Generate unbound-control-setup.sh at build time so it respects prefix
and sysconfdir from the configure script.

Also fix the umask to match the comment, and the comment to match the
umask.

Index: smallapp/unbound-control-setup.sh.in
===================================================================
--- smallapp/unbound-control-setup.sh.in	(.../vendor/unbound/dist)	(revision 0)
+++ smallapp/unbound-control-setup.sh.in	(.../head/contrib/unbound)	(revision 266777)
@@ -0,0 +1,163 @@
+#!/bin/sh
+#
+# unbound-control-setup.sh - set up SSL certificates for unbound-control
+#
+# Copyright (c) 2008, NLnet Labs. All rights reserved.
+#
+# This software is open source.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 
+# Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+# 
+# Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+# 
+# Neither the name of the NLNET LABS nor the names of its contributors may
+# be used to endorse or promote products derived from this software without
+# specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# settings:
+
+# directory for files
+prefix=@prefix@
+DESTDIR=@sysconfdir@/unbound
+
+# issuer and subject name for certificates
+SERVERNAME=unbound
+CLIENTNAME=unbound-control
+
+# validity period for certificates
+DAYS=7200
+
+# size of keys in bits
+BITS=1536
+
+# hash algorithm
+HASH=sha256
+
+# base name for unbound server keys
+SVR_BASE=unbound_server
+
+# base name for unbound-control keys
+CTL_BASE=unbound_control
+
+# we want -rw-r----- access (say you run this as root: grp=yes (server), all=no).
+umask 0027
+
+# end of options
+
+# functions:
+error ( ) {
+	echo "$0 fatal error: $1"
+	exit 1
+}
+
+# check arguments:
+while test $# -ne 0; do
+	case $1 in
+	-d)
+	if test $# -eq 1; then error "need argument for -d"; fi
+	DESTDIR="$2"
+	shift
+	;;
+	*)
+	echo "unbound-control-setup.sh - setup SSL keys for unbound-control"
+	echo "	-d dir	use directory to store keys and certificates."
+	echo "		default: $DESTDIR"
+	echo "please run this command using the same user id that the "
+	echo "unbound daemon uses, it needs read privileges."
+	exit 1
+	;;
+	esac
+	shift
+done
+
+# go!:
+echo "setup in directory $DESTDIR"
+cd "$DESTDIR" || error "could not cd to $DESTDIR"
+
+# create certificate keys; do not recreate if they already exist.
+if test -f $SVR_BASE.key; then
+	echo "$SVR_BASE.key exists"
+else
+	echo "generating $SVR_BASE.key"
+	openssl genrsa -out $SVR_BASE.key $BITS || error "could not genrsa"
+fi
+if test -f $CTL_BASE.key; then
+	echo "$CTL_BASE.key exists"
+else
+	echo "generating $CTL_BASE.key"
+	openssl genrsa -out $CTL_BASE.key $BITS || error "could not genrsa"
+fi
+
+# create self-signed cert for server
+cat >request.cfg <<EOF
+[req]
+default_bits=$BITS
+default_md=$HASH
+prompt=no
+distinguished_name=req_distinguished_name
+
+[req_distinguished_name]
+commonName=$SERVERNAME
+EOF
+test -f request.cfg || error "could not create request.cfg"
+
+echo "create $SVR_BASE.pem (self signed certificate)"
+openssl req -key $SVR_BASE.key -config request.cfg  -new -x509 -days $DAYS -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem"
+# create trusted usage pem
+openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem"
+
+# create client request and sign it, piped
+cat >request.cfg <<EOF
+[req]
+default_bits=$BITS
+default_md=$HASH
+prompt=no
+distinguished_name=req_distinguished_name
+
+[req_distinguished_name]
+commonName=$CLIENTNAME
+EOF
+test -f request.cfg || error "could not create request.cfg"
+
+echo "create $CTL_BASE.pem (signed client certificate)"
+openssl req -key $CTL_BASE.key -config request.cfg -new | openssl x509 -req -days $DAYS -CA $SVR_BASE"_trust.pem" -CAkey $SVR_BASE.key -CAcreateserial -$HASH -out $CTL_BASE.pem
+test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem"
+# create trusted usage pem
+# openssl x509 -in $CTL_BASE.pem -addtrust clientAuth -out $CTL_BASE"_trust.pem"
+
+# see details with openssl x509 -noout -text < $SVR_BASE.pem
+# echo "create $CTL_BASE""_browser.pfx (web client certificate)"
+# echo "create webbrowser PKCS#12 .PFX certificate file. In Firefox import in:"
+# echo "preferences - advanced - encryption - view certificates - your certs"
+# echo "empty password is used, simply click OK on the password dialog box."
+# openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" || error "could not create browser certificate"
+
+# remove unused permissions
+chmod o-rw $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
+
+# remove crap
+rm -f request.cfg
+rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl"
+
+echo "Setup success. Certificates created. Enable in unbound.conf file to use"
+
+exit 0

Index: smallapp/unbound-control-setup.sh
===================================================================
--- smallapp/unbound-control-setup.sh	(.../vendor/unbound/dist)	(revision 266777)
+++ smallapp/unbound-control-setup.sh	(.../head/contrib/unbound)	(revision 266777)
@@ -36,7 +36,8 @@
 # settings:
 
 # directory for files
-DESTDIR=/usr/local/etc/unbound
+prefix=
+DESTDIR=${prefix}/etc/unbound
 
 # issuer and subject name for certificates
 SERVERNAME=unbound
@@ -57,8 +58,8 @@
 # base name for unbound-control keys
 CTL_BASE=unbound_control
 
-# we want -rw-r--- access (say you run this as root: grp=yes (server), all=no).
-umask 0026
+# we want -rw-r----- access (say you run this as root: grp=yes (server), all=no).
+umask 0027
 
 # end of options
 


Add const and static where needed.
Use unions instead of playing pointer poker.

Index: smallapp/unbound-anchor.c
===================================================================
--- smallapp/unbound-anchor.c	(.../vendor/unbound/dist)	(revision 266777)
+++ smallapp/unbound-anchor.c	(.../head/contrib/unbound)	(revision 266777)
@@ -244,7 +244,7 @@
 
 /** print hex data */
 static void
-print_data(char* msg, char* data, int len)
+print_data(const char* msg, const char* data, int len)
 {
 	int i;
 	printf("%s: ", msg);
@@ -268,8 +268,8 @@
  * Create a new unbound context with the commandline settings applied
  */
 static struct ub_ctx* 
-create_unbound_context(char* res_conf, char* root_hints, char* debugconf,
-        int ip4only, int ip6only)
+create_unbound_context(const char* res_conf, const char* root_hints,
+	const char* debugconf, int ip4only, int ip6only)
 {
 	int r;
 	struct ub_ctx* ctx = ub_ctx_create();
@@ -306,7 +306,7 @@
 
 /** printout certificate in detail */
 static void
-verb_cert(char* msg, X509* x)
+verb_cert(const char* msg, X509* x)
 {
 	if(verb == 0 || verb == 1) return;
 	if(verb == 2) {
@@ -322,7 +322,7 @@
 
 /** printout certificates in detail */
 static void
-verb_certs(char* msg, STACK_OF(X509)* sk)
+verb_certs(const char* msg, STACK_OF(X509)* sk)
 {
 	int i, num = sk_X509_num(sk);
 	if(verb == 0 || verb == 1) return;
@@ -360,7 +360,7 @@
 
 /* read the certificate file */
 static STACK_OF(X509)*
-read_cert_file(char* file)
+read_cert_file(const char* file)
 {
 	STACK_OF(X509)* sk;
 	FILE* in;
@@ -435,7 +435,7 @@
 
 /** read update cert file or use builtin */
 static STACK_OF(X509)*
-read_cert_or_builtin(char* file)
+read_cert_or_builtin(const char* file)
 {
 	STACK_OF(X509) *sk = read_cert_file(file);
 	if(!sk) {
@@ -459,7 +459,7 @@
 
 /** printout IP address with message */
 static void
-verb_addr(char* msg, struct ip_list* ip)
+verb_addr(const char* msg, struct ip_list* ip)
 {
 	if(verb) {
 		char out[100];
@@ -526,7 +526,7 @@
 
 /** Resolve name, type, class and add addresses to iplist */
 static void
-resolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl,
+resolve_host_ip(struct ub_ctx* ctx, const char* host, int port, int tp, int cl,
 	struct ip_list** head)
 {
 	struct ub_result* res = NULL;
@@ -561,29 +561,27 @@
 
 /** parse a text IP address into a sockaddr */
 static struct ip_list*
-parse_ip_addr(char* str, int port)
+parse_ip_addr(const char* str, int port)
 {
 	socklen_t len = 0;
-	struct sockaddr_storage* addr = NULL;
-	struct sockaddr_in6 a6;
-	struct sockaddr_in a;
+	union {
+		struct sockaddr_in6 a6;
+		struct sockaddr_in a;
+	} addr;
 	struct ip_list* ip;
 	uint16_t p = (uint16_t)port;
-	memset(&a6, 0, sizeof(a6));
-	memset(&a, 0, sizeof(a));
+	memset(&addr, 0, sizeof(addr));
 
-	if(inet_pton(AF_INET6, str, &a6.sin6_addr) > 0) {
+	if(inet_pton(AF_INET6, str, &addr.a6.sin6_addr) > 0) {
 		/* it is an IPv6 */
-		a6.sin6_family = AF_INET6;
-		a6.sin6_port = (in_port_t)htons(p);
-		addr = (struct sockaddr_storage*)&a6;
-		len = (socklen_t)sizeof(struct sockaddr_in6);
+		addr.a6.sin6_family = AF_INET6;
+		addr.a6.sin6_port = (in_port_t)htons(p);
+		len = (socklen_t)sizeof(addr.a6);
 	}
-	if(inet_pton(AF_INET, str, &a.sin_addr) > 0) {
+	if(inet_pton(AF_INET, str, &addr.a.sin_addr) > 0) {
 		/* it is an IPv4 */
-		a.sin_family = AF_INET;
-		a.sin_port = (in_port_t)htons(p);
-		addr = (struct sockaddr_storage*)&a;
+		addr.a.sin_family = AF_INET;
+		addr.a.sin_port = (in_port_t)htons(p);
 		len = (socklen_t)sizeof(struct sockaddr_in);
 	}
 	if(!len) return NULL;
@@ -593,7 +591,7 @@
 		exit(0);
 	}
 	ip->len = len;
-	memmove(&ip->addr, addr, len);
+	memmove(&ip->addr, &addr, len);
 	if(verb) printf("server address is %s\n", str);
 	return ip;
 }
@@ -613,8 +611,8 @@
  * @return list of IP addresses.
  */
 static struct ip_list*
-resolve_name(char* host, int port, char* res_conf, char* root_hints,
-	char* debugconf, int ip4only, int ip6only)
+resolve_name(const char* host, int port, const char* res_conf,
+	const char* root_hints, const char* debugconf, int ip4only, int ip6only)
 {
 	struct ub_ctx* ctx;
 	struct ip_list* list = NULL;
@@ -810,7 +808,7 @@
 
 /** write a line over SSL */
 static int
-write_ssl_line(SSL* ssl, char* str, char* sec)
+write_ssl_line(SSL* ssl, const char* str, const char* sec)
 {
 	char buf[1024];
 	size_t l;
@@ -1029,7 +1027,7 @@
 
 /** start HTTP1.1 transaction on SSL */
 static int
-write_http_get(SSL* ssl, char* pathname, char* urlname)
+write_http_get(SSL* ssl, const char* pathname, const char* urlname)
 {
 	if(write_ssl_line(ssl, "GET /%s HTTP/1.1", pathname) &&
 	   write_ssl_line(ssl, "Host: %s", urlname) &&
@@ -1100,7 +1098,7 @@
 
 /** https to an IP addr, return BIO with pathname or NULL */
 static BIO*
-https_to_ip(struct ip_list* ip, char* pathname, char* urlname)
+https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname)
 {
 	int fd;
 	SSL* ssl;
@@ -1140,7 +1138,7 @@
  * @return a memory BIO with the file in it.
  */
 static BIO*
-https(struct ip_list* ip_list, char* pathname, char* urlname)
+https(struct ip_list* ip_list, const char* pathname, const char* urlname)
 {
 	struct ip_list* ip;
 	BIO* bio = NULL;
@@ -1222,7 +1220,7 @@
  * 	NOT zero terminated.
  * @param len: length of this part of the data.
  */
-void
+static void
 xml_charhandle(void *userData, const XML_Char *s, int len)
 {
 	struct xml_data* data = (struct xml_data*)userData;
@@ -1265,7 +1263,7 @@
  * @return the value or NULL. (ptr into atts).
  */
 static const XML_Char*
-find_att(const XML_Char **atts, XML_Char* name)
+find_att(const XML_Char **atts, const XML_Char* name)
 {
 	int i;
 	for(i=0; atts[i]; i+=2) {
@@ -1379,7 +1377,7 @@
 
 /** See if XML element equals the zone name */
 static int
-xml_is_zone_name(BIO* zone, char* name)
+xml_is_zone_name(BIO* zone, const char* name)
 {
 	char buf[1024];
 	char* z = NULL;
@@ -1611,8 +1609,6 @@
 	XML_ParserFree(parser);
 
 	if(verb >= 4) {
-		char* pp = NULL;
-		int len;
 		(void)BIO_seek(data.ds, 0);
 		len = BIO_get_mem_data(data.ds, &pp);
 		printf("got DS bio %d: '", len);
@@ -1655,7 +1651,7 @@
 
 /** get valid signers from the list of signers in the signature */
 static STACK_OF(X509)*
-get_valid_signers(PKCS7* p7, char* p7signer)
+get_valid_signers(PKCS7* p7, const char* p7signer)
 {
 	int i;
 	STACK_OF(X509)* validsigners = sk_X509_new_null();
@@ -1738,7 +1734,7 @@
 
 /** verify a PKCS7 signature, false on failure */
 static int
-verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, char* p7signer)
+verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, const char* p7signer)
 {
 	PKCS7* p7;
 	X509_STORE *store = X509_STORE_new();
@@ -1816,7 +1812,7 @@
 
 /** write unsigned root anchor file, a 5011 revoked tp */
 static void
-write_unsigned_root(char* root_anchor_file)
+write_unsigned_root(const char* root_anchor_file)
 {
 	FILE* out;
 	time_t now = time(NULL);
@@ -1842,7 +1838,7 @@
 
 /** write root anchor file */
 static void
-write_root_anchor(char* root_anchor_file, BIO* ds)
+write_root_anchor(const char* root_anchor_file, BIO* ds)
 {
 	char* pp = NULL;
 	int len;
@@ -1868,8 +1864,8 @@
 
 /** Perform the verification and update of the trustanchor file */
 static void
-verify_and_update_anchor(char* root_anchor_file, BIO* xml, BIO* p7s,
-	STACK_OF(X509)* cert, char* p7signer)
+verify_and_update_anchor(const char* root_anchor_file, BIO* xml, BIO* p7s,
+	STACK_OF(X509)* cert, const char* p7signer)
 {
 	BIO* ds;
 
@@ -1897,10 +1893,11 @@
 
 /** perform actual certupdate work */
 static int
-do_certupdate(char* root_anchor_file, char* root_cert_file,
-	char* urlname, char* xmlname, char* p7sname, char* p7signer,
-	char* res_conf, char* root_hints, char* debugconf,
-	int ip4only, int ip6only, int port, struct ub_result* dnskey)
+do_certupdate(const char* root_anchor_file, const char* root_cert_file,
+	const char* urlname, const char* xmlname, const char* p7sname,
+	const char* p7signer, const char* res_conf, const char* root_hints,
+	const char* debugconf, int ip4only, int ip6only, int port,
+	struct ub_result* dnskey)
 {
 	STACK_OF(X509)* cert;
 	BIO *xml, *p7s;
@@ -1954,7 +1951,7 @@
  * 	2 if it is OK.
  */
 static int
-try_read_anchor(char* file)
+try_read_anchor(const char* file)
 {
 	int empty = 1;
 	char line[10240];
@@ -1998,7 +1995,7 @@
 
 /** Write the builtin root anchor to a file */
 static void
-write_builtin_anchor(char* file)
+write_builtin_anchor(const char* file)
 {
 	const char* builtin_root_anchor = get_builtin_ds();
 	FILE* out = fopen(file, "w");
@@ -2024,7 +2021,7 @@
  * @return 0 if trustpoint is insecure, 1 on success.  Exit on failure.
  */
 static int
-provide_builtin(char* root_anchor_file, int* used_builtin)
+provide_builtin(const char* root_anchor_file, int* used_builtin)
 {
 	/* try to read it */
 	switch(try_read_anchor(root_anchor_file))
@@ -2046,7 +2043,7 @@
  * add an autotrust anchor for the root to the context
  */
 static void
-add_5011_probe_root(struct ub_ctx* ctx, char* root_anchor_file)
+add_5011_probe_root(struct ub_ctx* ctx, const char* root_anchor_file)
 {
 	int r;
 	r = ub_ctx_set_option(ctx, "auto-trust-anchor-file:", root_anchor_file);
@@ -2083,7 +2080,7 @@
 
 /** see if ADDPEND keys exist in autotrust file (if possible) */
 static int
-read_if_pending_keys(char* file)
+read_if_pending_keys(const char* file)
 {
 	FILE* in = fopen(file, "r");
 	char line[8192];
@@ -2105,7 +2102,7 @@
 
 /** read last successful probe time from autotrust file (if possible) */
 static int32_t
-read_last_success_time(char* file)
+read_last_success_time(const char* file)
 {
 	FILE* in = fopen(file, "r");
 	char line[1024];
@@ -2142,7 +2139,7 @@
  * @return true if certupdate is ok.
  */
 static int
-probe_date_allows_certupdate(char* root_anchor_file)
+probe_date_allows_certupdate(const char* root_anchor_file)
 {
 	int has_pending_keys = read_if_pending_keys(root_anchor_file);
 	int32_t last_success = read_last_success_time(root_anchor_file);
@@ -2180,10 +2177,10 @@
 
 /** perform the unbound-anchor work */
 static int
-do_root_update_work(char* root_anchor_file, char* root_cert_file,
-	char* urlname, char* xmlname, char* p7sname, char* p7signer,
-	char* res_conf, char* root_hints, char* debugconf,
-	int ip4only, int ip6only, int force, int port)
+do_root_update_work(const char* root_anchor_file, const char* root_cert_file,
+	const char* urlname, const char* xmlname, const char* p7sname,
+	const char* p7signer, const char* res_conf, const char* root_hints,
+	const char* debugconf, int ip4only, int ip6only, int force, int port)
 {
 	struct ub_ctx* ctx;
 	struct ub_result* dnskey;
@@ -2233,15 +2230,15 @@
 int main(int argc, char* argv[])
 {
 	int c;
-	char* root_anchor_file = ROOT_ANCHOR_FILE;
-	char* root_cert_file = ROOT_CERT_FILE;
-	char* urlname = URLNAME;
-	char* xmlname = XMLNAME;
-	char* p7sname = P7SNAME;
-	char* p7signer = P7SIGNER;
-	char* res_conf = NULL;
-	char* root_hints = NULL;
-	char* debugconf = NULL;
+	const char* root_anchor_file = ROOT_ANCHOR_FILE;
+	const char* root_cert_file = ROOT_CERT_FILE;
+	const char* urlname = URLNAME;
+	const char* xmlname = XMLNAME;
+	const char* p7sname = P7SNAME;
+	const char* p7signer = P7SIGNER;
+	const char* res_conf = NULL;
+	const char* root_hints = NULL;
+	const char* debugconf = NULL;
 	int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT;
 	/* parse the options */
 	while( (c=getopt(argc, argv, "46C:FP:a:c:f:hln:r:s:u:vx:")) != -1) {
Index: daemon/remote.c
===================================================================
--- daemon/remote.c	(.../vendor/unbound/dist)	(revision 266777)
+++ daemon/remote.c	(.../head/contrib/unbound)	(revision 266777)
@@ -651,7 +651,7 @@
 
 /** print long number */
 static int
-print_longnum(SSL* ssl, char* desc, size_t x)
+print_longnum(SSL* ssl, const char* desc, size_t x)
 {
 	if(x > 1024*1024*1024) {
 		/* more than a Gb */
@@ -1385,7 +1385,7 @@
 
 /** printout a delegation point info */
 static int
-ssl_print_name_dp(SSL* ssl, char* str, uint8_t* nm, uint16_t dclass,
+ssl_print_name_dp(SSL* ssl, const char* str, uint8_t* nm, uint16_t dclass,
 	struct delegpt* dp)
 {
 	char buf[257];


Move declarations that are needed in multiple source files into a
shared header.

Index: util/config_file.c
===================================================================
--- util/config_file.c	(.../vendor/unbound/dist)	(revision 266777)
+++ util/config_file.c	(.../head/contrib/unbound)	(revision 266777)
@@ -63,18 +63,6 @@
 
 /** global config during parsing */
 struct config_parser_state* cfg_parser = 0;
-/** lex in file */
-extern FILE* ub_c_in;
-/** lex out file */
-extern FILE* ub_c_out;
-/** the yacc lex generated parse function */
-int ub_c_parse(void);
-/** the lexer function */
-int ub_c_lex(void);
-/** wrap function */
-int ub_c_wrap(void);
-/** init lex state */
-void init_cfg_parse(void);
 
 /** init ports possible for use */
 static void init_outgoing_availports(int* array, int num);
Index: util/config_file.h
===================================================================
--- util/config_file.h	(.../vendor/unbound/dist)	(revision 266777)
+++ util/config_file.h	(.../head/contrib/unbound)	(revision 266777)
@@ -639,6 +639,18 @@
 
 /** global config parser object used during config parsing */
 extern struct config_parser_state* cfg_parser;
+/** init lex state */
+void init_cfg_parse(void);
+/** lex in file */
+extern FILE* ub_c_in;
+/** lex out file */
+extern FILE* ub_c_out;
+/** the yacc lex generated parse function */
+int ub_c_parse(void);
+/** the lexer function */
+int ub_c_lex(void);
+/** wrap function */
+int ub_c_wrap(void);
 /** parsing helpers: print error with file and line numbers */
 void ub_c_error(const char* msg);
 /** parsing helpers: print error with file and line numbers */


Move sldns_bgetc() from parse.c to buffer.c where it belongs.

Index: ldns/parse.c
===================================================================
--- ldns/parse.c	(.../vendor/unbound/dist)	(revision 266777)
+++ ldns/parse.c	(.../head/contrib/unbound)	(revision 266777)
@@ -218,6 +218,17 @@
        }
 }
 
+int
+sldns_bgetc(sldns_buffer *buffer)
+{
+	if (!sldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) {
+		sldns_buffer_set_position(buffer, sldns_buffer_limit(buffer));
+		/* sldns_buffer_rewind(buffer);*/
+		return EOF;
+	}
+	return (int)sldns_buffer_read_u8(buffer);
+}
+
 ssize_t
 sldns_bget_token(sldns_buffer *b, char *token, const char *delim, size_t limit)
 {
Index: ldns/sbuffer.c
===================================================================
--- ldns/sbuffer.c	(.../vendor/unbound/dist)	(revision 266777)
+++ ldns/sbuffer.c	(.../head/contrib/unbound)	(revision 266777)
@@ -165,17 +165,6 @@
 	return buffer->_data;
 }
 
-int
-sldns_bgetc(sldns_buffer *buffer)
-{
-	if (!sldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) {
-		sldns_buffer_set_position(buffer, sldns_buffer_limit(buffer));
-		/* sldns_buffer_rewind(buffer);*/
-		return EOF;
-	}
-	return (int)sldns_buffer_read_u8(buffer);
-}
-
 void 
 sldns_buffer_copy(sldns_buffer* result, sldns_buffer* from)
 {


Introduce a new header file, worker.h, which declares the callbacks
that all workers must define.  Remove those declarations from
libworker.h.  Include the correct headers in the correct places.  Fix
a few dummy callbacks that don't match their prototype.  Fix some
casts.

Index: libunbound/worker.h
===================================================================
--- libunbound/worker.h	(.../vendor/unbound/dist)	(revision 0)
+++ libunbound/worker.h	(.../head/contrib/unbound)	(revision 266777)
@@ -0,0 +1,171 @@
+/*
+ * libunbound/worker.h - prototypes for worker methods.
+ *
+ * Copyright (c) 2007, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file declares the methods any worker has to implement.
+ */
+
+#ifndef LIBUNBOUND_WORKER_H
+#define LIBUNBOUND_WORKER_H
+
+#include "ldns/sbuffer.h"
+#include "util/data/packed_rrset.h" /* for enum sec_status */
+struct comm_reply;
+struct comm_point;
+struct module_qstate;
+struct tube;
+
+/**
+ * Worker service routine to send serviced queries to authoritative servers.
+ * @param qname: query name. (host order)
+ * @param qnamelen: length in bytes of qname, including trailing 0.
+ * @param qtype: query type. (host order)
+ * @param qclass: query class. (host order)
+ * @param flags: host order flags word, with opcode and CD bit.
+ * @param dnssec: if set, EDNS record will have DO bit set.
+ * @param want_dnssec: signatures needed.
+ * @param addr: where to.
+ * @param addrlen: length of addr.
+ * @param zone: delegation point name.
+ * @param zonelen: length of zone name wireformat dname.
+ * @param q: wich query state to reactivate upon return.
+ * @return: false on failure (memory or socket related). no query was
+ *      sent.
+ */
+struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
+        uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
+	int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
+	uint8_t* zone, size_t zonelen, struct module_qstate* q);
+
+/** process incoming replies from the network */
+int libworker_handle_reply(struct comm_point* c, void* arg, int error,
+        struct comm_reply* reply_info);
+
+/** process incoming serviced query replies from the network */
+int libworker_handle_service_reply(struct comm_point* c, void* arg, int error,
+        struct comm_reply* reply_info);
+
+/** handle control command coming into server */
+void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
+	int err, void* arg);
+
+/** mesh callback with fg results */
+void libworker_fg_done_cb(void* arg, int rcode, sldns_buffer* buf, 
+	enum sec_status s, char* why_bogus);
+
+/** mesh callback with bg results */
+void libworker_bg_done_cb(void* arg, int rcode, sldns_buffer* buf, 
+	enum sec_status s, char* why_bogus);
+
+/**
+ * Worker signal handler function. User argument is the worker itself.
+ * @param sig: signal number.
+ * @param arg: the worker (main worker) that handles signals.
+ */
+void worker_sighandler(int sig, void* arg);
+
+/**
+ * Worker service routine to send serviced queries to authoritative servers.
+ * @param qname: query name. (host order)
+ * @param qnamelen: length in bytes of qname, including trailing 0.
+ * @param qtype: query type. (host order)
+ * @param qclass: query class. (host order)
+ * @param flags: host order flags word, with opcode and CD bit.
+ * @param dnssec: if set, EDNS record will have DO bit set.
+ * @param want_dnssec: signatures needed.
+ * @param addr: where to.
+ * @param addrlen: length of addr.
+ * @param zone: wireformat dname of the zone.
+ * @param zonelen: length of zone name.
+ * @param q: wich query state to reactivate upon return.
+ * @return: false on failure (memory or socket related). no query was
+ *      sent.
+ */
+struct outbound_entry* worker_send_query(uint8_t* qname, size_t qnamelen, 
+	uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec, 
+	int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
+	uint8_t* zone, size_t zonelen, struct module_qstate* q);
+
+/** 
+ * process control messages from the main thread. Frees the control 
+ * command message.
+ * @param tube: tube control message came on.
+ * @param msg: message contents.  Is freed.
+ * @param len: length of message.
+ * @param error: if error (NETEVENT_*) happened.
+ * @param arg: user argument
+ */
+void worker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
+	int error, void* arg);
+
+/** handles callbacks from listening event interface */
+int worker_handle_request(struct comm_point* c, void* arg, int error,
+	struct comm_reply* repinfo);
+
+/** process incoming replies from the network */
+int worker_handle_reply(struct comm_point* c, void* arg, int error, 
+	struct comm_reply* reply_info);
+
+/** process incoming serviced query replies from the network */
+int worker_handle_service_reply(struct comm_point* c, void* arg, int error, 
+	struct comm_reply* reply_info);
+
+/** cleanup the cache to remove all rrset IDs from it, arg is worker */
+void worker_alloc_cleanup(void* arg);
+
+/** statistics timer callback handler */
+void worker_stat_timer_cb(void* arg);
+
+/** probe timer callback handler */
+void worker_probe_timer_cb(void* arg);
+
+/** start accept callback handler */
+void worker_start_accept(void* arg);
+
+/** stop accept callback handler */
+void worker_stop_accept(void* arg);
+
+/** handle remote control accept callbacks */
+int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*);
+
+/** handle remote control data callbacks */
+int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*);
+
+/** routine to printout option values over SSL */
+void  remote_get_opt_ssl(char* line, void* arg);
+
+#endif /* LIBUNBOUND_WORKER_H */
Index: libunbound/libworker.c
===================================================================
--- libunbound/libworker.c	(.../vendor/unbound/dist)	(revision 266777)
+++ libunbound/libworker.c	(.../head/contrib/unbound)	(revision 266777)
@@ -48,6 +48,7 @@
 #include "libunbound/libworker.h"
 #include "libunbound/context.h"
 #include "libunbound/unbound.h"
+#include "libunbound/worker.h"
 #include "libunbound/unbound-event.h"
 #include "services/outside_network.h"
 #include "services/mesh.h"
@@ -54,6 +55,7 @@
 #include "services/localzone.h"
 #include "services/cache/rrset.h"
 #include "services/outbound_list.h"
+#include "util/fptr_wlist.h"
 #include "util/module.h"
 #include "util/regional.h"
 #include "util/random.h"
@@ -952,7 +954,8 @@
 	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), 
 	int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
 	struct sockaddr_storage* ATTR_UNUSED(addr), 
-	socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
+	socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
+	size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
 {
 	log_assert(0);
 	return 0;
Index: libunbound/libworker.h
===================================================================
--- libunbound/libworker.h	(.../vendor/unbound/dist)	(revision 266777)
+++ libunbound/libworker.h	(.../head/contrib/unbound)	(revision 266777)
@@ -41,8 +41,8 @@
  * and if in the background continues until exit, if in the foreground
  * returns from the procedure when done.
  */
-#ifndef LIBUNBOUND_WORKER_H
-#define LIBUNBOUND_WORKER_H
+#ifndef LIBUNBOUND_LIBWORKER_H
+#define LIBUNBOUND_LIBWORKER_H
 #include "util/data/packed_rrset.h"
 struct ub_ctx;
 struct ub_result;
@@ -136,56 +136,6 @@
 /** cleanup the cache to remove all rrset IDs from it, arg is libworker */
 void libworker_alloc_cleanup(void* arg);
 
-/**
- * Worker service routine to send serviced queries to authoritative servers.
- * @param qname: query name. (host order)
- * @param qnamelen: length in bytes of qname, including trailing 0.
- * @param qtype: query type. (host order)
- * @param qclass: query class. (host order)
- * @param flags: host order flags word, with opcode and CD bit.
- * @param dnssec: if set, EDNS record will have DO bit set.
- * @param want_dnssec: signatures needed.
- * @param addr: where to.
- * @param addrlen: length of addr.
- * @param zone: delegation point name.
- * @param zonelen: length of zone name wireformat dname.
- * @param q: wich query state to reactivate upon return.
- * @return: false on failure (memory or socket related). no query was
- *      sent.
- */
-struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
-        uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
-	int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
-	uint8_t* zone, size_t zonelen, struct module_qstate* q);
-
-/** process incoming replies from the network */
-int libworker_handle_reply(struct comm_point* c, void* arg, int error,
-        struct comm_reply* reply_info);
-
-/** process incoming serviced query replies from the network */
-int libworker_handle_service_reply(struct comm_point* c, void* arg, int error,
-        struct comm_reply* reply_info);
-
-/** handle control command coming into server */
-void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
-	int err, void* arg);
-
-/** handle opportunity to write result back */
-void libworker_handle_result_write(struct tube* tube, uint8_t* msg, size_t len,
-	int err, void* arg);
-
-/** mesh callback with fg results */
-void libworker_fg_done_cb(void* arg, int rcode, struct sldns_buffer* buf, 
-	enum sec_status s, char* why_bogus);
-
-/** mesh callback with bg results */
-void libworker_bg_done_cb(void* arg, int rcode, struct sldns_buffer* buf, 
-	enum sec_status s, char* why_bogus);
-
-/** mesh callback with event results */
-void libworker_event_done_cb(void* arg, int rcode, struct sldns_buffer* buf, 
-	enum sec_status s, char* why_bogus);
-
 /** 
  * fill result from parsed message, on error fills servfail 
  * @param res: is clear at start, filled in at end.
@@ -198,4 +148,4 @@
 void libworker_enter_result(struct ub_result* res, struct sldns_buffer* buf,
 	struct regional* temp, enum sec_status msg_security);
 
-#endif /* LIBUNBOUND_WORKER_H */
+#endif /* LIBUNBOUND_LIBWORKER_H */
Index: daemon/worker.h
===================================================================
--- daemon/worker.h	(.../vendor/unbound/dist)	(revision 266777)
+++ daemon/worker.h	(.../head/contrib/unbound)	(revision 266777)
@@ -43,6 +43,7 @@
 #ifndef DAEMON_WORKER_H
 #define DAEMON_WORKER_H
 
+#include "libunbound/worker.h"
 #include "util/netevent.h"
 #include "util/locks.h"
 #include "util/alloc.h"
@@ -158,77 +159,9 @@
 void worker_send_cmd(struct worker* worker, enum worker_commands cmd);
 
 /**
- * Worker signal handler function. User argument is the worker itself.
- * @param sig: signal number.
- * @param arg: the worker (main worker) that handles signals.
- */
-void worker_sighandler(int sig, void* arg);
-
-/**
- * Worker service routine to send serviced queries to authoritative servers.
- * @param qname: query name. (host order)
- * @param qnamelen: length in bytes of qname, including trailing 0.
- * @param qtype: query type. (host order)
- * @param qclass: query class. (host order)
- * @param flags: host order flags word, with opcode and CD bit.
- * @param dnssec: if set, EDNS record will have DO bit set.
- * @param want_dnssec: signatures needed.
- * @param addr: where to.
- * @param addrlen: length of addr.
- * @param zone: wireformat dname of the zone.
- * @param zonelen: length of zone name.
- * @param q: wich query state to reactivate upon return.
- * @return: false on failure (memory or socket related). no query was
- *      sent.
- */
-struct outbound_entry* worker_send_query(uint8_t* qname, size_t qnamelen, 
-	uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec, 
-	int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
-	uint8_t* zone, size_t zonelen, struct module_qstate* q);
-
-/** 
- * process control messages from the main thread. Frees the control 
- * command message.
- * @param tube: tube control message came on.
- * @param msg: message contents.  Is freed.
- * @param len: length of message.
- * @param error: if error (NETEVENT_*) happened.
- * @param arg: user argument
- */
-void worker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
-	int error, void* arg);
-
-/** handles callbacks from listening event interface */
-int worker_handle_request(struct comm_point* c, void* arg, int error,
-	struct comm_reply* repinfo);
-
-/** process incoming replies from the network */
-int worker_handle_reply(struct comm_point* c, void* arg, int error, 
-	struct comm_reply* reply_info);
-
-/** process incoming serviced query replies from the network */
-int worker_handle_service_reply(struct comm_point* c, void* arg, int error, 
-	struct comm_reply* reply_info);
-
-/** cleanup the cache to remove all rrset IDs from it, arg is worker */
-void worker_alloc_cleanup(void* arg);
-
-/**
  * Init worker stats - includes server_stats_init, outside network and mesh.
  * @param worker: the worker to init
  */
 void worker_stats_clear(struct worker* worker);
 
-/** statistics timer callback handler */
-void worker_stat_timer_cb(void* arg);
-
-/** probe timer callback handler */
-void worker_probe_timer_cb(void* arg);
-
-/** start accept callback handler */
-void worker_start_accept(void* arg);
-
-/** stop accept callback handler */
-void worker_stop_accept(void* arg);
-
 #endif /* DAEMON_WORKER_H */
Index: daemon/remote.h
===================================================================
--- daemon/remote.h	(.../vendor/unbound/dist)	(revision 266777)
+++ daemon/remote.h	(.../head/contrib/unbound)	(revision 266777)
@@ -157,12 +157,6 @@
  */
 void daemon_remote_exec(struct worker* worker);
 
-/** handle remote control accept callbacks */
-int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*);
-
-/** handle remote control data callbacks */
-int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*);
-
 #ifdef HAVE_SSL
 /** 
  * Print fixed line of text over ssl connection in blocking mode
@@ -192,7 +186,4 @@
 int ssl_read_line(SSL* ssl, char* buf, size_t max);
 #endif /* HAVE_SSL */
 
-/** routine to printout option values over SSL */
-void remote_get_opt_ssl(char* line, void* arg);
-
 #endif /* DAEMON_REMOTE_H */
Index: util/fptr_wlist.c
===================================================================
--- util/fptr_wlist.c	(.../vendor/unbound/dist)	(revision 266777)
+++ util/fptr_wlist.c	(.../head/contrib/unbound)	(revision 266777)
@@ -46,8 +46,6 @@
 #include "config.h"
 #include "util/fptr_wlist.h"
 #include "util/mini_event.h"
-#include "daemon/worker.h"
-#include "daemon/remote.h"
 #include "services/outside_network.h"
 #include "services/mesh.h"
 #include "services/localzone.h"
@@ -69,6 +67,7 @@
 #include "util/locks.h"
 #include "libunbound/libworker.h"
 #include "libunbound/context.h"
+#include "libunbound/worker.h"
 #include "util/tube.h"
 #include "util/config_file.h"
 #ifdef UB_ON_WINDOWS
Index: smallapp/worker_cb.c
===================================================================
--- smallapp/worker_cb.c	(.../vendor/unbound/dist)	(revision 266777)
+++ smallapp/worker_cb.c	(.../head/contrib/unbound)	(revision 266777)
@@ -41,12 +41,11 @@
  * linked into the resulting program.
  */
 #include "config.h"
+#include "libunbound/context.h"
+#include "libunbound/worker.h"
+#include "util/fptr_wlist.h"
 #include "util/log.h"
 #include "services/mesh.h"
-struct comm_reply;
-struct comm_point;
-struct module_qstate;
-struct tube;
 
 void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
 	uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),
@@ -103,9 +102,10 @@
 struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname), 
 	size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype), 
 	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), 
-	int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec), 
+	int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
 	struct sockaddr_storage* ATTR_UNUSED(addr), 
-	socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
+	socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
+	size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
 {
 	log_assert(0);
 	return 0;
@@ -136,7 +136,8 @@
 	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), 
 	int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
 	struct sockaddr_storage* ATTR_UNUSED(addr), 
-	socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
+	socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
+	size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
 {
 	log_assert(0);
 	return 0;
Index: daemon/worker.c
===================================================================
--- daemon/worker.c	(.../vendor/unbound/dist)	(revision 266777)
+++ daemon/worker.c	(.../head/contrib/unbound)	(revision 266777)
@@ -69,6 +69,8 @@
 #include "iterator/iter_hints.h"
 #include "validator/autotrust.h"
 #include "validator/val_anchor.h"
+#include "libunbound/context.h"
+#include "libunbound/libworker.h"
 #include "ldns/sbuffer.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -718,7 +720,7 @@
 	return 0;
 }
 
-int
+static int
 deny_refuse(struct comm_point* c, enum acl_access acl,
 	enum acl_access deny, enum acl_access refuse,
 	struct worker* worker, struct comm_reply* repinfo)
@@ -750,7 +752,7 @@
 	return -1;
 }
 
-int
+static int
 deny_refuse_all(struct comm_point* c, enum acl_access acl,
 	struct worker* worker, struct comm_reply* repinfo)
 {
@@ -757,7 +759,7 @@
 	return deny_refuse(c, acl, acl_deny, acl_refuse, worker, repinfo);
 }
 
-int
+static int
 deny_refuse_non_local(struct comm_point* c, enum acl_access acl,
 	struct worker* worker, struct comm_reply* repinfo)
 {
@@ -846,7 +848,7 @@
 		verbose(VERB_ALGO, "query with bad edns version.");
 		log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
 		error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo,
-			*(uint16_t*)sldns_buffer_begin(c->buffer),
+			*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
 			sldns_buffer_read_u16_at(c->buffer, 2), NULL);
 		attach_edns_record(c->buffer, &edns);
 		return 1;
@@ -928,7 +930,7 @@
 		/* answer from cache - we have acquired a readlock on it */
 		if(answer_from_cache(worker, &qinfo, 
 			(struct reply_info*)e->data, 
-			*(uint16_t*)sldns_buffer_begin(c->buffer), 
+			*(uint16_t*)(void *)sldns_buffer_begin(c->buffer), 
 			sldns_buffer_read_u16_at(c->buffer, 2), repinfo, 
 			&edns)) {
 			/* prefetch it if the prefetch TTL expired */
@@ -950,7 +952,7 @@
 	}
 	if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) {
 		if(answer_norec_from_cache(worker, &qinfo,
-			*(uint16_t*)sldns_buffer_begin(c->buffer), 
+			*(uint16_t*)(void *)sldns_buffer_begin(c->buffer), 
 			sldns_buffer_read_u16_at(c->buffer, 2), repinfo, 
 			&edns)) {
 			return 1;
@@ -972,7 +974,7 @@
 	/* grab a work request structure for this new request */
 	mesh_new_client(worker->env.mesh, &qinfo, 
 		sldns_buffer_read_u16_at(c->buffer, 2),
-		&edns, repinfo, *(uint16_t*)sldns_buffer_begin(c->buffer));
+		&edns, repinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer));
 	worker_mem_report(worker, NULL);
 	return 0;
 }
@@ -1348,7 +1350,8 @@
 	uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags), 
 	int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
 	struct sockaddr_storage* ATTR_UNUSED(addr), 
-	socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
+	socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
+	size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
 {
 	log_assert(0);
 	return 0;
Index: daemon/cachedump.c
===================================================================
--- daemon/cachedump.c	(.../vendor/unbound/dist)	(revision 266777)
+++ daemon/cachedump.c	(.../head/contrib/unbound)	(revision 266777)
@@ -229,7 +229,7 @@
 		sizeof(struct ub_packed_rrset_key*) * rep->rrset_count);
 	if(!*d)
 		return 0;
-	(*d)->rrsets = (struct ub_packed_rrset_key**)(
+	(*d)->rrsets = (struct ub_packed_rrset_key**)(void *)(
 		(uint8_t*)(&((*d)->ref[0])) + 
 		sizeof(struct rrset_ref) * rep->rrset_count);
 	*k = (struct query_info*)regional_alloc_init(region, 


Hide the sbrk madness behind #ifdef HAVE_SBRK.
Remove a useless printf which breaks reproducible builds.

Index: daemon/unbound.c
===================================================================
--- daemon/unbound.c	(.../vendor/unbound/dist)	(revision 266777)
+++ daemon/unbound.c	(.../head/contrib/unbound)	(revision 266777)
@@ -53,6 +53,7 @@
 #include "services/listen_dnsport.h"
 #include "services/cache/rrset.h"
 #include "services/cache/infra.h"
+#include "util/fptr_wlist.h"
 #include "util/data/msgreply.h"
 #include "util/module.h"
 #include "util/net_help.h"
@@ -95,8 +96,10 @@
 #  include "nss.h"
 #endif
 
+#ifdef HAVE_SBRK
 /** global debug value to keep track of heap memory allocation */
 void* unbound_start_brk = 0;
+#endif
 
 #if !defined(HAVE_EVENT_BASE_GET_METHOD) && (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP))
 static const char* ev_backend2str(int b)
@@ -177,8 +180,6 @@
 	for(m = module_list_avail(); *m; m++)
 		printf(" %s", *m);
 	printf("\n");
-	printf("configured for %s on %s with options:%s\n",
-		CONFIGURE_TARGET, CONFIGURE_DATE, CONFIGURE_BUILD_WITH);
 	printf("BSD licensed, see LICENSE in source package for details.\n");
 	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
 }


Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're no
longer used.
Add unbound-control-setup.sh to the list of generated files.

Index: configure.ac
===================================================================
--- configure.ac	(.../vendor/unbound/dist)	(revision 266777)
+++ configure.ac	(.../head/contrib/unbound)	(revision 266777)
@@ -77,19 +77,6 @@
 AC_SUBST(LIBUNBOUND_REVISION)
 AC_SUBST(LIBUNBOUND_AGE)
 
-pretty_cmdline() {
-	cmdline=""
-	while test -n "$1"; do
-		cmdline="$cmdline '"`echo $1 | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/g' `"'"
-		shift
-	done
-}
-pretty_cmdline $@
-AC_DEFINE_UNQUOTED(CONFIGURE_BUILD_WITH, ["$cmdline"], [configure flags])
-AC_CANONICAL_TARGET
-AC_DEFINE_UNQUOTED(CONFIGURE_TARGET, ["$target"], [configure target system])
-AC_DEFINE_UNQUOTED(CONFIGURE_DATE, ["`date`"], [configure date])
-
 CFLAGS="$CFLAGS"
 AC_AIX
 if test "$ac_cv_header_minix_config_h" = "yes"; then
@@ -1222,6 +1209,6 @@
 
 ])
 
-AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8])
+AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 smallapp/unbound-control-setup.sh])
 AC_CONFIG_HEADER([config.h])
 AC_OUTPUT