net/bind916: update to 9.16.10

Update bind916 to 9.16.10 (BIND 9.16.10).

pkgsrc changes:

* Make blocklist/blacklist support really compiled in.
* Fix build problem with pkcs11 PKG_OPTIONS and allow to use it.


	--- 9.16.10 released ---

5544.	[func]		Restore the default value of "nocookie-udp-size" to 4096
			bytes. [GL #2250]

5541.	[func]		Adjust the "max-recursion-queries" default from 75 to
			100. [GL #2305]

5540.	[port]		Fix building with native PKCS#11 support for AEP Keyper.
			[GL #2315]

5539.	[bug]		Tighten handling of missing DNS COOKIE responses over
			UDP by falling back to TCP. [GL #2275]

5538.	[func]		Add NSEC3 support to KASP. A new option for
			"dnssec-policy", "nsec3param", can be used to set the
			desired NSEC3 parameters. NSEC3 salt collisions are
			automatically prevented during resalting. Salt
			generation is now logged with zone context. [GL #1620]

5534.	[bug]		The CNAME synthesized from a DNAME was incorrectly
			followed when the QTYPE was CNAME or ANY. [GL #2280]

net/bind916/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.6 2020/11/26 13:21:51 taca Exp $
+# $NetBSD: Makefile,v 1.7 2020/12/19 16:41:36 taca Exp $
 
 DISTNAME=	bind-${BIND_VERSION}
 PKGNAME=	${DISTNAME:S/-P/pl/}
@@ -15,15 +15,13 @@ CONFLICTS+=	host-[0-9]*
 
 MAKE_JOBS_SAFE=	no
 
-BIND_VERSION=	9.16.9
-
-.include "../../mk/bsd.prefs.mk"
+BIND_VERSION=	9.16.10
 
 BUILD_DEFS+=	BIND_DIR VARBASE
 
 .include "options.mk"
 
-USE_TOOLS+=		pax perl pkg-config
+USE_TOOLS+=		autoconf pax perl pkg-config
 USE_LIBTOOL=		yes
 GNU_CONFIGURE=		yes
 CHECK_FILES_SKIP=	bin/tests/system/system-test-driver.sh
@@ -75,6 +73,9 @@ CONF_FILES+=		share/examples/bind9/bind.keys \
 
 INSTALLATION_DIRS+=	${DOCDIR}
 
+pre-configure:
+	cd ${WRKSRC} && autoconf -f
+
 post-install:
 .for f in ${DOCS}
 	${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/${DOCDIR}

net/bind916/distinfo

@@ -1,23 +1,23 @@
-$NetBSD: distinfo,v 1.7 2020/11/26 13:21:51 taca Exp $
+$NetBSD: distinfo,v 1.8 2020/12/19 16:41:36 taca Exp $
 
-SHA1 (bind-9.16.9.tar.xz) = feeaa9493c6ed735d4ee9c16e694e2dcd179acab
-RMD160 (bind-9.16.9.tar.xz) = 8df1a370ae12387a3db00d686dd9d122cafeec61
-SHA512 (bind-9.16.9.tar.xz) = d5b7694c51d3756aa273efd19d08889d28dd0e80d4ee29660cd06de0fdbc16a77f4f0d2dd9faef527eea1e496ec3292d158a556a84d5aa3f42dbddbb9c890aac
-Size (bind-9.16.9.tar.xz) = 3260964 bytes
+SHA1 (bind-9.16.10.tar.xz) = 016dc93596272d607a88439b247eacecd3eeca03
+RMD160 (bind-9.16.10.tar.xz) = 78897fd2473e0ba2b4ce54cc2382c3defd50af1a
+SHA512 (bind-9.16.10.tar.xz) = cb140fd577042ddeb7a47bc5e132d405d885bed22c9aeecb3d91a9115481ce4380ef191f78ba7acc9580ad0d4c8ed2658643007adf5b5527060879f34efdf8f7
+Size (bind-9.16.10.tar.xz) = 3269696 bytes
 SHA1 (patch-bin_dig_dighost.c) = b1073911d80ecd519af98b6678968296ff8c0c98
 SHA1 (patch-bin_dig_include_dig_dig.h) = 10166f5bb98b208c7b10d63eb31e8253f704acc8
 SHA1 (patch-bin_named_Makefile.in) = f1367da6a226ba44d0ee13acf00b8abeb5b1b7eb
-SHA1 (patch-bin_named_main.c) = 408c3f6acd70f20c26801baaa9922091a6a7fe7e
+SHA1 (patch-bin_named_main.c) = f00842529ec2015e0969d0dba58a1e13a510f9eb
 SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d
 SHA1 (patch-bin_nsupdate_nsupdate.c) = 4ccd0e503a972cf16905e999bcc574f8ee0dd85d
 SHA1 (patch-bin_pkcs11_pkcs11-keygen.c) = d953bf48aadcdf7e95975d335167cc50f54ef91e
 SHA1 (patch-bin_tools_arpaname.c) = 868da4454d06dc823680cf06a764fa40b8474708
 SHA1 (patch-bin_tools_nsec3hash.c) = 87c3891db62c45cd8ed2b484b17f7bf2e319bef3
 SHA1 (patch-config.guess) = f44c6344a297e7c623dcbf75b308eb35f797a537
-SHA1 (patch-config.h.in) = b03a56721762a96439237f7e1fcaa4275c52be49
+SHA1 (patch-config.h.in) = a9b2c067bada2055b51d88112e4058ccec0d1441
 SHA1 (patch-config.sub) = 7389c0f2500f2afe96d43979a2d3e0b9f8dff073
 SHA1 (patch-config.threads.in) = fc5cc7097d87523a34c0e630cb8dd1d081d859e5
-SHA1 (patch-configure) = 8b00a2808ff9ba43e0fab71e1d6f5cdc8c62cff5
+SHA1 (patch-configure.ac) = 3dd8c49eb6bc475c20c88edc20bd8457698ad500
 SHA1 (patch-contrib_dlz_config.dlz.in) = 6c53d61aaaf1a952a867e4c4da0194db94f511d7
 SHA1 (patch-contrib_dlz_modules_wildcard_dlz__wildcard__dynamic.c) = 37ba5f06f4970abaae6d98c4305f6372537a313f
 SHA1 (patch-lib_dns_byaddr.c) = 647ddaaaf040233e18d1a87d83bc2bd63d2a20e3
@@ -26,6 +26,8 @@ SHA1 (patch-lib_dns_gssapi__link.c) = acd5f3c975d4edf391e77fd39cfa91810ad17ba2
 SHA1 (patch-lib_dns_include_dns_zone.h) = 8abf4c18935629624e68a14361dbeaf00a440c90
 SHA1 (patch-lib_dns_lookup.c) = 6c7463aca16abf6bd578aba1733a3217608a39d3
 SHA1 (patch-lib_dns_peer.c) = 16cc26fd4e792a23caef6e091f94f974041179e7
+SHA1 (patch-lib_dns_pkcs11ecdsa__link.c) = 99f386b056c5a6471f69841c41a2698d36b6b275
+SHA1 (patch-lib_dns_pkcs11eddsa__link.c) = bd887a6c8960da3a8663cdf5e955e045f16dee3f
 SHA1 (patch-lib_dns_rbt.c) = a9ef153a0548eb432567f1e3347c27ce5775a041
 SHA1 (patch-lib_dns_rbtdb.c) = bb3f829cbed23bce624462766aa6d039a0153afe
 SHA1 (patch-lib_dns_request.c) = 82560e819cba0259883da8d47618ffabead22c55
@@ -48,13 +50,13 @@ SHA1 (patch-lib_isc_unix_include_isc_align.h) = 1bbd78f1617a40079d1044175cfe037b
 SHA1 (patch-lib_isc_unix_net.c) = c654f60a1feefdba9bf980dcfa46ce37f46918aa
 SHA1 (patch-lib_isc_unix_socket.c) = a034eebc922a3266fdf5acc5fe849709eccbb6ca
 SHA1 (patch-lib_isc_unix_time.c) = fac9e66754e099f53ba8c499f5f179825a0b0fbd
-SHA1 (patch-lib_ns_Makefile.in) = 5626877ffe97261518f976bb8dd827cdb53668ed
+SHA1 (patch-lib_ns_Makefile.in) = 5d3ecf4d6673cf227635c03779e9969e6eeb8227
 SHA1 (patch-lib_ns_client.c) = e0453a7483a4f899023e0c5ab970cda241976b90
 SHA1 (patch-lib_ns_include_ns_client.h) = 56009c601d54491ffd16f6438d55206705a5aa23
 SHA1 (patch-lib_ns_include_ns_pfilter.h) = cc86752971b4f9f7492283c4ad3ff29bc1bae237
 SHA1 (patch-lib_ns_interfacemgr.c) = fc31720734b02155acd7fa9b370a6ebb82022532
-SHA1 (patch-lib_ns_pfilter.c) = 14d3d55768ee9abe444ed81ee0839cb9ac67af1f
-SHA1 (patch-lib_ns_query.c) = fb9ee13205a95a7fc52893406dbeaf3145640ea6
-SHA1 (patch-lib_ns_update.c) = 30468795b1d8ea5b81ad799a395a8a37ec7fa2d0
-SHA1 (patch-lib_ns_xfrout.c) = 82fe2dd10feaef58a042103b9d417bfeb49d12b7
+SHA1 (patch-lib_ns_pfilter.c) = 8f4a3b3a729360a131eb1962c42a9f9f985c7e7b
+SHA1 (patch-lib_ns_query.c) = 0c3c4a20aa4b40c144c4f986599cda67db3e2491
+SHA1 (patch-lib_ns_update.c) = 2fb3457da333143508d28420490cbc1cb69ddb19
+SHA1 (patch-lib_ns_xfrout.c) = 79d9e4add58ffd75ea9718f5501f1517e67416e3
 SHA1 (patch-make_rules.in) = b4e340237b4d444dbd857a8c2a4760182569173d

net/bind916/options.mk

@@ -1,10 +1,10 @@
-# $NetBSD: options.mk,v 1.3 2020/09/03 20:35:17 otis Exp $
+# $NetBSD: options.mk,v 1.4 2020/12/19 16:41:36 taca Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.bind916
 PKG_SUPPORTED_OPTIONS=	bind-dig-sigchase bind-xml-statistics-server
 PKG_SUPPORTED_OPTIONS+=	bind-json-statistics-server blacklist blocklist
 PKG_SUPPORTED_OPTIONS+=	threads readline lmdb mysql pgsql ldap dlz-filesystem
-PKG_SUPPORTED_OPTIONS+=	geoip tuning dnstap # pkcs11
+PKG_SUPPORTED_OPTIONS+=	geoip tuning dnstap pkcs11
 PKG_SUGGESTED_OPTIONS+=	readline
 
 PLIST_VARS+=	dnstap lmdb pkcs11
@@ -23,9 +23,9 @@ PKG_SUGGESTED_OPTIONS+=	threads
 .endif
 
 .if ${OPSYS} == "NetBSD"
-.   if exists(/usr/include/blacklist.h)
+.  if exists(/usr/include/blacklist.h)
 PKG_SUGGESTED_OPTIONS+=	blacklist
-.   elif exists(/usr/include/blocklist.h)
+.  elif exists(/usr/include/blocklist.h)
 PKG_SUGGESTED_OPTIONS+=	blocklist
 .  endif
 .endif
@@ -87,12 +87,12 @@ LDFLAGS+=		-lGeoIP
 .include "../../net/GeoIP/buildlink3.mk"
 .endif
 
-#.if !empty(PKG_OPTIONS:Mpkcs11)
-#CONFIGURE_ARGS+=	--enable-native-pkcs11
-#PLIST.pkcs11=		yes
-#.else
-#CONFIGURE_ARGS+=	--disable-native-pkcs11
-#.endif
+.if !empty(PKG_OPTIONS:Mpkcs11)
+CONFIGURE_ARGS+=	--enable-native-pkcs11
+PLIST.pkcs11=		yes
+.else
+CONFIGURE_ARGS+=	--disable-native-pkcs11
+.endif
 
 .if !empty(PKG_OPTIONS:Mtuning)
 CONFIGURE_ARGS+=	--with-tuning=large

net/bind916/patches/patch-bin_named_main.c

@@ -1,25 +1,25 @@
-$NetBSD: patch-bin_named_main.c,v 1.1 2020/08/09 15:20:22 taca Exp $
+$NetBSD: patch-bin_named_main.c,v 1.2 2020/12/19 16:41:36 taca Exp $
 
-* Take from NetBSD base including support for blacklistd.
+* Based on NetBSD, add support for blocklist(blacklist).
 
---- bin/named/main.c.orig	2020-06-10 21:01:43.000000000 +0000
+--- bin/named/main.c.orig	2020-12-07 08:16:53.000000000 +0000
 +++ bin/named/main.c
-@@ -94,6 +94,10 @@
+@@ -95,6 +95,10 @@
  #ifdef HAVE_ZLIB
  #include <zlib.h>
  #endif /* ifdef HAVE_ZLIB */
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +#include <ns/pfilter.h>
-+#endif /* ifdef HAVE_BLACKLIST */
++#endif
 +
  /*
   * Include header files for database drivers here.
   */
-@@ -1529,6 +1533,10 @@ main(int argc, char *argv[]) {
+@@ -1535,6 +1539,10 @@ main(int argc, char *argv[]) {
  
  	parse_command_line(argc, argv);
  
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +	pfilter_enable();
 +#endif
 +

net/bind916/patches/patch-config.h.in

@@ -1,18 +1,18 @@
-$NetBSD: patch-config.h.in,v 1.2 2020/08/30 19:26:45 christos Exp $
+$NetBSD: patch-config.h.in,v 1.3 2020/12/19 16:41:36 taca Exp $
 
-* Take from NetBSD base, adding support for blacklistd.
+* Based on NetBSD, add support for blocklist(blacklist).
 
---- config.h.in.orig	2020-07-03 06:44:14.000000000 -0400
-+++ config.h.in	2020-08-30 15:04:46.317494639 -0400
+--- config.h.in.orig	2020-12-07 08:16:53.000000000 +0000
++++ config.h.in
 @@ -45,6 +45,12 @@
  /* define if the ARM yield instruction is available */
  #undef HAVE_ARM_YIELD
  
 +/* Define to 1 if blacklist is supported. */
-+#undef HAVE_BLACKLIST
++#undef HAVE_BLACKLIST_H
 +
 +/* Define to 1 if blocklist is supported. */
-+#undef HAVE_BLOCKLIST
++#undef HAVE_BLOCKLIST_H
 +
  /* Define to 1 if the compiler supports __builtin_clz. */
  #undef HAVE_BUILTIN_CLZ

net/bind916/patches/patch-configure

@@ -1,98 +0,0 @@
-$NetBSD: patch-configure,v 1.4 2020/11/26 13:21:51 taca Exp $
-
-* Add DragonFly support.
-* Use proper link options for NetBSD.
-* Link proper postgresql library.
-* Take from NetBSD base, adding support for blacklistd.
-
---- configure.orig	2020-10-13 08:41:40.000000000 +0000
-+++ configure
-@@ -637,6 +637,10 @@ BUILD_LDFLAGS
- BUILD_CPPFLAGS
- BUILD_CFLAGS
- BUILD_CC
-+BLACKLISTLINKOBJS
-+BLACKLISTLINKSRCS
-+BLOCKLISTLINKOBJS
-+BLOCKLISTLINKSRCS
- DLZ_DRIVER_MYSQL_LIBS
- DLZ_DRIVER_MYSQL_INCLUDES
- DLZ_SYSTEM_TEST
-@@ -730,6 +734,8 @@ JSON_C_LIBS
- JSON_C_CFLAGS
- LIBXML2_LIBS
- LIBXML2_CFLAGS
-+LIBUV_LIBS
-+LIBUV_CFLAGS
- NZD_MANS
- NZDTARGETS
- NZDSRCS
-@@ -1719,6 +1725,8 @@ Optional Packages:
-   --with-dlz-stub=ARG     Build with stub DLZ driver [yes|no]. (Required to
-                           use stub driver with DLZ)
-   --with-make-clean       run "make clean" at end of configure [yes|no]
-+  --with-blacklist	  Build with blacklist
-+  --with-blocklist	  Build with blocklist
- 
- Some influential environment variables:
-   CC          C compiler command
-@@ -3917,7 +3925,7 @@ fi
- 
- # On IRIX 5.3, sys/types and inttypes.h are conflicting.
- for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
--		  inttypes.h stdint.h unistd.h
-+		  inttypes.h stdint.h unistd.h blacklist.h blocklist.h
- do :
-   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
- ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
-@@ -22499,7 +22507,7 @@ else
- 
- fi
- 	        ;; #(
--  *-freebsd*|*-openbsd*|*-netbsd*) :
-+  *-dragonfly*|*-freebsd*|*-openbsd*|*-netbsd*) :
- 
- 		 LDFLAGS="${LDFLAGS} -Wl,-E"
- 		 SO_CFLAGS="-fpic"
-@@ -22531,9 +22539,9 @@ fi
- 	        ;; #(
-   *-solaris*) :
- 
--		 SO_CFLAGS="-KPIC"
--		 SO_LDFLAGS="-G -z text"
--		 SO_LD="ld"
-+		 SO_CFLAGS="-fPIC"
-+		 SO_LDFLAGS="-Xcompiler -shared -Wl,-z -Wl,text"
-+		 SO_LD="${CC}"
- 	        ;; #(
-   ia64-hp-hpux*) :
- 
-@@ -22974,8 +22982,8 @@ $as_echo "no" >&6; }
- 	fi
- 	if test -n "-L$use_dlz_postgres_lib -lpq"
- 	then
--		DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L$use_dlz_postgres_lib -lpq"
--		DLZ_DRIVER_POSTGRES_LIBS="-L$use_dlz_postgres_lib -lpq"
-+		DLZ_DRIVER_LIBS="$DLZ_DRIVER_LIBS -L${PREFIX}/lib -lpq"
-+		DLZ_DRIVER_POSTGRES_LIBS="-L${PREFIX}/lib -lpq"
- 	fi
- 
- 
-@@ -26182,6 +26190,8 @@ report() {
- 	test "X$PYTHON" = "X" || echo "    Python tools (--with-python)"
- 	test "X$LIBXML2_LIBS" = "X" || echo "    XML statistics (--with-libxml2)"
- 	test "X$JSON_C_LIBS" = "X" || echo "    JSON statistics (--with-json-c): $JSON_C_CFLAGS $JSON_C_LIBS"
-+	test "X$BLACKLIST" = "X" || echo "    blacklist support (--with-blacklist)"
-+	test "X$BLOCKLIST" = "X" || echo "    blocklist support (--with-blocklist)"
- 	test "X$ZLIB_LIBS" = "X" || echo "    HTTP zlib compression (--with-zlib)"
- 	test "X$NZD_TOOLS" = "X" || echo "    LMDB database to store configuration for 'addzone' zones (--with-lmdb)"
- 	test "no" = "$with_libidn2" || echo "    IDN support (--with-libidn2)"
-@@ -26260,6 +26270,8 @@ report() {
-     test "X$PYTHON" = "X" && echo "    Python tools (--with-python)"
-     test "X$LIBXML2_LIBS" = "X" && echo "    XML statistics (--with-libxml2)"
-     test "X$JSON_C_LIBS" = "X" && echo "    JSON statistics (--with-json-c)"
-+    test "X$BLACKLIST" = "X" && echo "    blacklist support (--with-blacklist)"
-+    test "X$BLOCKLIST" = "X" && echo "    blocklist support (--with-blocklist)"
-     test "X$ZLIB_LIBS" = "X" && echo "    HTTP zlib compression (--with-zlib)"
-     test "X$NZD_TOOLS" = "X" && echo "    LMDB database to store configuration for 'addzone' zones (--with-lmdb)"
-     test "no" = "$with_libidn2" && echo "    IDN support (--with-libidn2)"

net/bind916/patches/patch-configure.ac

@@ -0,0 +1,42 @@
+$NetBSD: patch-configure.ac,v 1.1 2020/12/19 16:41:36 taca Exp $
+
+Add support for blocklist(blacklist).
+
+--- configure.ac.orig	2020-12-07 08:16:53.000000000 +0000
++++ configure.ac
+@@ -695,6 +695,16 @@ AC_CHECK_FUNCS([pthread_setaffinity_np c
+ AC_CHECK_FUNCS([pthread_setname_np pthread_set_name_np])
+ AC_CHECK_HEADERS([pthread_np.h], [], [], [#include <pthread.h>])
+ 
++# libblocklist(libblacklist)
++AC_MSG_CHECKING(for libblocklist)
++AC_CHECK_HEADER([blocklist.h],
++  [AC_DEFINE([HAVE_BLOCKLIST_H], [1])
++   AC_CHECK_LIB(blocklist, blocklist)],
++  [AC_MSG_CHECKING(for libblacklist)
++   AC_CHECK_HEADER([blacklist.h],
++   [AC_DEFINE([HAVE_BLACKLIST_H], [1])
++    AC_CHECK_LIB(blacklist, blacklist)])])
++
+ # libuv
+ AC_MSG_CHECKING(for libuv)
+ PKG_CHECK_MODULES([LIBUV], [libuv >= 1.0.0], [],
+@@ -1342,6 +1352,18 @@ AS_CASE([$with_libxml2],
+ 				 [AC_DEFINE([HAVE_LIBXML2], [1], [Use libxml2 library])])],
+ 	[AC_MSG_ERROR([Specifying libxml2 installation path is not supported, adjust PKG_CONFIG_PATH instead])])
+ 
++# blocklist
++AC_ARG_WITH([blocklist],
++	    [AS_HELP_STRING([--with-blocklist],
++		[enable blocklist support [yes|no|detect] (default is detect)])],
++		[], [with_blocklist="$with_blocklist"])
++
++# blacklist
++AC_ARG_WITH([blacklist],
++	    [AS_HELP_STRING([--with-blacklist],
++		[enable blacklist support [yes|no|detect] (default is detect)])],
++		[], [with_blacklist="$with_blacklist"])
++
+ #
+ # DEPRECATED
+ #

net/bind916/patches/patch-lib_dns_pkcs11ecdsa__link.c

@@ -0,0 +1,23 @@
+$NetBSD: patch-lib_dns_pkcs11ecdsa__link.c,v 1.1 2020/12/19 16:41:36 taca Exp $
+
+Fix build problem when memmove() is cpp macro.
+
+--- lib/dns/pkcs11ecdsa_link.c.orig	2020-12-07 08:16:53.000000000 +0000
++++ lib/dns/pkcs11ecdsa_link.c
+@@ -435,14 +435,14 @@ pkcs11ecdsa_compare(const dst_key_t *key
+ 	case DST_ALG_ECDSA256:                                           \
+ 		attr->pValue = isc_mem_get(key->mctx,                    \
+ 					   sizeof(PK11_ECC_PRIME256V1)); \
+-		memmove(attr->pValue, PK11_ECC_PRIME256V1,               \
++		memmove(attr->pValue, (PK11_ECC_PRIME256V1),		\
+ 			sizeof(PK11_ECC_PRIME256V1));                    \
+ 		attr->ulValueLen = sizeof(PK11_ECC_PRIME256V1);          \
+ 		break;                                                   \
+ 	case DST_ALG_ECDSA384:                                           \
+ 		attr->pValue = isc_mem_get(key->mctx,                    \
+ 					   sizeof(PK11_ECC_SECP384R1));  \
+-		memmove(attr->pValue, PK11_ECC_SECP384R1,                \
++		memmove(attr->pValue, (PK11_ECC_SECP384R1),		\
+ 			sizeof(PK11_ECC_SECP384R1));                     \
+ 		attr->ulValueLen = sizeof(PK11_ECC_SECP384R1);           \
+ 		break;                                                   \

net/bind916/patches/patch-lib_dns_pkcs11eddsa__link.c

@@ -0,0 +1,23 @@
+$NetBSD: patch-lib_dns_pkcs11eddsa__link.c,v 1.1 2020/12/19 16:41:36 taca Exp $
+
+Fix build problem when memmove() is cpp macro.
+
+--- lib/dns/pkcs11eddsa_link.c.orig	2020-12-07 08:16:53.000000000 +0000
++++ lib/dns/pkcs11eddsa_link.c
+@@ -409,13 +409,14 @@ pkcs11eddsa_compare(const dst_key_t *key
+ 	case DST_ALG_ED25519:                                                  \
+ 		attr->pValue = isc_mem_get(key->mctx,                          \
+ 					   sizeof(PK11_ECX_ED25519));          \
+-		memmove(attr->pValue, PK11_ECX_ED25519,                        \
++		memmove(attr->pValue, (PK11_ECX_ED25519),                      \
+ 			sizeof(PK11_ECX_ED25519));                             \
+ 		attr->ulValueLen = sizeof(PK11_ECX_ED25519);                   \
+ 		break;                                                         \
+ 	case DST_ALG_ED448:                                                    \
+ 		attr->pValue = isc_mem_get(key->mctx, sizeof(PK11_ECX_ED448)); \
+-		memmove(attr->pValue, PK11_ECX_ED448, sizeof(PK11_ECX_ED448)); \
++		memmove(attr->pValue, (PK11_ECX_ED448),                        \
++			sizeof(PK11_ECX_ED448));                               \
+ 		attr->ulValueLen = sizeof(PK11_ECX_ED448);                     \
+ 		break;                                                         \
+ 	default:                                                               \

net/bind916/patches/patch-lib_ns_Makefile.in

@@ -1,28 +1,21 @@
-$NetBSD: patch-lib_ns_Makefile.in,v 1.1 2020/08/09 15:20:22 taca Exp $
+$NetBSD: patch-lib_ns_Makefile.in,v 1.2 2020/12/19 16:41:36 taca Exp $
 
-* Take from NetBSD base; add blacklist support.
+* Based on NetBSD, add support for blocklist(blacklist).
 
---- lib/ns/Makefile.in.orig	2020-05-06 09:59:35.000000000 +0000
+--- lib/ns/Makefile.in.orig	2020-12-07 08:16:53.000000000 +0000
 +++ lib/ns/Makefile.in
-@@ -42,16 +42,19 @@ LIBS =		@LIBS@
+@@ -41,12 +41,12 @@ LIBS =		@LIBS@
+ 
+ # Alphabetically
  OBJS =		client.@O@ hooks.@O@ interfacemgr.@O@ lib.@O@ \
- 		listenlist.@O@ log.@O@ notify.@O@ query.@O@ \
+-		listenlist.@O@ log.@O@ notify.@O@ query.@O@ \
++		listenlist.@O@ log.@O@ notify.@O@ pfilter.@O@ query.@O@ \
  		server.@O@ sortlist.@O@ stats.@O@ update.@O@ \
--		version.@O@ xfrout.@O@
-+		version.@O@ xfrout.@O@ @BLACKLISTLINKOBJS@
+ 		version.@O@ xfrout.@O@
  
  SRCS =		client.c hooks.c interfacemgr.c lib.c listenlist.c \
- 		log.c notify.c query.c server.c sortlist.c stats.c \
--		update.c version.c xfrout.c
-+		update.c version.c xfrout.c @BLACKLISTLINKSRCS@
+-		log.c notify.c query.c server.c sortlist.c stats.c \
++		log.c notify.c pfilter.c query.c server.c sortlist.c stats.c \
+ 		update.c version.c xfrout.c
  
  SUBDIRS =	include
- TESTDIRS =	@UNITTESTS@
- TARGETS =	timestamp
- 
-+BLACKLISTLINKOBJS= pfilter.@O@
-+BLACKLISTLINKSRCS= pfilter.c
-+
- SO_CFLAGS =	@CFLAGS@ @SO_CFLAGS@
- SO_LDFLAGS =	@LDFLAGS@ @SO_LDFLAGS@
- 

net/bind916/patches/patch-lib_ns_pfilter.c

@@ -1,10 +1,10 @@
-$NetBSD: patch-lib_ns_pfilter.c,v 1.2 2020/08/30 19:26:45 christos Exp $
+$NetBSD: patch-lib_ns_pfilter.c,v 1.3 2020/12/19 16:41:36 taca Exp $
 
-* Take from NetBSD base.
+* Based on NetBSD, add support for blocklist(blacklist).
 
---- lib/ns/pfilter.c.orig	2020-08-30 14:56:09.038428676 -0400
-+++ lib/ns/pfilter.c	2020-08-30 15:07:25.182798415 -0400
-@@ -0,0 +1,55 @@
+--- lib/ns/pfilter.c.orig	2020-12-17 07:42:44.024890144 +0000
++++ lib/ns/pfilter.c
+@@ -0,0 +1,59 @@
 +
 +#include "config.h"
 +
@@ -13,17 +13,19 @@ $NetBSD: patch-lib_ns_pfilter.c,v 1.2 2020/08/30 19:26:45 christos Exp $
 +#include <ns/types.h>
 +#include <ns/client.h>
 +
-+#ifdef HAVE_BLACKLIST
++#ifdef HAVE_BLACKLIST_H
 +#include <blacklist.h>
 +#define blocklist blacklist
 +#define blocklist_open blacklist_open
 +#define blocklist_sa_r blacklist_sa_r
 +#endif
 +
-+#ifdef HAVE_BLOCKLIST
++#ifdef HAVE_BLOCKLIST_H
 +#include <blocklist.h>
 +#endif
 +
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
++
 +#include <ns/pfilter.h>
 +
 +static struct blocklist *blstate;
@@ -60,3 +62,5 @@ $NetBSD: patch-lib_ns_pfilter.c,v 1.2 2020/08/30 19:26:45 christos Exp $
 +	    res != ISC_R_SUCCESS, fd,
 +	    &client->peeraddr.type.sa, client->peeraddr.length, msg);
 +}
++
++#endif

net/bind916/patches/patch-lib_ns_query.c

@@ -1,14 +1,14 @@
-$NetBSD: patch-lib_ns_query.c,v 1.1 2020/08/09 15:20:22 taca Exp $
+$NetBSD: patch-lib_ns_query.c,v 1.2 2020/12/19 16:41:36 taca Exp $
 
-* Take from NetBSD base.
+* Based on NetBSD, add support for blocklist(blacklist).
 
---- lib/ns/query.c.orig	2020-05-06 09:59:35.000000000 +0000
+--- lib/ns/query.c.orig	2020-12-07 08:16:53.000000000 +0000
 +++ lib/ns/query.c
 @@ -68,6 +68,10 @@
  #include <ns/stats.h>
  #include <ns/xfrout.h>
  
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +#include <ns/pfilter.h>
 +#endif
 +
@@ -19,7 +19,7 @@ $NetBSD: patch-lib_ns_query.c,v 1.1 2020/08/09 15:20:22 taca Exp $
  					      msg);
  			}
  		} else if (log) {
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +			pfilter_notify(result, client, "checkcacheaccess");
 +#endif
  			/*
@@ -29,7 +29,7 @@ $NetBSD: patch-lib_ns_query.c,v 1.1 2020/08/09 15:20:22 taca Exp $
  					      msg);
  			}
  		} else {
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +			pfilter_notify(result, client, "validatezonedb");
 +#endif
  			ns_client_aclmsg("query", name, qtype,

net/bind916/patches/patch-lib_ns_update.c

@@ -1,14 +1,14 @@
-$NetBSD: patch-lib_ns_update.c,v 1.1 2020/08/09 15:20:22 taca Exp $
+$NetBSD: patch-lib_ns_update.c,v 1.2 2020/12/19 16:41:36 taca Exp $
 
-* Take from NetBSD base.
+* Based on NetBSD, add support for blocklist(blacklist).
 
---- lib/ns/update.c.orig	2020-05-06 09:59:35.000000000 +0000
+--- lib/ns/update.c.orig	2020-12-07 08:16:53.000000000 +0000
 +++ lib/ns/update.c
 @@ -52,6 +52,10 @@
  #include <ns/stats.h>
  #include <ns/update.h>
  
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +#include <ns/pfilter.h>
 +#endif
 +
@@ -19,7 +19,7 @@ $NetBSD: patch-lib_ns_update.c,v 1.1 2020/08/09 15:20:22 taca Exp $
  
  	result = ns_client_checkaclsilent(client, NULL, queryacl, true);
  	if (result != ISC_R_SUCCESS) {
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +		pfilter_notify(result, client, "queryacl");
 +#endif
  		dns_name_format(zonename, namebuf, sizeof(namebuf));
@@ -29,7 +29,7 @@ $NetBSD: patch-lib_ns_update.c,v 1.1 2020/08/09 15:20:22 taca Exp $
  			      "update '%s/%s' denied due to allow-query",
  			      namebuf, classbuf);
  	} else if (updateacl == NULL && ssutable == NULL) {
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +		pfilter_notify(result, client, "updateacl");
 +#endif
  		dns_name_format(zonename, namebuf, sizeof(namebuf));
@@ -39,7 +39,7 @@ $NetBSD: patch-lib_ns_update.c,v 1.1 2020/08/09 15:20:22 taca Exp $
  		msg = "disabled";
  	} else {
  		result = ns_client_checkaclsilent(client, NULL, acl, false);
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +		pfilter_notify(result, client, "updateacl");
 +#endif
  		if (result == ISC_R_SUCCESS) {

net/bind916/patches/patch-lib_ns_xfrout.c

@@ -1,31 +1,31 @@
-$NetBSD: patch-lib_ns_xfrout.c,v 1.1 2020/08/09 15:20:22 taca Exp $
+$NetBSD: patch-lib_ns_xfrout.c,v 1.2 2020/12/19 16:41:36 taca Exp $
 
-* Take from NetBSD base.
+* Based on NetBSD, add support for blocklist(blacklist).
 
---- lib/ns/xfrout.c.orig	2020-05-06 09:59:35.000000000 +0000
+--- lib/ns/xfrout.c.orig	2020-12-07 08:16:53.000000000 +0000
 +++ lib/ns/xfrout.c
-@@ -46,6 +46,10 @@
+@@ -44,6 +44,10 @@
  #include <ns/stats.h>
  #include <ns/xfrout.h>
  
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +#include <ns/pfilter.h>
 +#endif
 +
  /*! \file
   * \brief
   * Outgoing AXFR and IXFR.
-@@ -821,9 +825,15 @@ ns_xfr_start(ns_client_t *client, dns_rd
+@@ -818,9 +822,15 @@ ns_xfr_start(ns_client_t *client, dns_rd
  					      ISC_LOG_ERROR,
  					      "zone transfer '%s/%s' denied",
  					      _buf1, _buf2);
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +				pfilter_notify(result, client, "zonexfr");
 +#endif
  				goto failure;
  			}
  			if (result != ISC_R_SUCCESS) {
-+#ifdef HAVE_BLACKLIST
++#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H)
 +				pfilter_notify(result, client, "zonexfr");
 +#endif
  				FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",