: pkgsrc/net/bind914/patches/patch-configure.orig
diff -u /dev/null pkgsrc/net/bind914/patches/patch-configure.orig:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-configure.orig     Tue Apr 30 03:34:34 2019
@@ -0,0 +1,257 @@
+$NetBSD: patch-configure.orig,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Add DragonFly support.
+* Use proper link options for NetBSD.
+* Link proper postgresql library.
+* Add support for blacklistd.
+
+--- configure.orig     2019-04-06 20:09:59.000000000 +0000
++++ configure
+@@ -725,6 +725,9 @@ purify_path
+ MKDEPPROG
+ MKDEPCFLAGS
+ MKDEPCC
++BLACKLIST
++BLACKLISTLINKOBJS
++BLACKLISTLINKSRCS
+ ZLIB
+ JSONSTATS
+ XMLSTATS
+@@ -1672,6 +1675,7 @@ Optional Packages:
+   --with-dlz-stub=ARG     Build with stub DLZ driver [yes|no]. (Required to
+                           use stub driver with DLZ)
+   --with-make-clean       run "make clean" at end of configure [yes|no]
++  --with-blacklist      Build with blacklist
+ 
+ Some influential environment variables:
+   CC          C compiler command
+@@ -3818,7 +3822,7 @@ fi
+ 
+ # On IRIX 5.3, sys/types and inttypes.h are conflicting.
+ for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+-                inttypes.h stdint.h unistd.h
++                inttypes.h stdint.h unistd.h blacklist.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+@@ -16679,27 +16683,10 @@ case "$use_libjson" in
+               libjson_libs=""
+               ;;
+       auto|yes)
+-              for d in /usr /usr/local /opt/local
+-              do
+-                      if test -f "${d}/include/json/json.h"
+-                      then
+-                              if test ${d} != /usr
+-                              then
+-                                      libjson_cflags="-I ${d}/include"
+-                                      LIBS="$LIBS -L${d}/lib"
+-                              fi
+-                              have_libjson="yes"
+-                      elif test -f "${d}/include/json-c/json.h"
+-                      then
+-                              if test ${d} != /usr
+-                              then
+-                                      libjson_cflags="-I ${d}/include"
+-                                      LIBS="$LIBS -L${d}/lib"
+-                              fi
+-                              have_libjson="yes"
+-                              have_libjson_c="yes"
+-                      fi
+-              done
++              libjson_cflags="`pkg-config --cflags json-c`"
++              LIBS="`pkg-config --libs json-c`"
++              have_libjson="yes"
++              have_libjson_c="yes"
+               ;;
+       *)
+               if test -f "${use_libjson}/include/json/json.h"
+@@ -16805,6 +16792,139 @@ $as_echo "#define HAVE_JSON_C 1" >>confd
+       JSONSTATS=1
+ fi
+ 
++#
++# was --with-blacklist specified?
++#
++BLACKLISTLINKOBJS=
++BLACKLISTLINKSRCS=
++
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for blacklist library" >&5
++$as_echo_n "checking for blacklist library... " >&6; }
++
++# Check whether --with-blacklist was given.
++if test "${with_blacklist+set}" = set; then :
++  withval=$with_blacklist; with_blacklist="$withval"
++else
++  with_blacklist="auto"
++fi
++
++
++have_blacklist=""
++case "$with_blacklist" in
++      no)
++              blacklist_libs=""
++              ;;
++      auto|yes)
++              for d in /usr /usr/local /opt/local
++              do
++                      if test -f "${d}/include/blacklist.h"
++                      then
++                              if test ${d} != /usr
++                              then
++                                      blacklist_cflags="-I ${d}/include"
++                                      LIBS="$LIBS -L${d}/lib"
++                              fi
++                              have_blacklist="yes"
++                      fi
++              done
++              ;;
++      *)
++              if test -f "${with_blacklist}/include/blacklist.h"
++              then
++                      blacklist_cflags="-I${with_blacklist}/include"
++                      LIBS="$LIBS -L${with_blacklist}/lib"
++                      have_blacklist="yes"
++              else
++                      as_fn_error $? "$with_blacklist/include/blacklist.h not found." "$LINENO" 5
++              fi
++              ;;
++esac
++
++if test "X${have_blacklist}" != "X"
++then
++      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing blacklist" >&5
++$as_echo_n "checking for library containing blacklist... " >&6; }
++if ${ac_cv_search_blacklist+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  ac_func_search_save_LIBS=$LIBS
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char blacklist_open(void);
++int
++main ()
++{
++return blacklist_open();
++  ;
++  return 0;
++}
++_ACEOF
++for ac_lib in '' blacklist; do
++  if test -z "$ac_lib"; then
++    ac_res="none required"
++  else
++    ac_res=-l$ac_lib
++    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
++  fi
++  if ac_fn_c_try_link "$LINENO"; then :
++  ac_cv_search_blacklist=$ac_res
++fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext
++  if ${ac_cv_search_blacklist+:} false; then :
++  break
++fi
++done
++if ${ac_cv_search_blacklist+:} false; then :
++
++else
++  ac_cv_search_blacklist=no
++fi
++rm conftest.$ac_ext
++LIBS=$ac_func_search_save_LIBS
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_blacklist" >&5
++$as_echo "$ac_cv_search_blacklist" >&6; }
++ac_res=$ac_cv_search_blacklist
++if test "$ac_res" != no; then :
++  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
++
++else
++  as_fn_error $? "found blacklist include but not library." "$LINENO" 5
++                      have_blacklist=""
++fi
++
++elif test "X$with_blacklist" = Xyes
++then
++      as_fn_error $? "include/blacklist.h not found." "$LINENO" 5
++else
++      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++fi
++
++BLACKLIST=
++if test "X${have_blacklist}" != "X"
++then
++      CFLAGS="$CFLAGS $blacklist_cflags"
++
++$as_echo "#define HAVE_BLACKLIST 1" >>confdefs.h
++
++      BLACKLIST=1
++fi
++if  test "X${blacklist_libs}" != "X"
++then
++      BLACKLISTLINKSRCS='${BLACKLISTLINKSRCS}'
++      BLACKLISTLINKOBJS='${BLACKLISTLINKOBJS}'
++fi
+ 
+ #
+ # was --with-zlib specified?
+@@ -20234,7 +20354,7 @@ else
+ 
+ fi
+               ;; #(
+-  *-freebsd*|*-openbsd*|*-netbsd*) :
++  *-dragonfly*|*-freebsd*|*-openbsd*|*-netbsd*) :
+ 
+                LDFLAGS="${LDFLAGS} -Wl,-E"
+                SO_CFLAGS="-fpic"
+@@ -20266,9 +20386,9 @@ fi
+               ;; #(
+   *-solaris*) :
+ 
+-               SO_CFLAGS="-KPIC"
+-               SO_LDFLAGS="-G -z text"
+-               SO_LD="ld"
++               SO_CFLAGS="-fPIC"
++               SO_LDFLAGS="-Xcompiler -shared -Wl,-z -Wl,text"
++               SO_LD="${CC}"
+               ;; #(
+   *) :
+ 
+@@ -20691,8 +20811,8 @@ $as_echo "no" >&6; }
+       fi
+       if test -n "-L$use_dlz_postgres_lib -lpq"
+       then
+-              DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L$use_dlz_postgres_lib -lpq"
+-              DLZ_DRIVER_POSTGRES_LIBS="-L$use_dlz_postgres_lib -lpq"
++              DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L${PREFIX}/lib -lpq"
++              DLZ_DRIVER_POSTGRES_LIBS="-L${PREFIX}/lib -lpq"
+       fi
+ 
+ 
+@@ -23892,6 +24012,7 @@ report() {
+       test "X$PYTHON" = "X" || echo "    Python tools (--with-python)"
+       test "X$XMLSTATS" = "X" || echo "    XML statistics (--with-libxml2)"
+       test "X$JSONSTATS" = "X" || echo "    JSON statistics (--with-libjson)"
++      test "X$BLACKLIST" = "X" || echo "    blacklist support (--with-blacklist)"
+       test "X$ZLIB" = "X" || echo "    HTTP zlib compression (--with-zlib)"
+       test "X$NZD_TOOLS" = "X" || echo "    LMDB database to store configuration for 'addzone' zones (--with-lmdb)"
+       test "no" = "$with_libidn2" || echo "    IDN support (--with-libidn2)"
+@@ -23970,6 +24091,7 @@ report() {
+     test "X$PYTHON" = "X" && echo "    Python tools (--with-python)"
+     test "X$XMLSTATS" = "X" && echo "    XML statistics (--with-libxml2)"
+     test "X$JSONSTATS" = "X" && echo "    JSON statistics (--with-libjson)"
++    test "X$BLACKLIST" = "X" && echo "    blacklist support (--with-blacklist)"
+     test "X$ZLIB" = "X" && echo "    HTTP zlib compression (--with-zlib)"
+     test "X$NZD_TOOLS" = "X" && echo "    LMDB database to store configuration for 'addzone' zones (--with-lmdb)"
+     test "no" = "$with_libidn2" && echo "    IDN support (--with-libidn2)"
Index: pkgsrc/net/bind914/patches/patch-contrib_dlz_config.dlz.in
diff -u /dev/null pkgsrc/net/bind914/patches/patch-contrib_dlz_config.dlz.in:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-contrib_dlz_config.dlz.in  Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-contrib_dlz_config.dlz.in,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Link proper postgresql library.
+
+--- contrib/dlz/config.dlz.in.orig     2018-07-03 06:56:55.000000000 +0000
++++ contrib/dlz/config.dlz.in
+@@ -113,7 +113,7 @@ case "$use_dlz_postgres" in
+       *)
+               DLZ_ADD_DRIVER(POSTGRES, dlz_postgres_driver,
+                               [-I$use_dlz_postgres],
+-                              [-L$use_dlz_postgres_lib -lpq])
++                              [-L${PREFIX}/lib -lpq])
+ 
+               AC_MSG_RESULT(
+ [using PostgreSQL from $use_dlz_postgres_lib and $use_dlz_postgres])
Index: pkgsrc/net/bind914/patches/patch-lib_dns_byaddr.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_byaddr.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_byaddr.c   Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_dns_byaddr.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/dns/byaddr.c.orig      2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/byaddr.c
+@@ -170,7 +170,7 @@ lookup_done(isc_task_t *task, isc_event_
+       } else
+               byaddr->event->result = levent->result;
+       isc_event_free(&event);
+-      isc_task_sendanddetach(&byaddr->task, (isc_event_t **)&byaddr->event);
++      isc_task_sendanddetach(&byaddr->task, (isc_event_t **)(void *)&byaddr->event);
+ }
+ 
+ static void
Index: pkgsrc/net/bind914/patches/patch-lib_dns_dnsrps.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_dnsrps.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_dnsrps.c   Tue Apr 30 03:34:34 2019
@@ -0,0 +1,14 @@
+$NetBSD: patch-lib_dns_dnsrps.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Use stdlib.h.
+
+--- lib/dns/dnsrps.c.orig      2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/dnsrps.c
+@@ -15,6 +15,7 @@
+ 
+ #include <inttypes.h>
+ #include <stdbool.h>
++#include <stdlib.h>
+ 
+ #ifdef USE_DNSRPS
+ 
Index: pkgsrc/net/bind914/patches/patch-lib_dns_gssapi__link.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_gssapi__link.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_gssapi__link.c     Tue Apr 30 03:34:34 2019
@@ -0,0 +1,20 @@
+$NetBSD: patch-lib_dns_gssapi__link.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/dns/gssapi_link.c.orig 2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/gssapi_link.c
+@@ -190,9 +190,12 @@ gssapi_verify(dst_context_t *dctx, const
+       gss_buffer_desc gmessage, gsig;
+       OM_uint32 minor, gret;
+       gss_ctx_id_t gssctx = dctx->key->keydata.gssctx;
+-      unsigned char buf[sig->length];
++      unsigned char buf[4096];
+       char err[1024];
+ 
++      if (sizeof(buf) < sig->length)
++              abort();
++
+       /*
+        * Convert the data we wish to sign into a structure gssapi can
+        * understand.
Index: pkgsrc/net/bind914/patches/patch-lib_dns_keytable.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_keytable.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_keytable.c Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_dns_keytable.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/dns/keytable.c.orig    2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/keytable.c
+@@ -356,7 +356,7 @@ dns_keytable_deletekeynode(dns_keytable_
+               goto finish;
+       }
+ 
+-      kprev = (dns_keynode_t **) &node->data;
++      kprev = (dns_keynode_t **)(void *)&node->data;
+       while (knode != NULL) {
+               if (knode->key != NULL &&
+                   dst_key_compare(knode->key, dstkey) == true)
Index: pkgsrc/net/bind914/patches/patch-lib_dns_lookup.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_lookup.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_lookup.c   Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_dns_lookup.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/dns/lookup.c.orig      2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/lookup.c
+@@ -339,7 +339,7 @@ lookup_find(dns_lookup_t *lookup, dns_fe
+               lookup->event->result = result;
+               lookup->event->ev_sender = lookup;
+               isc_task_sendanddetach(&lookup->task,
+-                                     (isc_event_t **)&lookup->event);
++                                     (isc_event_t **)(void *)&lookup->event);
+               dns_view_detach(&lookup->view);
+       }
+ 
Index: pkgsrc/net/bind914/patches/patch-lib_dns_message.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_message.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_message.c  Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_dns_message.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Avoid uninitialized variable warning.
+
+--- lib/dns/message.c.orig     2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/message.c
+@@ -996,7 +996,7 @@ getquestions(isc_buffer_t *source, dns_m
+       dns_name_t *name;
+       dns_name_t *name2;
+       dns_offsets_t *offsets;
+-      dns_rdataset_t *rdataset;
++      dns_rdataset_t *rdataset = NULL;
+       dns_rdatalist_t *rdatalist;
+       isc_result_t result;
+       dns_rdatatype_t rdtype;
Index: pkgsrc/net/bind914/patches/patch-lib_dns_rbt.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_rbt.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_rbt.c      Tue Apr 30 03:34:34 2019
@@ -0,0 +1,68 @@
+$NetBSD: patch-lib_dns_rbt.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Disable inline on powerpc.
+
+--- lib/dns/rbt.c.orig 2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/rbt.c
+@@ -315,12 +315,13 @@ Name(dns_rbtnode_t *node) {
+ }
+ 
+ static void
+-hexdump(const char *desc, unsigned char *data, size_t size) {
++hexdump(const char *desc, void *blob, size_t size) {
+       char hexdump[BUFSIZ * 2 + 1];
+       isc_buffer_t b;
+       isc_region_t r;
+       isc_result_t result;
+       size_t bytes;
++      uint8_t *data  = blob;
+ 
+       fprintf(stderr, "%s: ", desc);
+       do {
+@@ -338,6 +339,10 @@ hexdump(const char *desc, unsigned char 
+ }
+ #endif /* DEBUG */
+ 
++#if !defined(inline) && defined(__powerpc__)
++#define        inline  /**/
++#endif
++
+ /*
+  * Upper node is the parent of the root of the passed node's
+  * subtree. The passed node must not be NULL.
+@@ -592,7 +597,7 @@ serialize_node(FILE *file, dns_rbtnode_t
+       fprintf(stderr, "serialize ");
+       dns_name_print(&nodename, stderr);
+       fprintf(stderr, "\n");
+-      hexdump("node header", (unsigned char*) &temp_node,
++      hexdump("node header", &temp_node,
+               sizeof(dns_rbtnode_t));
+       hexdump("node data", node_data, datasize);
+ #endif
+@@ -712,7 +717,7 @@ dns_rbt_serialize_tree(FILE *file, dns_r
+ 
+       isc_crc64_final(&crc);
+ #ifdef DEBUG
+-      hexdump("serializing CRC", (unsigned char *)&crc, sizeof(crc));
++      hexdump("serializing CRC", &crc, sizeof(crc));
+ #endif
+ 
+       /* Serialize header */
+@@ -833,7 +838,7 @@ treefix(dns_rbt_t *rbt, void *base, size
+       fprintf(stderr, "deserialize ");
+       dns_name_print(&nodename, stderr);
+       fprintf(stderr, "\n");
+-      hexdump("node header", (unsigned char *) &header,
++      hexdump("node header", &header,
+               sizeof(dns_rbtnode_t));
+       hexdump("node data", node_data, datasize);
+ #endif
+@@ -913,7 +918,7 @@ dns_rbt_deserialize_tree(void *base_addr
+ 
+       isc_crc64_final(&crc);
+ #ifdef DEBUG
+-      hexdump("deserializing CRC", (unsigned char *)&crc, sizeof(crc));
++      hexdump("deserializing CRC", &crc, sizeof(crc));
+ #endif
+ 
+       /* Check file hash */
Index: pkgsrc/net/bind914/patches/patch-lib_dns_rbtdb.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_rbtdb.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_rbtdb.c    Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_dns_rbtdb.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/dns/rbtdb.c.orig       2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/rbtdb.c
+@@ -2148,7 +2148,7 @@ prune_tree(isc_task_t *task, isc_event_t
+       NODE_UNLOCK(&rbtdb->node_locks[locknum].lock, isc_rwlocktype_write);
+       RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write);
+ 
+-      detach((dns_db_t **)&rbtdb);
++      detach((dns_db_t **)(void *)&rbtdb);
+ }
+ 
+ static inline void
Index: pkgsrc/net/bind914/patches/patch-lib_dns_request.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_request.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_request.c  Tue Apr 30 03:34:34 2019
@@ -0,0 +1,24 @@
+$NetBSD: patch-lib_dns_request.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/dns/request.c.orig     2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/request.c
+@@ -1421,7 +1421,7 @@ req_sendevent(dns_request_t *request, is
+       task = request->event->ev_sender;
+       request->event->ev_sender = request;
+       request->event->result = result;
+-      isc_task_sendanddetach(&task, (isc_event_t **)&request->event);
++      isc_task_sendanddetach(&task, (isc_event_t **)(void *)&request->event);
+ }
+ 
+ static void
+@@ -1438,7 +1438,7 @@ req_destroy(dns_request_t *request) {
+       if (request->answer != NULL)
+               isc_buffer_free(&request->answer);
+       if (request->event != NULL)
+-              isc_event_free((isc_event_t **)&request->event);
++              isc_event_free((isc_event_t **)(void *)&request->event);
+       if (request->dispentry != NULL)
+               dns_dispatch_removeresponse(&request->dispentry, NULL);
+       if (request->dispatch != NULL)
Index: pkgsrc/net/bind914/patches/patch-lib_dns_sdb.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_sdb.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_sdb.c      Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_dns_sdb.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/dns/sdb.c.orig 2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/sdb.c
+@@ -658,7 +658,7 @@ createnode(dns_sdb_t *sdb, dns_sdbnode_t
+               return (ISC_R_NOMEMORY);
+ 
+       node->sdb = NULL;
+-      attach((dns_db_t *)sdb, (dns_db_t **)&node->sdb);
++      attach((dns_db_t *)sdb, (dns_db_t **)(void *)&node->sdb);
+       ISC_LIST_INIT(node->lists);
+       ISC_LIST_INIT(node->buffers);
+       ISC_LINK_INIT(node, link);
Index: pkgsrc/net/bind914/patches/patch-lib_dns_sdlz.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_sdlz.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_sdlz.c     Tue Apr 30 03:34:34 2019
@@ -0,0 +1,24 @@
+$NetBSD: patch-lib_dns_sdlz.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/dns/sdlz.c.orig        2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/sdlz.c
+@@ -467,13 +467,16 @@ closeversion(dns_db_t *db, dns_dbversion
+ static isc_result_t
+ createnode(dns_sdlz_db_t *sdlz, dns_sdlznode_t **nodep) {
+       dns_sdlznode_t *node;
++      void *sdlzv, *tdlzv;
+ 
+       node = isc_mem_get(sdlz->common.mctx, sizeof(dns_sdlznode_t));
+       if (node == NULL)
+               return (ISC_R_NOMEMORY);
+ 
+       node->sdlz = NULL;
+-      attach((dns_db_t *)sdlz, (dns_db_t **)&node->sdlz);
++      sdlzv = sdlz;
++      tdlzv = &node->sdlz;
++      attach(sdlzv, tdlzv);
+       ISC_LIST_INIT(node->lists);
+       ISC_LIST_INIT(node->buffers);
+       ISC_LINK_INIT(node, link);
Index: pkgsrc/net/bind914/patches/patch-lib_dns_spnego.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_spnego.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_spnego.c   Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_dns_spnego.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Avoid gcc warning.
+
+--- lib/dns/spnego.c.orig      2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/spnego.c
+@@ -1517,7 +1517,7 @@ spnego_initial(OM_uint32 *minor_status,
+       gss_buffer_desc krb5_output_token = GSS_C_EMPTY_BUFFER;
+       unsigned char *buf = NULL;
+       size_t buf_size;
+-      size_t len;
++      size_t len = 0; /* XXX: gcc */
+       int ret;
+ 
+       (void)mech_type;
Index: pkgsrc/net/bind914/patches/patch-lib_dns_validator.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_validator.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_validator.c        Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_dns_validator.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/dns/validator.c.orig   2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/validator.c
+@@ -211,7 +211,7 @@ validator_done(dns_validator_t *val, isc
+       val->event->ev_type = DNS_EVENT_VALIDATORDONE;
+       val->event->ev_action = val->action;
+       val->event->ev_arg = val->arg;
+-      isc_task_sendanddetach(&task, (isc_event_t **)&val->event);
++      isc_task_sendanddetach(&task, (isc_event_t **)(void *)&val->event);
+ }
+ 
+ static inline bool
Index: pkgsrc/net/bind914/patches/patch-lib_dns_view.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_dns_view.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_dns_view.c     Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_dns_view.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Use nta sub-directory as NetBSD base system.
+
+--- lib/dns/view.c.orig        2019-04-06 20:09:59.000000000 +0000
++++ lib/dns/view.c
+@@ -105,7 +105,7 @@ dns_view_create(isc_mem_t *mctx, dns_rda
+               goto cleanup_view;
+       }
+ 
+-      result = isc_file_sanitize(NULL, view->name, "nta",
++      result = isc_file_sanitize("nta", view->name, "nta",
+                                  buffer, sizeof(buffer));
+       if (result != ISC_R_SUCCESS)
+               goto cleanup_name;
Index: pkgsrc/net/bind914/patches/patch-lib_isc_backtrace.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_isc_backtrace.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_isc_backtrace.c        Tue Apr 30 03:34:34 2019
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib_isc_backtrace.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* C syntax.
+
+--- lib/isc/backtrace.c.orig   2019-04-06 20:09:59.000000000 +0000
++++ lib/isc/backtrace.c
+@@ -189,7 +189,7 @@ isc_backtrace_gettrace(void **addrs, int
+        * first argument.  Note that the body of this function cannot be
+        * inlined since it depends on the address of the function argument.
+        */
+-      sp = (void **)&addrs - 2;
++      sp = (void **)(void *)&addrs - 2;
+ #endif
+ 
+       while (sp != NULL && i < maxaddrs) {
Index: pkgsrc/net/bind914/patches/patch-lib_isc_include_isc_socket.h
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_isc_include_isc_socket.h:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_isc_include_isc_socket.h       Tue Apr 30 03:34:34 2019
@@ -0,0 +1,99 @@
+$NetBSD: patch-lib_isc_include_isc_socket.h,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* fdwatch change from NetBSD base.
+
+--- lib/isc/include/isc/socket.h.orig  2019-04-06 20:09:59.000000000 +0000
++++ lib/isc/include/isc/socket.h
+@@ -243,7 +243,8 @@ typedef enum {
+       isc_sockettype_udp = 1,
+       isc_sockettype_tcp = 2,
+       isc_sockettype_unix = 3,
+-      isc_sockettype_raw = 4
++      isc_sockettype_raw = 4,
++      isc_sockettype_fdwatch = 5
+ } isc_sockettype_t;
+ 
+ /*@{*/
+@@ -1037,6 +1038,82 @@ isc_socketmgr_renderjson(isc_socketmgr_t
+  */
+ typedef isc_result_t
+ (*isc_socketmgrcreatefunc_t)(isc_mem_t *mctx, isc_socketmgr_t **managerp);
++/*!
++ * Flags for fdwatchcreate.
++ */
++#define ISC_SOCKFDWATCH_READ  0x00000001      /*%< watch for readable */
++#define ISC_SOCKFDWATCH_WRITE 0x00000002      /*%< watch for writable */
++/*@}*/
++
++isc_result_t
++isc_socket_fdwatchcreate(isc_socketmgr_t *manager,
++                       int fd,
++                       int flags,
++                       isc_sockfdwatch_t callback,
++                       void *cbarg,
++                       isc_task_t *task,
++                       isc_socket_t **socketp);
++/*%<
++ * Create a new file descriptor watch socket managed by 'manager'.
++ *
++ * Note:
++ *
++ *\li   'fd' is the already-opened file descriptor (must be less
++ *    than maxsockets).
++ *\li This function is not available on Windows.
++ *\li The callback function is called "in-line" - this means the function
++ *    needs to return as fast as possible, as all other I/O will be suspended
++ *    until the callback completes.
++ *
++ * Requires:
++ *
++ *\li 'manager' is a valid manager
++ *
++ *\li 'socketp' is a valid pointer, and *socketp == NULL
++ *
++ *\li 'fd' be opened.
++ *
++ * Ensures:
++ *
++ *    '*socketp' is attached to the newly created fdwatch socket
++ *
++ * Returns:
++ *
++ *\li #ISC_R_SUCCESS
++ *\li #ISC_R_NOMEMORY
++ *\li #ISC_R_NORESOURCES
++ *\li #ISC_R_UNEXPECTED
++ *\li #ISC_R_RANGE
++ */
++
++isc_result_t
++isc_socket_fdwatchpoke(isc_socket_t *sock,
++                     int flags);
++/*%<
++ * Poke a file descriptor watch socket informing the manager that it
++ * should restart watching the socket
++ *
++ * Note:
++ *
++ *\li   'sock' is the socket returned by isc_socket_fdwatchcreate
++ *
++ *\li   'flags' indicates what the manager should watch for on the socket
++ *      in addition to what it may already be watching.  It can be one or
++ *      both of ISC_SOCKFDWATCH_READ and ISC_SOCKFDWATCH_WRITE.  To
++ *      temporarily disable watching on a socket the value indicating
++ *      no more data should be returned from the call back routine.
++ *
++ *\li This function is not available on Windows.
++ *
++ * Requires:
++ *
++ *\li 'sock' is a valid isc socket
++ *
++ *
++ * Returns:
++ *
++ *\li #ISC_R_SUCCESS
++ */
+ 
+ ISC_LANG_ENDDECLS
+ 
Index: pkgsrc/net/bind914/patches/patch-lib_isc_include_isc_types.h
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_isc_include_isc_types.h:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_isc_include_isc_types.h        Tue Apr 30 03:34:34 2019
@@ -0,0 +1,18 @@
+$NetBSD: patch-lib_isc_include_isc_types.h,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Changes change from NetBSD base.
+
+--- lib/isc/include/isc/types.h.orig   2019-04-06 20:09:59.000000000 +0000
++++ lib/isc/include/isc/types.h
+@@ -65,7 +65,11 @@ typedef struct isc_ratelimiter              isc_rate
+ typedef struct isc_region             isc_region_t;           /*%< Region */
+ typedef uint64_t                      isc_resourcevalue_t;    /*%< Resource Value */
+ typedef unsigned int                  isc_result_t;           /*%< Result */
++#ifndef ISC_PLATFORM_USE_NATIVE_RWLOCKS
+ typedef struct isc_rwlock             isc_rwlock_t;           /*%< Read Write Lock */
++#else
++typedef pthread_rwlock_t              isc_rwlock_t;           /*%< Read Write Lock */
++#endif
+ typedef struct isc_sockaddr           isc_sockaddr_t;         /*%< Socket Address */
+ typedef ISC_LIST(isc_sockaddr_t)      isc_sockaddrlist_t;     /*%< Socket Address List */
+ typedef struct isc_socket             isc_socket_t;           /*%< Socket */
Index: pkgsrc/net/bind914/patches/patch-lib_isc_rwlock.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_isc_rwlock.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_isc_rwlock.c   Tue Apr 30 03:34:34 2019
@@ -0,0 +1,21 @@
+$NetBSD: patch-lib_isc_rwlock.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Platform change from NetBSD base.
+
+--- lib/isc/rwlock.c.orig      2019-04-06 20:09:59.000000000 +0000
++++ lib/isc/rwlock.c
+@@ -54,11 +54,12 @@
+ # define isc_rwlock_pause() __asm__ __volatile__ ("rep; nop")
+ #elif defined(__ia64__)
+ # define isc_rwlock_pause() __asm__ __volatile__ ("hint @pause")
+-#elif defined(__arm__)
++#elif defined(__arm__) && defined(_ARM_ARCH_6)
+ # define isc_rwlock_pause() __asm__ __volatile__ ("yield")
+ #elif defined(sun) && (defined(__sparc) || defined(__sparc__))
+ # define isc_rwlock_pause() smt_pause()
+-#elif defined(__sparc) || defined(__sparc__)
++/* Disable pause, only works on v9 */
++#elif (defined(__sparc) || defined(__sparc__)) && defined(notdef)
+ # define isc_rwlock_pause() __asm__ __volatile__ ("pause")
+ #elif defined(__ppc__) || defined(_ARCH_PPC)  ||                      \
+       defined(_ARCH_PWR) || defined(_ARCH_PWR2) || defined(_POWER)
Index: pkgsrc/net/bind914/patches/patch-lib_isc_stats.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_isc_stats.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_isc_stats.c    Tue Apr 30 03:34:34 2019
@@ -0,0 +1,18 @@
+$NetBSD: patch-lib_isc_stats.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Platform fixes from NetBSD base system.
+
+--- lib/isc/stats.c.orig       2019-04-06 20:09:59.000000000 +0000
++++ lib/isc/stats.c
+@@ -30,7 +30,11 @@
+ #define ISC_STATS_MAGIC                       ISC_MAGIC('S', 't', 'a', 't')
+ #define ISC_STATS_VALID(x)            ISC_MAGIC_VALID(x, ISC_STATS_MAGIC)
+ 
++#ifndef _LP64
++typedef atomic_int_fast32_t isc_stat_t;
++#else
+ typedef atomic_int_fast64_t isc_stat_t;
++#endif
+ 
+ struct isc_stats {
+       /*% Unlocked */
Index: pkgsrc/net/bind914/patches/patch-lib_isc_unix_socket.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_isc_unix_socket.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_isc_unix_socket.c      Tue Apr 30 03:34:34 2019
@@ -0,0 +1,381 @@
+$NetBSD: patch-lib_isc_unix_socket.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* Apply fixes from NetBSD base system.
+
+--- lib/isc/unix/socket.c.orig 2019-04-06 20:09:59.000000000 +0000
++++ lib/isc/unix/socket.c
+@@ -225,6 +225,7 @@ typedef enum { poll_idle, poll_active, p
+                        (e) == EWOULDBLOCK || \
+                        (e) == ENOBUFS || \
+                        (e) == EINTR || \
++                       (e) == ENOBUFS || \
+                        (e) == 0)
+ 
+ #define DLVL(x) ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_DEBUG(x)
+@@ -366,6 +367,10 @@ struct isc__socket {
+       unsigned char           overflow; /* used for MSG_TRUNC fake */
+ #endif
+ 
++      void                    *fdwatcharg;
++      isc_sockfdwatch_t       fdwatchcb;
++      int                     fdwatchflags;
++      isc_task_t              *fdwatchtask;
+       unsigned int            dscp;
+ };
+ 
+@@ -452,10 +457,14 @@ static void free_socket(isc__socket_t **
+ static isc_result_t allocate_socket(isc__socketmgr_t *, isc_sockettype_t,
+                                   isc__socket_t **);
+ static void destroy(isc__socket_t **);
++#if 0
+ static void internal_accept(isc__socket_t *);
++#endif
+ static void internal_connect(isc__socket_t *);
+ static void internal_recv(isc__socket_t *);
+ static void internal_send(isc__socket_t *);
++static void internal_fdwatch_write(isc__socket_t *);
++static void internal_fdwatch_read(isc__socket_t *);
+ static void process_cmsg(isc__socket_t *, struct msghdr *, isc_socketevent_t *);
+ static void build_msghdr_send(isc__socket_t *, char *, isc_socketevent_t *,
+                             struct msghdr *, struct iovec *, size_t *);
+@@ -1576,6 +1585,7 @@ doio_recv(isc__socket_t *sock, isc_socke
+       case isc_sockettype_udp:
+       case isc_sockettype_raw:
+               break;
++      case isc_sockettype_fdwatch:
+       default:
+               INSIST(0);
+               ISC_UNREACHABLE();
+@@ -1778,9 +1788,26 @@ socketclose(isc__socketthread_t *thread,
+        */
+       LOCK(&thread->fdlock[lockid]);
+       thread->fds[fd] = NULL;
+-      thread->fdstate[fd] = CLOSE_PENDING;
++      if (sock->type == isc_sockettype_fdwatch)
++              thread->fdstate[fd] = CLOSED;
++      else
++              thread->fdstate[fd] = CLOSE_PENDING;
+       UNLOCK(&thread->fdlock[lockid]);
+-      select_poke(thread->manager, thread->threadid, fd, SELECT_POKE_CLOSE);
++      if (sock->type == isc_sockettype_fdwatch) {
++              /*
++               * The caller may close the socket once this function returns,
++               * and `fd' may be reassigned for a new socket.  So we do
++               * unwatch_fd() here, rather than defer it via select_poke().
++               * Note: this may complicate data protection among threads and
++               * may reduce performance due to additional locks.  One way to
++               * solve this would be to dup() the watched descriptor, but we
++               * take a simpler approach at this moment.
++               */
++              (void)unwatch_fd(thread, fd, SELECT_POKE_READ);
++              (void)unwatch_fd(thread, fd, SELECT_POKE_WRITE);
++      } else
++              select_poke(thread->manager, thread->threadid, fd,
++                  SELECT_POKE_CLOSE);
+ 
+       inc_stats(thread->manager->stats, sock->statsindex[STATID_CLOSE]);
+       if (sock->active == 1) {
+@@ -2187,6 +2214,13 @@ opensocket(isc__socketmgr_t *manager, is
+                       }
+ #endif
+                       break;
++              case isc_sockettype_fdwatch:
++                      /*
++                       * We should not be called for isc_sockettype_fdwatch
++                       * sockets.
++                       */
++                      INSIST(0);
++                      break;
+               }
+       } else {
+               sock->fd = dup(dup_socket->fd);
+@@ -2485,6 +2519,7 @@ socket_create(isc_socketmgr_t *manager0,
+ 
+       REQUIRE(VALID_MANAGER(manager));
+       REQUIRE(socketp != NULL && *socketp == NULL);
++      REQUIRE(type != isc_sockettype_fdwatch);
+ 
+       result = allocate_socket(manager, type, &sock);
+       if (result != ISC_R_SUCCESS)
+@@ -2605,6 +2640,7 @@ isc_socket_open(isc_socket_t *sock0) {
+        */
+       REQUIRE(sock->fd == -1);
+       REQUIRE(sock->threadid == -1);
++      REQUIRE(sock->type != isc_sockettype_fdwatch);
+ 
+       result = opensocket(sock->manager, sock, NULL);
+       if (result != ISC_R_SUCCESS) {
+@@ -2684,6 +2720,7 @@ isc_socket_close(isc_socket_t *sock0) {
+ 
+       LOCK(&sock->lock);
+ 
++      REQUIRE(sock->type != isc_sockettype_fdwatch);
+       REQUIRE(sock->fd >= 0 && sock->fd < (int)sock->manager->maxsocks);
+ 
+       INSIST(!sock->connecting);
+@@ -2714,6 +2751,24 @@ isc_socket_close(isc_socket_t *sock0) {
+       return (ISC_R_SUCCESS);
+ }
+ 
++static void
++dispatch_recv(isc__socket_t *sock) {
++      if (sock->type != isc_sockettype_fdwatch) {
++              internal_recv(sock);
++      } else {
++              internal_fdwatch_read(sock);
++      }
++}
++
++static void
++dispatch_send(isc__socket_t *sock) {
++      if (sock->type != isc_sockettype_fdwatch) {
++              internal_send(sock);
++      } else {
++              internal_fdwatch_write(sock);
++      }
++}
++
+ /*
+  * Dequeue an item off the given socket's read queue, set the result code
+  * in the done event to the one provided, and send it to the task it was
+@@ -2790,6 +2845,7 @@ send_connectdone_event(isc__socket_t *so
+       isc_task_sendtoanddetach(&task, (isc_event_t **)dev, sock->threadid);
+ }
+ 
++#if 0
+ /*
+  * Call accept() on a socket, to get the new file descriptor.  The listen
+  * socket is used as a prototype to create a new isc_socket_t.  The new
+@@ -3048,6 +3104,7 @@ internal_accept(isc__socket_t *sock) {
+       inc_stats(manager->stats, sock->statsindex[STATID_ACCEPTFAIL]);
+       return;
+ }
++#endif
+ 
+ static void
+ internal_recv(isc__socket_t *sock) {
+@@ -3154,6 +3211,64 @@ internal_send(isc__socket_t *sock) {
+       UNLOCK(&sock->lock);
+ }
+ 
++static void
++internal_fdwatch_write(isc__socket_t *sock)
++{
++      int more_data;
++
++      INSIST(VALID_SOCKET(sock));
++
++      LOCK(&sock->lock);
++      isc_refcount_increment(&sock->references);
++      UNLOCK(&sock->lock);
++
++      more_data = (sock->fdwatchcb)(sock->fdwatchtask, (isc_socket_t *)sock,
++                                    sock->fdwatcharg, ISC_SOCKFDWATCH_WRITE);
++
++      LOCK(&sock->lock);
++
++      if (isc_refcount_decrement(&sock->references) == 0) {
++              UNLOCK(&sock->lock);
++              destroy(&sock);
++              return;
++      }
++
++      if (more_data)
++              select_poke(sock->manager, sock->threadid, sock->fd,
++                  SELECT_POKE_WRITE);
++
++      UNLOCK(&sock->lock);
++}
++
++static void
++internal_fdwatch_read(isc__socket_t *sock)
++{
++      int more_data;
++
++      INSIST(VALID_SOCKET(sock));
++
++      LOCK(&sock->lock);
++      isc_refcount_increment(&sock->references);
++      UNLOCK(&sock->lock);
++
++      more_data = (sock->fdwatchcb)(sock->fdwatchtask, (isc_socket_t *)sock,
++                                    sock->fdwatcharg, ISC_SOCKFDWATCH_READ);
++
++      LOCK(&sock->lock);
++
++      if (isc_refcount_decrement(&sock->references) == 0) {
++              UNLOCK(&sock->lock);
++              destroy(&sock);
++              return;
++      }
++
++      if (more_data)
++              select_poke(sock->manager, sock->threadid, sock->fd,
++                  SELECT_POKE_READ);
++
++      UNLOCK(&sock->lock);
++}
++
+ /*
+  * Process read/writes on each fd here.  Avoid locking
+  * and unlocking twice if both reads and writes are possible.
+@@ -3194,7 +3309,7 @@ process_fd(isc__socketthread_t *thread, 
+ 
+       if (readable) {
+               if (sock->listener) {
+-                      internal_accept(sock);
++                      dispatch_recv(sock);
+               } else {
+                       internal_recv(sock);
+               }
+@@ -3204,7 +3319,7 @@ process_fd(isc__socketthread_t *thread, 
+               if (sock->connecting) {
+                       internal_connect(sock);
+               } else {
+-                      internal_send(sock);
++                      dispatch_send(sock);
+               }
+       }
+ 
+@@ -3858,8 +3973,8 @@ isc_socketmgr_create2(isc_mem_t *mctx, i
+                                               &manager->threads[i],
+                                               &manager->threads[i].thread)
+                             == ISC_R_SUCCESS);
+-              char tname[1024];
+-              sprintf(tname, "isc-socket-%d", i);
++              char tname[128];
++              snprintf(tname, sizeof(tname), "sock-%d", i);
+               isc_thread_setname(manager->threads[i].thread, tname);
+       }
+ 
+@@ -5326,7 +5441,7 @@ static isc_once_t        hasreuseport_once = IS
+ static bool           hasreuseport = false;
+ 
+ static void
+-init_hasreuseport() {
++init_hasreuseport(void) {
+ /*
+  * SO_REUSEPORT works very differently on *BSD and on Linux (because why not).
+  * We only want to use it on Linux, if it's available. On BSD we want to dup()
+@@ -5376,6 +5491,8 @@ _socktype(isc_sockettype_t type)
+               return ("tcp");
+       case isc_sockettype_unix:
+               return ("unix");
++      case isc_sockettype_fdwatch:
++              return ("fdwatch");
+       default:
+               return ("not-initialized");
+       }
+@@ -5605,3 +5722,112 @@ isc_socketmgr_createinctx(isc_mem_t *mct
+ 
+       return (result);
+ }
++
++/*
++ * Create a new 'type' socket managed by 'manager'.  Events
++ * will be posted to 'task' and when dispatched 'action' will be
++ * called with 'arg' as the arg value.  The new socket is returned
++ * in 'socketp'.
++ */
++isc_result_t
++isc_socket_fdwatchcreate(isc_socketmgr_t *manager0, int fd, int flags,
++                       isc_sockfdwatch_t callback, void *cbarg,
++                       isc_task_t *task, isc_socket_t **socketp)
++{
++      isc__socketmgr_t *manager = (isc__socketmgr_t *)manager0;
++      isc__socket_t *sock = NULL;
++      isc__socketthread_t *thread;
++      isc_result_t result;
++      int lockid;
++
++      REQUIRE(VALID_MANAGER(manager));
++      REQUIRE(socketp != NULL && *socketp == NULL);
++
++      if (fd < 0 || (unsigned int)fd >= manager->maxsocks)
++              return (ISC_R_RANGE);
++
++      result = allocate_socket(manager, isc_sockettype_fdwatch, &sock);
++      if (result != ISC_R_SUCCESS)
++              return (result);
++
++      sock->fd = fd;
++      sock->fdwatcharg = cbarg;
++      sock->fdwatchcb = callback;
++      sock->fdwatchflags = flags;
++      sock->fdwatchtask = task;
++
++      sock->threadid = gen_threadid(sock);
++      isc_refcount_init(&sock->references, 1);
++      thread = &manager->threads[sock->threadid];
++      *socketp = (isc_socket_t *)sock;
++
++      /*
++       * Note we don't have to lock the socket like we normally would because
++       * there are no external references to it yet.
++       */
++
++      lockid = FDLOCK_ID(sock->fd);
++      LOCK(&thread->fdlock[lockid]);
++      thread->fds[sock->fd] = sock;
++      thread->fdstate[sock->fd] = MANAGED;
++
++#if defined(USE_EPOLL)
++      manager->threads->epoll_events[sock->fd] = 0;
++#endif
++      UNLOCK(&thread->fdlock[lockid]);
++
++      LOCK(&manager->lock);
++      ISC_LIST_APPEND(manager->socklist, sock, link);
++#ifdef USE_SELECT
++      if (manager->maxfd < sock->fd)
++              manager->maxfd = sock->fd;
++#endif
++      UNLOCK(&manager->lock);
++
++      sock->active = 1;
++      if (flags & ISC_SOCKFDWATCH_READ)
++              select_poke(sock->manager, sock->threadid, sock->fd,
++                  SELECT_POKE_READ);
++      if (flags & ISC_SOCKFDWATCH_WRITE)
++              select_poke(sock->manager, sock->threadid, sock->fd,
++                  SELECT_POKE_WRITE);
++
++      socket_log(sock, NULL, CREATION, "fdwatch-created");
++
++      return (ISC_R_SUCCESS);
++}
++
++/*
++ * Indicate to the manager that it should watch the socket again.
++ * This can be used to restart watching if the previous event handler
++ * didn't indicate there was more data to be processed.  Primarily
++ * it is for writing but could be used for reading if desired
++ */
++
++isc_result_t
++isc_socket_fdwatchpoke(isc_socket_t *sock0, int flags)
++{
++      isc__socket_t *sock = (isc__socket_t *)sock0;
++
++      REQUIRE(VALID_SOCKET(sock));
++
++      /*
++       * We check both flags first to allow us to get the lock
++       * once but only if we need it.
++       */
++
++      if ((flags & (ISC_SOCKFDWATCH_READ | ISC_SOCKFDWATCH_WRITE)) != 0) {
++              LOCK(&sock->lock);
++              if ((flags & ISC_SOCKFDWATCH_READ) != 0)
++                      select_poke(sock->manager, sock->threadid, sock->fd,
++                                  SELECT_POKE_READ);
++              if ((flags & ISC_SOCKFDWATCH_WRITE) != 0)
++                      select_poke(sock->manager, sock->threadid, sock->fd,
++                                  SELECT_POKE_WRITE);
++              UNLOCK(&sock->lock);
++      }
++
++      socket_log(sock, NULL, TRACE, "fdwatch-poked flags: %d", flags);
++
++      return (ISC_R_SUCCESS);
++}
Index: pkgsrc/net/bind914/patches/patch-lib_isc_unix_time.c
diff -u /dev/null pkgsrc/net/bind914/patches/patch-lib_isc_unix_time.c:1.1
--- /dev/null   Tue Apr 30 03:34:34 2019
+++ pkgsrc/net/bind914/patches/patch-lib_isc_unix_time.c        Tue Apr 30 03:34:34 2019
@@ -0,0 +1,37 @@
+$NetBSD: patch-lib_isc_unix_time.c,v 1.1 2019/04/30 03:34:34 taca Exp $
+
+* More check time_t range.
+
+--- lib/isc/unix/time.c.orig   2019-04-06 20:09:59.000000000 +0000
++++ lib/isc/unix/time.c
+@@ -333,7 +333,7 @@ isc_time_seconds(const isc_time_t *t) {
+ 
+ isc_result_t
+ isc_time_secondsastimet(const isc_time_t *t, time_t *secondsp) {
+-      time_t seconds;
++      time_t seconds, i;
+ 
+       REQUIRE(t != NULL);
+       INSIST(t->nanoseconds < NS_PER_S);
+@@ -360,8 +360,20 @@ isc_time_secondsastimet(const isc_time_t
+       INSIST(sizeof(unsigned int) == sizeof(uint32_t));
+       INSIST(sizeof(time_t) >= sizeof(uint32_t));
+ 
+-      if (t->seconds > (~0U>>1) && seconds <= (time_t)(~0U>>1))
++      if (sizeof(time_t) == sizeof(uint32_t) &&              /* Same size. */
++          (time_t)0.5 != 0.5 &&              /* Not a floating point type. */
++          (i = (time_t)-1) != 4294967295u &&                 /* Is signed. */
++          (seconds &
++           (1ULL << (sizeof(time_t) * CHAR_BIT - 1))) != 0ULL) {   /* Negative. */
++              /*
++               * This UNUSED() is here to shut up the IRIX compiler:
++               *      variable "i" was set but never used
++               * when the value of i *was* used in the third test.
++               * (Let's hope the compiler got the actual test right.)
++               */
++              UNUSED(i);
+               return (ISC_R_RANGE);
++      }
+ 
+       *secondsp = seconds;
+ 



Home | Main Index | Thread Index | Old Index