Index: head/dns/unbound/Makefile
===================================================================
--- head/dns/unbound/Makefile	(revision 510823)
+++ head/dns/unbound/Makefile	(revision 510824)
@@ -1,114 +1,113 @@
 # Created by: Sergey Matveychuk <sem@FreeBSD.org>
 # $FreeBSD$
 
 PORTNAME=	unbound
-PORTVERSION=	1.9.2
-PORTREVISION=	1
+PORTVERSION=	1.9.3
 CATEGORIES=	dns
 MASTER_SITES=	https://www.nlnetlabs.nl/downloads/unbound/ \
 		https://distfiles.crux.guru/
 
 MAINTAINER=	jaap@NLnetLabs.nl
 COMMENT=	Validating, recursive, and caching DNS resolver
 
 LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 LIB_DEPENDS=	libexpat.so:textproc/expat2
 
 USES=		autoreconf cpe libtool pkgconfig ssl
 
 CPE_VENDOR=	nlnetlabs
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--with-ssl=${OPENSSLBASE} --with-libexpat=${LOCALBASE}
 USE_LDCONFIG=	yes
 TEST_TARGET=	test
 
 USERS=		${PORTNAME}
 GROUPS=		${PORTNAME}
 
 USE_RC_SUBR=	unbound
 
 PORTDOCS=	CREDITS Changelog FEATURES LICENSE README README.svn \
 		README.tests TODO control_proto_spec.txt ietf67-design-02.odp \
 		ietf67-design-02.pdf requirements.txt
 
 OPTIONS_SUB=	yes
 OPTIONS_DEFINE=	THREADS PYTHON GOST ECDSA MUNIN_PLUGIN DOCS LIBEVENT \
 		FILTER_AAAA DNSTAP DNSCRYPT SUBNET EVAPI TFOCL TFOSE \
 		HIREDIS
 OPTIONS_DEFAULT=THREADS ECDSA LIBEVENT GOST
 
 LIBEVENT_DESC=	Build against libevent
 GOST_DESC=	Enable GOST support (requires OpenSSL >= 1.0)
 ECDSA_DESC=	Enable ECDSA (elliptic curve) support (OpenSSL >= 1.0)
 MUNIN_PLUGIN_DESC=	Install Munin plugin
 FILTER_AAAA_DESC=	Build with AAAA filter functionality (contrib)
 DNSTAP_DESC=	Enable dnstap logging support
 DNSCRYPT_DESC=	Enable dnscrypt support
 SUBNET_DESC=	Enable client subnet support
 EVAPI_DESC=	(Experimental) pluggable event based libunbound API support
 TFOCL_DESC=	Enable TCP Fast Open for client mode
 TFOSE_DESC=	Enable TCP Fast Open for server mode
 HIREDIS_DESC=	Enable hiredis support for the cachedb module
 
 STRIP_FILES=	.libs/libunbound.so unbound-checkconf unbound \
 		unbound-control .libs/unbound-host .libs/unbound-anchor
 
 DNSTAP_CONFIGURE_ENABLE=dnstap
 DNSTAP_LIB_DEPENDS=	libfstrm.so:devel/fstrm \
 			libprotobuf-c.so:devel/protobuf-c
 DNSCRYPT_CONFIGURE_ENABLE=	dnscrypt
 DNSCRYPT_LIB_DEPENDS=	libsodium.so:security/libsodium
 SUBNET_CONFIGURE_ENABLE=	subnet
 EVAPI_CONFIGURE_ENABLE=	event-api
 TFOCL_CONFIGURE_ENABLE=	tfo-client
 TFOSE_CONFIGURE_ENABLE=	tfo-server
 ECDSA_CONFIGURE_ENABLE=	ecdsa
 ECDSA_VARS=		DEPENDS_ARGS+=WITH_ECDSA=yes
 GOST_CONFIGURE_ENABLE=	gost
 GOST_VARS=		DEPENDS_ARGS+=WITH_GOST=yes
 LIBEVENT_CONFIGURE_WITH=libevent
 LIBEVENT_CPPFLAGS+=	$$(pkg-config libevent --cflags-only-I)
 LIBEVENT_LIB_DEPENDS=	libevent.so:devel/libevent
 LIBEVENT_LDFLAGS+=	$$(pkg-config libevent --libs-only-L)
 MUNIN_PLUGIN_SUB_FILES=	pkg-message
 PYTHON_BUILD_DEPENDS=	swig3.0:devel/swig30
 PYTHON_CONFIGURE_ON=	--with-pyunbound=yes --with-pythonmodule=yes \
 			LDFLAGS="-L${LOCALBASE}/lib" \
 			ac_cv_path_SWIG=${LOCALBASE}/bin/swig3.0
 PYTHON_USES=		python
 PYTHON_VARS=		STRIP_FILES+=.libs/_unbound.so
 THREADS_CONFIGURE_WITH=	pthreads
 HIREDIS_CONFIGURE_ON=	--enable-cachedb --with-libhiredis
 HIREDIS_LIB_DEPENDS=	libhiredis.so:databases/hiredis
 
 post-patch:
 	@${RM} ${WRKSRC}/util/configlexer.c
 	@${REINPLACE_CMD} -e 's|if test ! -e $$(DESTDIR)$$(configfile); then || ; \
 		s|$$(configfile); fi|$$(configfile).sample|' \
 		${WRKSRC}/Makefile.in
 
 post-patch-FILTER_AAAA-on:
 	${CAT} ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s
 
 post-build:
 	@for s in ${STRIP_FILES}; do ${STRIP_CMD} ${WRKSRC}/$$s; done
 
 post-install-PYTHON-on:
 	@${STRIP_CMD} ${STAGEDIR}${PYTHON_SITELIBDIR}/_unbound.so
 
 post-install-MUNIN_PLUGIN-on:
 	@${MKDIR} ${STAGEDIR}${PREFIX}/share/munin/plugins
 	${INSTALL_SCRIPT} ${WRKDIR}/unbound-${PORTVERSION}/contrib/unbound_munin_ \
 		${STAGEDIR}${PREFIX}/share/munin/plugins/
 	@${ECHO_MSG}
 	@${ECHO_MSG} "============================================================="
 	@${CAT} ${WRKDIR}/pkg-message
 	@${ECHO_MSG} "============================================================="
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/doc/|} ${STAGEDIR}${DOCSDIR}
 
 .include <bsd.port.mk>
Index: head/dns/unbound/distinfo
===================================================================
--- head/dns/unbound/distinfo	(revision 510823)
+++ head/dns/unbound/distinfo	(revision 510824)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1560919473
-SHA256 (unbound-1.9.2.tar.gz) = 6f7acec5cf451277fcda31729886ae7dd62537c4f506855603e3aa153fcb6b95
-SIZE (unbound-1.9.2.tar.gz) = 5676395
+TIMESTAMP = 1566901338
+SHA256 (unbound-1.9.3.tar.gz) = 1b55dd9170e4bfb327fb644de7bbf7f0541701149dff3adf1b63ffa785f16dfa
+SIZE (unbound-1.9.3.tar.gz) = 5686017
Index: head/dns/unbound/files/unbound.in
===================================================================
--- head/dns/unbound/files/unbound.in	(revision 510823)
+++ head/dns/unbound/files/unbound.in	(revision 510824)
@@ -1,50 +1,152 @@
 #!/bin/sh
 #
 # $FreeBSD$
 #
-# unbound freebsd startup rc.d script, modified from the named script.
+# unbound freebsd startup rc.d script
 # uses the default unbound installation path and pidfile location.
-# copy this to /etc/rc.d/unbound
+# copy this to %%PREFIX%%/etc/rc.d/unbound
 # and put unbound_enable="YES" into rc.conf
 #
 # unbound_anchorflags can be used to allow you to pass a custom flags to
 # unbound-anchor.  Examples include a custom resolv.conf (-f) or a custom
 # root.hints (-r).  Useful for when /etc/resolv.conf only contains 127.0.0.1
-
+#
 # PROVIDE: unbound
 # REQUIRE: SERVERS cleanvar
 # KEYWORD: shutdown
+#
+# Add the following line to /etc/rc.conf to enable unbound:
+#
+# unbound_enable="YES"
+#
+# You could set alternative config with
+# unbound_config="/path/to/config"
+#
+#
+# Multiple profiles are supported with
+#
+# unbound_profiles="name1 name2"
+# unbound_name1_enable="YES"
+# unbound_name1_config="/path/to/config1"
+# unbound_name2_enable="YES"
+# unbound_name2_config="/path/to/config2"
+#
+# A fib can be set for each profile as in
+# unbound_name1_fib=1
+#
 
 . /etc/rc.subr
 
-name="unbound"
+name=unbound
 rcvar=unbound_enable
 
-command="%%PREFIX%%/sbin/unbound"
-extra_commands="reload"
-start_precmd="start_precmd"
+# setfib
+unbound_startfib() {
+	${SYSCTL} net.fibs  >/dev/null 2>&1 || return 0
 
-load_rc_config $name
+	unbound_fib=${unbound_fib:-"NONE"}
+	case "$unbound_fib" in
+	[Nn][Oo][Nn][Ee])
+		;;
+	*)
+		echo "Using fib #: " $unbound_fib .
+		command="setfib -F ${unbound_fib} ${command}"
+			;;
+	esac
+}
 
-pidfile=`%%PREFIX%%/sbin/unbound-checkconf -o pidfile ${unbound_conf}`
-unbound_enable=${unbound_enable:-"NO"}
-unbound_anchorflags=${unbound_anchorflags:-""}
-unbound_conf=${unbound_conf:-"%%ETCDIR%%/unbound.conf"}
-unbound_flags=${unbound_flags:-" -c ${unbound_conf}"}
-
-reload_precmd="%%PREFIX%%/sbin/unbound-checkconf ${unbound_conf} >/dev/null"
-
 start_precmd()
 {
-	echo -n "Obtaining a trust anchor:"
+	unbound_startfib
+
+	echo -n "Obtaining a trust anchor.."
 	if [ "${unbound_anchorflags}T" = "T" ]; then
 		su -m unbound -c %%PREFIX%%/sbin/unbound-anchor
 	else
 		su -m unbound -c "%%PREFIX%%/sbin/unbound-anchor ${unbound_anchorflags}"
 	fi
 	echo .
 	%%PREFIX%%/sbin/unbound-checkconf ${unbound_conf} > /dev/null
 	return $?
 }
+
+# read settings, set default values
+load_rc_config "${name}"
+: ${unbound_enable:="NO"}
+: ${unbound_config:=%%PREFIX%%/etc/unbound/unbound.conf}
+
+# Set PID file
+pidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile %%PREFIX%%/etc/unbound/unbound.conf)
+
+required_files=${unbound_config}
+command="%%PREFIX%%/sbin/${name}"
+command_args="-c ${unbound_config}"
+unbound_anchorflags=${unbound_anchorflags:-""}
+extra_commands="reload"
+start_precmd="start_precmd"
+reload_precmd="%%PREFIX%%/sbin/unbound-checkconf ${unbound_conf} >/dev/null"
+
+load_rc_config "${name}"
+
+if [ -n "$2" ]; then
+	profile="$2"
+	if [ "x${unbound_profiles}" != "x" ]; then
+		eval unbound_config="\${unbound_${profile}_config:-%%PREFIX%%/etc/unbound/unbound-${profile}.conf}"
+		eval unbound_fib="\${unbound_${profile}_fib:-${unbound_fib}}"
+		if [ "x${unbound_config}" = "x" ]; then
+			echo "You must define a configuration file (unbound_${profile}_config)"
+			exit 1
+		fi
+
+		# Replace default value with profile-based (defined in the config file)
+		_cfgpidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile ${unbound_config})
+		_defaultpidfile=$(%%PREFIX%%/sbin/unbound-checkconf -o pidfile /dev/null)
+
+		if [ "x${_cfgpidfile}" = "x" -o "x${_cfgpidfile}" = "x${_defaultpidfile}" ] ; then
+			pidfile=${_defaultpidfile}
+		else
+			pidfile=${_cfgpidfile}
+		fi
+		required_files="${unbound_config}"
+		eval unbound_enable="\${unbound_${profile}_enable:-${unbound_enable}}"
+		command_args="-c ${unbound_config}"
+	else
+		echo "$0: extra argument ignored"
+	fi
+else
+	if [ "x${unbound_profiles}" != "x" -a "x$1" != "x" ]; then
+		for profile in ${unbound_profiles}; do
+			eval _enable="\${unbound_${profile}_enable}"
+			case "x${_enable:-${unbound_enable}}" in
+			x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee])
+				continue
+				;;
+			x[Yy][Ee][Ss])
+				;;
+			*)
+				if test -z "$_enable"; then
+					_var=unbound_enable
+				else
+					_var=unbound_"${profile}"_enable
+				fi
+				echo "Bad value" \
+				    "'${_enable:-${unbound_enable}}'" \
+				    "for ${_var}. " \
+				    "Profile ${profile} skipped."
+				continue
+				;;
+			esac
+			echo "===> unbound profile: ${profile}"
+			%%PREFIX%%/etc/rc.d/unbound $1 ${profile}
+			retcode="$?"
+			if [ "0${retcode}" -ne 0 ]; then
+				failed="${profile} (${retcode}) ${failed:-}"
+			else
+				success="${profile} ${success:-}"
+			fi
+		done
+		exit 0
+	fi
+fi
 
 run_rc_command "$1"
Index: head/dns/unbound/pkg-plist
===================================================================
--- head/dns/unbound/pkg-plist	(revision 510823)
+++ head/dns/unbound/pkg-plist	(revision 510824)
@@ -1,57 +1,57 @@
 @sample %%ETCDIR%%/unbound.conf.sample
 include/unbound.h
 %%EVAPI%%include/unbound-event.h
 libdata/pkgconfig/libunbound.pc
 lib/libunbound.a
 lib/libunbound.so
 lib/libunbound.so.8
-lib/libunbound.so.8.1.2
+lib/libunbound.so.8.1.3
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/_unbound.so
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/unbound.py
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/unboundmodule.py
 man/man1/unbound-host.1.gz
 man/man3/libunbound.3.gz
 man/man3/ub_cancel.3.gz
 man/man3/ub_ctx.3.gz
 man/man3/ub_ctx_add_ta.3.gz
 man/man3/ub_ctx_add_ta_file.3.gz
 man/man3/ub_ctx_async.3.gz
 man/man3/ub_ctx_config.3.gz
 man/man3/ub_ctx_create.3.gz
 man/man3/ub_ctx_data_add.3.gz
 man/man3/ub_ctx_data_remove.3.gz
 man/man3/ub_ctx_debuglevel.3.gz
 man/man3/ub_ctx_debugout.3.gz
 man/man3/ub_ctx_delete.3.gz
 man/man3/ub_ctx_get_option.3.gz
 man/man3/ub_ctx_hosts.3.gz
 man/man3/ub_ctx_print_local_zones.3.gz
 man/man3/ub_ctx_resolvconf.3.gz
 man/man3/ub_ctx_set_fwd.3.gz
 man/man3/ub_ctx_set_option.3.gz
 man/man3/ub_ctx_trustedkeys.3.gz
 man/man3/ub_ctx_zone_add.3.gz
 man/man3/ub_ctx_zone_remove.3.gz
 man/man3/ub_fd.3.gz
 man/man3/ub_poll.3.gz
 man/man3/ub_process.3.gz
 man/man3/ub_resolve.3.gz
 man/man3/ub_resolve_async.3.gz
 man/man3/ub_resolve_free.3.gz
 man/man3/ub_result.3.gz
 man/man3/ub_strerror.3.gz
 man/man3/ub_wait.3.gz
 man/man5/unbound.conf.5.gz
 man/man8/unbound-anchor.8.gz
 man/man8/unbound-checkconf.8.gz
 man/man8/unbound-control-setup.8.gz
 man/man8/unbound-control.8.gz
 man/man8/unbound.8.gz
 sbin/unbound
 sbin/unbound-anchor
 sbin/unbound-checkconf
 sbin/unbound-control
 sbin/unbound-control-setup
 sbin/unbound-host
 %%MUNIN_PLUGIN%%share/munin/plugins/unbound_munin_
 @dir(unbound,,) %%ETCDIR%%