From 586819755b4dbfdffdc8a725ab7c0f86095b8489 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 15 Sep 2018 17:37:09 +0100
Subject: gentoo resync : 15.09.2018

---
 net-dns/unbound/Manifest                           |  11 +-
 .../files/unbound-1.5.7-trust-anchor-file.patch    |   6 +
 .../unbound/files/unbound-1.6.3-pkg-config.patch   |  11 ++
 net-dns/unbound/files/unbound-r1.confd             |  36 ++++
 net-dns/unbound/files/unbound-r1.initd             | 137 ++++++++++++++++
 net-dns/unbound/metadata.xml                       |   5 +
 net-dns/unbound/unbound-1.7.3-r1.ebuild            | 169 +++++++++++++++++++
 net-dns/unbound/unbound-1.8.0-r1.ebuild            | 181 +++++++++++++++++++++
 8 files changed, 554 insertions(+), 2 deletions(-)
 create mode 100644 net-dns/unbound/files/unbound-1.6.3-pkg-config.patch
 create mode 100644 net-dns/unbound/files/unbound-r1.confd
 create mode 100644 net-dns/unbound/files/unbound-r1.initd
 create mode 100644 net-dns/unbound/unbound-1.7.3-r1.ebuild
 create mode 100644 net-dns/unbound/unbound-1.8.0-r1.ebuild

(limited to 'net-dns/unbound')

diff --git a/net-dns/unbound/Manifest b/net-dns/unbound/Manifest
index 8f2c442dd45b..238d3fbc0202 100644
--- a/net-dns/unbound/Manifest
+++ b/net-dns/unbound/Manifest
@@ -1,7 +1,10 @@
 AUX 0001-fix-fail-to-start-on-Linux-LTS-3.14.X-ignore.patch 2032 BLAKE2B 26feb157c94ec4429a480a02ef7f178c98f9f7296dcbbda590619390fe71e9d5b9406ed0428a766da1a189b6672a1fc9beeefc5418013136becfbfb037afa4ef SHA512 1a28fca9fa39cf4c07e2f9b75058ca1d00a176ab4f0b96130fbe4773f503f39f7f16518e82f58d289001dd468e53e54f1e208e99eec713fda0efd35517c4bcb3
 AUX unbound-1.4.12-gentoo.patch 639 BLAKE2B b1541fd917de50c131d161de92ce3db6dd4627f01a69dbd71b8954f7eeedd2bec8b47e7607e088516a877de610bd64c6ce9d1ba0910ba32be4ae137bcbddf63d SHA512 81292d898284c27e0b30a90816d283d2fffd5810afb38b5a79ff4acc94d82c91bd5414d177f11745c5ee7e56d1600a67bdc4d7395504ff6266103b4e018baf6c
-AUX unbound-1.5.7-trust-anchor-file.patch 632 BLAKE2B 104cd775d77bc790235912c9293a1d7a73e9499f293906f11674517a9c7b13ffd274a1c4dff6af5c57cb82d562a122c106865166203bd14ac469ecc8f552402a SHA512 fe9cb259a17452ab84df98eb8caaaa389e40e149e4de6f1245e78c350d1c6af42d1b094be6779ec19ce5ea11f86e102ae9767c8785d54cfa9746390c73e0f329
+AUX unbound-1.5.7-trust-anchor-file.patch 847 BLAKE2B ca8f093671264108c1da772e161ddf948cd27cdf4d3b6189023a6a9642ee308ab361befcab923ca61a21c4b151252f409177c8247ca683e63133284bd65efbba SHA512 bfbdd947cb3dda8d1dd009eb476fb2934fca80236e617f1596f308a063c575196e75c67b22bfbd739c06318d3227c9b2838fba0f381f8c73fdf5b7231cd1d746
+AUX unbound-1.6.3-pkg-config.patch 247 BLAKE2B af1a175a3944137fc7f4f4932182df5b278b7d88c4299e7ac5e520107fcfb5180d7e548c70b50794389d2c1406309f88e118acf9e065ab67cbb4c78fc0e4186f SHA512 06d8910ae6065c5a2bb2cc5a1935ae98688148b9c0af09622161b647775de00027ea4a22cb0d6b94f21d329c2d59ee56f67b073ee4042fbd4f78790d0c438ad7
 AUX unbound-anchor.service 263 BLAKE2B 098bdc6e06607e57980e0367496fd9a2fc02ef19611ac4474d703624c92df9c2e86f4dbb116622babcd7975b2e1353f6156d46bcc5639daabef648d670806364 SHA512 c0f8ff2df106d1f05786cf5d69b48cdf69ba2fd42645bf6b7fa2d34d6c3fdd1608fb470c4fb0216164386e8b22977292ae8932c784a6967774e3daae1b8aeb95
+AUX unbound-r1.confd 1553 BLAKE2B b3768275bd3f79f0076e9d80e9456c0829e42ba9bf815c70354e8386881147cc1afad6937ba7a2217845f70139cafd02f44150eaa5dd5d87f397a347f68078b0 SHA512 a6baf20b9911734b69784c393c8f38a0bf41c9621ab9332761ecb8b5fdcebf18be7f30a5a77bf3755aa45222b2f27f810a762436c43b03dd74e6806e04d5a90f
+AUX unbound-r1.initd 3901 BLAKE2B d8db1b5342781566f57d801d077aec20d7911a39d5a453f981b1a3400a18dfb8d10593889885bb9211d458a4165dded625bba2e7313c8d98fdb1beb585ed63d1 SHA512 ec3520094a679fee962244364d8093b471e7edd5fce434c6d307854952f2ad9d2f041ce5fd5f23ece93a856d59a966daaf5abc114b7d1f3519b930b2e8f14f62
 AUX unbound.confd 171 BLAKE2B 55e7b5379d50375ce0b6127cc63a09acea523a54cf1f4a8048534c9f26a87835dd809ee91ffa1ccc70e798079f75b303b7d1775666308b239ef94ec39551453c SHA512 e3e4c7f97c13d133724417a70e4f20dac6f1f4b5a4e2e573c410148059d9f722589249b3dd4668069d4e324abef60f5981f20b1797623f37db9c9422410dc13f
 AUX unbound.initd 1370 BLAKE2B 448e75551621df02899e4eb86a107da3dbed0510459931f749d0775c6c232ede14f359e47b6f072d71f0da60b54c024a7e02a283b47d432e020e3434b78f9534 SHA512 ee28d0fdc0abd10fbdeb3d2d01a6f06f4bfa83c78f0d64290cf187a76b31fee8f838c051ae962d90bf7c154678c3f866161564257f1834454e681775fd82fc49
 AUX unbound.service 247 BLAKE2B d986319f9b43600d4f6443f50e214efd39fd20be6a7067b55f98b82cb5d2c12c85b7db2a3c9ced0caf3db303f1ff0fd4eff511dbede3ab101e4b558681872351 SHA512 7904225d0e9fb3ea5b97521ed24f24fcc4db650cfff8523b896ddd9edfccbd61e817775ad0449acf30d02dba5f714d633b60cace6010d472f438df7c22381dfc
@@ -16,6 +19,8 @@ DIST unbound-1.6.7.tar.gz 5466931 BLAKE2B 57a051d5ac6d7fbc3d51613305651987670d0f
 DIST unbound-1.6.8.tar.gz 5467536 BLAKE2B 06caffbd905c339b3d0667382114bb3e5d5da90988402c8f488f789f9bf6ab87377e6a26aa083a7e9ba3d023f37d3eeba1e069adf8a8a266b23fb8361aeb6e26 SHA512 653d88d5dbc8cf25f7261e4a9869b6591843c7ff27b5d63f979a94505daafbbb61e05d46bedd2d01230355d5f08dd9fe14ed04c5c7340f3f27581b61ad6edfa3
 DIST unbound-1.7.0.tar.gz 5538228 BLAKE2B a825e2cbef74b3a78f9802056d6f0992f77e0d40d4d28889c98b9ffa224ec3281b6873eab59134dcca8dc56bdd17202b3817dd28ab30d0a0bb72d749426b7675 SHA512 49b07643da2a89d8ceedce1295f550f74a76f4f11c2df54df55e9c42f03bad1b133789c7b36fb3c4f37d6b331ac302ecfd1249e8ebaaa4333beda8fa250b61d9
 DIST unbound-1.7.1.tar.gz 5565938 BLAKE2B 423dde8a13ea3539d86eade96507e6cdb4ac816393e99f58b4e0dc74a79c31bae57c87924ef737a567cc338d02d672f6c059c86d2f28a634f06e5f9a339f4260 SHA512 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255
+DIST unbound-1.7.3.tar.gz 5570604 BLAKE2B 93a4e7cc0e13b3da1057ce4e4518ab2363f03bff7c820095ed30b5fccd2f4245cfade6bf68a424a090967053c7fd727f33352c9e8004bb05d907a878d69c2517 SHA512 34b2e93660e519b2eccefef26a6c7ac09fa3312384cc3bc449ff2b10743bd86bfeb36ec19d35eb913f8d0a3d91ad7923260a66fc799f28b0a2cc06741d80f27a
+DIST unbound-1.8.0.tar.gz 5609213 BLAKE2B 41e464df60e03d502f13758e75f9143658b2a496c4fad69804d9d404e23a8d4b5480cc09048197f8593e37feffdffaea33b18a06d864d0d35e986169b49f42e4 SHA512 6c46f5b86b5bd98a7b549b660173d487e59e65385cebd7bc29429b4fee69f2b490651a409c57b072b9b604fa98e289fa82eeecfea8779900038c25b28a6bd064
 EBUILD unbound-1.5.1-r2.ebuild 3427 BLAKE2B 193c35ecb00ae6303e6ab97852f79dffdf2bef64ce0b7c6e961370eb87d9506569e8aadfa6386624ce121162380b24fde713b36865b18bf228aacb3651defde8 SHA512 d3630f81fd44b40f5deb155473dc5835cc68e444be26afd0207fa734f285b566694b92dc073185cb24c9588a0ca5cb9ebf9c9268c2725c24a6c61d7ca73d1bcf
 EBUILD unbound-1.5.10.ebuild 3465 BLAKE2B 765d3f8f6a987a22195a235e515fb4fd29005a8e2b8d2eeadc9328993ba41d95655db10e1f8426b449311b08516b8dbd4abae382bf6d9b2f3608716c7f57f30c SHA512 28fb9da2c9bf08fbdd8e440c7c0f61da5ef25f7ca179b18e7c189e5c23f70dea295e1dd9b0fa289c75f5a4ee24ed9e1b3248f62fb0dc05d78068f22c00d100a7
 EBUILD unbound-1.6.3.ebuild 3689 BLAKE2B 8bdfd0f5b48ed66d7eb167e187cac4c64c3c0a044f0523662f253514717a273671fa15e6e931ec03f3ea16a6f2f727701811f41a10ecd49326a9c855f694a2d1 SHA512 15d464ec999b6c98e05d5904e52af977036c2c7ea2bf1d54cebf05f6841f8c28adda1b5d6fa9f344d12ea8417f512a1f0c0487aad62627a7761e97e71f3b018c
@@ -26,4 +31,6 @@ EBUILD unbound-1.6.8-r2.ebuild 4814 BLAKE2B 4a22ffd38aa1a4c39d603f85a2fff0adb767
 EBUILD unbound-1.6.8.ebuild 3696 BLAKE2B 2b520948c09e02bba9a1685e25a46b94280d9ef65fc69091b0a6a33b176b8538033d3347aa828e6bb66df85383d1b33f343085f52b3a1e3150e6aa1bf8808c37 SHA512 06c2a8cc24f9ef503eacfcc0a6dd19c63651163dc7b6523f75360f6902deb8f74b616d370c3f93b4633cc823a93be7dc833d8427c70c1b5530cf96a77b056ee9
 EBUILD unbound-1.7.0.ebuild 4814 BLAKE2B 4a22ffd38aa1a4c39d603f85a2fff0adb767bab5a1feea6386fb95f6f3d1dba5ed1749c99fe7f5d310fadfee95de628e077dca25c3800d1a1490ecea37341549 SHA512 8270d337d8b7241208406cd5b06320a624856aae1caa921b26d7115b77df27b93838c73ccb02ad0a5588e7bf41f82646f650c328b0c991afc9d319c77e59a303
 EBUILD unbound-1.7.1.ebuild 4814 BLAKE2B 4a22ffd38aa1a4c39d603f85a2fff0adb767bab5a1feea6386fb95f6f3d1dba5ed1749c99fe7f5d310fadfee95de628e077dca25c3800d1a1490ecea37341549 SHA512 8270d337d8b7241208406cd5b06320a624856aae1caa921b26d7115b77df27b93838c73ccb02ad0a5588e7bf41f82646f650c328b0c991afc9d319c77e59a303
-MISC metadata.xml 1008 BLAKE2B 1852e514f97f9305848144ae0f9aaf8fb49546cd9afcd873ab67dcefee0503d5047809dc8c650006ccdb236c9ba9ff02cc5ecf726d61c25e17167409f91d3fb1 SHA512 f6654d6d254a4d51a8c454c542f1fbbff16bfeaa1cb681f110b9ae99a4231cdb7c073a5d42faba71168079330f9e01781df7a5b3e1bd70d771c874a5bbe9742a
+EBUILD unbound-1.7.3-r1.ebuild 4964 BLAKE2B 29c4159dce7346ffe39c78f7cc41be8d2f5a559579eaee964fa1c3bdba44af19233b7eb3ccd3ee53e331c582d32f3df786ea417a05d294f46a9424a42010b507 SHA512 9b39243fe41302474917d775574113ba697672453f439d3d31f02aac77f70f4a4f4b6fd404ff5ddfe5f4c52786ef7fdd223fdd540b0ac695ea5e53c914d50dfc
+EBUILD unbound-1.8.0-r1.ebuild 5362 BLAKE2B 4641dd8a572599793da384249d59a4f988847ebefdec73de43fb0320c212db63d60415cbf4d0c01f192e07f1977791d7be96c1eccc4637d33794336850e661df SHA512 f2216005d1fa1e5e1c73087af818c7767f446ab72e40358b4c30c02ee400e30c0c4c1517e2430739d363f3fc78979c42394ae97538e62cae4fc1d6b15d832f45
+MISC metadata.xml 1239 BLAKE2B b23dea4347aa4eff995ff69d8e708abbc46b4d222b65d2e87734e77925d8026003df95fe503d66a96dd9dc6a73c32b69e6bb2ad9678a40c5c01b028e5247013a SHA512 6aeb057a87d2705bc9b1c42458cbe27c2b8c21f16ad338ef4421716527347c207360e154c82821ae10b32a22868d16b24601c2d115bee9e70e00a60d7fc133af
diff --git a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch
index c4c0ffa3d6d1..85879db3cf28 100644
--- a/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch
+++ b/net-dns/unbound/files/unbound-1.5.7-trust-anchor-file.patch
@@ -1,3 +1,9 @@
+To avoid below error messages like
+
+  [23109:0] error: Could not open autotrust file for writing, /etc/dnssec/root-anchors.txt: Permission denied
+
+set 'trust-anchor-file' to same value in 'auto-trust-anchor-file'.
+
 diff -ur unbound-1.5.7.orig/doc/example.conf.in unbound-1.5.7/doc/example.conf.in
 --- unbound-1.5.7.orig/doc/example.conf.in	2015-12-10 08:59:18.000000000 +0100
 +++ unbound-1.5.7/doc/example.conf.in	2016-01-05 04:08:01.666760015 +0100
diff --git a/net-dns/unbound/files/unbound-1.6.3-pkg-config.patch b/net-dns/unbound/files/unbound-1.6.3-pkg-config.patch
new file mode 100644
index 000000000000..36adac8dc112
--- /dev/null
+++ b/net-dns/unbound/files/unbound-1.6.3-pkg-config.patch
@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -95,6 +95,8 @@ AC_SUBST(LIBUNBOUND_CURRENT)
+ AC_SUBST(LIBUNBOUND_REVISION)
+ AC_SUBST(LIBUNBOUND_AGE)
+ 
++PKG_PROG_PKG_CONFIG
++
+ CFLAGS="$CFLAGS"
+ AC_AIX
+ if test "$ac_cv_header_minix_config_h" = "yes"; then
diff --git a/net-dns/unbound/files/unbound-r1.confd b/net-dns/unbound/files/unbound-r1.confd
new file mode 100644
index 000000000000..c86c65c64962
--- /dev/null
+++ b/net-dns/unbound/files/unbound-r1.confd
@@ -0,0 +1,36 @@
+# /etc/conf.d/unbound
+
+# Configuration file
+#UNBOUND_CONFFILE="/etc/unbound/unbound.conf"
+
+# PID file
+# This is a fallback value which should NOT be changed. If you ever need
+# to change PID file, please change value in configuration file instead!
+#UNBOUND_PIDFILE="/run/unbound.pid"
+
+# You can use this configuration option to pass additional options to the
+# start-stop-daemon, see start-stop-daemon(8) for more details.
+# Per default we wait 1000ms after we have started the service to ensure
+# that the daemon is really up and running.
+#UNBOUND_SSDARGS="--wait 1000"
+
+# The termination timeout (start-stop-daemon parameter "retry") ensures
+# that the service will be terminated within a given time (25 + 5 seconds
+# per default) when you are stopping the service.
+#UNBOUND_TERMTIMEOUT="TERM/25/KILL/5"
+
+# Options to unbound
+# See unbound(8) for more details
+# Notes:
+# * Do not specify another CONFIGFILE but use the variable above to change the location
+#UNBOUND_OPTS=""
+
+# If you want to preserve unbound's cache, set the following variable to
+# a non-zero value. In this case unbound's cache will be dumped to disk
+# before shutdown and loaded right after start.
+# To be able to dump and load cache you have to set up keys (use `unbound-control-setup`)
+# and need to set 'control-enable: yes' in your configuration!
+# WARNING: If you don't know what you are doing you should NOT use this
+#          feature. Loading the cache with old or wrong data can result in
+#          old or wrong data being returned to clients.
+#UNBOUND_PRESERVE_CACHE=""
diff --git a/net-dns/unbound/files/unbound-r1.initd b/net-dns/unbound/files/unbound-r1.initd
new file mode 100644
index 000000000000..54886d1f47ad
--- /dev/null
+++ b/net-dns/unbound/files/unbound-r1.initd
@@ -0,0 +1,137 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+UNBOUND_BINARY=${UNBOUND_BINARY:-"/usr/sbin/unbound"}
+UNBOUND_CACHEFILE=${UNBOUND_CACHEFILE:-"/var/lib/unbound/${SVCNAME}.cache"}
+UNBOUND_CHECKCONF=${UNBOUND_CHECKCONF:-"/usr/sbin/unbound-checkconf"}
+UNBOUND_CONFFILE=${UNBOUND_CONFFILE:-"/etc/unbound/${SVCNAME}.conf"}
+UNBOUND_CONTROL=${UNBOUND_CONTROL:-"/usr/sbin/unbound-control"}
+UNBOUND_PIDFILE=${UNBOUND_PIDFILE:-"/run/unbound.pid"}
+UNBOUND_SSDARGS=${UNBOUND_SSDARGS:-"--wait 1000"}
+UNBOUND_TERMTIMEOUT=${UNBOUND_TERMTIMEOUT:-"TERM/25/KILL/5"}
+UNBOUND_OPTS=${UNBOUND_OPTS:-""}
+UNBOUND_LOAD_CACHE_TIMEOUT=${UNBOUND_LOAD_CACHE_TIMEOUT:-"30"}
+
+getconfig() {
+	local key="$1"
+	local value_default="$2"
+	local value=
+
+	if service_started ; then
+		value="$(service_get_value "${key}")"
+	fi
+
+	if [ -z "${value}" ] && [ -n "${UNBOUND_CONFFILE}" ] && [ -r "${UNBOUND_CONFFILE}" ] ; then
+		value=$("${UNBOUND_CHECKCONF}" -o ${key} "${UNBOUND_CONFFILE}")
+	fi
+
+	if [ -z "${value}" ] ; then
+		# Value not explicitly set in the configfile or configfile does not exist
+		# or is not readable
+		echo "${value_default}"
+	else
+		echo "${value}"
+	fi
+
+	return 0
+}
+
+command=${UNBOUND_BINARY}
+command_args="${UNBOUND_OPTS} -c \"${UNBOUND_CONFFILE}\""
+start_stop_daemon_args="${UNBOUND_SSDARGS}"
+pidfile="$(getconfig pidfile /run/unbound.pid)"
+retry="${UNBOUND_TERMTIMEOUT}"
+
+required_files="${UNBOUND_CONFFILE}"
+
+name="unbound daemon"
+extra_commands="configtest"
+extra_started_commands="reload save_cache"
+description="unbound is a Domain Name Server (DNS) that is used to resolve host names to IP address."
+description_configtest="Run syntax tests for configuration files only."
+description_reload="Kills all children and reloads the configuration."
+description_save_cache="Saves the current cache to disk."
+
+depend() {
+	use net logger
+	provide dns
+	after auth-dns
+}
+
+configtest() {
+	local _config_status=
+
+	ebegin "Checking ${SVCNAME} configuration"
+	"${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}" 1>/dev/null 2>&1
+	_config_status=$?
+
+	if [ ${_config_status} -ne 0 ] ; then
+		# Run command again but this time we will show the output
+		# Ugly, but ...
+		"${UNBOUND_CHECKCONF}" "${UNBOUND_CONFFILE}"
+	else
+		if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then
+			local _is_control_enabled=$(getconfig control-enable no)
+			if [ "${_is_control_enabled}" != "yes" ] ; then
+				eerror "Cannot preserve cache: control-enable is 'no' in the config file!"
+				_config_status=2
+			fi
+		fi
+	fi
+
+	eend ${_config_status} "failed, please correct errors above"
+}
+
+save_cache() {
+	if [ "${RC_CMD}" != "restart" ] ; then
+		UNBOUND_PRESERVE_CACHE=1 configtest || return 1
+	fi
+
+	ebegin "Saving cache to '${UNBOUND_CACHEFILE}'"
+	${UNBOUND_CONTROL} -c "${UNBOUND_CONFFILE}" dump_cache > "${UNBOUND_CACHEFILE}"
+	eend $?
+}
+
+start_pre() {
+	if [ "${RC_CMD}" != "restart" ] ; then
+		configtest || return 1
+	fi
+}
+
+start_post() {
+	if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then
+		if [ -s "${UNBOUND_CACHEFILE}" ] ; then
+			ebegin "Loading cache from '${UNBOUND_CACHEFILE}'"
+			# Loading cache can fail which would block this runscript.
+			# Using `timeout` from coreutils will be our safeguard ...
+			timeout -k 5 ${UNBOUND_LOAD_CACHE_TIMEOUT} ${UNBOUND_CONTROL} -q -c "${UNBOUND_CONFFILE}" load_cache < "${UNBOUND_CACHEFILE}"
+			eend $?
+		else
+			ewarn "Loading cache from '${UNBOUND_CACHEFILE}' skipped: File does not exists or is empty!"
+		fi
+	fi
+
+	# It is not a fatal error if preserved cache could not be loaded
+	return 0
+}
+
+stop_pre() {
+	if [ "${RC_CMD}" = "restart" ] ; then
+		configtest || return 1
+	fi
+
+	if [ -n "${UNBOUND_PRESERVE_CACHE}" ] ; then
+		save_cache
+	fi
+
+	# It is not a fatal error if cache cannot be preserved
+	return 0
+}
+
+reload() {
+	configtest || return 1
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile "${pidfile}"
+	eend $?
+}
diff --git a/net-dns/unbound/metadata.xml b/net-dns/unbound/metadata.xml
index 12f7df40fa28..322609af4ff1 100644
--- a/net-dns/unbound/metadata.xml
+++ b/net-dns/unbound/metadata.xml
@@ -16,10 +16,15 @@
   DNSSEC (secure DNS) validation and stub-resolvers (that do not run
   as a server, but are linked into an application) are easily possible.
   </longdescription>
+  <slots>
+    <subslots>Reflect ABI of libunbound.so.</subslots>
+  </slots>
   <use>
     <flag name="dnscrypt">Enable DNSCrypt support</flag>
     <flag name="dnstap">Enable dnstap support</flag>
     <flag name="ecdsa">Enable ECDSA support</flag>
+    <flag name="ecs">Enable EDNS client subnet support</flag>
     <flag name="gost">Enable GOST support</flag>
+    <flag name="redis">Enable cache db backend which uses <pkg>dev-libs/hiredis</pkg></flag>
   </use>
 </pkgmetadata>
diff --git a/net-dns/unbound/unbound-1.7.3-r1.ebuild b/net-dns/unbound/unbound-1.7.3-r1.ebuild
new file mode 100644
index 000000000000..ee301c92356f
--- /dev/null
+++ b/net-dns/unbound/unbound-1.7.3-r1.ebuild
@@ -0,0 +1,169 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+PYTHON_COMPAT=( python2_7 )
+
+inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user
+
+MY_P=${PN}-${PV/_/}
+DESCRIPTION="A validating, recursive and caching DNS resolver"
+HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/"
+SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0/7" # ABI version of libunbound.so
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
+IUSE="debug dnscrypt dnstap +ecdsa gost libressl python selinux static-libs systemd test threads"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# Note: expat is needed by executable only but the Makefile is custom
+# and doesn't make it possible to easily install the library without
+# the executables. MULTILIB_USEDEP may be dropped once build system
+# is fixed.
+
+CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
+	>=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}]
+	libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] )
+	!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
+	dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] )
+	dnstap? (
+		dev-libs/fstrm[${MULTILIB_USEDEP}]
+		>=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}]
+	)
+	ecdsa? (
+		!libressl? ( dev-libs/openssl:0[-bindist] )
+	)
+	python? ( ${PYTHON_DEPS} )"
+
+BDEPEND="virtual/pkgconfig"
+
+DEPEND="${CDEPEND}
+	python? ( dev-lang/swig )
+	test? (
+		net-dns/ldns-utils[examples]
+		dev-util/splint
+		app-text/wdiff
+	)
+	systemd? ( sys-apps/systemd )"
+
+RDEPEND="${CDEPEND}
+	net-dns/dnssec-root
+	selinux? ( sec-policy/selinux-bind )"
+
+# bug #347415
+RDEPEND="${RDEPEND}
+	net-dns/dnssec-root"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch
+	"${FILESDIR}"/${PN}-1.6.3-pkg-config.patch
+)
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	enewgroup unbound
+	enewuser unbound -1 -1 /etc/unbound unbound
+	# improve security on existing installs (bug #641042)
+	# as well as new installs where unbound homedir has just been created
+	if [[ -d "${ROOT}/etc/unbound" ]]; then
+		chown --no-dereference --from=unbound root "${ROOT}/etc/unbound"
+	fi
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+
+	# required for the python part
+	multilib_copy_sources
+}
+
+src_configure() {
+	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable gost) \
+		$(use_enable dnscrypt) \
+		$(use_enable dnstap) \
+		$(use_enable ecdsa) \
+		$(use_enable static-libs static) \
+		$(use_enable systemd) \
+		$(multilib_native_use_with python pythonmodule) \
+		$(multilib_native_use_with python pyunbound) \
+		$(use_with threads pthreads) \
+		--disable-flto \
+		--disable-rpath \
+		--with-libevent="${EPREFIX%/}"/usr \
+		--with-pidfile="${EPREFIX%/}"/run/unbound.pid \
+		--with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \
+		--with-ssl="${EPREFIX%/}"/usr \
+		--with-libexpat="${EPREFIX%/}"/usr
+
+		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
+		# $(use_enable debug lock-checks) \
+		# $(use_enable debug alloc-checks) \
+		# $(use_enable debug alloc-lite) \
+		# $(use_enable debug alloc-nonregional) \
+}
+
+multilib_src_install_all() {
+	use python && python_optimize
+
+	newinitd "${FILESDIR}"/unbound-r1.initd unbound
+	newconfd "${FILESDIR}"/unbound-r1.confd unbound
+
+	systemd_dounit "${FILESDIR}"/unbound.service
+	systemd_dounit "${FILESDIR}"/unbound.socket
+	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"
+	systemd_dounit "${FILESDIR}"/unbound-anchor.service
+
+	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
+
+	# bug #315519
+	dodoc contrib/unbound_munin_
+
+	docinto selinux
+	dodoc contrib/selinux/*
+
+	exeinto /usr/share/${PN}
+	doexe contrib/update-anchor.sh
+
+	# create space for auto-trust-anchor-file...
+	keepdir /etc/unbound/var
+	# ... and point example config to it
+	sed -i \
+		-e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \
+		"${ED%/}/etc/unbound/unbound.conf" || \
+		die
+
+	find "${ED}" -name '*.la' -delete || die
+	if ! use static-libs ; then
+		find "${ED}" -name "*.a" -delete || die
+	fi
+}
+
+pkg_postinst() {
+	# make var/ writable by unbound
+	if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then
+		chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var"
+	fi
+
+	einfo ""
+	einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"
+	einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf"
+	einfo "and run"
+	einfo ""
+	einfo "  su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound"
+	einfo ""
+	einfo "as root to create it initially before starting unbound for the first time after enabling this."
+	einfo ""
+}
diff --git a/net-dns/unbound/unbound-1.8.0-r1.ebuild b/net-dns/unbound/unbound-1.8.0-r1.ebuild
new file mode 100644
index 000000000000..f294360a6d44
--- /dev/null
+++ b/net-dns/unbound/unbound-1.8.0-r1.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+PYTHON_COMPAT=( python2_7 )
+
+inherit autotools flag-o-matic multilib-minimal python-single-r1 systemd user
+
+MY_P=${PN}-${PV/_/}
+DESCRIPTION="A validating, recursive and caching DNS resolver"
+HOMEPAGE="https://unbound.net/ https://nlnetlabs.nl/projects/unbound/about/"
+SRC_URI="https://nlnetlabs.nl/downloads/unbound/${MY_P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0/8" # ABI version of libunbound.so
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
+IUSE="debug dnscrypt dnstap +ecdsa ecs gost libressl python redis selinux static-libs systemd test threads"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# Note: expat is needed by executable only but the Makefile is custom
+# and doesn't make it possible to easily install the library without
+# the executables. MULTILIB_USEDEP may be dropped once build system
+# is fixed.
+
+CDEPEND=">=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}]
+	>=dev-libs/libevent-2.0.21:0=[${MULTILIB_USEDEP}]
+	libressl? ( >=dev-libs/libressl-2.2.4:0[${MULTILIB_USEDEP}] )
+	!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0[${MULTILIB_USEDEP}] )
+	dnscrypt? ( dev-libs/libsodium[${MULTILIB_USEDEP}] )
+	dnstap? (
+		dev-libs/fstrm[${MULTILIB_USEDEP}]
+		>=dev-libs/protobuf-c-1.0.2-r1[${MULTILIB_USEDEP}]
+	)
+	ecdsa? (
+		!libressl? ( dev-libs/openssl:0[-bindist] )
+	)
+	python? ( ${PYTHON_DEPS} )
+	redis? ( dev-libs/hiredis:= )"
+
+BDEPEND="virtual/pkgconfig"
+
+DEPEND="${CDEPEND}
+	python? ( dev-lang/swig )
+	test? (
+		net-dns/ldns-utils[examples]
+		dev-util/splint
+		app-text/wdiff
+	)
+	systemd? ( sys-apps/systemd )"
+
+RDEPEND="${CDEPEND}
+	net-dns/dnssec-root
+	selinux? ( sec-policy/selinux-bind )"
+
+# bug #347415
+RDEPEND="${RDEPEND}
+	net-dns/dnssec-root"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.5.7-trust-anchor-file.patch
+	"${FILESDIR}"/${PN}-1.6.3-pkg-config.patch
+)
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	enewgroup unbound
+	enewuser unbound -1 -1 /etc/unbound unbound
+	# improve security on existing installs (bug #641042)
+	# as well as new installs where unbound homedir has just been created
+	if [[ -d "${ROOT}/etc/unbound" ]]; then
+		chown --no-dereference --from=unbound root "${ROOT}/etc/unbound"
+	fi
+
+	use python && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+
+	# required for the python part
+	multilib_copy_sources
+}
+
+src_configure() {
+	[[ ${CHOST} == *-darwin* ]] || append-ldflags -Wl,-z,noexecstack
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable gost) \
+		$(use_enable dnscrypt) \
+		$(use_enable dnstap) \
+		$(use_enable ecdsa) \
+		$(use_enable ecs subnet) \
+		$(multilib_native_use_enable redis cachedb) \
+		$(use_enable static-libs static) \
+		$(use_enable systemd) \
+		$(multilib_native_use_with python pythonmodule) \
+		$(multilib_native_use_with python pyunbound) \
+		$(use_with threads pthreads) \
+		--disable-flto \
+		--disable-rpath \
+		--enable-ipsecmod \
+		--enable-tfo-client \
+		--enable-tfo-server \
+		--with-libevent="${EPREFIX%/}"/usr \
+		$(multilib_native_usex redis --with-libhiredis="${EPREFIX%/}/usr" --without-libhiredis) \
+		--with-pidfile="${EPREFIX%/}"/run/unbound.pid \
+		--with-rootkey-file="${EPREFIX%/}"/etc/dnssec/root-anchors.txt \
+		--with-ssl="${EPREFIX%/}"/usr \
+		--with-libexpat="${EPREFIX%/}"/usr
+
+		# http://unbound.nlnetlabs.nl/pipermail/unbound-users/2011-April/001801.html
+		# $(use_enable debug lock-checks) \
+		# $(use_enable debug alloc-checks) \
+		# $(use_enable debug alloc-lite) \
+		# $(use_enable debug alloc-nonregional) \
+}
+
+multilib_src_install_all() {
+	use python && python_optimize
+
+	newinitd "${FILESDIR}"/unbound-r1.initd unbound
+	newconfd "${FILESDIR}"/unbound-r1.confd unbound
+
+	systemd_dounit "${FILESDIR}"/unbound.service
+	systemd_dounit "${FILESDIR}"/unbound.socket
+	systemd_newunit "${FILESDIR}"/unbound_at.service "unbound@.service"
+	systemd_dounit "${FILESDIR}"/unbound-anchor.service
+
+	dodoc doc/{README,CREDITS,TODO,Changelog,FEATURES}
+
+	# bug #315519
+	dodoc contrib/unbound_munin_
+
+	docinto selinux
+	dodoc contrib/selinux/*
+
+	exeinto /usr/share/${PN}
+	doexe contrib/update-anchor.sh
+
+	# create space for auto-trust-anchor-file...
+	keepdir /etc/unbound/var
+	# ... and point example config to it
+	sed -i \
+		-e '/# auto-trust-anchor-file:/s,/etc/dnssec/root-anchors.txt,/etc/unbound/var/root-anchors.txt,' \
+		"${ED%/}/etc/unbound/unbound.conf" || \
+		die
+
+	# Used to store cache data
+	keepdir /var/lib/${PN}
+	fowners root:unbound /var/lib/${PN}
+	fperms 0750 /var/lib/${PN}
+
+	find "${ED}" -name '*.la' -delete || die
+	if ! use static-libs ; then
+		find "${ED}" -name "*.a" -delete || die
+	fi
+}
+
+pkg_postinst() {
+	# make var/ writable by unbound
+	if [[ -d "${EROOT%/}/etc/unbound/var" ]]; then
+		chown --no-dereference --from=root unbound: "${EROOT%/}/etc/unbound/var"
+	fi
+
+	einfo ""
+	einfo "If you want unbound to automatically update the root-anchor file for DNSSEC validation"
+	einfo "set 'auto-trust-anchor-file: ${EROOT%/}/etc/unbound/var/root-anchors.txt' in ${EROOT%/}/etc/unbound/unbound.conf"
+	einfo "and run"
+	einfo ""
+	einfo "  su -s /bin/sh -c '${EROOT%/}/usr/sbin/unbound-anchor -a ${EROOT%/}/etc/unbound/var/root-anchors.txt' unbound"
+	einfo ""
+	einfo "as root to create it initially before starting unbound for the first time after enabling this."
+	einfo ""
+}
-- 
cgit v1.2.3