MFC r333552,333558-333568,333573,338568-338569,339275,339278,339294,340037,
r349720,356228:

r333552 (des):

Upgrade Unbound to 1.6.0. More to follow.

r333558 (des):

Upgrade Unbound to 1.6.1. More to follow.

r333559 (des):

Upgrade Unbound to 1.6.2. More to follow.

r333560 (des):

Upgrade Unbound to 1.6.3. More to follow.

r333561 (des):

Upgrade Unbound to 1.6.4. More to follow.

r333562 (des):

Upgrade Unbound to 1.6.5. More to follow.

r333563 (des):

Upgrade Unbound to 1.6.6. More to follow.

r333564 (des):

Upgrade Unbound to 1.6.7. More to follow.

r333565 (des):

No reason to keep this around.

r333566 (des):

Upgrade Unbound to 1.6.8. More to follow.

r333567 (des):

Upgrade Unbound to 1.7.0. More to follow.

r333568 (des):

Upgrade Unbound to 1.7.1.

r333573 (des):

Rename all Unbound binaries and man pages from unbound* to local-unbound*.

PR: 222902

r338568 (des):

Upgrade Unbound to 1.7.2. More to follow.

r338569 (des):

Upgrade Unbound to 1.7.3. More to follow.

r339275 (des):

Upgrade Unbound to 1.8.0. More to follow.

r339278 (des):

Upgrade to 1.8.1.

r339294 (des):

Try harder to sanitize the environment before running configure.
Remove a workaround for older Unbound versions that used sbrk.

r340037 (des):

Merge upstream r4932: turn so-reuseport option off by default.

r349720 (des):

Upgrade Unbound to 1.9.2.

MFC r356228 (cy):
MFV r356143:

Update unbound 1.9.2 --> 1.9.6.

Security: CVE-2017-15105 (fixed by 1.6.7)
CVE-2019-18934 (fixed by 1.9.5)

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

- Add descriptions to most of the rc scripts. Those are mostly taken from their
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".

Approved by: bapt, brueffer
Differential Revision: D452

Load our configuration before setting defaults, so local_unbound_workdir
actually has an effect.

PR: 204931
Submitted by: Eugene Grosbein <eugen@grosbein.net>
MFC after: 1 week

After starting Unbound, wait for up to five seconds until unbound-control
indicates that it is up and running.

PR: 184047
MFC after: 3 weeks

Adjust default argument construction for -c to be getopt compliant for
consistency, even though unbound understood it.

Unbreak rcorder when MK_UNBOUND == no by moving local_unbound from REQUIRE:
in NETWORKING to BEFORE: in the script

MFC after: 2 weeks

Allow the user to specify the location of control.conf.

Revert r271257 after several issues were pointed out. An updated patch
will be committed at a later date.

Use the correct idiom for default values, and ensure that the script
works correctly if the user overrides them.

PR: 193255
Submitted by: hrs@
MFC after: 3 days

Move local_unbound up in the rc order.

Approved by: re (blanket)

Add a setup script for unbound(8) called local-unbound-setup. It
generates a configuration suitable for running unbound as a caching
forwarding resolver, and configures resolvconf(8) to update unbound's
list of forwarders in addition to /etc/resolv.conf. The initial list
is taken from the existing resolv.conf, which is rewritten to point to
localhost. Alternatively, a list of forwarders can be provided on the
command line.

To assist this script, add an rc.subr command called "enabled" which
does nothing except return 0 if the service is enabled and 1 if it is
not, without going through the usual checks. We should consider doing
the same for "status", which is currently pointless.

Add an rc script for unbound, called local_unbound. If there is no
configuration file, the rc script runs local-unbound-setup to generate
one.

Note that these scripts place the unbound configuration files in
/var/unbound rather than /etc/unbound. This is necessary so that
unbound can reload its configuration while chrooted. We should
probably provide symlinks in /etc.

Approved by: re (blanket)